I am using RSACryptoServiceProvider for signing JWT tokens, and everying works fine. Now following the JWT and JWK spec, I need provide x5c value to client for validating the signature of the signed JWT. So, How can I generate the x5c value given I have a valid RSACryptoServiceProvider instance in C#?
I found RSACryptoServiceProvider.ExportParameters method can export all parameters of the RSA, but have no idea how to compose the x5c value based on that.
x5c is the X.509 chain, which requires that you have a certificate (instead of a raw RSA key).
If you have an X509Certificate2 object which you used for private key retrieval, or otherwise have a certificate representing that key, you can build the chain via
X509Chain chain = new X509Chain()
bool success = chain.Build(cert);
if (!success)
throw new Exception("eep");
Then for each chain.ChainElements value, take the Certificate property RawValue property (and base64 encode it).
I didn't look at the spec enough to know if you should skip the first element (your cert) and/or the last one (the root cert). But that should be enough to get started.
