/// <summary>
        /// Add a signing key
        /// </summary>
        public void AddSigningKey(string keyId, byte[] keyData, string signatureAlgorithm)
        {
            if (!this.m_keyData.ContainsKey(keyId))
            {
                var keyConfig = new SecuritySignatureConfiguration()
                {
                    KeyName                = keyId,
                    Algorithm              = (SignatureAlgorithm)Enum.Parse(typeof(SignatureAlgorithm), signatureAlgorithm),
                    FindType               = System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint,
                    FindValue              = signatureAlgorithm != "HS256" ? BitConverter.ToString(keyData).Replace("-", "") : null,
                    StoreLocation          = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
                    StoreName              = System.Security.Cryptography.X509Certificates.StoreName.My,
                    FindTypeSpecified      = signatureAlgorithm != "HS256",
                    StoreLocationSpecified = signatureAlgorithm != "HS256",
                    StoreNameSpecified     = signatureAlgorithm != "HS256"
                };

                if (signatureAlgorithm == "HS256")
                {
                    keyConfig.SetSecret(keyData);
                }

                this.m_keyData.TryAdd(keyId, keyConfig);
            }
        }
Exemplo n.º 2
0
        /// <summary>
        /// Add signature credentials
        /// </summary>
        internal static void AddSigningCredentials(string keyId, byte[] keyData, string signatureAlgorithm)
        {
            keyId = keyId ?? "default";
            SecuritySignatureConfiguration configuration = null;

            switch (signatureAlgorithm)
            {
            case "HS256":
                configuration = new SecuritySignatureConfiguration()
                {
                    Algorithm = SignatureAlgorithm.HS256,
                    KeyName   = keyId
                };
                configuration.SetSecret(keyData);
                break;

            case "RS256":
            case "RS512":
                var certificate = SecurityUtils.FindCertificate(X509FindType.FindByThumbprint, StoreLocation.LocalMachine, StoreName.My, BitConverter.ToString(keyData).Replace("-", ""));
                if (certificate == null)
                {
                    throw new KeyNotFoundException($"Cannot find specified X509 Certificate - Please ensure it is installed in the certificiate repository");
                }
                configuration = new SecuritySignatureConfiguration()
                {
                    Algorithm              = (SignatureAlgorithm)Enum.Parse(typeof(SignatureAlgorithm), signatureAlgorithm),
                    KeyName                = keyId,
                    Certificate            = certificate,
                    StoreName              = StoreName.My,
                    StoreLocation          = StoreLocation.LocalMachine,
                    FindType               = X509FindType.FindByThumbprint,
                    StoreLocationSpecified = true,
                    StoreNameSpecified     = true,
                    FindTypeSpecified      = true
                };
                break;
            }

            // Now add them
            if (m_signatureConfiguration.TryGetValue(keyId, out SecuritySignatureConfiguration existing))
            {
                throw new SecurityException($"Cannot register {keyId} again as it is already configured");
            }
            else if (!m_signatureConfiguration.TryAdd(keyId, configuration))
            {
                throw new InvalidOperationException($"Adding {keyId} failed");
            }
        }