/// <summary>
/// 添加开发者全局签名证书(默认原生兼容 IdentityServer4 生成的临时密钥文件)。
/// </summary>
/// <param name="builder">给定的 <see cref="IEncryptionBuilder"/>。</param>
/// <param name="persistKey">是否持久化密钥(可选;默认持久化)。</param>
/// <param name="fileName">给定的文件名(可选;默认兼容 IdentityServer4 生成的临时密钥文件)。</param>
/// <returns>返回 <see cref="IEncryptionBuilder"/>。</returns>
public static IEncryptionBuilder AddDeveloperGlobalSigningCredentials(this IEncryptionBuilder builder,
bool persistKey = true, string fileName = null)
{
var key = RsaSecurityKeyHelper.Load(fileName, persistKey);
return(builder.AddGlobalSigningCredentials(key));
}
/// <summary>
/// 添加全局签名证书。
/// </summary>
/// <param name="builder">给定的 <see cref="IEncryptionBuilder"/>。</param>
/// <param name="certificate">给定的 <see cref="X509Certificate2"/>。</param>
/// <returns>返回 <see cref="IEncryptionBuilder"/>。</returns>
public static IEncryptionBuilder AddGlobalSigningCredentials(this IEncryptionBuilder builder, X509Certificate2 certificate)
{
if (!certificate.NotNull(nameof(certificate)).HasPrivateKey)
{
throw new InvalidOperationException(InternalResource.InvalidOperationExceptionNotHavePrivateKeyFormat.Format(nameof(X509Certificate2)));
}
var credentials = new SigningCredentials(new X509SecurityKey(certificate), SecurityAlgorithms.RsaSha256);
return(builder.AddGlobalSigningCredentials(credentials));
}
public static IEncryptionBuilder AddGlobalSigningCredentials(this IEncryptionBuilder builder, RsaSecurityKey rsaKey)
{
rsaKey.NotNull(nameof(rsaKey));
if (rsaKey.PrivateKeyStatus == PrivateKeyStatus.DoesNotExist)
{
throw new InvalidOperationException(InternalResource.InvalidOperationExceptionNotHavePrivateKeyFormat.Format(nameof(RsaSecurityKey)));
}
var credential = new SigningCredentials(rsaKey, SecurityAlgorithms.RsaSha256);
return(builder.AddGlobalSigningCredentials(credential));
}
