summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServerAccessToken.cs16
-rw-r--r--src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs15
-rw-r--r--src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs9
3 files changed, 37 insertions, 3 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServerAccessToken.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServerAccessToken.cs
index 7c9f808..cbf4b09 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServerAccessToken.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServerAccessToken.cs
@@ -11,6 +11,7 @@ namespace DotNetOpenAuth.OAuth2 {
using System.Security.Cryptography;
using System.Text;
using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.Messaging.Bindings;
using DotNetOpenAuth.OAuth2.ChannelElements;
/// <summary>
@@ -40,12 +41,23 @@ namespace DotNetOpenAuth.OAuth2 {
public RSACryptoServiceProvider ResourceServerEncryptionKey { get; set; }
/// <summary>
+ /// Gets or sets the symmetric key store to use if the asymmetric key properties are not set.
+ /// </summary>
+ public ICryptoKeyStore SymmetricKeyStore { get; set; }
+
+ /// <summary>
/// Serializes this instance to a simple string for transmission to the client.
/// </summary>
/// <returns>A non-empty string.</returns>
protected internal override string Serialize() {
- ErrorUtilities.VerifyHost(this.AccessTokenSigningKey != null, AuthServerStrings.AccessTokenSigningKeyMissing);
- var formatter = CreateFormatter(this.AccessTokenSigningKey, this.ResourceServerEncryptionKey);
+ ErrorUtilities.VerifyHost(this.AccessTokenSigningKey != null || this.SymmetricKeyStore != null, AuthServerStrings.AccessTokenSigningKeyMissing);
+ IDataBagFormatter<AccessToken> formatter;
+ if (this.AccessTokenSigningKey != null) {
+ formatter = CreateFormatter(this.AccessTokenSigningKey, this.ResourceServerEncryptionKey);
+ } else {
+ formatter = CreateFormatter(this.SymmetricKeyStore);
+ }
+
return formatter.Serialize(this);
}
}
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
index 32f10ba..3bd0324 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
@@ -10,6 +10,7 @@ namespace DotNetOpenAuth.OAuth2 {
using System.IO;
using System.Security.Cryptography;
using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.Messaging.Bindings;
using DotNetOpenAuth.OAuth2.ChannelElements;
using Validation;
@@ -30,6 +31,14 @@ namespace DotNetOpenAuth.OAuth2 {
}
/// <summary>
+ /// Initializes a new instance of the <see cref="StandardAccessTokenAnalyzer"/> class.
+ /// </summary>
+ public StandardAccessTokenAnalyzer(ICryptoKeyStore symmetricKeyStore) {
+ Requires.NotNull(symmetricKeyStore, "symmetricKeyStore");
+ this.SymmetricKeyStore = symmetricKeyStore;
+ }
+
+ /// <summary>
/// Gets the authorization server public signing key.
/// </summary>
/// <value>The authorization server public signing key.</value>
@@ -41,6 +50,8 @@ namespace DotNetOpenAuth.OAuth2 {
/// <value>The resource server private encryption key.</value>
public RSACryptoServiceProvider ResourceServerPrivateEncryptionKey { get; private set; }
+ public ICryptoKeyStore SymmetricKeyStore { get; private set; }
+
/// <summary>
/// Reads an access token to find out what data it authorizes access to.
/// </summary>
@@ -50,7 +61,9 @@ namespace DotNetOpenAuth.OAuth2 {
/// <exception cref="ProtocolException">Thrown if the access token is expired, invalid, or from an untrusted authorization server.</exception>
public virtual AccessToken DeserializeAccessToken(IDirectedProtocolMessage message, string accessToken) {
ErrorUtilities.VerifyProtocol(!string.IsNullOrEmpty(accessToken), ResourceServerStrings.MissingAccessToken);
- var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey);
+ var accessTokenFormatter = this.AuthorizationServerPublicSigningKey != null
+ ? AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey)
+ : AccessToken.CreateFormatter(this.SymmetricKeyStore);
var token = new AccessToken();
try {
accessTokenFormatter.Deserialize(token, accessToken, message, Protocol.access_token);
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
index fa87972..a8c911e 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/AccessToken.cs
@@ -57,6 +57,15 @@ namespace DotNetOpenAuth.OAuth2 {
}
/// <summary>
+ /// Creates a formatter capable of serializing/deserializing an access token.
+ /// </summary>
+ /// <returns>An access token serializer.</returns>
+ internal static IDataBagFormatter<AccessToken> CreateFormatter(ICryptoKeyStore symmetricKeyStore) {
+ Requires.NotNull(symmetricKeyStore, "symmetricKeyStore");
+ return new UriStyleMessageFormatter<AccessToken>(symmetricKeyStore, bucket: "AccessTokens", signed: true, encrypted: true);
+ }
+
+ /// <summary>
/// Initializes this instance of the <see cref="AccessToken"/> class.
/// </summary>
/// <param name="authorization">The authorization to apply to this access token.</param>
generated by cgit v1.1 at 2025-05-16 03:06:47 +0000