1 files changed, 79 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderAssociationKeyStorage.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderAssociationKeyStorage.cs
new file mode 100644
index 0000000..179699a
--- /dev/null
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/ProviderAssociationKeyStorage.cs
@@ -0,0 +1,79 @@
+//-----------------------------------------------------------------------
+// <copyright file="ProviderAssociationKeyStorage.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId.Provider {
+	using System;
+	using System.Diagnostics.Contracts;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.Messaging.Bindings;
+
+	/// <summary>
+	/// An association storage mechanism that stores the association secrets in a private store,
+	/// and returns randomly generated association handles to refer to these secrets.
+	/// </summary>
+	internal class ProviderAssociationKeyStorage : IProviderAssociationStore {
+		/// <summary>
+		/// The bucket to use when recording shared associations.
+		/// </summary>
+		internal const string SharedAssociationBucket = "https://localhost/dnoa/shared_associations";
+
+		/// <summary>
+		/// The bucket to use when recording private associations.
+		/// </summary>
+		internal const string PrivateAssociationBucket = "https://localhost/dnoa/private_associations";
+
+		/// <summary>
+		/// The backing crypto key store.
+		/// </summary>
+		private readonly ICryptoKeyStore cryptoKeyStore;
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="ProviderAssociationKeyStorage"/> class.
+		/// </summary>
+		/// <param name="cryptoKeyStore">The store where association secrets will be recorded.</param>
+		internal ProviderAssociationKeyStorage(ICryptoKeyStore cryptoKeyStore) {
+			Requires.NotNull(cryptoKeyStore, "cryptoKeyStore");
+			this.cryptoKeyStore = cryptoKeyStore;
+		}
+
+		/// <summary>
+		/// Stores an association and returns a handle for it.
+		/// </summary>
+		/// <param name="secret">The association secret.</param>
+		/// <param name="expiresUtc">The UTC time that the association should expire.</param>
+		/// <param name="privateAssociation">A value indicating whether this is a private association.</param>
+		/// <returns>
+		/// The association handle that represents this association.
+		/// </returns>
+		public string Serialize(byte[] secret, DateTime expiresUtc, bool privateAssociation) {
+			string handle;
+			this.cryptoKeyStore.StoreKey(
+				privateAssociation ? PrivateAssociationBucket : SharedAssociationBucket,
+				handle = OpenIdUtilities.GenerateRandomAssociationHandle(),
+				new CryptoKey(secret, expiresUtc));
+			return handle;
+		}
+
+		/// <summary>
+		/// Retrieves an association given an association handle.
+		/// </summary>
+		/// <param name="containingMessage">The OpenID message that referenced this association handle.</param>
+		/// <param name="isPrivateAssociation">A value indicating whether a private association is expected.</param>
+		/// <param name="handle">The association handle.</param>
+		/// <returns>
+		/// An association instance, or <c>null</c> if the association has expired or the signature is incorrect (which may be because the OP's symmetric key has changed).
+		/// </returns>
+		/// <exception cref="ProtocolException">Thrown if the association is not of the expected type.</exception>
+		public Association Deserialize(IProtocolMessage containingMessage, bool isPrivateAssociation, string handle) {
+			var key = this.cryptoKeyStore.GetKey(isPrivateAssociation ? PrivateAssociationBucket : SharedAssociationBucket, handle);
+			if (key != null) {
+				return Association.Deserialize(handle, key.ExpiresUtc, key.Key);
+			}
+
+			return null;
+		}
+	}
+}