HwProj-2.0.1/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/JwksController.cs at 2f3c1d63efd8d946869362576224236575fb70e3 · InteIIigeNET/HwProj-2.0.1 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
using System.Security.Cryptography;
using HwProj.APIGateway.API.Lti.Configuration;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;

namespace HwProj.APIGateway.API.Lti.Controllers;

[Route("api/lti")]
[ApiController]
public class JwksController(IOptions<LtiPlatformConfig> options) : ControllerBase
{
    private readonly LtiPlatformConfig _config = options.Value;

    [HttpGet("jwks")]
    [AllowAnonymous]
    public IActionResult GetJwks()
    {
        var keyConfig = _config.SigningKey;

        if (string.IsNullOrEmpty(keyConfig?.PrivateKeyPem))
        {
            return StatusCode(500, "Signing key is not configured.");
        }

        using var rsa = RSA.Create();
        try
        {
            rsa.ImportFromPem(keyConfig.PrivateKeyPem);
        }
        catch (CryptographicException)
        {
            return StatusCode(500, "Invalid Private Key format in configuration.");
        }

        var publicParams = rsa.ExportParameters(false);

        var jwks = new
        {
            keys = new[]
            {
                new
                {
                    kty = "RSA",
                    e = Base64UrlEncoder.Encode(publicParams.Exponent),
                    n = Base64UrlEncoder.Encode(publicParams.Modulus),
                    kid = keyConfig.KeyId,
                    alg = "RS256",
                    use = "sig"
                }
            }
        };

        return Ok(jwks);
    }
}