public async Task Invalidate()
{
await _syncLock.WaitAsync().ConfigureAwait(false);
_value = default(ExpirationMetadata <T>);
_syncLock.Release();
}
private async Task <ExpirationMetadata <KeyVaultCertificate[]> > Factory(ExpirationMetadata <KeyVaultCertificate[]> arg)
{
using (var scope = serviceScopeFactory.CreateScope())
{
var old = (arg.Result ?? Array.Empty <KeyVaultCertificate>()).ToLookup(k => k.Identifier);
var options = scope.ServiceProvider.GetService <IOptions <SigingKeyStoreOptions> >();
var configuration = scope.ServiceProvider.GetRequiredService <IConfiguration>();
var tokenProvider = scope.ServiceProvider.GetRequiredService <ManagedIdentityTokenProvider>();
var client = new KeyVaultClient((string authority, string resource, string _) =>
tokenProvider.GetTokenForResourceAsync(authority, resource), scope.ServiceProvider.GetRequiredService <System.Net.Http.IHttpClientFactory>().CreateClient());
var certsVersions = await client.GetSecretVersionsAsync(options.Value.KeyVaultUri, options.Value.SecretName);
var certsIds = certsVersions.Where(k => !old.Contains(k.Identifier.Identifier) && (k.Attributes?.Enabled ?? false)).ToArray();
var secrets = await Task.WhenAll(certsIds.Select(k => client.GetSecretAsync(k.Identifier.Identifier)));
return(new ExpirationMetadata <KeyVaultCertificate[]>
{
ValidUntil = DateTimeOffset.UtcNow.AddHours(1),
Result = secrets.Select((e, i) =>
new KeyVaultCertificate
{
Cert = new X509Certificate2(Convert.FromBase64String(e.Value), string.Empty, X509KeyStorageFlags.MachineKeySet),
Identifier = certsIds[i].Identifier.Identifier
}).Concat(arg.Result ?? Array.Empty <KeyVaultCertificate>()).ToArray()
});
}
}
public async Task <T> Value()
{
await _syncLock.WaitAsync().ConfigureAwait(false);
try
{
if (IsValueCreatedInternal)
{
return(_value.Result);
}
var result = await _valueProvider(_value).ConfigureAwait(false);
_value = result;
return(_value.Result);
}
finally
{
_syncLock.Release();
}
}
