/// <summary>
/// Creates an IAccessTokenProvider with the supplied test credentials.
/// </summary>
/// <param name="httpClient">The httpClient that makes the request to the auth server</param>
/// <param name="tokenProvisioningEndpoint">The auth server</param>
/// <param name="keyId">The id of the security token</param>
/// <param name="rsaParameters">The public and private key for the supplied key id</param>
/// <returns>An IAccessTokenProvider with the supplied test credentials</returns>
public static IAccessTokenProvider Create( HttpClient httpClient, String tokenProvisioningEndpoint, Guid keyId, RSAParameters rsaParameters ) {
#pragma warning disable 618
IPrivateKeyProvider privateKeyProvider = new StaticPrivateKeyProvider( keyId, rsaParameters );
#pragma warning restore 618
ITokenSigner tokenSigner = new TokenSigner( privateKeyProvider );
IAuthServiceClient authServiceClient = new AuthServiceClient( httpClient, new Uri( tokenProvisioningEndpoint ) );
INonCachingAccessTokenProvider noCacheTokenProvider = new AccessTokenProvider( tokenSigner, authServiceClient );
return new CachedAccessTokenProvider( noCacheTokenProvider, Timeout.InfiniteTimeSpan );
}
/// <summary>
/// Creates an <see cref="ITokenSigner"/> instance which saves public keys to the provided <see cref="IPublicKeyDataProvider"/>
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <param name="keyLifetime">The max time a private key and its tokens may be used for</param>
/// <param name="keyRotationPeriod">How often to switch to signing with a new private key. The difference between this and <paramref name="keyLifetime"/> is the maximum token lifetime.</param>
/// <returns>A new <see cref="ITokenSigner"/></returns>
public static ITokenSigner Create(
IPublicKeyDataProvider publicKeyDataProvider,
TimeSpan keyLifetime,
TimeSpan keyRotationPeriod
) {
IPrivateKeyProvider privateKeyProvider = RsaPrivateKeyProvider
.Factory
.Create(
publicKeyDataProvider,
keyLifetime,
keyRotationPeriod
);
var tokenSigner = new TokenSigner( privateKeyProvider );
return tokenSigner;
}
/// <summary>
/// Creates an <see cref="ITokenSigner"/> instance which saves public keys to the provided <see cref="IPublicKeyDataProvider"/>
/// </summary>
/// <param name="publicKeyDataProvider">The <see cref="IPublicKeyDataProvider"/> for the local service</param>
/// <param name="curve">The curve to use</param>
/// <param name="keyLifetime">The max time a private key and its tokens may be used for</param>
/// <param name="keyRotationPeriod">How often to switch to signing with a new private key. The difference between this and <paramref name="keyLifetime"/> is the maximum token lifetime.</param>
/// <returns>A new <see cref="ITokenSigner"/></returns>
public static ITokenSigner Create(
IPublicKeyDataProvider publicKeyDataProvider,
Curve curve,
TimeSpan keyLifetime,
TimeSpan keyRotationPeriod
) {
CngAlgorithm algorithm;
switch( curve ) {
case Curve.P521: {
algorithm = CngAlgorithm.ECDsaP521;
break;
}
case Curve.P384: {
algorithm = CngAlgorithm.ECDsaP384;
break;
}
case Curve.P256:
default: {
algorithm = CngAlgorithm.ECDsaP256;
break;
}
}
IPrivateKeyProvider privateKeyProvider = EcDsaPrivateKeyProvider
.Factory
.Create(
publicKeyDataProvider,
keyLifetime,
keyRotationPeriod,
algorithm
);
var tokenSigner = new TokenSigner( privateKeyProvider );
return tokenSigner;
}