public static IIdentityServerBuilder AddVaultCertificateStore(this IIdentityServerBuilder builder, VaultCertificateStoreOptions vaultOptions)
{
builder.Services.AddSingleton(vaultOptions);
builder.Services.AddSingleton <IVaultClient>(resolver => new VaultClient(resolver.GetService <IVaultAuth>(), vaultOptions.VaultUrl, vaultOptions.VaultCertificate));
builder.Services.AddSingleton <IVaultCertificateStore>(resolver =>
new VaultCertificateStore(resolver.GetService <IVaultClient>(), vaultOptions.RoleName, vaultOptions.CommonName, resolver.GetService <ILogger <VaultCertificateStore> >())
);
builder.Services.AddSingleton <IX509Certificate2Helper, X509Certificate2Helper>();
builder.Services.AddSingleton <IRSACryptoServiceProviderHelper, RsaCryptoServiceProviderHelper>();
builder.Services.AddSingleton <IVaultCertificateService, VaultCertificateService>();
builder.Services.AddSingleton <ISigningCredentialStore, VaultSigningCredentialStore>();
builder.Services.AddSingleton <IValidationKeysStore, VaultValidationKeysStore>();
return(builder);
}
private static void AddVaultCertificateStore(this IdentityServerOptions options, VaultCertificateStoreOptions vaultOptions, IVaultAuth vaultAuth)
{
// This isn't great but we need a cert at startup
var client = new VaultClient(vaultAuth, vaultOptions.VaultUrl, vaultOptions.VaultCertificate);
var certificateStore = new VaultCertificateStore(client, vaultOptions.RoleName, vaultOptions.CommonName);
var certificateHelper = new X509Certificate2Helper();
var privateKeyHelper = new RsaCryptoServiceProviderHelper();
var vaultService = new VaultCertificateService(options, certificateStore, certificateHelper, privateKeyHelper);
vaultService.GetCertificates();
// Register our dependencies
options.Factory.Register(new Registration <IVaultCertificateService>(vaultService));
options.Factory.SigningKeyService = new Registration <ISigningKeyService, VaultTokenSigningKeyService>();
}
