/// <summary>
/// Uses a specific <see cref="X509Certificate2"/> retrieved from the
/// given X509 store to sign tokens issued by the OpenID Connect server.
/// </summary>
/// <param name="options">The options used to configure the OpenID Connect server.</param>
/// <param name="thumbprint">The thumbprint of the certificate used to identify it in the X509 store.</param>
/// <param name="password">The password used to open the certificate.</param>
/// <param name="name">The name of the X509 store.</param>
/// <param name="location">The location of the X509 store.</param>
/// <returns>The options used to configure the OpenID Connect server.</returns>
public static OpenIdConnectServerOptions UseCertificate([NotNull] this OpenIdConnectServerOptions options,
[NotNull] string thumbprint, [NotNull] string password, StoreName name, StoreLocation location)
{
var store = new X509Store(name, location);
try {
store.Open(OpenFlags.ReadOnly);
var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, validOnly: false);
var certificate = certificates.OfType <X509Certificate2>().SingleOrDefault();
if (certificate == null)
{
throw new InvalidOperationException("The certificate corresponding to the given thumbprint was not found.");
}
return(options.UseCertificate(certificate));
}
finally {
#if DNXCORE50
store.Dispose();
#else
store.Close();
#endif
}
}
/// <summary>
/// Uses a specific <see cref="X509Certificate2"/> contained in
/// a stream to sign tokens issued by the OpenID Connect server.
/// </summary>
/// <param name="options">The options used to configure the OpenID Connect server.</param>
/// <param name="stream">The stream containing the certificate.</param>
/// <param name="password">The password used to open the certificate.</param>
/// <returns>The options used to configure the OpenID Connect server.</returns>
public static OpenIdConnectServerOptions UseCertificate(
[NotNull] this OpenIdConnectServerOptions options,
[NotNull] Stream stream, [NotNull] string password)
{
return(options.UseCertificate(stream, password, X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.MachineKeySet));
}
/// <summary>
/// Uses a specific <see cref="X509Certificate2"/> contained in
/// a stream to sign tokens issued by the OpenID Connect server.
/// </summary>
/// <param name="options">The options used to configure the OpenID Connect server.</param>
/// <param name="stream">The stream containing the certificate.</param>
/// <param name="password">The password used to open the certificate.</param>
/// <param name="flags">An enumeration of flags indicating how and where to store the private key of the certificate.</param>
/// <returns>The options used to configure the OpenID Connect server.</returns>
public static OpenIdConnectServerOptions UseCertificate(
[NotNull] this OpenIdConnectServerOptions options,
[NotNull] Stream stream, [NotNull] string password, X509KeyStorageFlags flags)
{
using (var buffer = new MemoryStream()) {
stream.CopyTo(buffer);
return(options.UseCertificate(new X509Certificate2(buffer.ToArray(), password, flags)));
}
}
/// <summary>
/// Uses a specific <see cref="X509Certificate2"/> retrieved from an
/// embedded resource to sign tokens issued by the OpenID Connect server.
/// </summary>
/// <param name="options">The options used to configure the OpenID Connect server.</param>
/// <param name="assembly">The assembly containing the certificate.</param>
/// <param name="resource">The name of the embedded resource.</param>
/// <param name="password">The password used to open the certificate.</param>
/// <returns>The options used to configure the OpenID Connect server.</returns>
public static OpenIdConnectServerOptions UseCertificate(
[NotNull] this OpenIdConnectServerOptions options, [NotNull] Assembly assembly,
[NotNull] string resource, [NotNull] string password)
{
using (var stream = assembly.GetManifestResourceStream(resource)) {
if (stream == null)
{
throw new InvalidOperationException("The certificate was not found in the given assembly.");
}
return(options.UseCertificate(stream, password));
}
}
/// <summary>
/// Uses a specific <see cref="X509Certificate2"/> retrieved from the
/// X509 machine store to sign tokens issued by the OpenID Connect server.
/// </summary>
/// <param name="options">The options used to configure the OpenID Connect server.</param>
/// <param name="thumbprint">The thumbprint of the certificate used to identify it in the X509 store.</param>
/// <param name="password">The password used to open the certificate.</param>
/// <returns>The options used to configure the OpenID Connect server.</returns>
public static OpenIdConnectServerOptions UseCertificate(
[NotNull] this OpenIdConnectServerOptions options,
[NotNull] string thumbprint, [NotNull] string password)
{
return(options.UseCertificate(thumbprint, password, StoreName.My, StoreLocation.LocalMachine));
}
