/// <summary>
        /// Retrieves the signing credential (override to load key from alternative locations)
        /// </summary>
        /// <returns>The signing credential</returns>
        protected virtual async Task <AzureKeyVaultSigningCredentials> GetSigningCredentialsAsync()
        {
            var jwk = (await _publicKeyProvider.GetAsync()).FirstOrDefault();

            if (jwk == null)
            {
                throw new Exception("The public key provider service did not return a key.");              // TODO: What's better than Exception? SecurityTokenSignatureKeyNotFoundException maybe?
            }
            var rsa = RSA.Create();

            rsa.ImportParameters(new RSAParameters
            {
                Exponent = FromBase64Url(jwk.E),
                Modulus  = FromBase64Url(jwk.N),
            });
            var securityKey = new RsaSecurityKey(rsa);

            return(new AzureKeyVaultSigningCredentials(securityKey, SecurityAlgorithms.Sha256Digest));
        }
Exemplo n.º 2
0
        public async Task <IEnumerable <X509Certificate2> > GetPublicKeysAsync()
        {
            var publicKeys = await mPublicKeyProvider.GetAsync();

            return(publicKeys.Select(key => key.ToX509Certtificate()));
        }
Exemplo n.º 3
0
        private async Task RefreshCacheData()
        {
            try
            {
                DateTime now       = DateTime.UtcNow;
                DateTime cacheTime = DateTime.UtcNow.AddHours(-7);

                var timeStamp = await _cacheTimeStamp.GetAsync(CacheValidationKeyTimeStamp);

                if (timeStamp != null)
                {
                    cacheTime = DateTime.ParseExact(timeStamp.UtcTime, "O", CultureInfo.InvariantCulture, DateTimeStyles.RoundtripKind);
                }

                if (now < cacheTime.AddHours(6))
                {
                    return;
                }

                var keyBundles = await GetKeyBundleVersionsAsync();

                var queryKbs = from item in keyBundles
                               where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled
                               select item;
                keyBundles = queryKbs.ToList();

                var keyVaultClient       = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback);
                var queryRsaSecurityKeys = from item in keyBundles
                                           let c = new RsaSecurityKey(keyVaultClient.ToRSA(item))
                                                   select c;

                //     var currentKeyBundle = await _publicKeyProvider.GetKeyBundleAsync();
                //     var securityKey = new RsaSecurityKey(keyVaultClient.ToRSA(currentKeyBundle));
                //     var signingCredentials = new SigningCredentials(securityKey, securityKey.Rsa.SignatureAlgorithm);

                var jwks  = new List <JsonWebKey>();
                var query = from item in keyBundles
                            where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled
                            select item;
                _keyBundles = query.ToList();
                foreach (var keyBundle in _keyBundles)
                {
                    jwks.Add(new JsonWebKey(keyBundle.Key.ToString()));
                }

                var kid = await _publicKeyProvider.GetKeyIdentifierAsync();

                var jwk = await _publicKeyProvider.GetAsync();

                var parameters = new RSAParameters
                {
                    Exponent = Base64UrlEncoder.DecodeBytes(jwk.E),
                    Modulus  = Base64UrlEncoder.DecodeBytes(jwk.N)
                };
                var securityKey = new RsaSecurityKey(parameters)
                {
                    KeyId = jwk.Kid,
                };

                var signingCredentials            = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
                var tokenCreateSigningCredentials = await GetTokenCreationSigningCredentialsAsync();

                CacheData cacheData = new CacheData()
                {
                    RsaSecurityKeys    = queryRsaSecurityKeys.ToList(),
                    SigningCredentials = signingCredentials,
                    JsonWebKeys        = jwks,
                    KeyIdentifier      = kid
                };
                await _cachedData.SetAsync(CacheValidationKey, cacheData, TimeSpan.FromHours(6));

                await _cacheTimeStamp.SetAsync(CacheValidationKeyTimeStamp, new TimeStamp()
                {
                    UtcTime = DateTime.UtcNow.ToString("O")
                }, TimeSpan.FromHours(6));
            }
            catch (Exception e)
            {
                _logger.LogCritical(e, "KeyVault RefreshCacheData fatal exception");
                throw;
            }
        }