/// <summary> /// Returns the JsonWebKeys as a <see cref="IList{SecurityKey}"/>. /// </summary> /// <remarks> /// To include unresolved JsonWebKeys in the resulting <see cref="SecurityKey"/> collection, set <see cref="SkipUnresolvedJsonWebKeys"/> to <c>false</c>. /// </remarks> public IList <SecurityKey> GetSigningKeys() { var signingKeys = new List <SecurityKey>(); foreach (var webKey in Keys) { // skip if "use" (Public Key Use) parameter is not empty or "sig". // https://tools.ietf.org/html/rfc7517#section-4.2 if (!string.IsNullOrEmpty(webKey.Use) && !webKey.Use.Equals(JsonWebKeyUseNames.Sig, StringComparison.Ordinal)) { LogHelper.LogInformation(LogHelper.FormatInvariant(LogMessages.IDX10808, webKey, webKey.Use)); if (!SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } continue; } if (JsonWebAlgorithmsKeyTypes.RSA.Equals(webKey.Kty, StringComparison.Ordinal)) { var rsaKeyResolved = true; // in this case, even though RSA was specified, we can't resolve. if ((webKey.X5c == null || webKey.X5c.Count == 0) && (string.IsNullOrEmpty(webKey.E) && string.IsNullOrEmpty(webKey.N))) { rsaKeyResolved = false; } else { // in this case X509SecurityKey should be resolved. if (webKey.X5c != null && webKey.X5c.Count != 0) { if (JsonWebKeyConverter.TryConvertToX509SecurityKey(webKey, out SecurityKey securityKey)) { signingKeys.Add(securityKey); } else { rsaKeyResolved = false; } } // in this case RsaSecurityKey should be resolved. if (!string.IsNullOrEmpty(webKey.E) && !string.IsNullOrEmpty(webKey.N)) { if (JsonWebKeyConverter.TryCreateToRsaSecurityKey(webKey, out SecurityKey securityKey)) { signingKeys.Add(securityKey); } else { rsaKeyResolved = false; } } } if (!rsaKeyResolved && !SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } } else if (JsonWebAlgorithmsKeyTypes.EllipticCurve.Equals(webKey.Kty, StringComparison.Ordinal)) { if (JsonWebKeyConverter.TryConvertToECDsaSecurityKey(webKey, out SecurityKey securityKey)) { signingKeys.Add(securityKey); } else if (!SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } } else { LogHelper.LogInformation(LogHelper.FormatInvariant(LogMessages.IDX10810, webKey)); if (!SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } } } return(signingKeys); }
/// <summary> /// Returns the JsonWebKeys as a <see cref="IList{SecurityKey}"/>. /// </summary> /// <remarks> /// To include unresolved JsonWebKeys in the resulting <see cref="SecurityKey"/> collection, set <see cref="SkipUnresolvedJsonWebKeys"/> to <c>false</c>. /// </remarks> public IList <SecurityKey> GetSigningKeys() { var signingKeys = new List <SecurityKey>(); foreach (var webKey in Keys) { // skip if "use" (Public Key Use) parameter is not empty or "sig". // https://datatracker.ietf.org/doc/html/rfc7517#section-4.2 if (!string.IsNullOrEmpty(webKey.Use) && !webKey.Use.Equals(JsonWebKeyUseNames.Sig)) { string convertKeyInfo = LogHelper.FormatInvariant(LogMessages.IDX10808, webKey, webKey.Use); webKey.ConvertKeyInfo = convertKeyInfo; LogHelper.LogInformation(convertKeyInfo); if (!SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } continue; } if (JsonWebAlgorithmsKeyTypes.RSA.Equals(webKey.Kty)) { var rsaKeyResolved = true; // in this case, even though RSA was specified, we can't resolve. if ((webKey.X5c == null || webKey.X5c.Count == 0) && (string.IsNullOrEmpty(webKey.E) && string.IsNullOrEmpty(webKey.N))) { var missingComponent = new List <string> { JsonWebKeyParameterNames.X5c, JsonWebKeyParameterNames.E, JsonWebKeyParameterNames.N }; string convertKeyInfo = LogHelper.FormatInvariant(LogMessages.IDX10814, LogHelper.MarkAsNonPII(typeof(RsaSecurityKey)), webKey, LogHelper.MarkAsNonPII(string.Join(", ", missingComponent))); webKey.ConvertKeyInfo = convertKeyInfo; LogHelper.LogInformation(convertKeyInfo); rsaKeyResolved = false; } else { // in this case X509SecurityKey should be resolved. if (IsValidX509SecurityKey(webKey)) { if (JsonWebKeyConverter.TryConvertToX509SecurityKey(webKey, out SecurityKey securityKey)) { signingKeys.Add(securityKey); } else { rsaKeyResolved = false; } } // in this case RsaSecurityKey should be resolved. if (IsValidRsaSecurityKey(webKey)) { if (JsonWebKeyConverter.TryCreateToRsaSecurityKey(webKey, out SecurityKey securityKey)) { signingKeys.Add(securityKey); } else { rsaKeyResolved = false; } } } if (!rsaKeyResolved && !SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } } else if (JsonWebAlgorithmsKeyTypes.EllipticCurve.Equals(webKey.Kty)) { if (JsonWebKeyConverter.TryConvertToECDsaSecurityKey(webKey, out SecurityKey securityKey)) { signingKeys.Add(securityKey); } else if (!SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } } else { string convertKeyInfo = LogHelper.FormatInvariant(LogMessages.IDX10810, webKey); webKey.ConvertKeyInfo = convertKeyInfo; LogHelper.LogInformation(convertKeyInfo); if (!SkipUnresolvedJsonWebKeys) { signingKeys.Add(webKey); } } } return(signingKeys); }