From be131a51842e17a80c0ece0453c9db1635428341 Mon Sep 17 00:00:00 2001 From: Roland Guijt Date: Tue, 13 Jan 2026 12:27:29 +0100 Subject: [PATCH] Bump packages MTLS demo and use new X509CertificateLoader for certificate loading --- IdentityServer/v7/MTLS/Api/Api.csproj | 4 ++-- .../ClientCredentials/ClientCredentials.csproj | 2 +- .../v7/MTLS/ClientCredentials/ConsoleExtensions.cs | 6 +++--- .../v7/MTLS/ClientCredentials/Program.cs | 2 +- .../v7/MTLS/IdentityServerHost/Clients.cs | 14 +++++++------- .../IdentityServerHost/IdentityServerHost.csproj | 6 +++--- .../Pages/Diagnostics/ViewModel.cs | 4 ++-- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/IdentityServer/v7/MTLS/Api/Api.csproj b/IdentityServer/v7/MTLS/Api/Api.csproj index f5dc9b5a..2eab82f7 100644 --- a/IdentityServer/v7/MTLS/Api/Api.csproj +++ b/IdentityServer/v7/MTLS/Api/Api.csproj @@ -6,8 +6,8 @@ - - + + diff --git a/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj b/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj index 4e068df6..fe063bd5 100644 --- a/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj +++ b/IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj @@ -7,7 +7,7 @@ - + diff --git a/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs b/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs index cd5793b2..62fab69d 100644 --- a/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs +++ b/IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs @@ -1,10 +1,10 @@ // Copyright (c) Duende Software. All rights reserved. // Licensed under the MIT License. See LICENSE in the project root for license information. +using System.Buffers.Text; using System.Diagnostics; using System.Text; using System.Text.Json; -using Duende.IdentityModel; namespace Shared; @@ -40,7 +40,7 @@ public static void ShowAccessToken(this string accessToken) var header = parts[0]; var payload = parts[1]; - Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.Decode(header))), new JsonSerializerOptions { WriteIndented = true })); - Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.Decode(payload))), new JsonSerializerOptions { WriteIndented = true })); + Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header))), new JsonSerializerOptions { WriteIndented = true })); + Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload))), new JsonSerializerOptions { WriteIndented = true })); } } diff --git a/IdentityServer/v7/MTLS/ClientCredentials/Program.cs b/IdentityServer/v7/MTLS/ClientCredentials/Program.cs index e78baf7b..f173267a 100644 --- a/IdentityServer/v7/MTLS/ClientCredentials/Program.cs +++ b/IdentityServer/v7/MTLS/ClientCredentials/Program.cs @@ -76,7 +76,7 @@ static SocketsHttpHandler GetHandler() var assemblyDir = typeof(Program).Assembly.Location; var certPath = Path.GetFullPath(Path.Combine(assemblyDir, "../../../../../localhost-client.p12")); - var cert = new X509Certificate2(certPath, "changeit"); + var cert = X509CertificateLoader.LoadPkcs12FromFile(certPath, "changeit"); handler.SslOptions.ClientCertificates = new X509CertificateCollection { cert }; return handler; diff --git a/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs b/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs index c4815933..7620facc 100644 --- a/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs +++ b/IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs @@ -10,25 +10,25 @@ namespace IdentityServerHost; public static class Clients { - // These ClientCert related helper methods make the demo easy to run, but + // These ClientCert related helper methods make the demo easy to run, but // are not suitable for production. The point is client authentication based - // on the mTLS certificate needs some way of identifying the certificate + // on the mTLS certificate needs some way of identifying the certificate // to use, which can either be the client certificates subject or thumbprint. // The thumbprint is more specific: it uniquely identifies a single certificate. - // The subject is more flexible: any certificate signed by an authority that - // you trust with the expected subject can be used. This facilitates + // The subject is more flexible: any certificate signed by an authority that + // you trust with the expected subject can be used. This facilitates // rotation of certificates, but depends on strong public key infrastructure. // Depending on how you are distributing client certificates to your clients // and your security requirements, either approach can work. // // In this sample, we are obtaining that information in an unrealistic way. // We simply load the certificate file that is also used by the client, and - // then take the thumbprint or subject from that. In a real deployment, the - // certificate should be controlled by the client and not be shared in this + // then take the thumbprint or subject from that. In a real deployment, the + // certificate should be controlled by the client and not be shared in this // way. We are doing this because we don't know the thumbprint or subject of // the certificate that mkcert will generate. private static X509Certificate2 ClientCert() => - new X509Certificate2("../localhost-client.p12", "changeit"); + X509CertificateLoader.LoadPkcs12FromFile("../localhost-client.p12", "changeit"); private static string ClientCertificateThumbprint() => ClientCert().Thumbprint; private static string ClientCertificateSubject() => ClientCert().Subject; diff --git a/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj b/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj index eca2569a..c2afba5a 100644 --- a/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj +++ b/IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj @@ -6,9 +6,9 @@ - - - + + + diff --git a/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs b/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs index 292d48f1..8efc0bad 100644 --- a/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs +++ b/IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs @@ -2,9 +2,9 @@ // Licensed under the MIT License. See LICENSE in the project root for license information. +using System.Buffers.Text; using System.Text; using System.Text.Json; -using Duende.IdentityModel; using Microsoft.AspNetCore.Authentication; namespace IdentityServerHost.Pages.Diagnostics; @@ -18,7 +18,7 @@ public ViewModel(AuthenticateResult result) if (result.Properties.Items.ContainsKey("client_list")) { var encoded = result.Properties.Items["client_list"]; - var bytes = Base64Url.Decode(encoded); + var bytes = Base64Url.DecodeFromChars(encoded); var value = Encoding.UTF8.GetString(bytes); Clients = JsonSerializer.Deserialize(value);