private static EncryptionKey GetEncryptionKeyFromConfiguration(IConfigurationRoot configuration)
{
Uri keyVaultKeyUri = new Uri(configuration["AzureKeyVaultKeyIdentifier"]);
if (!keyVaultKeyUri.Host.Contains("vault.azure.net") || keyVaultKeyUri.Segments.Length != 4 || keyVaultKeyUri.Segments[1] != "keys/")
{
throw new ArgumentException("Invalid 'AzureKeyVaultKeyIdentifier' - Expected format: 'https://<key-vault-name>.vault.azure.net/keys/<key-name>/<key-version>'", "AzureKeyVaultKeyIdentifier");
}
var encryptionKey = new EncryptionKey
{
KeyVaultUri = $"{keyVaultKeyUri.Scheme}://{keyVaultKeyUri.Host}",
KeyVaultKeyName = keyVaultKeyUri.Segments[2].Trim('/'),
KeyVaultKeyVersion = keyVaultKeyUri.Segments[3].Trim('/')
};
string applicationId = configuration["AzureActiveDirectoryApplicationId"];
if (!string.IsNullOrWhiteSpace(applicationId))
{
encryptionKey.AccessCredentials = new AzureActiveDirectoryApplicationCredentials
{
ApplicationId = applicationId,
ApplicationSecret = configuration["AzureActiveDirectoryApplicationSecret"]
};
}
encryptionKey.Validate();
return(encryptionKey);
}
/// <summary>
/// Validate the object.
/// </summary>
/// <exception cref="ValidationException">
/// Thrown if validation fails
/// </exception>
public virtual void Validate()
{
if (StorageAccountCredentialId == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "StorageAccountCredentialId");
}
if (EncryptionKey != null)
{
EncryptionKey.Validate();
}
}