// TODO: cache this whole thing for 5 minutes public JwkContainer GetJwks() { return(_memoryCache.GetOrCreate("jwks", entry => { entry.SetAbsoluteExpiration(TimeSpan.FromMinutes(5)); return new JwkContainer { Keys = _certs.Select(certLocation => { var cert = new X509Certificate2(_certData.GetValueOrDefault(certLocation) ?? Array.Empty <byte>(), _certPassword.GetValueOrDefault(certLocation)); var chain = new X509Chain(); chain.Build(cert); var certs = new List <string>(); foreach (var c in chain.ChainElements) { certs.Add(Convert.ToBase64String(c.Certificate.GetRawCertData())); } var rsa = cert.GetRSAPublicKey(); var key = new RsaSecurityKey(rsa) { KeyId = cert.Thumbprint }; return Jwk.CreateFromKey(key, rsa.ExportParameters(false), certs, cert.Thumbprint); }).ToList() }; })); }