private static JsonMetadataDocument GetMetadataDocument(string realm)
{
string acsMetadataEndpointUrlWithRealm = String.Format(CultureInfo.InvariantCulture, "{0}?realm={1}",
GetAcsMetadataEndpointUrl(),
realm);
byte[] acsMetadata;
using (WebClient webClient = new WebClient())
{
acsMetadata = webClient.DownloadData(acsMetadataEndpointUrlWithRealm);
}
string jsonResponseString = Encoding.UTF8.GetString(acsMetadata);
JavaScriptSerializer serializer = new JavaScriptSerializer();
JsonMetadataDocument document = serializer.Deserialize <JsonMetadataDocument>(jsonResponseString);
if (null == document)
{
throw new Exception("No metadata document found at the global endpoint " + acsMetadataEndpointUrlWithRealm);
}
return(document);
}
private JsonMetadataDocument BuildJsonMetadataDocument()
{
string text = null;
string serviceName = OAuthConfigHelper.GetServiceName();
if (!VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled)
{
text = OAuthConfigHelper.GetOrganizationRealm(OrganizationId.ForestWideOrgId);
}
else
{
text = "*";
}
X509Certificate2 currentSigningKey = OAuthConfigHelper.GetCurrentSigningKey();
X509Certificate2 x509Certificate = null;
try
{
x509Certificate = OAuthConfigHelper.GetPreviousSigningKey();
}
catch (InvalidAuthConfigurationException arg)
{
this.Tracer.TraceDebug <InvalidAuthConfigurationException>((long)this.GetHashCode(), "[AuthMetadataBuilder.BuildJsonMetadataDocument] failed to get previous signing key with exception: {0}", arg);
}
JsonMetadataDocument jsonMetadataDocument = new JsonMetadataDocument();
jsonMetadataDocument.id = string.Format("_{0}", Guid.NewGuid().ToString("d"));
jsonMetadataDocument.version = AuthMetadataBuilder.Version;
jsonMetadataDocument.name = AuthMetadataBuilder.ServiceShortName;
jsonMetadataDocument.realm = text;
jsonMetadataDocument.serviceName = serviceName;
jsonMetadataDocument.issuer = string.Format("{0}@{1}", serviceName, text);
jsonMetadataDocument.allowedAudiences = new string[]
{
jsonMetadataDocument.issuer
};
List <JsonKey> list = new List <JsonKey>();
foreach (X509Certificate2 x509Certificate2 in new X509Certificate2[]
{
currentSigningKey,
x509Certificate
})
{
if (x509Certificate2 != null && x509Certificate2.NotAfter > DateTime.UtcNow)
{
JsonKey item = new JsonKey
{
usage = AuthMetadataConstants.KeyUsage,
keyinfo = new JsonKeyInfo
{
x5t = OAuthCommon.Base64UrlEncoder.EncodeBytes(x509Certificate2.GetCertHash())
},
keyvalue = new JsonKeyValue
{
type = AuthMetadataConstants.SigningKeyType,
value = Convert.ToBase64String(x509Certificate2.GetRawCertData())
}
};
list.Add(item);
}
}
jsonMetadataDocument.keys = list.ToArray();
jsonMetadataDocument.endpoints = new JsonEndpoint[]
{
new JsonEndpoint
{
location = null,
protocol = AuthMetadataConstants.Protocol,
usage = AuthMetadataConstants.MetadataEndpointUsage
}
};
return(jsonMetadataDocument);
}
