From aa4d890cb3bb25ab1014fe9d285b03506f54f40d Mon Sep 17 00:00:00 2001 From: Kirill Kovalev <125643929+kirill-abblix@users.noreply.github.com> Date: Sat, 20 Apr 2024 13:43:27 +0300 Subject: [PATCH] Fixed loading JWK with private key for signing operation --- Abblix.Jwt.UnitTests/JwtEncryptionTests.cs | 10 ++-------- Abblix.Jwt/JsonWebKeyFactory.cs | 7 ++++--- .../Features/Tokens/Formatters/ClientJwtFormatter.cs | 2 +- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/Abblix.Jwt.UnitTests/JwtEncryptionTests.cs b/Abblix.Jwt.UnitTests/JwtEncryptionTests.cs index 5adb7401..c0c4e284 100644 --- a/Abblix.Jwt.UnitTests/JwtEncryptionTests.cs +++ b/Abblix.Jwt.UnitTests/JwtEncryptionTests.cs @@ -27,7 +27,6 @@ // For more information, please refer to the license agreement located at: // https://github.com/Abblix/Oidc.Server/blob/master/README.md -using System.Security.Cryptography; using System.Text.Json.Nodes; using Abblix.Utils; using Microsoft.IdentityModel.Tokens; @@ -37,13 +36,8 @@ namespace Abblix.Jwt.UnitTests; public class JwtEncryptionTests { - // Generates an RSA key for encryption. - private static readonly JsonWebKey EncryptingKey = JsonWebKeyFactory.CreateRsa(JsonWebKeyUseNames.Enc, 2048); - - // Generates an RSA key for signing. - private static readonly JsonWebKey SigningKey = JsonWebKeyFactory.CreateRsa(JsonWebKeyUseNames.Sig, 2048); - - // Helper method to generate RSA JsonWebKey. + private static readonly JsonWebKey EncryptingKey = JsonWebKeyFactory.CreateRsa(JsonWebKeyUseNames.Enc); + private static readonly JsonWebKey SigningKey = JsonWebKeyFactory.CreateRsa(JsonWebKeyUseNames.Sig); [Fact] public async Task JwtFullCycleTest() diff --git a/Abblix.Jwt/JsonWebKeyFactory.cs b/Abblix.Jwt/JsonWebKeyFactory.cs index 430ac9cb..77794382 100644 --- a/Abblix.Jwt/JsonWebKeyFactory.cs +++ b/Abblix.Jwt/JsonWebKeyFactory.cs @@ -50,9 +50,10 @@ public static class JsonWebKeyFactory { var algorithm = usage switch { - JsonWebKeyUseNames.Sig => "RS256", - JsonWebKeyUseNames.Enc => "RS256", - _ => throw new ArgumentException("Invalid usage specified. Valid options are 'sig' for signing or 'enc' for encryption.", nameof(usage)) + JsonWebKeyUseNames.Sig or JsonWebKeyUseNames.Enc => "RS256", + _ => throw new ArgumentException( + $"Invalid usage specified. Valid options are '{JsonWebKeyUseNames.Sig}' for signing or '{JsonWebKeyUseNames.Enc}' for encryption.", + nameof(usage)) }; using var rsa = RSA.Create(); diff --git a/Abblix.Oidc.Server/Features/Tokens/Formatters/ClientJwtFormatter.cs b/Abblix.Oidc.Server/Features/Tokens/Formatters/ClientJwtFormatter.cs index fd0b63a9..8c1970bc 100644 --- a/Abblix.Oidc.Server/Features/Tokens/Formatters/ClientJwtFormatter.cs +++ b/Abblix.Oidc.Server/Features/Tokens/Formatters/ClientJwtFormatter.cs @@ -69,7 +69,7 @@ public ClientJwtFormatter( /// public async Task FormatAsync(JsonWebToken token, ClientInfo clientInfo) { - var signingCredentials = await _serviceKeysProvider.GetSigningKeys() + var signingCredentials = await _serviceKeysProvider.GetSigningKeys(true) .FirstByAlgorithmAsync(token.Header.Algorithm); var encryptingCredentials = await _clientKeysProvider.GetEncryptionKeys(clientInfo)