Пример #1
0
 public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
 {
     securityKeyWithPrivate.Revoke();
     _context.Attach(securityKeyWithPrivate);
     _context.SecurityKeys.Update(securityKeyWithPrivate);
     _context.SaveChanges();
     ClearCache();
 }
Пример #2
0
        public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
        {
            securityKeyWithPrivate.Revoke();
            var oldOne = _store.Find(f => f.Id == securityKeyWithPrivate.Id);

            if (oldOne != null)
            {
                var index = _store.FindIndex(f => f.Id == securityKeyWithPrivate.Id);
                Monitor.Enter(lockObject);
                _store.RemoveAt(index);
                _store.Insert(index, securityKeyWithPrivate);
                Monitor.Exit(lockObject);
            }
        }
Пример #3
0
        public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType)
        {
            var alg = JwsAlgorithm.Create(algorithm, keyType);
            var key = _keyService.GenerateSigningCredentials(new JwksOptions()
            {
                KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
            });
            var privateKey = new SecurityKeyWithPrivate();

            privateKey.SetJwsParameters(key.Key, alg);
            _jsonWebKeyStore.Save(privateKey);

            /*Remove private*/
            privateKey.Revoke();
            _jsonWebKeyStore.Revoke(privateKey);
        }
Пример #4
0
 public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
 {
     securityKeyWithPrivate.Revoke();
     foreach (var fileInfo in KeysPath.GetFiles("*.key"))
     {
         var key = GetKey(fileInfo.FullName);
         if (key.Id != securityKeyWithPrivate.Id)
         {
             continue;
         }
         File.WriteAllText(fileInfo.FullName, JsonSerializer.Serialize(securityKeyWithPrivate, new JsonSerializerOptions()
         {
             IgnoreNullValues = true
         }));
         break;
     }
     ClearCache();
 }
Пример #5
0
        public void ShouldRemovePrivateKeyAfterUpdateAExpiredJwk(string algorithm, KeyType keyType)
        {
            var alg = JwsAlgorithm.Create(algorithm, keyType);
            var key = _keyService.GenerateSigningCredentials(new JwksOptions()
            {
                KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
            });
            var privateKey = new SecurityKeyWithPrivate();

            privateKey.SetJwsParameters(key.Key, alg);
            _jsonWebKeyStore.Save(privateKey);

            /*Remove private*/
            privateKey.Revoke();
            _jsonWebKeyStore.Revoke(privateKey);

            var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).First(w => w.Kid == privateKey.KeyId);

            jsonWebKey.Kty.Should().NotBeNullOrEmpty();
            jsonWebKey.HasPrivateKey.Should().BeFalse();
            switch (jsonWebKey.Kty)
            {
            case JsonWebAlgorithmsKeyTypes.EllipticCurve:
                jsonWebKey.D.Should().BeNullOrEmpty();
                break;

            case JsonWebAlgorithmsKeyTypes.RSA:
                jsonWebKey.D.Should().BeNullOrEmpty();
                jsonWebKey.DP.Should().BeNullOrEmpty();
                jsonWebKey.DQ.Should().BeNullOrEmpty();
                jsonWebKey.P.Should().BeNullOrEmpty();
                jsonWebKey.Q.Should().BeNullOrEmpty();
                jsonWebKey.QI.Should().BeNullOrEmpty();
                break;

            case JsonWebAlgorithmsKeyTypes.Octet:
                jsonWebKey.K.Should().NotBeNullOrEmpty();
                break;
            }
        }
Пример #6
0
        public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
        {
            var key = Get(securityKeyWithPrivate.JwkType).First(f => f.Id == securityKeyWithPrivate.Id);

            if (key != null && key.IsRevoked)
            {
                return;
            }

            securityKeyWithPrivate.Revoke();
            var revocationElement = new XElement(RevocationElementName,
                                                 new XAttribute(VersionAttributeName, 1),
                                                 new XElement(RevocationDateElementName, DateTimeOffset.UtcNow),
                                                 new XElement(Name,
                                                              new XAttribute(IdAttributeName, securityKeyWithPrivate.Id)),
                                                 new XElement(ReasonElementName, "Revoked"));


            // Persist it to the underlying repository and trigger the cancellation token
            var friendlyName = string.Format(CultureInfo.InvariantCulture, "revocation-{0}-{1:D}-{2:yyyy_MM_dd_hh_mm_fffffff}", securityKeyWithPrivate.JwkType.ToString(), securityKeyWithPrivate.Id, DateTime.UtcNow);

            KeyRepository.StoreElement(revocationElement, friendlyName);
            ClearCache();
        }