/// <summary>
/// Registers (and generates if necessary) a user-specific development certificate
/// used to sign the tokens issued by the OpenID Connect server.
/// </summary>
/// <param name="credentials">The signing credentials.</param>
/// <param name="subject">The subject name associated with the certificate.</param>
/// <returns>The signing credentials.</returns>
public static IList <SigningCredentials> AddDevelopmentCertificate(
[NotNull] this IList <SigningCredentials> credentials, [NotNull] X500DistinguishedName subject)
{
if (credentials == null)
{
throw new ArgumentNullException(nameof(credentials));
}
if (subject == null)
{
throw new ArgumentNullException(nameof(subject));
}
// Try to retrieve the development certificate from the specified store.
// If a certificate was found but is not yet or no longer valid, remove it
// from the store before creating and persisting a new signing certificate.
var certificate = OpenIdConnectServerHelpers.GetDevelopmentCertificate(subject);
if (certificate != null && (certificate.NotBefore > DateTime.Now || certificate.NotAfter < DateTime.Now))
{
OpenIdConnectServerHelpers.RemoveDevelopmentCertificate(certificate);
certificate = null;
}
#if SUPPORTS_CERTIFICATE_GENERATION
// If no appropriate certificate can be found, generate
// and persist a new certificate in the specified store.
if (certificate == null)
{
certificate = OpenIdConnectServerHelpers.GenerateDevelopmentCertificate(subject);
OpenIdConnectServerHelpers.PersistDevelopmentCertificate(certificate);
}
return(credentials.AddCertificate(certificate));
#else
throw new PlatformNotSupportedException("X.509 certificate generation is not supported on this platform.");
#endif
}
