/// <summary>
/// Returns the JsonWebKeys as a <see cref="IList{SecurityKey}"/>.
/// </summary>
/// <remarks>
/// To include unresolved JsonWebKeys in the resulting <see cref="SecurityKey"/> collection, set <see cref="SkipUnresolvedJsonWebKeys"/> to <c>false</c>.
/// </remarks>
public IList <SecurityKey> GetSigningKeys()
{
var signingKeys = new List <SecurityKey>();
foreach (var webKey in Keys)
{
// skip if "use" (Public Key Use) parameter is not empty or "sig".
// https://tools.ietf.org/html/rfc7517#section-4.2
if (!string.IsNullOrEmpty(webKey.Use) && !webKey.Use.Equals(JsonWebKeyUseNames.Sig, StringComparison.Ordinal))
{
LogHelper.LogInformation(LogHelper.FormatInvariant(LogMessages.IDX10808, webKey, webKey.Use));
if (!SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
continue;
}
if (JsonWebAlgorithmsKeyTypes.RSA.Equals(webKey.Kty, StringComparison.Ordinal))
{
var rsaKeyResolved = true;
// in this case, even though RSA was specified, we can't resolve.
if ((webKey.X5c == null || webKey.X5c.Count == 0) && (string.IsNullOrEmpty(webKey.E) && string.IsNullOrEmpty(webKey.N)))
{
rsaKeyResolved = false;
}
else
{
// in this case X509SecurityKey should be resolved.
if (webKey.X5c != null && webKey.X5c.Count != 0)
{
if (JsonWebKeyConverter.TryConvertToX509SecurityKey(webKey, out SecurityKey securityKey))
{
signingKeys.Add(securityKey);
}
else
{
rsaKeyResolved = false;
}
}
// in this case RsaSecurityKey should be resolved.
if (!string.IsNullOrEmpty(webKey.E) && !string.IsNullOrEmpty(webKey.N))
{
if (JsonWebKeyConverter.TryCreateToRsaSecurityKey(webKey, out SecurityKey securityKey))
{
signingKeys.Add(securityKey);
}
else
{
rsaKeyResolved = false;
}
}
}
if (!rsaKeyResolved && !SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
}
else if (JsonWebAlgorithmsKeyTypes.EllipticCurve.Equals(webKey.Kty, StringComparison.Ordinal))
{
if (JsonWebKeyConverter.TryConvertToECDsaSecurityKey(webKey, out SecurityKey securityKey))
{
signingKeys.Add(securityKey);
}
else if (!SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
}
else
{
LogHelper.LogInformation(LogHelper.FormatInvariant(LogMessages.IDX10810, webKey));
if (!SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
}
}
return(signingKeys);
}
/// <summary>
/// Returns the JsonWebKeys as a <see cref="IList{SecurityKey}"/>.
/// </summary>
/// <remarks>
/// To include unresolved JsonWebKeys in the resulting <see cref="SecurityKey"/> collection, set <see cref="SkipUnresolvedJsonWebKeys"/> to <c>false</c>.
/// </remarks>
public IList <SecurityKey> GetSigningKeys()
{
var signingKeys = new List <SecurityKey>();
foreach (var webKey in Keys)
{
// skip if "use" (Public Key Use) parameter is not empty or "sig".
// https://datatracker.ietf.org/doc/html/rfc7517#section-4.2
if (!string.IsNullOrEmpty(webKey.Use) && !webKey.Use.Equals(JsonWebKeyUseNames.Sig))
{
string convertKeyInfo = LogHelper.FormatInvariant(LogMessages.IDX10808, webKey, webKey.Use);
webKey.ConvertKeyInfo = convertKeyInfo;
LogHelper.LogInformation(convertKeyInfo);
if (!SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
continue;
}
if (JsonWebAlgorithmsKeyTypes.RSA.Equals(webKey.Kty))
{
var rsaKeyResolved = true;
// in this case, even though RSA was specified, we can't resolve.
if ((webKey.X5c == null || webKey.X5c.Count == 0) && (string.IsNullOrEmpty(webKey.E) && string.IsNullOrEmpty(webKey.N)))
{
var missingComponent = new List <string> {
JsonWebKeyParameterNames.X5c, JsonWebKeyParameterNames.E, JsonWebKeyParameterNames.N
};
string convertKeyInfo = LogHelper.FormatInvariant(LogMessages.IDX10814, LogHelper.MarkAsNonPII(typeof(RsaSecurityKey)), webKey, LogHelper.MarkAsNonPII(string.Join(", ", missingComponent)));
webKey.ConvertKeyInfo = convertKeyInfo;
LogHelper.LogInformation(convertKeyInfo);
rsaKeyResolved = false;
}
else
{
// in this case X509SecurityKey should be resolved.
if (IsValidX509SecurityKey(webKey))
{
if (JsonWebKeyConverter.TryConvertToX509SecurityKey(webKey, out SecurityKey securityKey))
{
signingKeys.Add(securityKey);
}
else
{
rsaKeyResolved = false;
}
}
// in this case RsaSecurityKey should be resolved.
if (IsValidRsaSecurityKey(webKey))
{
if (JsonWebKeyConverter.TryCreateToRsaSecurityKey(webKey, out SecurityKey securityKey))
{
signingKeys.Add(securityKey);
}
else
{
rsaKeyResolved = false;
}
}
}
if (!rsaKeyResolved && !SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
}
else if (JsonWebAlgorithmsKeyTypes.EllipticCurve.Equals(webKey.Kty))
{
if (JsonWebKeyConverter.TryConvertToECDsaSecurityKey(webKey, out SecurityKey securityKey))
{
signingKeys.Add(securityKey);
}
else if (!SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
}
else
{
string convertKeyInfo = LogHelper.FormatInvariant(LogMessages.IDX10810, webKey);
webKey.ConvertKeyInfo = convertKeyInfo;
LogHelper.LogInformation(convertKeyInfo);
if (!SkipUnresolvedJsonWebKeys)
{
signingKeys.Add(webKey);
}
}
}
return(signingKeys);
}
