Example #1
0
        /// <inheritdoc/>
        public IExternalAccount Validate(JsonWebKey accountKey, JsonWebSignature token)
        {
            #region Check arguments
            if (accountKey is null)
            {
                throw new ArgumentNullException(nameof(accountKey));
            }
            if (token is null)
            {
                throw new ArgumentNullException(nameof(token));
            }
            #endregion

            var @prtoected = token.GetProtected();

            var eabPayload = token.GetPayload <JsonWebKey>();
            if (!eabPayload.Equals(accountKey))
            {
                throw new MalformedException("Signed content in externalAccountBinding doesn't match to requirement"); // TODO check rfc error
            }

            var externalAccount = GetById(@prtoected.KeyID);
            if (externalAccount.Status != Protocol.ExternalAccountStatus.Pending)
            {
                throw new MalformedException("External account has wrong status"); // TODO check rfc error
            }

            var key = Base64Url.Decode(externalAccount.Key);

            externalAccount.Status = token.Verify(key)
                ? Protocol.ExternalAccountStatus.Valid
                : Protocol.ExternalAccountStatus.Invalid;
            ExternalAccountRepository.Update(externalAccount);

            Logger.Info("External account {id} status updated to {status}", externalAccount.Id, externalAccount.Status);

            return(externalAccount);
        }