internal VaultClient(IVaultAuth vaultAuth, IVaultClientUri vaultUri)
{
vaultUri.ThrowIfNull(nameof(vaultUri));
vaultAuth.ThrowIfNull(nameof(vaultAuth));
VaultUri = vaultUri;
VaultAuth = vaultAuth;
}
/// <summary>Setup Vault to store Client Secrets</summary>
/// <param name="factory">Identity Server Service Factory</param>
/// <param name="vaultOptions">Vault Options</param>
/// <param name="vaultAuth">Vault Authentication</param>
private static void AddVaultClientSecretStore(
this IdentityServerServiceFactory factory,
VaultClientSecretStoreOptions vaultOptions,
IVaultAuth vaultAuth)
{
factory.Register(new Registration <IVaultSecretStore>(new VaultSecretStore(new VaultClient(vaultAuth, vaultOptions.VaultUrl, vaultOptions.VaultCertificate))));
factory.ClientStore = new Registration <IClientStore>(resolver => new ClientSecretStore(resolver.Resolve <IVaultSecretStore>(), resolver.Resolve <IClientDataStore>()));
factory.ScopeStore = new Registration <IScopeStore>(resolver => new ScopeSecretStore(resolver.Resolve <IVaultSecretStore>(), resolver.Resolve <IScopeDataStore>()));
factory.Register(new Registration <IRequestParser, RequestParser>());
factory.SecretValidators.Clear();
factory.SecretValidators.Add(new Registration <ISecretValidator, VaultSecretValidator>());
factory.SecretParsers.Clear();
factory.SecretParsers.Add(new Registration <ISecretParser, VaultPostBodySecretParser>());
factory.SecretParsers.Add(new Registration <ISecretParser, VaultBasicAuthenticationSecretParser>());
}
public VaultClient(IVaultClientUri vaultClientUri, IVaultAuth vaultAuth)
{
VaultUri = vaultClientUri.ThrowIfNull(nameof(vaultClientUri));
VaultAuth = vaultAuth.ThrowIfNull(nameof(vaultAuth));
}
public VaultClient(IVaultAuth vaultAuth, string vaultUri, X509Certificate2 cert)
{
VaultUri = new VaultClientUri(vaultUri, cert);
VaultAuth = vaultAuth.ThrowIfNull(nameof(vaultAuth));
}
public VaultClient(IVaultAuth vaultAuth, string vaultUri, X509Certificate2 certificate)
: this(vaultAuth, new VaultClientUri(vaultUri, certificate))
{
}
private static void AddVaultCertificateStore(this IdentityServerOptions options, VaultCertificateStoreOptions vaultOptions, IVaultAuth vaultAuth)
{
// This isn't great but we need a cert at startup
var client = new VaultClient(vaultAuth, vaultOptions.VaultUrl, vaultOptions.VaultCertificate);
var certificateStore = new VaultCertificateStore(client, vaultOptions.RoleName, vaultOptions.CommonName);
var certificateHelper = new X509Certificate2Helper();
var privateKeyHelper = new RsaCryptoServiceProviderHelper();
var vaultService = new VaultCertificateService(options, certificateStore, certificateHelper, privateKeyHelper);
vaultService.GetCertificates();
// Register our dependencies
options.Factory.Register(new Registration <IVaultCertificateService>(vaultService));
options.Factory.SigningKeyService = new Registration <ISigningKeyService, VaultTokenSigningKeyService>();
}
