public void PostConfigure(string name, MonitorApiKeyConfiguration options)
{
MonitorApiKeyOptions sourceOptions = _apiKeyOptions.CurrentValue;
IList <ValidationResult> errors = new List <ValidationResult>();
Validator.TryValidateObject(
sourceOptions,
new ValidationContext(sourceOptions, null, null),
errors,
validateAllProperties: true);
string jwkJson = null;
try
{
jwkJson = Base64UrlEncoder.Decode(sourceOptions.PublicKey);
}
catch (Exception)
{
errors.Add(
new ValidationResult(
string.Format(
Strings.ErrorMessage_NotBase64,
nameof(MonitorApiKeyOptions.PublicKey),
sourceOptions.PublicKey),
new string[] { nameof(MonitorApiKeyOptions.PublicKey) }));
}
JsonWebKey jwk = null;
if (!string.IsNullOrEmpty(jwkJson))
{
try
{
jwk = JsonWebKey.Create(jwkJson);
}
// JsonWebKey will throw only throw ArgumentException or a derived class.
catch (ArgumentException ex)
{
errors.Add(
new ValidationResult(
string.Format(
Strings.ErrorMessage_InvalidJwk,
nameof(MonitorApiKeyOptions.PublicKey),
sourceOptions.PublicKey,
ex.Message),
new string[] { nameof(MonitorApiKeyOptions.PublicKey) }));
}
}
if (null != jwk)
{
if (!JwtAlgorithmChecker.IsValidJwk(jwk))
{
errors.Add(
new ValidationResult(
string.Format(
Strings.ErrorMessage_RejectedJwk,
nameof(MonitorApiKeyOptions.PublicKey)),
new string[] { nameof(MonitorApiKeyOptions.PublicKey) }));
}
// We will let the algorithm work with private key but we should produce a warning message
else if (jwk.HasPrivateKey)
{
_logger.NotifyPrivateKey(nameof(MonitorApiKeyOptions.PublicKey));
}
}
options.ValidationErrors = errors;
if (errors.Any())
{
options.Subject = string.Empty;
options.PublicKey = null;
}
else
{
options.Subject = sourceOptions.Subject;
options.PublicKey = jwk;
}
}
private void OnReload(MonitorApiKeyOptions options)
{
Interlocked.Exchange(ref _reloadToken, new ConfigurationReloadToken()).OnReload();
}
