/// <summary>
/// Creates Service Key which will be used for decryption tokens sent from Identity Providers to ACS
/// </summary>
public static ServiceKey CreateIdentityProviderDecryptionKey(this ManagementService svc, string displayName, byte[] keyValue, string password, bool isPrimary)
{
X509Certificate2 cert = new X509Certificate2(keyValue, password);
ServiceKey key = new ServiceKey
{
DisplayName = displayName,
EndDate = cert.NotAfter.ToUniversalTime(),
IsPrimary = isPrimary,
Password = Encoding.UTF8.GetBytes(password),
StartDate = cert.NotBefore.ToUniversalTime(),
Type = ServiceKeyType.X509Certificate.ToString(),
Usage = ServiceKeyUsage.Encrypting.ToString(),
Value = keyValue
};
svc.AddToServiceKeys(key);
return(key);
}
/// <summary>
/// Add a service key.
/// </summary>
private static void AddServiceKey(string displayName, byte[] keyValue, string protectionPassword, ServiceKeyType keyType, ServiceKeyUsage keyUsage)
{
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
UTF8Encoding enc = new UTF8Encoding();
ServiceKey serviceKey = new ServiceKey()
{
DisplayName = displayName,
Type = keyType.ToString(),
Usage = keyUsage.ToString(),
Value = keyValue,
Password = string.IsNullOrEmpty(protectionPassword) ? null : enc.GetBytes(protectionPassword),
StartDate = defaultStartTime,
EndDate = defaultEndTime
};
svc.AddToServiceKeys(serviceKey);
svc.SaveChangesBatch();
}
