Exemple #1
0
        private async Task RefreshCacheData()
        {
            try
            {
                DateTime now       = DateTime.UtcNow;
                DateTime cacheTime = DateTime.UtcNow.AddHours(-7);

                var timeStamp = await _cacheTimeStamp.GetAsync(CacheValidationKeyTimeStamp);

                if (timeStamp != null)
                {
                    cacheTime = DateTime.ParseExact(timeStamp.UtcTime, "O", CultureInfo.InvariantCulture, DateTimeStyles.RoundtripKind);
                }

                if (now < cacheTime.AddHours(6))
                {
                    return;
                }

                var keyBundles = await GetKeyBundleVersionsAsync();

                var queryKbs = from item in keyBundles
                               where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled
                               select item;
                keyBundles = queryKbs.ToList();

                var keyVaultClient       = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback);
                var queryRsaSecurityKeys = from item in keyBundles
                                           let c = new RsaSecurityKey(keyVaultClient.ToRSA(item))
                                                   select c;

                //     var currentKeyBundle = await _publicKeyProvider.GetKeyBundleAsync();
                //     var securityKey = new RsaSecurityKey(keyVaultClient.ToRSA(currentKeyBundle));
                //     var signingCredentials = new SigningCredentials(securityKey, securityKey.Rsa.SignatureAlgorithm);

                var jwks  = new List <JsonWebKey>();
                var query = from item in keyBundles
                            where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled
                            select item;
                _keyBundles = query.ToList();
                foreach (var keyBundle in _keyBundles)
                {
                    jwks.Add(new JsonWebKey(keyBundle.Key.ToString()));
                }

                var kid = await _publicKeyProvider.GetKeyIdentifierAsync();

                var jwk = await _publicKeyProvider.GetAsync();

                var parameters = new RSAParameters
                {
                    Exponent = Base64UrlEncoder.DecodeBytes(jwk.E),
                    Modulus  = Base64UrlEncoder.DecodeBytes(jwk.N)
                };
                var securityKey = new RsaSecurityKey(parameters)
                {
                    KeyId = jwk.Kid,
                };

                var signingCredentials            = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
                var tokenCreateSigningCredentials = await GetTokenCreationSigningCredentialsAsync();

                CacheData cacheData = new CacheData()
                {
                    RsaSecurityKeys    = queryRsaSecurityKeys.ToList(),
                    SigningCredentials = signingCredentials,
                    JsonWebKeys        = jwks,
                    KeyIdentifier      = kid
                };
                await _cachedData.SetAsync(CacheValidationKey, cacheData, TimeSpan.FromHours(6));

                await _cacheTimeStamp.SetAsync(CacheValidationKeyTimeStamp, new TimeStamp()
                {
                    UtcTime = DateTime.UtcNow.ToString("O")
                }, TimeSpan.FromHours(6));
            }
            catch (Exception e)
            {
                _logger.LogCritical(e, "KeyVault RefreshCacheData fatal exception");
                throw;
            }
        }
        private async Task RefreshCacheData()
        {
            try
            {
                DateTime now       = DateTime.UtcNow;
                DateTime cacheTime = DateTime.UtcNow.AddHours(-7);

                var timeStamp = await _cacheTimeStamp.GetAsync(CacheValidationKeyTimeStamp);

                if (timeStamp != null)
                {
                    cacheTime = DateTime.ParseExact(timeStamp.UtcTime, "O", CultureInfo.InvariantCulture, DateTimeStyles.RoundtripKind);
                }

                if (now < cacheTime.AddHours(6))
                {
                    return;
                }

                _keyBundles = await GetKeyBundleVersionsAsync();

                var queryKbs = from item in _keyBundles
                               where item.Attributes.Enabled != null && (bool)item.Attributes.Enabled &&
                               (item.Attributes.Expires == null || item.Attributes.Expires > DateTime.UtcNow)
                               select item;
                _keyBundles = queryKbs.ToList();

                var latestKB = GetLatestKeyBundleWithRolloverDelay(_keyBundles);

                X509Certificate2 x509Certificate2 = null;
                if (!_keyVaultOptions.UseKeyVaultSigning)
                {
                    var x509Certificate2s = await GetAllCertificateVersions();

                    x509Certificate2 = GetLatestCertificateWithRolloverDelay(x509Certificate2s);
                }

                var keyVaultClient       = new KeyVaultClient(_azureKeyVaultAuthentication.KeyVaultClientAuthenticationCallback);
                var queryRsaSecurityKeys = from item in _keyBundles
                                           let c = new RsaSecurityKey(keyVaultClient.ToRSA(item))
                {
                    KeyId = StipPort(item.KeyIdentifier.Identifier)
                }
                select c;

                var jwks = new List <JsonWebKey>();
                foreach (var keyBundle in _keyBundles)
                {
                    jwks.Add(new JsonWebKey(keyBundle.Key.ToString()));
                }

                var jwk = latestKB.Key;
                var kid = latestKB.KeyIdentifier;

                var parameters = new RSAParameters
                {
                    Exponent = jwk.E,
                    Modulus  = jwk.N
                };
                var securityKey = new RsaSecurityKey(parameters)
                {
                    KeyId = jwk.Kid,
                };

                SigningCredentials signingCredentials;
                if (_keyVaultOptions.UseKeyVaultSigning)
                {
                    signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
                }
                else
                {
                    signingCredentials = new MySigningCredentials(x509Certificate2);
                }


                CacheData cacheData = new CacheData()
                {
                    RsaSecurityKeys    = queryRsaSecurityKeys.ToList(),
                    SigningCredentials = signingCredentials,
                    JsonWebKeys        = jwks,
                    KeyIdentifier      = kid,
                    X509Certificate2   = x509Certificate2
                };
                await _cachedData.SetAsync(CacheValidationKey, cacheData, TimeSpan.FromHours(6));

                await _cacheTimeStamp.SetAsync(CacheValidationKeyTimeStamp, new TimeStamp()
                {
                    UtcTime = DateTime.UtcNow.ToString("O")
                }, TimeSpan.FromHours(6));
            }
            catch (Exception e)
            {
                _logger.LogCritical(e, "KeyVault RefreshCacheData fatal exception");
                throw;
            }
        }