/// <summary> /// Try to get the specified key /// </summary> private bool TryGetKey(String key, out SecuritySignatureConfiguration config) { if (!this.m_keyData.TryGetValue(key, out config)) { var configuredKeys = ApplicationContext.Current.GetService <IConfigurationManager>().GetSection <SecurityConfigurationSection>()?.SigningKeys; config = configuredKeys?.FirstOrDefault(k => k.KeyName == key); if (config != null) { this.m_keyData.TryAdd(config.KeyName, config); return(true); } else if ("default".Equals(key, StringComparison.OrdinalIgnoreCase)) { var secret = ApplicationContext.Current.Configuration.GetSection <SecurityConfigurationSection>().ApplicationSecret ?? ApplicationContext.Current.Application.ApplicationSecret; config = new SecuritySignatureConfiguration() { KeyName = $"default", Algorithm = SignatureAlgorithm.HS256, HmacSecret = secret }; this.m_keyData.TryAdd($"SA.{ApplicationContext.Current.Application.Key.ToString()}", config); this.m_keyData.TryAdd("default", config); return(true); } else { return(false); } } return(true); }
/// <summary> /// Add a signing key /// </summary> public void AddSigningKey(string keyId, byte[] keyData, string signatureAlgorithm) { if (!this.m_keyData.ContainsKey(keyId)) { var keyConfig = new SecuritySignatureConfiguration() { KeyName = keyId, Algorithm = (SignatureAlgorithm)Enum.Parse(typeof(SignatureAlgorithm), signatureAlgorithm), FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, FindValue = signatureAlgorithm != "HS256" ? BitConverter.ToString(keyData).Replace("-", "") : null, StoreLocation = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, StoreName = System.Security.Cryptography.X509Certificates.StoreName.My, FindTypeSpecified = signatureAlgorithm != "HS256", StoreLocationSpecified = signatureAlgorithm != "HS256", StoreNameSpecified = signatureAlgorithm != "HS256" }; if (signatureAlgorithm == "HS256") { keyConfig.SetSecret(keyData); } this.m_keyData.TryAdd(keyId, keyConfig); } }
/// <summary> /// Add signature credentials /// </summary> internal static void AddSigningCredentials(string keyId, byte[] keyData, string signatureAlgorithm) { keyId = keyId ?? "default"; SecuritySignatureConfiguration configuration = null; switch (signatureAlgorithm) { case "HS256": configuration = new SecuritySignatureConfiguration() { Algorithm = SignatureAlgorithm.HS256, KeyName = keyId }; configuration.SetSecret(keyData); break; case "RS256": case "RS512": var certificate = SecurityUtils.FindCertificate(X509FindType.FindByThumbprint, StoreLocation.LocalMachine, StoreName.My, BitConverter.ToString(keyData).Replace("-", "")); if (certificate == null) { throw new KeyNotFoundException($"Cannot find specified X509 Certificate - Please ensure it is installed in the certificiate repository"); } configuration = new SecuritySignatureConfiguration() { Algorithm = (SignatureAlgorithm)Enum.Parse(typeof(SignatureAlgorithm), signatureAlgorithm), KeyName = keyId, Certificate = certificate, StoreName = StoreName.My, StoreLocation = StoreLocation.LocalMachine, FindType = X509FindType.FindByThumbprint, StoreLocationSpecified = true, StoreNameSpecified = true, FindTypeSpecified = true }; break; } // Now add them if (m_signatureConfiguration.TryGetValue(keyId, out SecuritySignatureConfiguration existing)) { throw new SecurityException($"Cannot register {keyId} again as it is already configured"); } else if (!m_signatureConfiguration.TryAdd(keyId, configuration)) { throw new InvalidOperationException($"Adding {keyId} failed"); } }