public async Task Should_Remove_Private_Key_And_Update(string algorithm)
{
var alg = Algorithm.Create(algorithm);
var key = new CryptographicKey(alg);
var keyMaterial = new KeyMaterial(key);
await _store.Store(keyMaterial);
/*Remove private*/
await _store.Revoke(keyMaterial);
var current = await _store.Get(keyMaterial.KeyId);
current.GetSecurityKey().HasPrivateKey.Should().BeFalse();
}
private void RemovePrivateKeys(JsonWebKeyType jsonWebKeyType)
{
foreach (var securityKeyWithPrivate in _store.Get(jsonWebKeyType, _options.Value.AlgorithmsToKeep))
{
_store.Revoke(securityKeyWithPrivate);
}
}
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
privateKey.Revoke();
_jsonWebKeyStore.Revoke(privateKey);
}
public async Task Invoke(HttpContext httpContext, IJsonWebKeySetService keyService, IJsonWebKeyStore store, IOptions <JwksOptions> options)
{
foreach (var securityKeyWithPrivate in store.Get(JsonWebKeyType.Jws, options.Value.AlgorithmsToKeep))
{
store.Revoke(securityKeyWithPrivate);
}
keyService.GenerateSigningCredentials();
await httpContext.Response.CompleteAsync();
}
public async Task <SecurityKey> GetCurrentSecurityKey()
{
var current = await _store.GetCurrent();
if (NeedsUpdate(current))
{
// According NIST - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf - Private key should be removed when no longer needs
await _store.Revoke(current);
var newKey = await GenerateKey();
return(newKey);
}
// options has change. Change current key
if (!await CheckCompatibility(current))
{
current = await _store.GetCurrent();
}
return(current);
}
