internal static async Task <JsonWebKey> DecryptSymmetricPopKeyAsync(JsonWebTokenHandler jwtTokenHandler, string jwe, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (string.IsNullOrEmpty(jwe))
{
throw LogHelper.LogArgumentNullException(nameof(jwe));
}
var jweJwt = jwtTokenHandler.ReadJsonWebToken(jwe);
IEnumerable <SecurityKey> decryptionKeys;
if (signedHttpRequestValidationContext.SignedHttpRequestValidationParameters.CnfDecryptionKeysResolverAsync != null)
{
decryptionKeys = await signedHttpRequestValidationContext.SignedHttpRequestValidationParameters.CnfDecryptionKeysResolverAsync(jweJwt, cancellationToken).ConfigureAwait(false);
}
else
{
decryptionKeys = signedHttpRequestValidationContext.SignedHttpRequestValidationParameters.CnfDecryptionKeys;
}
if (decryptionKeys == null || !decryptionKeys.Any())
{
throw LogHelper.LogExceptionMessage(new SignedHttpRequestInvalidPopKeyException(LogHelper.FormatInvariant(LogMessages.IDX23017)));
}
var tokenDecryptionParameters = new TokenValidationParameters()
{
TokenDecryptionKeys = decryptionKeys,
RequireSignedTokens = false,
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuerSigningKey = false,
};
try
{
var decryptedJson = jwtTokenHandler.DecryptToken(jweJwt, tokenDecryptionParameters);
return(new JsonWebKey(decryptedJson));
}
catch (Exception e)
{
throw LogHelper.LogExceptionMessage(new SignedHttpRequestInvalidPopKeyException(LogHelper.FormatInvariant(LogMessages.IDX23018, string.Join(", ", decryptionKeys.Select(x => x?.KeyId ?? "Null")), e), e));
}
}
