/// <summary> /// Sets the temporary signing credential. /// </summary> /// <param name="builder">The builder.</param> /// <param name="filename">The filename.</param> /// <returns></returns> public static IIdentityServerBuilder AddDeveloperSigningCredential(this IIdentityServerBuilder builder, string filename = null) { if (filename == null) { filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa"); } if (File.Exists(filename)) { var keyFile = File.ReadAllText(filename); var tempKey = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile); return(builder.AddSigningCredential(CreateRsaSecurityKey(tempKey.Parameters, tempKey.KeyId))); } else { var key = CreateRsaSecurityKey(); var parameters = key.Rsa.ExportParameters(includePrivateParameters: true); var tempKey = new TemporaryRsaKey { Parameters = parameters, KeyId = key.KeyId }; File.WriteAllText(filename, JsonConvert.SerializeObject(tempKey)); return(builder.AddSigningCredential(key)); } }
/// <summary> /// 生成 RSA 密钥。 /// </summary> /// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns> public static TemporaryRsaKey Generate() { var rsaKey = new TemporaryRsaKey(); rsaKey.KeyId = RandomExtensions.GenerateByteArray(16).AsBase64String(); rsaKey.Parameters = new(); rsaKey.Parameters.Populate(RSA.Create().ExportParameters(true)); return(rsaKey); }
/// <summary> /// 加载 RSA 安全密钥。 /// </summary> /// <param name="fileName">给定的文件名。</param> /// <param name="persistKey">是否持久化密钥。</param> /// <returns>返回 <see cref="RsaSecurityKey"/>。</returns> public static RsaSecurityKey Load(string fileName, bool persistKey) { if (fileName.IsEmpty()) // 默认兼容 IdentityServer4 生成的临时密钥文件 { fileName = "tempkey.rsa".CombineCurrentDirectory(); } return(ExtensionSettings.Preference.RunLocker(() => { RsaSecurityKey securityKey; var filePath = fileName.AsFilePathCombiner(); if (filePath.Exists()) { var tempKey = filePath.ReadJson <TemporaryRsaKey>(settings: new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() }); securityKey = CreateRsaSecurityKey(tempKey.Parameters, tempKey.KeyId); } else { securityKey = Create(); RSAParameters parameters; if (securityKey.Rsa.IsNotNull()) { parameters = securityKey.Rsa.ExportParameters(includePrivateParameters: true); } else { parameters = securityKey.Parameters; } var tempKey = new TemporaryRsaKey { Parameters = parameters, KeyId = securityKey.KeyId }; if (persistKey) { filePath.WriteJson(tempKey, settings: new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() }); } } return securityKey; })); }
/// <summary> Creates new rsa key. </summary> /// <returns> The new new rsa key. </returns> private static TemporaryRsaKey CreateNewRsaKey() { var key = CreateRsaSecurityKey(); var parameters = key.Rsa?.ExportParameters(true) ?? key.Parameters; var rsaKey = new TemporaryRsaKey { Parameters = parameters, KeyId = key.KeyId }; return(rsaKey); }
public void Configure(IServiceCollection services) { services.AddDbContext <ApplicationUserDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationUserDbContext>() .AddDefaultTokenProviders(); services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryPersistedGrants() .AddInMemoryIdentityResources(GetIdentityResources()) .AddInMemoryApiResources(GetApiResources()) .AddInMemoryClients(GetClients()) .AddAspNetIdentity <ApplicationUser>(); services.Configure <IdentityOptions>(options => { options.ClaimsIdentity = new ClaimsIdentityOptions(); }); var filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa"); TemporaryRsaKey key = new TemporaryRsaKey(); if (File.Exists(filename)) { var keyFile = File.ReadAllText(filename); key = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile, new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() }); } services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters { ValidateAudience = false, ValidateIssuer = false, ValidateIssuerSigningKey = true, IssuerSigningKey = new RsaSecurityKey(key.Parameters) }; }); }
private static RsaSecurityKey GenerateRSADev() { var filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa"); if (File.Exists(filename)) { var keyFile = File.ReadAllText(filename); var tempKey = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile, new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() }); return(CryptoHelper.CreateRsaSecurityKey(tempKey.Parameters, tempKey.KeyId)); } else { var key = CryptoHelper.CreateRsaSecurityKey(); RSAParameters parameters; if (key.Rsa != null) { parameters = key.Rsa.ExportParameters(includePrivateParameters: true); } else { parameters = key.Parameters; } var tempKey = new TemporaryRsaKey { Parameters = parameters, KeyId = key.KeyId }; File.WriteAllText(filename, JsonConvert.SerializeObject(tempKey, new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() })); return(key); } }
public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder) { var signingAlgorithm = IdentityServerConstants.RsaSigningAlgorithm.RS256; var rsaSecurityKey = CryptoHelper.CreateRsaSecurityKey(); var temporaryRsaKey = new TemporaryRsaKey { KeyId = rsaSecurityKey.KeyId }; if (rsaSecurityKey.Rsa is null) { temporaryRsaKey.Parameters = rsaSecurityKey.Parameters; } else { temporaryRsaKey.Parameters = rsaSecurityKey.Rsa.ExportParameters(includePrivateParameters: true); } var filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa"); if (File.Exists(filename)) { var keyFile = File.ReadAllText(filename); temporaryRsaKey = JsonConvert.DeserializeObject <TemporaryRsaKey>(keyFile, new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() }); rsaSecurityKey = CryptoHelper.CreateRsaSecurityKey(temporaryRsaKey.Parameters, temporaryRsaKey.KeyId); } else { File.WriteAllText(filename, JsonConvert.SerializeObject(temporaryRsaKey, new JsonSerializerSettings { ContractResolver = new RsaKeyContractResolver() })); } builder.AddSigningCredential(rsaSecurityKey, signingAlgorithm); return(builder); }
/// <summary> /// 保存临时 RSA 密钥。 /// </summary> /// <param name="autokey">给定的 <see cref="TemporaryRsaKey"/>。</param> /// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns> public abstract TemporaryRsaKey Save(TemporaryRsaKey autokey);
/// <summary> /// 生成临时 RSA 密钥。 /// </summary> /// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns> public virtual TemporaryRsaKey Generate() => TemporaryRsaKey.Generate();
/// <summary> /// 保存临时 RSA 密钥。 /// </summary> /// <param name="rsaKey">给定的 <see cref="TemporaryRsaKey"/>。</param> /// <returns>返回 <see cref="TemporaryRsaKey"/>。</returns> public override TemporaryRsaKey Save(TemporaryRsaKey rsaKey) { FilePath.SerializeJsonFile(rsaKey); return(rsaKey); }