public static void LoadDevelopment_ThrowsIfKeyDoesNotExist()
{
// Act & Assert
var exception = Assert.Throws <InvalidOperationException>(() => SigningKeysLoader.LoadDevelopment("c:/inexistent.json", createIfMissing: false));
Assert.Equal("Couldn't find the file 'c:/inexistent.json' and creation of a development key was not requested.", exception.Message);
}
public SigningCredentials LoadKey()
{
// We can't know for sure if there was a configuration section explicitly defined.
// Check if the current configuration has any children and avoid failing if that's the case.
// This will avoid failing when no configuration has been specified but will still fail if partial data
// was defined.
if (!_configuration.GetChildren().Any())
{
return(null);
}
var key = new KeyDefinition()
{
Type = _configuration[nameof(KeyDefinition.Type)],
FilePath = _configuration[nameof(KeyDefinition.FilePath)],
Password = _configuration[nameof(KeyDefinition.Password)],
Name = _configuration[nameof(KeyDefinition.Name)],
StoreLocation = _configuration[nameof(KeyDefinition.StoreLocation)],
StoreName = _configuration[nameof(KeyDefinition.StoreName)],
StorageFlags = _configuration[nameof(KeyDefinition.StorageFlags)]
};
if (bool.TryParse(_configuration[nameof(KeyDefinition.Persisted)], out var value))
{
key.Persisted = value;
}
switch (key.Type)
{
case KeySources.Development:
var developmentKeyPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath ?? DefaultTempKeyRelativePath);
var createIfMissing = key.Persisted ?? true;
_logger.LogInformation(LoggerEventIds.DevelopmentKeyLoaded, "Loading development key at '{developmentKeyPath}'.", developmentKeyPath);
var developmentKey = new RsaSecurityKey(SigningKeysLoader.LoadDevelopment(developmentKeyPath, createIfMissing))
{
KeyId = "Development"
};
return(new SigningCredentials(developmentKey, "RS256"));
case KeySources.File:
var pfxPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath);
var storageFlags = GetStorageFlags(key);
_logger.LogInformation(LoggerEventIds.CertificateLoadedFromFile, "Loading certificate file at '{CertificatePath}' with storage flags '{CertificateStorageFlags}'.", pfxPath, key.StorageFlags);
return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromFile(pfxPath, key.Password, storageFlags)), "RS256"));
case KeySources.Store:
if (!Enum.TryParse <StoreLocation>(key.StoreLocation, out var storeLocation))
{
throw new InvalidOperationException($"Invalid certificate store location '{key.StoreLocation}'.");
}
_logger.LogInformation(LoggerEventIds.CertificateLoadedFromStore, "Loading certificate with subject '{CertificateSubject}' in '{CertificateStoreLocation}\\{CertificateStoreName}'.", key.Name, key.StoreLocation, key.StoreName);
return(new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromStoreCert(key.Name, key.StoreName, storeLocation, GetCurrentTime())), "RS256"));
default:
throw new InvalidOperationException($"Invalid key type '{key.Type ?? "(null)"}'.");
}
}
public static void LoadDevelopment_CreatesKeyIfItDoesNotExist()
{
// Arrange
var path = "./tempkeyfolder/tempkey.json";
if (File.Exists(path))
{
File.Delete(path);
}
// Act
var key = SigningKeysLoader.LoadDevelopment(path, createIfMissing: true);
// Assert
Assert.NotNull(key);
Assert.True(File.Exists(path));
}
public static void LoadDevelopment_ReusesKeyIfExists()
{
// Arrange
var path = "./tempkeyfolder/existing.json";
if (File.Exists(path))
{
File.Delete(path);
}
var existingKey = SigningKeysLoader.LoadDevelopment(path, createIfMissing: true);
var existingParameters = existingKey.ExportParameters(includePrivateParameters: true);
// Act
var currentKey = SigningKeysLoader.LoadDevelopment(path, createIfMissing: true);
var currentParameters = currentKey.ExportParameters(includePrivateParameters: true);
// Assert
Assert.NotNull(currentKey);
Assert.Equal(existingParameters.P, currentParameters.P);
Assert.Equal(existingParameters.Q, currentParameters.Q);
}