private (string keyPairId, SigningCredentials signingCredentials) GetSigningCredentials(SigType sigType)
{
switch (sigType)
{
case SigType.Asymmetric:
{
if (_privateKeyStore == null)
{
return(null, null);
}
var(keyPairId, key) = _privateKeyStore.GetLatestKey(); // latest key, ordered by CreationTimeUtc
var rsaParameters = new OpenSSLPrivateKeyDecoder().DecodeParameters(key);
var securityKey = new RsaSecurityKey(rsaParameters);
//return (keyPairId, new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256Signature));
return(keyPairId, new SigningCredentials(securityKey, "RS256")); // to make it compatible with non-microsoft clients
}
case SigType.Symmetric:
default:
{
if (_symmetricKeyStore == null)
{
return(null, null);
}
var secret = _symmetricKeyStore.GetKey();
return(null, new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)), SecurityAlgorithms.HmacSha256Signature));
}
}
}
private SecurityKey GetSymmetricSecurityKey()
{
if (_symmetricKeyStore == null)
{
_logger.LogError("Symmetric Key store not available");
return(null);
}
var key = _symmetricKeyStore.GetKey();
if (key == null)
{
_logger.LogError("Couldn't retrieve symmetric signing key");
return(null);
}
var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(key));
_logger.LogError("Created security key {SecurityKeyId}", securityKey.KeyId);
return(securityKey);
}
private SecurityKey GetAsymmetricSecurityKey(string keyPairId)
{
if (_publicKeyStore == null)
{
_logger.LogError("Public Key store not available");
return(null);
}
// get key by keyPairId or latest
var key = _publicKeyStore.GetKey(keyPairId);
if (key == null)
{
_logger.LogError("Couldn't retrieve public key");
return(null);
}
var securityKey = new RsaSecurityKey(new OpenSSLPublicKeyDecoder().DecodeParameters(key));
_logger.LogError("Created security key {SecurityKeyId}", securityKey.KeyId);
return(securityKey);
}
