diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2013-03-01 21:22:52 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2013-03-01 21:22:52 -0800 |
| commit | bb7549901264bf51276bdd33cab293b83a7fcceb (patch) | |
| tree | ecd95f4d7abea7dd1d8fbd7be0b565266ee5ce19 /src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs | |
| parent | 9b403a0a59e0385e5a2a7e95e3053de7f0e90a34 (diff) | |
| download | DotNetOpenAuth-bb7549901264bf51276bdd33cab293b83a7fcceb.zip DotNetOpenAuth-bb7549901264bf51276bdd33cab293b83a7fcceb.tar.gz DotNetOpenAuth-bb7549901264bf51276bdd33cab293b83a7fcceb.tar.bz2 | |
Adds support for symmetric key signing and encryption of access tokens.
This targets the common scenario where authorization servers and resource servers are actually on the same web application, and asymmetric cryptography is overkill and requires extra setup.
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs')
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs index 32f10ba..3bd0324 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs @@ -10,6 +10,7 @@ namespace DotNetOpenAuth.OAuth2 { using System.IO; using System.Security.Cryptography; using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.Messaging.Bindings; using DotNetOpenAuth.OAuth2.ChannelElements; using Validation; @@ -30,6 +31,14 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> + /// Initializes a new instance of the <see cref="StandardAccessTokenAnalyzer"/> class. + /// </summary> + public StandardAccessTokenAnalyzer(ICryptoKeyStore symmetricKeyStore) { + Requires.NotNull(symmetricKeyStore, "symmetricKeyStore"); + this.SymmetricKeyStore = symmetricKeyStore; + } + + /// <summary> /// Gets the authorization server public signing key. /// </summary> /// <value>The authorization server public signing key.</value> @@ -41,6 +50,8 @@ namespace DotNetOpenAuth.OAuth2 { /// <value>The resource server private encryption key.</value> public RSACryptoServiceProvider ResourceServerPrivateEncryptionKey { get; private set; } + public ICryptoKeyStore SymmetricKeyStore { get; private set; } + /// <summary> /// Reads an access token to find out what data it authorizes access to. /// </summary> @@ -50,7 +61,9 @@ namespace DotNetOpenAuth.OAuth2 { /// <exception cref="ProtocolException">Thrown if the access token is expired, invalid, or from an untrusted authorization server.</exception> public virtual AccessToken DeserializeAccessToken(IDirectedProtocolMessage message, string accessToken) { ErrorUtilities.VerifyProtocol(!string.IsNullOrEmpty(accessToken), ResourceServerStrings.MissingAccessToken); - var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey); + var accessTokenFormatter = this.AuthorizationServerPublicSigningKey != null + ? AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey) + : AccessToken.CreateFormatter(this.SymmetricKeyStore); var token = new AccessToken(); try { accessTokenFormatter.Deserialize(token, accessToken, message, Protocol.access_token); |