69 lines
3.0 KiB
C#
69 lines
3.0 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Configuration;
|
|
using System.Linq;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using System.Text;
|
|
using Taloyhtio.GeneralSSO.Server.CodeFiles.Common;
|
|
|
|
namespace Taloyhtio.GeneralSSO.Server.CodeFiles.Infrastructure.OAuth
|
|
{
|
|
// Create access token:
|
|
// 1. Authorization server: signs token with auth server's private key (cert contains both private and public key)
|
|
// 2. Authorization server: encrypts token with resource server's public key only (cert contains public key only)
|
|
// 3. Resource server: decrypts token with resource server's private key (cert contains both private and public key)
|
|
// 4. Resource server: validates token with auth server's public key (cert contains public key only)
|
|
// In all-in-one server environments auth and res certificates contain both private and public keys
|
|
public static class Cert
|
|
{
|
|
private static X509Certificate2 authServerSigningCertificate;
|
|
private static X509Certificate2 resourceServerEncryptionCertificate;
|
|
|
|
static Cert()
|
|
{
|
|
authServerSigningCertificate = getSigningCert();
|
|
if (authServerSigningCertificate == null)
|
|
{
|
|
throw new Exception("Authorization server signing certificate is null");
|
|
}
|
|
resourceServerEncryptionCertificate = getEncryptionCert();
|
|
if (resourceServerEncryptionCertificate == null)
|
|
{
|
|
throw new Exception("Resource server encryption certificate is null");
|
|
}
|
|
}
|
|
|
|
public static X509Certificate2 AuthServerSigningCertificate
|
|
{
|
|
get
|
|
{
|
|
return authServerSigningCertificate;
|
|
}
|
|
}
|
|
|
|
public static X509Certificate2 ResourceServerEncyptionCertificate
|
|
{
|
|
get
|
|
{
|
|
return resourceServerEncryptionCertificate;
|
|
}
|
|
}
|
|
|
|
private static X509Certificate2 getSigningCert()
|
|
{
|
|
var subjName = ConfigurationManager.AppSettings["AuthServerSigningCert_SubjectName"];
|
|
var storeName = (StoreName)Enum.Parse(typeof(StoreName), ConfigurationManager.AppSettings["AuthServerSigningCert_StoreName"]);
|
|
var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), ConfigurationManager.AppSettings["AuthServerSigningCert_StoreLocation"]);
|
|
return Utils.GetCert(subjName, storeName, storeLocation);
|
|
}
|
|
|
|
private static X509Certificate2 getEncryptionCert()
|
|
{
|
|
var subjName = ConfigurationManager.AppSettings["ResourceServerEncryptionCert_SubjectName"];
|
|
var storeName = (StoreName)Enum.Parse(typeof(StoreName), ConfigurationManager.AppSettings["ResourceServerEncryptionCert_StoreName"]);
|
|
var storeLocation = (StoreLocation)Enum.Parse(typeof(StoreLocation), ConfigurationManager.AppSettings["ResourceServerEncryptionCert_StoreLocation"]);
|
|
return Utils.GetCert(subjName, storeName, storeLocation);
|
|
}
|
|
}
|
|
}
|