/// <inheritdoc/>
public IExternalAccount Validate(JsonWebKey accountKey, JsonWebSignature token)
{
#region Check arguments
if (accountKey is null)
{
throw new ArgumentNullException(nameof(accountKey));
}
if (token is null)
{
throw new ArgumentNullException(nameof(token));
}
#endregion
var @prtoected = token.GetProtected();
var eabPayload = token.GetPayload <JsonWebKey>();
if (!eabPayload.Equals(accountKey))
{
throw new MalformedException("Signed content in externalAccountBinding doesn't match to requirement"); // TODO check rfc error
}
var externalAccount = GetById(@prtoected.KeyID);
if (externalAccount.Status != Protocol.ExternalAccountStatus.Pending)
{
throw new MalformedException("External account has wrong status"); // TODO check rfc error
}
var key = Base64Url.Decode(externalAccount.Key);
externalAccount.Status = token.Verify(key)
? Protocol.ExternalAccountStatus.Valid
: Protocol.ExternalAccountStatus.Invalid;
ExternalAccountRepository.Update(externalAccount);
Logger.Info("External account {id} status updated to {status}", externalAccount.Id, externalAccount.Status);
return(externalAccount);
}