/// <summary>
/// Load the certificate from the description if needed.
/// </summary>
/// <param name="certificateDescription">Description of the certificate.</param>
public void LoadIfNeeded(CertificateDescription certificateDescription)
{
if (certificateDescription.Certificate == null)
{
switch (certificateDescription.SourceType)
{
case CertificateSource.KeyVault:
certificateDescription.Certificate = LoadFromKeyVault(certificateDescription.Container !, certificateDescription.ReferenceOrValue !);
break;
case CertificateSource.Base64Encoded:
certificateDescription.Certificate = LoadFromBase64Encoded(certificateDescription.ReferenceOrValue !);
break;
case CertificateSource.Path:
certificateDescription.Certificate = LoadFromPath(certificateDescription.Container !, certificateDescription.ReferenceOrValue !);
break;
case CertificateSource.StoreWithThumbprint:
certificateDescription.Certificate = LoadFromStoreWithThumbprint(certificateDescription.ReferenceOrValue !, certificateDescription.Container !);
break;
case CertificateSource.StoreWithDistinguishedName:
certificateDescription.Certificate = LoadFromStoreWithDistinguishedName(certificateDescription.ReferenceOrValue !, certificateDescription.Container !);
break;
default:
break;
}
}
}
internal static void HandleLegacyTokenDecryptionCertificateParameter(MicrosoftIdentityOptions options, Action <MicrosoftIdentityOptions> configureMicrosoftIdentityOptions, X509Certificate2?tokenDecryptionCertificate)
{
// Case where a legacy tokenDecryptionCertificate was passed. We then replace
// the delegate called by the developer by a delegate which calls the delegate
// of the developer and insert the certificate in the TokenDecryptionCertificates
if (tokenDecryptionCertificate != null)
{
// Call the method that the developer provided to setup the options
configureMicrosoftIdentityOptions(options);
// Prepare a list and add the tokenDecryptionCertificate
List <CertificateDescription> newCertificateDescriptions = new List <CertificateDescription>
{
CertificateDescription.FromCertificate(tokenDecryptionCertificate),
};
// Add as well the token validation certificate descriptions in the options if there are any
if (options.TokenDecryptionCertificates != null)
{
newCertificateDescriptions.AddRange(options.TokenDecryptionCertificates);
}
}
else
{
// just call the method that the developer provided to setup the options
configureMicrosoftIdentityOptions(options);
}
}
internal /*for test only*/ static X509Certificate2?LoadFirstCertificate(IEnumerable <CertificateDescription> certificateDescription)
{
DefaultCertificateLoader defaultCertificateLoader = new DefaultCertificateLoader();
CertificateDescription certDescription = certificateDescription.First();
defaultCertificateLoader.LoadIfNeeded(certDescription);
return(certDescription.Certificate);
}
