/// <summary>
/// Sets the temporary signing credential.
/// </summary>
/// <param name="builder">The builder.</param>
/// <param name="filename">The filename.</param>
/// <returns></returns>
public static IIdentityServerBuilder AddDeveloperSigningCredential(this IIdentityServerBuilder builder, string filename = null)
{
if (filename == null)
{
filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa");
}
if (File.Exists(filename))
{
var keyFile = File.ReadAllText(filename);
var tempKey = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile);
return(builder.AddSigningCredential(CreateRsaSecurityKey(tempKey.Parameters, tempKey.KeyId)));
}
else
{
var key = CreateRsaSecurityKey();
var parameters = key.Rsa.ExportParameters(includePrivateParameters: true);
var tempKey = new TemporaryRsaKey
{
Parameters = parameters,
KeyId = key.KeyId
};
File.WriteAllText(filename, JsonConvert.SerializeObject(tempKey));
return(builder.AddSigningCredential(key));
}
}
/// <summary>
/// 生成 RSA 密钥。
/// </summary>
/// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns>
public static TemporaryRsaKey Generate()
{
var rsaKey = new TemporaryRsaKey();
rsaKey.KeyId = RandomExtensions.GenerateByteArray(16).AsBase64String();
rsaKey.Parameters = new();
rsaKey.Parameters.Populate(RSA.Create().ExportParameters(true));
return(rsaKey);
}
/// <summary>
/// 加载 RSA 安全密钥。
/// </summary>
/// <param name="fileName">给定的文件名。</param>
/// <param name="persistKey">是否持久化密钥。</param>
/// <returns>返回 <see cref="RsaSecurityKey"/>。</returns>
public static RsaSecurityKey Load(string fileName, bool persistKey)
{
if (fileName.IsEmpty()) // 默认兼容 IdentityServer4 生成的临时密钥文件
{
fileName = "tempkey.rsa".CombineCurrentDirectory();
}
return(ExtensionSettings.Preference.RunLocker(() =>
{
RsaSecurityKey securityKey;
var filePath = fileName.AsFilePathCombiner();
if (filePath.Exists())
{
var tempKey = filePath.ReadJson <TemporaryRsaKey>(settings: new JsonSerializerSettings
{
ContractResolver = new RsaKeyContractResolver()
});
securityKey = CreateRsaSecurityKey(tempKey.Parameters, tempKey.KeyId);
}
else
{
securityKey = Create();
RSAParameters parameters;
if (securityKey.Rsa.IsNotNull())
{
parameters = securityKey.Rsa.ExportParameters(includePrivateParameters: true);
}
else
{
parameters = securityKey.Parameters;
}
var tempKey = new TemporaryRsaKey
{
Parameters = parameters,
KeyId = securityKey.KeyId
};
if (persistKey)
{
filePath.WriteJson(tempKey, settings: new JsonSerializerSettings
{
ContractResolver = new RsaKeyContractResolver()
});
}
}
return securityKey;
}));
}
/// <summary> Creates new rsa key. </summary>
/// <returns> The new new rsa key. </returns>
private static TemporaryRsaKey CreateNewRsaKey()
{
var key = CreateRsaSecurityKey();
var parameters = key.Rsa?.ExportParameters(true) ?? key.Parameters;
var rsaKey = new TemporaryRsaKey
{
Parameters = parameters,
KeyId = key.KeyId
};
return(rsaKey);
}
public void Configure(IServiceCollection services)
{
services.AddDbContext <ApplicationUserDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationUserDbContext>()
.AddDefaultTokenProviders();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(GetIdentityResources())
.AddInMemoryApiResources(GetApiResources())
.AddInMemoryClients(GetClients())
.AddAspNetIdentity <ApplicationUser>();
services.Configure <IdentityOptions>(options => { options.ClaimsIdentity = new ClaimsIdentityOptions(); });
var filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa");
TemporaryRsaKey key = new TemporaryRsaKey();
if (File.Exists(filename))
{
var keyFile = File.ReadAllText(filename);
key = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile,
new JsonSerializerSettings {
ContractResolver = new RsaKeyContractResolver()
});
}
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new RsaSecurityKey(key.Parameters)
};
});
}
private static RsaSecurityKey GenerateRSADev()
{
var filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa");
if (File.Exists(filename))
{
var keyFile = File.ReadAllText(filename);
var tempKey = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile, new JsonSerializerSettings {
ContractResolver = new RsaKeyContractResolver()
});
return(CryptoHelper.CreateRsaSecurityKey(tempKey.Parameters, tempKey.KeyId));
}
else
{
var key = CryptoHelper.CreateRsaSecurityKey();
RSAParameters parameters;
if (key.Rsa != null)
{
parameters = key.Rsa.ExportParameters(includePrivateParameters: true);
}
else
{
parameters = key.Parameters;
}
var tempKey = new TemporaryRsaKey
{
Parameters = parameters,
KeyId = key.KeyId
};
File.WriteAllText(filename, JsonConvert.SerializeObject(tempKey, new JsonSerializerSettings {
ContractResolver = new RsaKeyContractResolver()
}));
return(key);
}
}
public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder)
{
var signingAlgorithm = IdentityServerConstants.RsaSigningAlgorithm.RS256;
var rsaSecurityKey = CryptoHelper.CreateRsaSecurityKey();
var temporaryRsaKey = new TemporaryRsaKey
{
KeyId = rsaSecurityKey.KeyId
};
if (rsaSecurityKey.Rsa is null)
{
temporaryRsaKey.Parameters = rsaSecurityKey.Parameters;
}
else
{
temporaryRsaKey.Parameters = rsaSecurityKey.Rsa.ExportParameters(includePrivateParameters: true);
}
var filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa");
if (File.Exists(filename))
{
var keyFile = File.ReadAllText(filename);
temporaryRsaKey = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile, new JsonSerializerSettings {
ContractResolver = new RsaKeyContractResolver()
});
rsaSecurityKey = CryptoHelper.CreateRsaSecurityKey(temporaryRsaKey.Parameters, temporaryRsaKey.KeyId);
}
else
{
File.WriteAllText(filename, JsonConvert.SerializeObject(temporaryRsaKey, new JsonSerializerSettings {
ContractResolver = new RsaKeyContractResolver()
}));
}
builder.AddSigningCredential(rsaSecurityKey, signingAlgorithm);
return(builder);
}
/// <summary> /// 保存临时 RSA 密钥。 /// </summary> /// <param name="autokey">给定的 <see cref="TemporaryRsaKey"/>。</param> /// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns> public abstract TemporaryRsaKey Save(TemporaryRsaKey autokey);
/// <summary> /// 生成临时 RSA 密钥。 /// </summary> /// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns> public virtual TemporaryRsaKey Generate() => TemporaryRsaKey.Generate();
/// <summary>
/// 保存临时 RSA 密钥。
/// </summary>
/// <param name="rsaKey">给定的 <see cref="TemporaryRsaKey"/>。</param>
/// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns>
public override TemporaryRsaKey Save(TemporaryRsaKey rsaKey)
{
FilePath.SerializeJsonFile(rsaKey);
return(rsaKey);
}
