From b88ba1845930941c6a35b2051b49467f59e60422 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Sun, 22 Aug 2021 19:09:12 +0200 Subject: [PATCH] Allow null/empty passwords in the AddEncryptionCertificate()/AddSigningCertificate() helpers --- .../OpenIddictResources.resx | 3 -- .../OpenIddictServerBuilder.cs | 36 +++++-------------- .../OpenIddictValidationBuilder.cs | 18 +++------- 3 files changed, 12 insertions(+), 45 deletions(-) diff --git a/src/OpenIddict.Abstractions/OpenIddictResources.resx b/src/OpenIddict.Abstractions/OpenIddictResources.resx index 781766e3..3cdfcb4c 100644 --- a/src/OpenIddict.Abstractions/OpenIddictResources.resx +++ b/src/OpenIddict.Abstractions/OpenIddictResources.resx @@ -341,9 +341,6 @@ Consider using 'options.AddEncryptionCredentials(EncryptingCredentials)' instead The resource cannot be null or empty. - - The password cannot be null or empty. - The certificate was not found in the specified assembly. diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs index 642f81e0..d136ccb3 100644 --- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs +++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs @@ -401,7 +401,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The name of the embedded resource. /// The password used to open the certificate. /// The . - public OpenIddictServerBuilder AddEncryptionCertificate(Assembly assembly, string resource, string password) + public OpenIddictServerBuilder AddEncryptionCertificate(Assembly assembly, string resource, string? password) #if SUPPORTS_EPHEMERAL_KEY_SETS // Note: ephemeral key sets are currently not supported on macOS. => AddEncryptionCertificate(assembly, resource, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? @@ -421,7 +421,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The . public OpenIddictServerBuilder AddEncryptionCertificate( Assembly assembly, string resource, - string password, X509KeyStorageFlags flags) + string? password, X509KeyStorageFlags flags) { if (assembly is null) { @@ -433,11 +433,6 @@ namespace Microsoft.Extensions.DependencyInjection throw new ArgumentException(SR.GetResourceString(SR.ID0062), nameof(resource)); } - if (string.IsNullOrEmpty(password)) - { - throw new ArgumentException(SR.GetResourceString(SR.ID0063), nameof(password)); - } - using var stream = assembly.GetManifestResourceStream(resource); if (stream is null) { @@ -453,7 +448,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The stream containing the certificate. /// The password used to open the certificate. /// The . - public OpenIddictServerBuilder AddEncryptionCertificate(Stream stream, string password) + public OpenIddictServerBuilder AddEncryptionCertificate(Stream stream, string? password) #if SUPPORTS_EPHEMERAL_KEY_SETS // Note: ephemeral key sets are currently not supported on macOS. => AddEncryptionCertificate(stream, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? @@ -475,18 +470,13 @@ namespace Microsoft.Extensions.DependencyInjection /// The . [SuppressMessage("Reliability", "CA2000:Dispose objects before losing scope", Justification = "The X.509 certificate is attached to the server options.")] - public OpenIddictServerBuilder AddEncryptionCertificate(Stream stream, string password, X509KeyStorageFlags flags) + public OpenIddictServerBuilder AddEncryptionCertificate(Stream stream, string? password, X509KeyStorageFlags flags) { if (stream is null) { throw new ArgumentNullException(nameof(stream)); } - if (string.IsNullOrEmpty(password)) - { - throw new ArgumentException(SR.GetResourceString(SR.ID0063), nameof(password)); - } - using var buffer = new MemoryStream(); stream.CopyTo(buffer); @@ -851,7 +841,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The name of the embedded resource. /// The password used to open the certificate. /// The . - public OpenIddictServerBuilder AddSigningCertificate(Assembly assembly, string resource, string password) + public OpenIddictServerBuilder AddSigningCertificate(Assembly assembly, string resource, string? password) #if SUPPORTS_EPHEMERAL_KEY_SETS // Note: ephemeral key sets are currently not supported on macOS. => AddSigningCertificate(assembly, resource, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? @@ -871,7 +861,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The . public OpenIddictServerBuilder AddSigningCertificate( Assembly assembly, string resource, - string password, X509KeyStorageFlags flags) + string? password, X509KeyStorageFlags flags) { if (assembly is null) { @@ -883,11 +873,6 @@ namespace Microsoft.Extensions.DependencyInjection throw new ArgumentException(SR.GetResourceString(SR.ID0062), nameof(resource)); } - if (string.IsNullOrEmpty(password)) - { - throw new ArgumentException(SR.GetResourceString(SR.ID0063), nameof(password)); - } - using var stream = assembly.GetManifestResourceStream(resource); if (stream is null) { @@ -903,7 +888,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The stream containing the certificate. /// The password used to open the certificate. /// The . - public OpenIddictServerBuilder AddSigningCertificate(Stream stream, string password) + public OpenIddictServerBuilder AddSigningCertificate(Stream stream, string? password) #if SUPPORTS_EPHEMERAL_KEY_SETS // Note: ephemeral key sets are currently not supported on macOS. => AddSigningCertificate(stream, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? @@ -925,18 +910,13 @@ namespace Microsoft.Extensions.DependencyInjection /// The . [SuppressMessage("Reliability", "CA2000:Dispose objects before losing scope", Justification = "The X.509 certificate is attached to the server options.")] - public OpenIddictServerBuilder AddSigningCertificate(Stream stream, string password, X509KeyStorageFlags flags) + public OpenIddictServerBuilder AddSigningCertificate(Stream stream, string? password, X509KeyStorageFlags flags) { if (stream is null) { throw new ArgumentNullException(nameof(stream)); } - if (string.IsNullOrEmpty(password)) - { - throw new ArgumentException(SR.GetResourceString(SR.ID0063), nameof(password)); - } - using var buffer = new MemoryStream(); stream.CopyTo(buffer); diff --git a/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs b/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs index f8d77ef1..f137a398 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationBuilder.cs @@ -217,7 +217,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The password used to open the certificate. /// The . public OpenIddictValidationBuilder AddEncryptionCertificate( - Assembly assembly, string resource, string password) + Assembly assembly, string resource, string? password) #if SUPPORTS_EPHEMERAL_KEY_SETS // Note: ephemeral key sets are currently not supported on macOS. => AddEncryptionCertificate(assembly, resource, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? @@ -237,7 +237,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The . public OpenIddictValidationBuilder AddEncryptionCertificate( Assembly assembly, string resource, - string password, X509KeyStorageFlags flags) + string? password, X509KeyStorageFlags flags) { if (assembly is null) { @@ -249,11 +249,6 @@ namespace Microsoft.Extensions.DependencyInjection throw new ArgumentException(SR.GetResourceString(SR.ID0062), nameof(resource)); } - if (string.IsNullOrEmpty(password)) - { - throw new ArgumentException(SR.GetResourceString(SR.ID0063), nameof(password)); - } - using var stream = assembly.GetManifestResourceStream(resource); if (stream is null) { @@ -269,7 +264,7 @@ namespace Microsoft.Extensions.DependencyInjection /// The stream containing the certificate. /// The password used to open the certificate. /// The . - public OpenIddictValidationBuilder AddEncryptionCertificate(Stream stream, string password) + public OpenIddictValidationBuilder AddEncryptionCertificate(Stream stream, string? password) #if SUPPORTS_EPHEMERAL_KEY_SETS // Note: ephemeral key sets are currently not supported on macOS. => AddEncryptionCertificate(stream, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? @@ -292,18 +287,13 @@ namespace Microsoft.Extensions.DependencyInjection [SuppressMessage("Reliability", "CA2000:Dispose objects before losing scope", Justification = "The X.509 certificate is attached to the server options.")] public OpenIddictValidationBuilder AddEncryptionCertificate( - Stream stream, string password, X509KeyStorageFlags flags) + Stream stream, string? password, X509KeyStorageFlags flags) { if (stream is null) { throw new ArgumentNullException(nameof(stream)); } - if (string.IsNullOrEmpty(password)) - { - throw new ArgumentException(SR.GetResourceString(SR.ID0063), nameof(password)); - } - using var buffer = new MemoryStream(); stream.CopyTo(buffer);