Moved access token signing key to the parameters object.

This also presumably solves the threading concerns of sharing one instance.

Fixes #34

4 files changed, 23 insertions, 35 deletions

diff --git a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
index 2287762..61f9e9d 100644
--- a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
+++ b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
@@ -11,8 +11,6 @@
 	using DotNetOpenAuth.OAuth2.Messages;
 
 	internal class OAuth2AuthorizationServer : IAuthorizationServer {
-		private static readonly RSACryptoServiceProvider AsymmetricTokenSigningPrivateKey = CreateRSA();
-
 #if SAMPLESONLY
 		/// <summary>
 		/// This is the FOR SAMPLE ONLY hard-coded public key of the complementary OAuthResourceServer sample.
@@ -41,10 +39,6 @@
 			get { return MvcApplication.KeyNonceStore; }
 		}
 
-		public RSACryptoServiceProvider AccessTokenSigningKey {
-			get { return AsymmetricTokenSigningPrivateKey; }
-		}
-
 		public AccessTokenParameters GetAccessTokenParameters(IAccessTokenRequest accessTokenRequestMessage) {
 			var parameters = new AccessTokenParameters();
 
@@ -64,6 +58,8 @@
 			parameters.ResourceServerEncryptionKey = new RSACryptoServiceProvider();
 			parameters.ResourceServerEncryptionKey.ImportParameters(ResourceServerEncryptionPublicKey);
 
+			parameters.AccessTokenSigningKey = CreateRSA();
+
 			return parameters;
 		}
 
@@ -117,7 +113,7 @@
 		/// Creates the RSA key used by all the crypto service provider instances we create.
 		/// </summary>
 		/// <returns>RSA data that includes the private key.</returns>
-		private static RSAParameters CreateRSAKey() {
+		private static RSAParameters CreateAuthorizationServerSigningKey() {
 #if SAMPLESONLY
 			// Since the sample authorization server and the sample resource server must work together,
 			// we hard-code a FOR SAMPLE USE ONLY key pair.  The matching public key information is hard-coded into the OAuthResourceServer sample.
@@ -152,7 +148,7 @@
 
 		private static RSACryptoServiceProvider CreateRSA() {
 			var rsa = new RSACryptoServiceProvider();
-			rsa.ImportParameters(CreateRSAKey());
+			rsa.ImportParameters(CreateAuthorizationServerSigningKey());
 			return rsa;
 		}
 
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs
index b14f366..41bc609 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs
@@ -71,7 +71,9 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 			var accessTokenResponse = message as IAccessTokenIssuingResponse;
 			if (accessTokenResponse != null && accessTokenResponse.AuthorizationDescription != null) {
 				ErrorUtilities.VerifyInternal(request != null, "We should always have a direct request message for this case.");
-				var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServer.AccessTokenSigningKey, request.AccessTokenCreationParameters.ResourceServerEncryptionKey);
+				var accessTokenFormatter = AccessToken.CreateFormatter(
+					request.AccessTokenCreationParameters.AccessTokenSigningKey,
+					request.AccessTokenCreationParameters.ResourceServerEncryptionKey);
 				accessTokenResponse.AccessToken = accessTokenFormatter.Serialize(accessTokenResponse.AuthorizationDescription);
 			}
 
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/AccessTokenParameters.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/AccessTokenParameters.cs
index a214f20..21702d7 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/AccessTokenParameters.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/AccessTokenParameters.cs
@@ -37,6 +37,17 @@ namespace DotNetOpenAuth.OAuth2 {
 		public TimeSpan AccessTokenLifetime { get; set; }
 
 		/// <summary>
+		/// Gets the crypto service provider with the asymmetric private key to use for signing access tokens.
+		/// </summary>
+		/// <returns>A crypto service provider instance that contains the private key.</returns>
+		/// <value>Must not be null, and must contain the private key.</value>
+		/// <remarks>
+		/// The public key in the private/public key pair will be used by the resource
+		/// servers to validate that the access token is minted by a trusted authorization server.
+		/// </remarks>
+		public RSACryptoServiceProvider AccessTokenSigningKey { get; set; }
+
+		/// <summary>
 		/// Gets or sets the key to encrypt the access token.
 		/// </summary>
 		public RSACryptoServiceProvider ResourceServerEncryptionKey { get; set; }
@@ -72,6 +83,11 @@ namespace DotNetOpenAuth.OAuth2 {
 					IDisposable value = this.ResourceServerEncryptionKey;
 					value.Dispose();
 				}
+
+				if (this.AccessTokenSigningKey != null) {
+					IDisposable value = this.AccessTokenSigningKey;
+					value.Dispose();
+				}
 			}
 		}
 
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServer.cs
index 03ef781..292cba6 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServer.cs
@@ -38,17 +38,6 @@ namespace DotNetOpenAuth.OAuth2 {
 		INonceStore VerificationCodeNonceStore { get; }
 
 		/// <summary>
-		/// Gets the crypto service provider with the asymmetric private key to use for signing access tokens.
-		/// </summary>
-		/// <returns>A crypto service provider instance that contains the private key.</returns>
-		/// <value>Must not be null, and must contain the private key.</value>
-		/// <remarks>
-		/// The public key in the private/public key pair will be used by the resource
-		/// servers to validate that the access token is minted by a trusted authorization server.
-		/// </remarks>
-		RSACryptoServiceProvider AccessTokenSigningKey { get; }
-
-		/// <summary>
 		/// Obtains parameters to go into the formulation of an access token.
 		/// </summary>
 		/// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client
@@ -135,21 +124,6 @@ namespace DotNetOpenAuth.OAuth2 {
 		}
 
 		/// <summary>
-		/// Gets the crypto service provider with the asymmetric private key to use for signing access tokens.
-		/// </summary>
-		/// <value>
-		/// Must not be null, and must contain the private key.
-		/// </value>
-		/// <returns>A crypto service provider instance that contains the private key.</returns>
-		RSACryptoServiceProvider IAuthorizationServer.AccessTokenSigningKey {
-			get {
-				Contract.Ensures(Contract.Result<RSACryptoServiceProvider>() != null);
-				Contract.Ensures(!Contract.Result<RSACryptoServiceProvider>().PublicOnly);
-				throw new NotImplementedException();
-			}
-		}
-
-		/// <summary>
 		/// Gets the client with a given identifier.
 		/// </summary>
 		/// <param name="clientIdentifier">The client identifier.</param>