/// <summary>
/// Try to get the specified key
/// </summary>
private bool TryGetKey(String key, out SecuritySignatureConfiguration config)
{
if (!this.m_keyData.TryGetValue(key, out config))
{
var configuredKeys = ApplicationContext.Current.GetService <IConfigurationManager>().GetSection <SecurityConfigurationSection>()?.SigningKeys;
config = configuredKeys?.FirstOrDefault(k => k.KeyName == key);
if (config != null)
{
this.m_keyData.TryAdd(config.KeyName, config);
return(true);
}
else if ("default".Equals(key, StringComparison.OrdinalIgnoreCase))
{
var secret = ApplicationContext.Current.Configuration.GetSection <SecurityConfigurationSection>().ApplicationSecret ??
ApplicationContext.Current.Application.ApplicationSecret;
config = new SecuritySignatureConfiguration()
{
KeyName = $"default",
Algorithm = SignatureAlgorithm.HS256,
HmacSecret = secret
};
this.m_keyData.TryAdd($"SA.{ApplicationContext.Current.Application.Key.ToString()}", config);
this.m_keyData.TryAdd("default", config);
return(true);
}
else
{
return(false);
}
}
return(true);
}
/// <summary>
/// Add a signing key
/// </summary>
public void AddSigningKey(string keyId, byte[] keyData, string signatureAlgorithm)
{
if (!this.m_keyData.ContainsKey(keyId))
{
var keyConfig = new SecuritySignatureConfiguration()
{
KeyName = keyId,
Algorithm = (SignatureAlgorithm)Enum.Parse(typeof(SignatureAlgorithm), signatureAlgorithm),
FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint,
FindValue = signatureAlgorithm != "HS256" ? BitConverter.ToString(keyData).Replace("-", "") : null,
StoreLocation = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
StoreName = System.Security.Cryptography.X509Certificates.StoreName.My,
FindTypeSpecified = signatureAlgorithm != "HS256",
StoreLocationSpecified = signatureAlgorithm != "HS256",
StoreNameSpecified = signatureAlgorithm != "HS256"
};
if (signatureAlgorithm == "HS256")
{
keyConfig.SetSecret(keyData);
}
this.m_keyData.TryAdd(keyId, keyConfig);
}
}
/// <summary>
/// Add signature credentials
/// </summary>
internal static void AddSigningCredentials(string keyId, byte[] keyData, string signatureAlgorithm)
{
keyId = keyId ?? "default";
SecuritySignatureConfiguration configuration = null;
switch (signatureAlgorithm)
{
case "HS256":
configuration = new SecuritySignatureConfiguration()
{
Algorithm = SignatureAlgorithm.HS256,
KeyName = keyId
};
configuration.SetSecret(keyData);
break;
case "RS256":
case "RS512":
var certificate = SecurityUtils.FindCertificate(X509FindType.FindByThumbprint, StoreLocation.LocalMachine, StoreName.My, BitConverter.ToString(keyData).Replace("-", ""));
if (certificate == null)
{
throw new KeyNotFoundException($"Cannot find specified X509 Certificate - Please ensure it is installed in the certificiate repository");
}
configuration = new SecuritySignatureConfiguration()
{
Algorithm = (SignatureAlgorithm)Enum.Parse(typeof(SignatureAlgorithm), signatureAlgorithm),
KeyName = keyId,
Certificate = certificate,
StoreName = StoreName.My,
StoreLocation = StoreLocation.LocalMachine,
FindType = X509FindType.FindByThumbprint,
StoreLocationSpecified = true,
StoreNameSpecified = true,
FindTypeSpecified = true
};
break;
}
// Now add them
if (m_signatureConfiguration.TryGetValue(keyId, out SecuritySignatureConfiguration existing))
{
throw new SecurityException($"Cannot register {keyId} again as it is already configured");
}
else if (!m_signatureConfiguration.TryAdd(keyId, configuration))
{
throw new InvalidOperationException($"Adding {keyId} failed");
}
}
