public SigningCredentials LoadKey() { // We can't know for sure if there was a configuration section explicitly defined. // Check if the current configuration has any children and avoid failing if that's the case. // This will avoid failing when no configuration has been specified but will still fail if partial data // was defined. if (!_configuration.GetChildren().Any()) { return(null); } var key = new KeyDefinition() { Type = _configuration[nameof(KeyDefinition.Type)], FilePath = _configuration[nameof(KeyDefinition.FilePath)], Password = _configuration[nameof(KeyDefinition.Password)], Name = _configuration[nameof(KeyDefinition.Name)], StoreLocation = _configuration[nameof(KeyDefinition.StoreLocation)], StoreName = _configuration[nameof(KeyDefinition.StoreName)], StorageFlags = _configuration[nameof(KeyDefinition.StorageFlags)] }; if (bool.TryParse(_configuration[nameof(KeyDefinition.Persisted)], out var value)) { key.Persisted = value; } switch (key.Type) { case KeySources.Development: var developmentKeyPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath ?? DefaultTempKeyRelativePath); var createIfMissing = key.Persisted ?? true; _logger.LogInformation($"Loading development key at '{developmentKeyPath}'."); var developmentKey = new RsaSecurityKey(SigningKeysLoader.LoadDevelopment(developmentKeyPath, createIfMissing)) { KeyId = "Development" }; return(new SigningCredentials(developmentKey, "RS256")); case KeySources.File: var pfxPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath); var pfxPassword = key.Password; var storageFlags = GetStorageFlags(key); _logger.LogInformation($"Loading certificate file at '{pfxPath}' with storage flags '{key.StorageFlags}'."); return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromFile(pfxPath, key.Password, storageFlags)), "RS256")); case KeySources.Store: if (!Enum.TryParse <StoreLocation>(key.StoreLocation, out var storeLocation)) { throw new InvalidOperationException($"Invalid certificate store location '{key.StoreLocation}'."); } _logger.LogInformation($"Loading certificate with subject '{key.Name}' in '{key.StoreLocation}\\{key.StoreName}'."); return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromStoreCert(key.Name, key.StoreName, storeLocation, GetCurrentTime())), "RS256")); default: throw new InvalidOperationException($"Invalid key type '{key.Type ?? "(null)"}'."); } }
public SigningCredentials LoadKey() { var key = new KeyDefinition(); _configuration.Bind(key); switch (key.Type) { case KeySources.Development: var developmentKeyPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath ?? DefaultTempKeyRelativePath); var createIfMissing = key.Persisted ?? true; _logger.LogInformation($"Loading development key at '{developmentKeyPath}'."); var developmentKey = new RsaSecurityKey(SigningKeysLoader.LoadDevelopment(developmentKeyPath, createIfMissing)) { KeyId = "Development" }; return(new SigningCredentials(developmentKey, "RS256")); case KeySources.File: var pfxPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath); var pfxPassword = key.Password; var storageFlags = GetStorageFlags(key); _logger.LogInformation($"Loading certificate file at '{pfxPath}' with storage flags '{key.StorageFlags}'."); return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromFile(pfxPath, key.Password, storageFlags)), "RS256")); case KeySources.Store: if (!Enum.TryParse <StoreLocation>(key.StoreLocation, out var storeLocation)) { throw new InvalidOperationException($"Invalid certificate store location '{key.StoreLocation}'."); } _logger.LogInformation($"Loading certificate with subject '{key.Name}' in '{key.StoreLocation}\\{key.StoreName}'."); return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromStoreCert(key.Name, key.StoreName, storeLocation, GetCurrentTime())), "RS256")); case null: throw new InvalidOperationException($"Key type not specified."); default: throw new InvalidOperationException($"Invalid key type '{key.Type ?? "(null)"}'."); } }