public static IIdentityServiceBuilder AddSigningCertificates(
this IIdentityServiceBuilder builder,
Func <IEnumerable <X509Certificate2> > certificatesLoader)
{
builder.Services.Configure <IdentityServiceOptions>(o =>
{
var certificates = certificatesLoader();
foreach (var certificate in certificates)
{
var algorithm = CryptographyHelpers.FindAlgorithm(certificate);
o.SigningKeys.Add(new SigningCredentials(new X509SecurityKey(certificate), algorithm));
}
});
return(builder);
}
public static IIdentityServiceBuilder AddSigningCertificate(
this IIdentityServiceBuilder builder,
X509Certificate2 certificate)
{
CryptographyHelpers.ValidateRsaKeyLength(certificate);
var key = new X509SecurityKey(certificate);
builder.Services.Configure <IdentityServiceOptions>(
options =>
{
var algorithm = CryptographyHelpers.FindAlgorithm(certificate);
options.SigningKeys.Add(new SigningCredentials(key, algorithm));
});
return(builder);
}
private SigningCredentialsDescriptor CreateDescriptor(X509Certificate2 certificate)
{
CryptographyHelpers.ValidateRsaKeyLength(certificate);
var credentials = new SigningCredentials(new X509SecurityKey(certificate), CryptographyHelpers.FindAlgorithm(certificate));
return(new SigningCredentialsDescriptor(
credentials,
CryptographyHelpers.GetAlgorithm(credentials),
certificate.NotBefore,
certificate.NotAfter,
GetMetadata()));
IDictionary <string, string> GetMetadata()
{
var rsaParameters = CryptographyHelpers.GetRSAParameters(credentials);
return(new Dictionary <string, string>
{
[JsonWebKeyParameterNames.E] = Base64UrlEncoder.Encode(rsaParameters.Exponent),
[JsonWebKeyParameterNames.N] = Base64UrlEncoder.Encode(rsaParameters.Modulus),
});
}
}
