private static IDataProtectionBuilder ConfigureForFile(IServiceCollection services, DataProtectionOptions dataProtectionOptions)
{
IDataProtectionBuilder builder = services.AddConfiguredDataProtection();
DataProtectionStorageOptions storageOptions = dataProtectionOptions.File;
if (storageOptions == null)
{
throw new InvalidOperationException($"{nameof(DataProtectionOptions)}:{nameof(dataProtectionOptions.File)} not set");
}
if (storageOptions.Path == "auto")
{
storageOptions.Path = EnvironmentPath.CreatePath("key-store");
}
var directory = new DirectoryInfo(storageOptions.Path);
directory.Create();
builder.PersistKeysToFileSystem(
directory
);
return(builder);
}
public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, DataProtectionOptions options)
{
builder.SetDefaultKeyLifetime(options.KeyLifeTime);
builder.SetApplicationName(options.ApplicationName);
var csBuilder = new System.Data.Common.DbConnectionStringBuilder
{
ConnectionString = options.ConnectionString
};
switch (options.Type)
{
case DataProtectionPersistenceType.FileSystem:
var dirInfo = new DirectoryInfo(csBuilder["Path"].ToString());
builder.PersistKeysToFileSystem(dirInfo);
return(builder);
case DataProtectionPersistenceType.Redis:
{
var uri = csBuilder["uri"].ToString();
var keystore = csBuilder["keystore"].ToString();
if (string.IsNullOrWhiteSpace(keystore))
{
keystore = "DataProtection-Keys";
}
var redis = ConnectionMultiplexer.Connect(uri);
builder.PersistKeysToStackExchangeRedis(redis, keystore);
return(builder);
}
default:
throw new ArgumentOutOfRangeException($"No builder present for the specified type: [{options.Type}]");
}
}
///<inheritdoc/>
public void Configure(IDataProtectionBuilder builder)
{
if (string.IsNullOrWhiteSpace(DirectoryPath))
{
throw new InvalidOperationException("Missing the directory path for DataProtection.");
}
builder.PersistKeysToFileSystem(new System.IO.DirectoryInfo(DirectoryPath));
}
protected internal override void AddInternal(IDataProtectionBuilder builder)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
var path = this.Path;
if (string.IsNullOrWhiteSpace(path))
{
throw new InvalidOperationException("The path is not set.");
}
if (!System.IO.Path.IsPathRooted(path))
{
path = System.IO.Path.Combine(builder.HostEnvironment.ContentRootPath, path);
}
builder.PersistKeysToFileSystem(new DirectoryInfo(path));
}
public static IDataProtectionBuilder PersistKeys(this IDataProtectionBuilder builder, Func <CacheOptions> configure = null)
{
var options = (configure != null)
? configure()
: new CacheOptions();
if (System.String.IsNullOrWhiteSpace(options?.RedisUrl))
{
builder.PersistKeysToFileSystem(
new DirectoryInfo(Path.Combine(options.SharedFolder, options.DataProtectionFolder))
);
}
else
{
builder.PersistKeysToStackExchangeRedis(
ConnectionMultiplexer.Connect(options.RedisUrl),
$"{options.Key}-dpk"
);
}
return(builder);
}
public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, IConfiguration configuration)
{
var dataProtectionsOptions = configuration.Get <Aguacongas.TheIdServer.Models.DataProtectionOptions>();
if (dataProtectionsOptions == null)
{
return(builder);
}
builder.AddKeyManagementOptions(options => configuration.GetSection(nameof(KeyManagementOptions))?.Bind(options));
ConfigureEncryptionAlgorithm(builder, configuration);
switch (dataProtectionsOptions.StorageKind)
{
case StorageKind.AzureStorage:
builder.PersistKeysToAzureBlobStorage(new Uri(dataProtectionsOptions.StorageConnectionString));
break;
case StorageKind.EntityFramework:
builder.PersistKeysToDbContext <OperationalDbContext>();
break;
case StorageKind.FileSytem:
builder.PersistKeysToFileSystem(new DirectoryInfo(dataProtectionsOptions.StorageConnectionString));
break;
case StorageKind.Redis:
var redis = ConnectionMultiplexer.Connect(dataProtectionsOptions.StorageConnectionString);
if (string.IsNullOrEmpty(dataProtectionsOptions.RedisKey))
{
builder.PersistKeysToStackExchangeRedis(redis);
break;
}
builder.PersistKeysToStackExchangeRedis(redis, dataProtectionsOptions.RedisKey);
break;
case StorageKind.Registry:
#pragma warning disable CA1416 // Validate platform compatibility
builder.PersistKeysToRegistry(Registry.CurrentUser.OpenSubKey(dataProtectionsOptions.StorageConnectionString));
#pragma warning restore CA1416 // Validate platform compatibility
break;
}
var protectOptions = dataProtectionsOptions.KeyProtectionOptions;
if (protectOptions != null)
{
switch (protectOptions.KeyProtectionKind)
{
case KeyProtectionKind.AzureKeyVault:
builder.ProtectKeysWithAzureKeyVault(protectOptions.AzureKeyVaultKeyId, protectOptions.AzureKeyVaultClientId, protectOptions.AzureKeyVaultClientSecret);
break;
case KeyProtectionKind.WindowsDpApi:
builder.ProtectKeysWithDpapi(protectOptions.WindowsDPAPILocalMachine);
break;
case KeyProtectionKind.WindowsDpApiNg:
ConfigureWindowsDpApiNg(builder, protectOptions);
break;
case KeyProtectionKind.X509:
if (!string.IsNullOrEmpty(protectOptions.X509CertificatePath))
{
var certificate = SigningKeysLoader.LoadFromFile(protectOptions.X509CertificatePath, protectOptions.X509CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet);
builder.ProtectKeysWithCertificate(certificate);
break;
}
builder.ProtectKeysWithCertificate(protectOptions.X509CertificateThumbprint);
break;
}
}
return(builder);
}
