internal async Task <RsaKeyContainer> CreateAndStoreNewKeyAsync()
{
_logger.LogDebug("Creating new key.");
var rsa = _options.CreateRsaSecurityKey();
var now = _clock.UtcNow.DateTime;
var iss = _httpContextAccessor?.HttpContext?.GetIdentityServerIssuerUri();
var container = _options.KeyType == KeyType.RSA ?
new RsaKeyContainer(rsa, now) :
new X509KeyContainer(rsa, now, _options.KeyRetirement, iss);
var key = _protector.Protect(container);
await _store.StoreKeyAsync(key);
_logger.LogInformation("Created and stored new key with kid {kid}.", container.Id);
return(container);
}
internal async Task <KeyContainer> CreateAndStoreNewKeyAsync(SigningAlgorithmOptions alg)
{
_logger.LogDebug("Creating new key.");
var now = _clock.UtcNow.UtcDateTime;
var iss = await _issuerNameService.GetCurrentAsync();
KeyContainer container = null;
if (alg.IsRsaKey)
{
var rsa = CryptoHelper.CreateRsaSecurityKey(_options.RsaKeySize);
container = alg.UseX509Certificate ?
new X509KeyContainer(rsa, alg.Name, now, _options.KeyRetirementAge, iss) :
(KeyContainer) new RsaKeyContainer(rsa, alg.Name, now);
}
else if (alg.IsEcKey)
{
var ec = CryptoHelper.CreateECDsaSecurityKey(CryptoHelper.GetCurveNameFromSigningAlgorithm(alg.Name));
// X509 certs don't currently work with EC keys.
container = //_options.WrapKeysInX509Certificate ? //new X509KeyContainer(ec, alg, now, _options.KeyRetirementAge, iss) :
(KeyContainer) new EcKeyContainer(ec, alg.Name, now);
}
else
{
throw new Exception($"Invalid alg '{alg}'");
}
var key = _protector.Protect(container);
await _store.StoreKeyAsync(key);
_logger.LogInformation("Created and stored new key with kid {kid}.", container.Id);
return(container);
}
