private static IDataProtectionBuilder ConfigureForFile(IServiceCollection services, DataProtectionOptions dataProtectionOptions) { IDataProtectionBuilder builder = services.AddConfiguredDataProtection(); DataProtectionStorageOptions storageOptions = dataProtectionOptions.File; if (storageOptions == null) { throw new InvalidOperationException($"{nameof(DataProtectionOptions)}:{nameof(dataProtectionOptions.File)} not set"); } if (storageOptions.Path == "auto") { storageOptions.Path = EnvironmentPath.CreatePath("key-store"); } var directory = new DirectoryInfo(storageOptions.Path); directory.Create(); builder.PersistKeysToFileSystem( directory ); return(builder); }
public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, DataProtectionOptions options) { builder.SetDefaultKeyLifetime(options.KeyLifeTime); builder.SetApplicationName(options.ApplicationName); var csBuilder = new System.Data.Common.DbConnectionStringBuilder { ConnectionString = options.ConnectionString }; switch (options.Type) { case DataProtectionPersistenceType.FileSystem: var dirInfo = new DirectoryInfo(csBuilder["Path"].ToString()); builder.PersistKeysToFileSystem(dirInfo); return(builder); case DataProtectionPersistenceType.Redis: { var uri = csBuilder["uri"].ToString(); var keystore = csBuilder["keystore"].ToString(); if (string.IsNullOrWhiteSpace(keystore)) { keystore = "DataProtection-Keys"; } var redis = ConnectionMultiplexer.Connect(uri); builder.PersistKeysToStackExchangeRedis(redis, keystore); return(builder); } default: throw new ArgumentOutOfRangeException($"No builder present for the specified type: [{options.Type}]"); } }
///<inheritdoc/> public void Configure(IDataProtectionBuilder builder) { if (string.IsNullOrWhiteSpace(DirectoryPath)) { throw new InvalidOperationException("Missing the directory path for DataProtection."); } builder.PersistKeysToFileSystem(new System.IO.DirectoryInfo(DirectoryPath)); }
protected internal override void AddInternal(IDataProtectionBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } var path = this.Path; if (string.IsNullOrWhiteSpace(path)) { throw new InvalidOperationException("The path is not set."); } if (!System.IO.Path.IsPathRooted(path)) { path = System.IO.Path.Combine(builder.HostEnvironment.ContentRootPath, path); } builder.PersistKeysToFileSystem(new DirectoryInfo(path)); }
public static IDataProtectionBuilder PersistKeys(this IDataProtectionBuilder builder, Func <CacheOptions> configure = null) { var options = (configure != null) ? configure() : new CacheOptions(); if (System.String.IsNullOrWhiteSpace(options?.RedisUrl)) { builder.PersistKeysToFileSystem( new DirectoryInfo(Path.Combine(options.SharedFolder, options.DataProtectionFolder)) ); } else { builder.PersistKeysToStackExchangeRedis( ConnectionMultiplexer.Connect(options.RedisUrl), $"{options.Key}-dpk" ); } return(builder); }
public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, IConfiguration configuration) { var dataProtectionsOptions = configuration.Get <Aguacongas.TheIdServer.Models.DataProtectionOptions>(); if (dataProtectionsOptions == null) { return(builder); } builder.AddKeyManagementOptions(options => configuration.GetSection(nameof(KeyManagementOptions))?.Bind(options)); ConfigureEncryptionAlgorithm(builder, configuration); switch (dataProtectionsOptions.StorageKind) { case StorageKind.AzureStorage: builder.PersistKeysToAzureBlobStorage(new Uri(dataProtectionsOptions.StorageConnectionString)); break; case StorageKind.EntityFramework: builder.PersistKeysToDbContext <OperationalDbContext>(); break; case StorageKind.FileSytem: builder.PersistKeysToFileSystem(new DirectoryInfo(dataProtectionsOptions.StorageConnectionString)); break; case StorageKind.Redis: var redis = ConnectionMultiplexer.Connect(dataProtectionsOptions.StorageConnectionString); if (string.IsNullOrEmpty(dataProtectionsOptions.RedisKey)) { builder.PersistKeysToStackExchangeRedis(redis); break; } builder.PersistKeysToStackExchangeRedis(redis, dataProtectionsOptions.RedisKey); break; case StorageKind.Registry: #pragma warning disable CA1416 // Validate platform compatibility builder.PersistKeysToRegistry(Registry.CurrentUser.OpenSubKey(dataProtectionsOptions.StorageConnectionString)); #pragma warning restore CA1416 // Validate platform compatibility break; } var protectOptions = dataProtectionsOptions.KeyProtectionOptions; if (protectOptions != null) { switch (protectOptions.KeyProtectionKind) { case KeyProtectionKind.AzureKeyVault: builder.ProtectKeysWithAzureKeyVault(protectOptions.AzureKeyVaultKeyId, protectOptions.AzureKeyVaultClientId, protectOptions.AzureKeyVaultClientSecret); break; case KeyProtectionKind.WindowsDpApi: builder.ProtectKeysWithDpapi(protectOptions.WindowsDPAPILocalMachine); break; case KeyProtectionKind.WindowsDpApiNg: ConfigureWindowsDpApiNg(builder, protectOptions); break; case KeyProtectionKind.X509: if (!string.IsNullOrEmpty(protectOptions.X509CertificatePath)) { var certificate = SigningKeysLoader.LoadFromFile(protectOptions.X509CertificatePath, protectOptions.X509CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet); builder.ProtectKeysWithCertificate(certificate); break; } builder.ProtectKeysWithCertificate(protectOptions.X509CertificateThumbprint); break; } } return(builder); }