Support X.509 Certificate Chain in X509SecurityKey

AzureAD / azure-activedirectory-identitymodel-extensions-for-dotnet

IdentityModel extensions for .Net

MIT License

1.06k stars 400 forks source link

Support X.509 Certificate Chain in X509SecurityKey #1146

Open GeoK opened 5 years ago

GeoK commented 5 years ago

Currently we are using all certificates, which are part of 'x5c' certificate chain, as X509SecurityKeys. By the rfc7517, only the first key should be used to perform any signing operations. We should threat only the first certificate from a 'x5c' certificate chain as an X509SecurityKey and others as part of a certificate chain.

keegan-caruso commented 2 months ago

@GeoK - Is this still needed?