/// <summary> /// Registers (and generates if necessary) a user-specific development certificate /// used to sign the tokens issued by the OpenID Connect server. /// </summary> /// <param name="credentials">The signing credentials.</param> /// <param name="subject">The subject name associated with the certificate.</param> /// <returns>The signing credentials.</returns> public static IList <SigningCredentials> AddDevelopmentCertificate( [NotNull] this IList <SigningCredentials> credentials, [NotNull] X500DistinguishedName subject) { if (credentials == null) { throw new ArgumentNullException(nameof(credentials)); } if (subject == null) { throw new ArgumentNullException(nameof(subject)); } // Try to retrieve the development certificate from the specified store. // If a certificate was found but is not yet or no longer valid, remove it // from the store before creating and persisting a new signing certificate. var certificate = OpenIdConnectServerHelpers.GetDevelopmentCertificate(subject); if (certificate != null && (certificate.NotBefore > DateTime.Now || certificate.NotAfter < DateTime.Now)) { OpenIdConnectServerHelpers.RemoveDevelopmentCertificate(certificate); certificate = null; } #if SUPPORTS_CERTIFICATE_GENERATION // If no appropriate certificate can be found, generate // and persist a new certificate in the specified store. if (certificate == null) { certificate = OpenIdConnectServerHelpers.GenerateDevelopmentCertificate(subject); OpenIdConnectServerHelpers.PersistDevelopmentCertificate(certificate); } return(credentials.AddCertificate(certificate)); #else throw new PlatformNotSupportedException("X.509 certificate generation is not supported on this platform."); #endif }