diff options
| -rw-r--r-- | samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs | 2 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/RelyingParty/PrivateSecretManager.cs | 12 |
2 files changed, 2 insertions, 12 deletions
diff --git a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs index 7e4dba6..ef0d7cd 100644 --- a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs +++ b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs @@ -25,7 +25,7 @@ // TODO: Replace this sample code with real code. // For this sample, we just generate random secrets. RandomNumberGenerator crypto = new RNGCryptoServiceProvider(); - var secret = new byte[16]; + var secret = new byte[32]; // 256-bit symmetric key to protect all protected resources. crypto.GetBytes(secret); return secret; } diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/PrivateSecretManager.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/PrivateSecretManager.cs index 6472fa4..348c8fb 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/PrivateSecretManager.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/PrivateSecretManager.cs @@ -84,16 +84,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } /// <summary> - /// Creates the new association handle. - /// </summary> - /// <returns>The ASCII-encoded handle name.</returns> - private static string CreateNewAssociationHandle() { - string uniq = MessagingUtilities.GetCryptoRandomDataAsBase64(4); - string handle = "{" + DateTime.UtcNow.Ticks + "}{" + uniq + "}"; - return handle; - } - - /// <summary> /// Gets an association to use for signing new data. /// </summary> /// <returns> @@ -105,7 +95,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { if (privateAssociation == null || !privateAssociation.HasUsefulLifeRemaining) { int secretLength = HmacShaAssociation.GetSecretLength(Protocol.Default, Protocol.Default.Args.SignatureAlgorithm.Best); byte[] secret = MessagingUtilities.GetCryptoRandomData(secretLength); - privateAssociation = HmacShaAssociation.Create(CreateNewAssociationHandle(), secret, this.securitySettings.PrivateSecretMaximumAge); + privateAssociation = HmacShaAssociation.Create(OpenIdUtilities.GenerateRandomAssociationHandle(), secret, this.securitySettings.PrivateSecretMaximumAge); if (!privateAssociation.HasUsefulLifeRemaining) { Logger.OpenId.WarnFormat( "Brand new private association has a shorter lifespan ({0}) than the maximum allowed authentication time for a user ({1}). This may lead to login failures.", |