/// <summary>
/// Generate a token
/// </summary>
/// <param name="entitlements">Details of the entitlements to encode into the token.</param>
/// <param name="signingCert">Certificate to use when signing the token (optional).</param>
/// <param name="encryptionCert">Certificate to use when encrypting the token (optional).</param>
/// <returns>Generated token, if any; otherwise all related errors.</returns>
private static string GenerateToken(
NodeEntitlements entitlements,
X509Certificate2 signingCert = null,
X509Certificate2 encryptionCert = null)
{
SigningCredentials signingCredentials = null;
if (signingCert != null)
{
var signingKey = new X509SecurityKey(signingCert);
signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha512Signature);
}
EncryptingCredentials encryptingCredentials = null;
if (encryptionCert != null)
{
var encryptionKey = new X509SecurityKey(encryptionCert);
encryptingCredentials = new EncryptingCredentials(
encryptionKey, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes256CbcHmacSha512);
}
var entitlementWithIdentifier = entitlements.WithIdentifier($"entitlement-{Guid.NewGuid():D}");
var generator = new TokenGenerator(_logger, signingCredentials, encryptingCredentials);
return(generator.Generate(entitlementWithIdentifier));
}
