/// <summary>
/// Configures the data protection system to persist keys to the specified database and collection in MongoDB.
/// </summary>
/// <param name="builder">The builder instance to modify.</param>
/// <param name="database">Database used to store the key list.</param>
/// <param name="collectionName">Collection used to store the key list.</param>
/// <returns>A reference to the <see cref="IDataProtectionBuilder"/> after this operation has completed.</returns>
public static IDataProtectionBuilder PersistKeysToMongoDb(this IDataProtectionBuilder builder, IMongoDatabase database, string collectionName)
{
if (database is null)
{
throw new ArgumentNullException(nameof(database));
}
return(builder.PersistKeysToMongoDb(database.GetCollection <MongoDbXmlKey>(collectionName)));
}
/// <summary>
/// Configures the data protection system to persist keys to the specified database and collection in MongoDB.
/// </summary>
/// <param name="builder">The builder instance to modify.</param>
/// <param name="connectionString">MongoDB connection url.</param>
/// <param name="databaseName">Database used to store the key list.</param>
/// <param name="collectionName">Collection used to store the key list.</param>
/// <returns>A reference to the <see cref="IDataProtectionBuilder"/> after this operation has completed.</returns>
public static IDataProtectionBuilder PersistKeysToMongoDb(this IDataProtectionBuilder builder, string connectionString, string databaseName, string collectionName)
{
return(builder.PersistKeysToMongoDb(new MongoClient(connectionString).GetDatabase(databaseName), collectionName));
}
public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, IConfiguration configuration)
{
var dataProtectionsOptions = configuration.Get <Aguacongas.TheIdServer.Models.DataProtectionOptions>();
if (dataProtectionsOptions == null)
{
return(builder);
}
builder.AddKeyManagementOptions(options => configuration.GetSection(nameof(KeyManagementOptions))?.Bind(options));
ConfigureEncryptionAlgorithm(builder, configuration);
switch (dataProtectionsOptions.StorageKind)
{
case StorageKind.AzureStorage:
builder.PersistKeysToAzureBlobStorage(blobSasUri: new Uri(dataProtectionsOptions.StorageConnectionString));
break;
case StorageKind.EntityFramework:
builder.PersistKeysToDbContext <OperationalDbContext>();
break;
case StorageKind.RavenDb:
builder.PersistKeysToRavenDb();
break;
case StorageKind.MongoDb:
builder.PersistKeysToMongoDb();
break;
case StorageKind.FileSystem:
builder.PersistKeysToFileSystem(new DirectoryInfo(dataProtectionsOptions.StorageConnectionString));
break;
case StorageKind.Redis:
var redis = ConnectionMultiplexer.Connect(dataProtectionsOptions.StorageConnectionString);
if (string.IsNullOrEmpty(dataProtectionsOptions.RedisKey))
{
builder.PersistKeysToStackExchangeRedis(redis);
break;
}
builder.PersistKeysToStackExchangeRedis(redis, dataProtectionsOptions.RedisKey);
break;
case StorageKind.Registry:
#pragma warning disable CA1416 // Validate platform compatibility
builder.PersistKeysToRegistry(Registry.CurrentUser.OpenSubKey(dataProtectionsOptions.StorageConnectionString));
#pragma warning restore CA1416 // Validate platform compatibility
break;
}
var protectOptions = dataProtectionsOptions.KeyProtectionOptions;
if (protectOptions != null)
{
switch (protectOptions.KeyProtectionKind)
{
case KeyProtectionKind.AzureKeyVault:
builder.ProtectKeysWithAzureKeyVault(new Uri(protectOptions.AzureKeyVaultKeyId), new DefaultAzureCredential());
break;
case KeyProtectionKind.WindowsDpApi:
builder.ProtectKeysWithDpapi(protectOptions.WindowsDPAPILocalMachine);
break;
case KeyProtectionKind.WindowsDpApiNg:
ConfigureWindowsDpApiNg(builder, protectOptions);
break;
case KeyProtectionKind.X509:
if (!string.IsNullOrEmpty(protectOptions.X509CertificatePath))
{
var certificate = SigningKeysLoader.LoadFromFile(protectOptions.X509CertificatePath, protectOptions.X509CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet);
builder.ProtectKeysWithCertificate(certificate);
break;
}
builder.ProtectKeysWithCertificate(protectOptions.X509CertificateThumbprint);
break;
}
}
return(builder);
}
