/// <summary>Configure the signature behavior for a specific <paramref name="issuer"/>.</summary>
public TokenValidationPolicyBuilder RequireSignatureByDefault(string issuer, IKeyProvider keyProvider, SignatureAlgorithm defaultAlgorithm)
{
if (issuer is null)
{
throw new ArgumentNullException(nameof(issuer));
}
if (keyProvider is null)
{
throw new ArgumentNullException(nameof(keyProvider));
}
if (defaultAlgorithm is null)
{
throw new ArgumentNullException(nameof(defaultAlgorithm));
}
if (defaultAlgorithm == SignatureAlgorithm.None)
{
throw new ArgumentException($"The algorithm 'none' is not valid with the method {nameof(RequireSignature)}. Use the method {nameof(AcceptUnsecureToken)} instead.", nameof(defaultAlgorithm));
}
_hasSignatureValidation = true;
var policy = SignatureValidationPolicy.Create(keyProvider, defaultAlgorithm);
_signaturePolicies[issuer] = policy;
return(this);
}
/// <summary>Builds the <see cref="TokenValidationPolicy"/>.</summary>
public TokenValidationPolicy Build()
{
Validate();
SignatureValidationPolicy signaturePolicy;
if (_signaturePolicies.Count == 0)
{
signaturePolicy = _defaultSignaturePolicy;
}
else if (_signaturePolicies.Count == 1)
{
var first = _signaturePolicies.First();
signaturePolicy = SignatureValidationPolicy.Create(first.Key, first.Value);
}
else
{
signaturePolicy = SignatureValidationPolicy.Create(_signaturePolicies, _defaultSignaturePolicy);
}
var policy = new TokenValidationPolicy(
validators: _validators.ToArray(),
criticalHandlers: _criticalHeaderHandlers,
maximumTokenSizeInBytes: _maximumTokenSizeInBytes,
ignoreCriticalHeader: _ignoreCriticalHeader,
ignoreNestedToken: _ignoreNestedToken,
headerCacheDisabled: _headerCacheDisabled,
signaturePolicy: signaturePolicy,
encryptionKeyProviders: _decryptionKeysProviders,
issuers: _issuers.ToArray(),
audiences: _audiences.ToArray(),
clockSkew: _clockSkew,
control: _control);
return(policy);
}
/// <summary>
/// Defines the default signature validation when there is no issuer configuration.
/// Use the method <see cref="RequireSignatureByDefault(string, IKeyProvider, SignatureAlgorithm?)"/> for linking the issuer with the signature.
/// </summary>
public TokenValidationPolicyBuilder RequireSignatureByDefault(IKeyProvider keyProvider, SignatureAlgorithm?algorithm)
{
_hasSignatureValidation = true;
_defaultSignaturePolicy = SignatureValidationPolicy.Create(keyProvider, algorithm);
return(this);
}
