public SigningCredentials LoadKey()
{
// We can't know for sure if there was a configuration section explicitly defined.
// Check if the current configuration has any children and avoid failing if that's the case.
// This will avoid failing when no configuration has been specified but will still fail if partial data
// was defined.
if (!_configuration.GetChildren().Any())
{
return(null);
}
var key = new KeyDefinition()
{
Type = _configuration[nameof(KeyDefinition.Type)],
FilePath = _configuration[nameof(KeyDefinition.FilePath)],
Password = _configuration[nameof(KeyDefinition.Password)],
Name = _configuration[nameof(KeyDefinition.Name)],
StoreLocation = _configuration[nameof(KeyDefinition.StoreLocation)],
StoreName = _configuration[nameof(KeyDefinition.StoreName)],
StorageFlags = _configuration[nameof(KeyDefinition.StorageFlags)]
};
if (bool.TryParse(_configuration[nameof(KeyDefinition.Persisted)], out var value))
{
key.Persisted = value;
}
switch (key.Type)
{
case KeySources.Development:
var developmentKeyPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath ?? DefaultTempKeyRelativePath);
var createIfMissing = key.Persisted ?? true;
_logger.LogInformation($"Loading development key at '{developmentKeyPath}'.");
var developmentKey = new RsaSecurityKey(SigningKeysLoader.LoadDevelopment(developmentKeyPath, createIfMissing))
{
KeyId = "Development"
};
return(new SigningCredentials(developmentKey, "RS256"));
case KeySources.File:
var pfxPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath);
var pfxPassword = key.Password;
var storageFlags = GetStorageFlags(key);
_logger.LogInformation($"Loading certificate file at '{pfxPath}' with storage flags '{key.StorageFlags}'.");
return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromFile(pfxPath, key.Password, storageFlags)), "RS256"));
case KeySources.Store:
if (!Enum.TryParse <StoreLocation>(key.StoreLocation, out var storeLocation))
{
throw new InvalidOperationException($"Invalid certificate store location '{key.StoreLocation}'.");
}
_logger.LogInformation($"Loading certificate with subject '{key.Name}' in '{key.StoreLocation}\\{key.StoreName}'.");
return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromStoreCert(key.Name, key.StoreName, storeLocation, GetCurrentTime())), "RS256"));
default:
throw new InvalidOperationException($"Invalid key type '{key.Type ?? "(null)"}'.");
}
}
public SigningCredentials LoadKey()
{
var key = new KeyDefinition();
_configuration.Bind(key);
switch (key.Type)
{
case KeySources.Development:
var developmentKeyPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath ?? DefaultTempKeyRelativePath);
var createIfMissing = key.Persisted ?? true;
_logger.LogInformation($"Loading development key at '{developmentKeyPath}'.");
var developmentKey = new RsaSecurityKey(SigningKeysLoader.LoadDevelopment(developmentKeyPath, createIfMissing))
{
KeyId = "Development"
};
return(new SigningCredentials(developmentKey, "RS256"));
case KeySources.File:
var pfxPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath);
var pfxPassword = key.Password;
var storageFlags = GetStorageFlags(key);
_logger.LogInformation($"Loading certificate file at '{pfxPath}' with storage flags '{key.StorageFlags}'.");
return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromFile(pfxPath, key.Password, storageFlags)), "RS256"));
case KeySources.Store:
if (!Enum.TryParse <StoreLocation>(key.StoreLocation, out var storeLocation))
{
throw new InvalidOperationException($"Invalid certificate store location '{key.StoreLocation}'.");
}
_logger.LogInformation($"Loading certificate with subject '{key.Name}' in '{key.StoreLocation}\\{key.StoreName}'.");
return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromStoreCert(key.Name, key.StoreName, storeLocation, GetCurrentTime())), "RS256"));
case null:
throw new InvalidOperationException($"Key type not specified.");
default:
throw new InvalidOperationException($"Invalid key type '{key.Type ?? "(null)"}'.");
}
}