/// <summary>Configure the signature behavior for a specific <paramref name="issuer"/>.</summary> public TokenValidationPolicyBuilder RequireSignatureByDefault(string issuer, IKeyProvider keyProvider, SignatureAlgorithm defaultAlgorithm) { if (issuer is null) { throw new ArgumentNullException(nameof(issuer)); } if (keyProvider is null) { throw new ArgumentNullException(nameof(keyProvider)); } if (defaultAlgorithm is null) { throw new ArgumentNullException(nameof(defaultAlgorithm)); } if (defaultAlgorithm == SignatureAlgorithm.None) { throw new ArgumentException($"The algorithm 'none' is not valid with the method {nameof(RequireSignature)}. Use the method {nameof(AcceptUnsecureToken)} instead.", nameof(defaultAlgorithm)); } _hasSignatureValidation = true; var policy = SignatureValidationPolicy.Create(keyProvider, defaultAlgorithm); _signaturePolicies[issuer] = policy; return(this); }
/// <summary>Builds the <see cref="TokenValidationPolicy"/>.</summary> public TokenValidationPolicy Build() { Validate(); SignatureValidationPolicy signaturePolicy; if (_signaturePolicies.Count == 0) { signaturePolicy = _defaultSignaturePolicy; } else if (_signaturePolicies.Count == 1) { var first = _signaturePolicies.First(); signaturePolicy = SignatureValidationPolicy.Create(first.Key, first.Value); } else { signaturePolicy = SignatureValidationPolicy.Create(_signaturePolicies, _defaultSignaturePolicy); } var policy = new TokenValidationPolicy( validators: _validators.ToArray(), criticalHandlers: _criticalHeaderHandlers, maximumTokenSizeInBytes: _maximumTokenSizeInBytes, ignoreCriticalHeader: _ignoreCriticalHeader, ignoreNestedToken: _ignoreNestedToken, headerCacheDisabled: _headerCacheDisabled, signaturePolicy: signaturePolicy, encryptionKeyProviders: _decryptionKeysProviders, issuers: _issuers.ToArray(), audiences: _audiences.ToArray(), clockSkew: _clockSkew, control: _control); return(policy); }
/// <summary> /// Defines the default signature validation when there is no issuer configuration. /// Use the method <see cref="RequireSignatureByDefault(string, IKeyProvider, SignatureAlgorithm?)"/> for linking the issuer with the signature. /// </summary> public TokenValidationPolicyBuilder RequireSignatureByDefault(IKeyProvider keyProvider, SignatureAlgorithm?algorithm) { _hasSignatureValidation = true; _defaultSignaturePolicy = SignatureValidationPolicy.Create(keyProvider, algorithm); return(this); }