diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2011-04-07 06:47:13 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2011-04-07 06:47:13 -0700 |
| commit | 843ec327684fe3cee40b790f352c127e90f6de90 (patch) | |
| tree | c6e3109161290929d60b365acec9821254dd11aa /samples/OAuthResourceServer/Code/Global.cs | |
| parent | 619314e1e1d55b4122062f1e6219be335f790fc7 (diff) | |
| download | DotNetOpenAuth-843ec327684fe3cee40b790f352c127e90f6de90.zip DotNetOpenAuth-843ec327684fe3cee40b790f352c127e90f6de90.tar.gz DotNetOpenAuth-843ec327684fe3cee40b790f352c127e90f6de90.tar.bz2 | |
Fixed non-thread-safe use of RsaCryptoServiceProvider instances.
Diffstat (limited to 'samples/OAuthResourceServer/Code/Global.cs')
| -rw-r--r-- | samples/OAuthResourceServer/Code/Global.cs | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/samples/OAuthResourceServer/Code/Global.cs b/samples/OAuthResourceServer/Code/Global.cs index 5080609..a70930b 100644 --- a/samples/OAuthResourceServer/Code/Global.cs +++ b/samples/OAuthResourceServer/Code/Global.cs @@ -34,7 +34,11 @@ /// <summary> /// The authorization server crypto service provider that contains a public key. /// </summary> - public static readonly RSACryptoServiceProvider AuthorizationServerSigningServiceProvider; + /// <remarks> + /// Since <see cref="RSACryptoServiceProvider"/> are not thread-safe, one must be created for each thread. + /// </remarks> + [ThreadStatic] + public static readonly RSACryptoServiceProvider AuthorizationServerSigningServiceProvider = CreateAuthorizationServerSigningServiceProvider(); /// <summary> /// An application memory cache of recent log messages. @@ -66,23 +70,36 @@ }; #else [Obsolete("You must use a real key for a real app.", true)] - internal static readonly RSAParameters ResourceServerEncryptionPrivateKey= new RSAParameters(); + internal static readonly RSAParameters ResourceServerEncryptionPrivateKey = new RSAParameters(); #endif /// <summary> /// The crypto service provider for this resource server that contains the private key used to decrypt an access token. /// </summary> - internal static readonly RSACryptoServiceProvider ResourceServerEncryptionServiceProvider; + /// <remarks> + /// Since <see cref="RSACryptoServiceProvider"/> are not thread-safe, one must be created for each thread. + /// </remarks> + [ThreadStatic] + internal static readonly RSACryptoServiceProvider ResourceServerEncryptionServiceProvider = CreateResourceServerEncryptionServiceProvider(); /// <summary> - /// Initializes the <see cref="Global"/> class. + /// Creates the crypto service provider for this resource server that contains the private key used to decrypt an access token. /// </summary> - static Global() { - AuthorizationServerSigningServiceProvider = new RSACryptoServiceProvider(); - AuthorizationServerSigningServiceProvider.ImportParameters(AuthorizationServerSigningPublicKey); + /// <returns>An RSA crypto service provider.</returns> + private static RSACryptoServiceProvider CreateResourceServerEncryptionServiceProvider() { + var resourceServerEncryptionServiceProvider = new RSACryptoServiceProvider(); + resourceServerEncryptionServiceProvider.ImportParameters(ResourceServerEncryptionPrivateKey); + return resourceServerEncryptionServiceProvider; + } - ResourceServerEncryptionServiceProvider = new RSACryptoServiceProvider(); - ResourceServerEncryptionServiceProvider.ImportParameters(ResourceServerEncryptionPrivateKey); + /// <summary> + /// Creates the crypto service provider for the authorization server that contains the public key used to verify an access token signature. + /// </summary> + /// <returns>An RSA crypto service provider.</returns> + private static RSACryptoServiceProvider CreateAuthorizationServerSigningServiceProvider() { + var authorizationServerSigningServiceProvider = new RSACryptoServiceProvider(); + authorizationServerSigningServiceProvider.ImportParameters(AuthorizationServerSigningPublicKey); + return authorizationServerSigningServiceProvider; } private void Application_Start(object sender, EventArgs e) { |