From 907e07f618e9f4d2d56f2e5bf048485c6d695c47 Mon Sep 17 00:00:00 2001 From: Damian Hickey Date: Fri, 20 Feb 2026 20:18:50 +0100 Subject: [PATCH] Make CT required in IValidationKeysStore, ISigningCredentialStore, IAutomaticKeyManagerKeyStore, eliminating default stopgaps in DefaultKeyMaterialService and AutomaticKeyManagerKeyStore --- .../Default/DefaultKeyMaterialService.cs | 12 +++++------ .../AutomaticKeyManagerKeyStore.cs | 21 ++++++++++--------- .../Stores/ISigningCredentialStore.cs | 3 ++- .../Stores/IValidationKeysStore.cs | 3 ++- .../InMemorySigningCredentialsStore.cs | 2 +- .../InMemory/InMemoryValidationKeysStore.cs | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultKeyMaterialService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultKeyMaterialService.cs index 2de8c2769..903004cd4 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultKeyMaterialService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultKeyMaterialService.cs @@ -46,14 +46,14 @@ public class DefaultKeyMaterialService : IKeyMaterialService var list = _signingCredentialStores.ToList(); for (var i = 0; i < list.Count; i++) { - var key = await list[i].GetSigningCredentialsAsync(); + var key = await list[i].GetSigningCredentialsAsync(ct); if (key != null) { return key; } } - var automaticKey = await _keyManagerKeyStore.GetSigningCredentialsAsync(); + var automaticKey = await _keyManagerKeyStore.GetSigningCredentialsAsync(ct); if (automaticKey != null) { return automaticKey; @@ -82,14 +82,14 @@ public class DefaultKeyMaterialService : IKeyMaterialService foreach (var store in _signingCredentialStores) { - var signingKey = await store.GetSigningCredentialsAsync(); + var signingKey = await store.GetSigningCredentialsAsync(ct); if (signingKey != null) { credentials.Add(signingKey); } } - var automaticSigningKeys = await _keyManagerKeyStore.GetAllSigningCredentialsAsync(); + var automaticSigningKeys = await _keyManagerKeyStore.GetAllSigningCredentialsAsync(ct); if (automaticSigningKeys != null) { credentials.AddRange(automaticSigningKeys); @@ -105,7 +105,7 @@ public class DefaultKeyMaterialService : IKeyMaterialService var keys = new List(); - var automaticSigningKeys = await _keyManagerKeyStore.GetValidationKeysAsync(); + var automaticSigningKeys = await _keyManagerKeyStore.GetValidationKeysAsync(ct); if (automaticSigningKeys?.Any() == true) { keys.AddRange(automaticSigningKeys); @@ -113,7 +113,7 @@ public class DefaultKeyMaterialService : IKeyMaterialService foreach (var store in _validationKeysStores) { - var validationKeys = await store.GetValidationKeysAsync(); + var validationKeys = await store.GetValidationKeysAsync(ct); keys.AddRange(validationKeys); } diff --git a/identity-server/src/IdentityServer/Services/Default/KeyManagement/AutomaticKeyManagerKeyStore.cs b/identity-server/src/IdentityServer/Services/Default/KeyManagement/AutomaticKeyManagerKeyStore.cs index b241fad0f..ec7435b33 100644 --- a/identity-server/src/IdentityServer/Services/Default/KeyManagement/AutomaticKeyManagerKeyStore.cs +++ b/identity-server/src/IdentityServer/Services/Default/KeyManagement/AutomaticKeyManagerKeyStore.cs @@ -17,8 +17,9 @@ public interface IAutomaticKeyManagerKeyStore : IValidationKeysStore, ISigningCr /// /// Gets all the signing credentials. /// + /// /// - Task> GetAllSigningCredentialsAsync(); + Task> GetAllSigningCredentialsAsync(CT ct); } /// @@ -27,13 +28,13 @@ public interface IAutomaticKeyManagerKeyStore : IValidationKeysStore, ISigningCr internal class NopAutomaticKeyManagerKeyStore : IAutomaticKeyManagerKeyStore { /// - public Task GetSigningCredentialsAsync() => Task.FromResult(null); + public Task GetSigningCredentialsAsync(CT ct) => Task.FromResult(null); /// - public Task> GetAllSigningCredentialsAsync() => Task.FromResult(Enumerable.Empty()); + public Task> GetAllSigningCredentialsAsync(CT ct) => Task.FromResult(Enumerable.Empty()); /// - public Task> GetValidationKeysAsync() => Task.FromResult(Enumerable.Empty()); + public Task> GetValidationKeysAsync(CT ct) => Task.FromResult(Enumerable.Empty()); } /// @@ -56,41 +57,41 @@ public class AutomaticKeyManagerKeyStore : IAutomaticKeyManagerKeyStore } /// - public async Task GetSigningCredentialsAsync() + public async Task GetSigningCredentialsAsync(CT ct) { if (!_options.Enabled) { return null; } - var credentials = await GetAllSigningCredentialsAsync(); + var credentials = await GetAllSigningCredentialsAsync(ct); var alg = _options.DefaultSigningAlgorithm; var credential = credentials.FirstOrDefault(x => alg == x.Algorithm); return credential; } /// - public async Task> GetAllSigningCredentialsAsync() + public async Task> GetAllSigningCredentialsAsync(CT ct) { if (!_options.Enabled) { return Enumerable.Empty(); } - var keyContainers = await _keyManager.GetCurrentKeysAsync(default); + var keyContainers = await _keyManager.GetCurrentKeysAsync(ct); var credentials = keyContainers.Select(x => new SigningCredentials(x.ToSecurityKey(), x.Algorithm)); return credentials; } /// - public async Task> GetValidationKeysAsync() + public async Task> GetValidationKeysAsync(CT ct) { if (!_options.Enabled) { return Enumerable.Empty(); } - var containers = await _keyManager.GetAllKeysAsync(default); + var containers = await _keyManager.GetAllKeysAsync(ct); var keys = containers.Select(x => new SecurityKeyInfo { Key = x.ToSecurityKey(), diff --git a/identity-server/src/IdentityServer/Stores/ISigningCredentialStore.cs b/identity-server/src/IdentityServer/Stores/ISigningCredentialStore.cs index 4ab3ad833..7de737c56 100644 --- a/identity-server/src/IdentityServer/Stores/ISigningCredentialStore.cs +++ b/identity-server/src/IdentityServer/Stores/ISigningCredentialStore.cs @@ -14,6 +14,7 @@ public interface ISigningCredentialStore /// /// Gets the signing credentials. /// + /// /// - Task GetSigningCredentialsAsync(); + Task GetSigningCredentialsAsync(CT ct); } diff --git a/identity-server/src/IdentityServer/Stores/IValidationKeysStore.cs b/identity-server/src/IdentityServer/Stores/IValidationKeysStore.cs index dbe523da7..740598249 100644 --- a/identity-server/src/IdentityServer/Stores/IValidationKeysStore.cs +++ b/identity-server/src/IdentityServer/Stores/IValidationKeysStore.cs @@ -14,6 +14,7 @@ public interface IValidationKeysStore /// /// Gets all validation keys. /// + /// /// - Task> GetValidationKeysAsync(); + Task> GetValidationKeysAsync(CT ct); } diff --git a/identity-server/src/IdentityServer/Stores/InMemory/InMemorySigningCredentialsStore.cs b/identity-server/src/IdentityServer/Stores/InMemory/InMemorySigningCredentialsStore.cs index 5bec161f6..646baa44d 100644 --- a/identity-server/src/IdentityServer/Stores/InMemory/InMemorySigningCredentialsStore.cs +++ b/identity-server/src/IdentityServer/Stores/InMemory/InMemorySigningCredentialsStore.cs @@ -24,7 +24,7 @@ public class InMemorySigningCredentialsStore : ISigningCredentialStore /// Gets the signing credentials. /// /// - public Task GetSigningCredentialsAsync() + public Task GetSigningCredentialsAsync(CT ct) { using var activity = Tracing.StoreActivitySource.StartActivity("InMemorySigningCredentialsStore.GetSigningCredentials"); diff --git a/identity-server/src/IdentityServer/Stores/InMemory/InMemoryValidationKeysStore.cs b/identity-server/src/IdentityServer/Stores/InMemory/InMemoryValidationKeysStore.cs index 8d4c9fd51..88672b33c 100644 --- a/identity-server/src/IdentityServer/Stores/InMemory/InMemoryValidationKeysStore.cs +++ b/identity-server/src/IdentityServer/Stores/InMemory/InMemoryValidationKeysStore.cs @@ -25,7 +25,7 @@ public class InMemoryValidationKeysStore : IValidationKeysStore /// Gets all validation keys. /// /// - public Task> GetValidationKeysAsync() + public Task> GetValidationKeysAsync(CT ct) { using var activity = Tracing.StoreActivitySource.StartActivity("InMemoryValidationKeysStore.GetValidationKeys");