private async Task RefreshCacheData()
{
try
{
DateTime now = DateTime.UtcNow;
DateTime cacheTime = DateTime.UtcNow.AddHours(-7);
var timeStamp = await _cacheTimeStamp.GetAsync(CacheValidationKeyTimeStamp);
if (timeStamp != null)
{
cacheTime = DateTime.ParseExact(timeStamp.UtcTime, "O", CultureInfo.InvariantCulture, DateTimeStyles.RoundtripKind);
}
if (now < cacheTime.AddHours(6))
{
return;
}
_keyBundles = await GetKeyBundleVersionsAsync();
var queryKbs = from item in _keyBundles
where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled &&
(item.Attributes.Expires == null || item.Attributes.Expires > DateTime.UtcNow)
select item;
_keyBundles = queryKbs.ToList();
var latestKB = GetLatestKeyBundleWithRolloverDelay(_keyBundles);
X509Certificate2 x509Certificate2 = null;
if (!_keyVaultOptions.UseKeyVaultSigning)
{
var x509Certificate2s = await GetAllCertificateVersions();
x509Certificate2 = GetLatestCertificateWithRolloverDelay(x509Certificate2s);
}
var keyVaultClient = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback);
var queryRsaSecurityKeys = from item in _keyBundles
let c = new RsaSecurityKey(keyVaultClient.ToRSA(item))
{
KeyId = StipPort(item.KeyIdentifier.Identifier)
}
select c;
var jwks = new List <JsonWebKey>();
foreach (var keyBundle in _keyBundles)
{
jwks.Add(new JsonWebKey(keyBundle.Key.ToString()));
}
var jwk = latestKB.Key;
var kid = latestKB.KeyIdentifier;
var parameters = new RSAParameters
{
Exponent = jwk.E,
Modulus = jwk.N
};
var securityKey = new RsaSecurityKey(parameters)
{
KeyId = jwk.Kid,
};
SigningCredentials signingCredentials;
if (_keyVaultOptions.UseKeyVaultSigning)
{
signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
}
else
{
signingCredentials = new MySigningCredentials(x509Certificate2);
}
CacheData cacheData = new CacheData()
{
RsaSecurityKeys = queryRsaSecurityKeys.ToList(),
SigningCredentials = signingCredentials,
JsonWebKeys = jwks,
KeyIdentifier = kid,
X509Certificate2 = x509Certificate2
};
await _cachedData.SetAsync(CacheValidationKey, cacheData, TimeSpan.FromHours(6));
await _cacheTimeStamp.SetAsync(CacheValidationKeyTimeStamp, new TimeStamp()
{
UtcTime = DateTime.UtcNow.ToString("O")
}, TimeSpan.FromHours(6));
}
catch (Exception e)
{
_logger.LogCritical(e, "KeyVault RefreshCacheData fatal exception");
throw;
}
}
private async Task RefreshCacheData()
{
try
{
DateTime now = DateTime.UtcNow;
DateTime cacheTime = DateTime.UtcNow.AddHours(-7);
var timeStamp = await _cacheTimeStamp.GetAsync(CacheValidationKeyTimeStamp);
if (timeStamp != null)
{
cacheTime = DateTime.ParseExact(timeStamp.UtcTime, "O", CultureInfo.InvariantCulture, DateTimeStyles.RoundtripKind);
}
if (now < cacheTime.AddHours(6))
{
return;
}
var keyBundles = await GetKeyBundleVersionsAsync();
var queryKbs = from item in keyBundles
where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled
select item;
keyBundles = queryKbs.ToList();
X509Certificate2 x509Certificate2 = null;
if (!_keyVaultOptions.UseKeyVaultSigning)
{
x509Certificate2 = await GetX509Certificate2Async();
}
var keyVaultClient = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback);
var queryRsaSecurityKeys = from item in keyBundles
let c = new RsaSecurityKey(keyVaultClient.ToRSA(item))
select c;
// var currentKeyBundle = await _publicKeyProvider.GetKeyBundleAsync();
// var securityKey = new RsaSecurityKey(keyVaultClient.ToRSA(currentKeyBundle));
// var signingCredentials = new SigningCredentials(securityKey, securityKey.Rsa.SignatureAlgorithm);
var jwks = new List <JsonWebKey>();
var query = from item in keyBundles
where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled
select item;
_keyBundles = query.ToList();
foreach (var keyBundle in _keyBundles)
{
jwks.Add(new JsonWebKey(keyBundle.Key.ToString()));
}
var kid = await _publicKeyProvider.GetKeyIdentifierAsync();
var jwk = await _publicKeyProvider.GetAsync();
var parameters = new RSAParameters
{
Exponent = Base64UrlEncoder.DecodeBytes(jwk.E),
Modulus = Base64UrlEncoder.DecodeBytes(jwk.N)
};
var securityKey = new RsaSecurityKey(parameters)
{
KeyId = jwk.Kid,
};
SigningCredentials signingCredentials;
if (_keyVaultOptions.UseKeyVaultSigning)
{
signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
// var tokenCreateSigningCredentials = await GetTokenCreationSigningCredentialsAsync();
}
else
{
signingCredentials = new MySigningCredentials(x509Certificate2);
}
CacheData cacheData = new CacheData()
{
RsaSecurityKeys = queryRsaSecurityKeys.ToList(),
SigningCredentials = signingCredentials,
JsonWebKeys = jwks,
KeyIdentifier = kid,
X509Certificate2 = x509Certificate2
};
await _cachedData.SetAsync(CacheValidationKey, cacheData, TimeSpan.FromHours(6));
await _cacheTimeStamp.SetAsync(CacheValidationKeyTimeStamp, new TimeStamp()
{
UtcTime = DateTime.UtcNow.ToString("O")
}, TimeSpan.FromHours(6));
}
catch (Exception e)
{
_logger.LogCritical(e, "KeyVault RefreshCacheData fatal exception");
throw;
}
}
