/// <summary>
/// Returns a <see cref="SecurityKey"/> to use when validating the signature of a token.
/// </summary>
/// <param name="tokenKeyInfo">The <see cref="KeyInfo"/> field of the token being validated</param>
/// <param name="validationParameters">A <see cref="TokenValidationParameters"/> required for validation.</param>
/// <returns>Returns a <see cref="SecurityKey"/> to use for signature validation.</returns>
/// <remarks>If key fails to resolve, then null is returned</remarks>
internal static SecurityKey ResolveTokenSigningKey(KeyInfo tokenKeyInfo, TokenValidationParameters validationParameters)
{
if (tokenKeyInfo == null)
{
return(null);
}
if (validationParameters.IssuerSigningKey != null && tokenKeyInfo.MatchesKey(validationParameters.IssuerSigningKey))
{
return(validationParameters.IssuerSigningKey);
}
if (validationParameters.IssuerSigningKeys != null)
{
foreach (var key in validationParameters.IssuerSigningKeys)
{
if (tokenKeyInfo.MatchesKey(key))
{
return(key);
}
}
}
return(null);
}