public static void EnsureSystemClient()
{
var systemClientDataFile = Path.Combine(Config.GetClientConfigPath(), "system-client.json");
var systemClientKeyFile = Path.Combine(Config.GetClientConfigPath(), "system-client.key");
var recreateSystemClient = !File.Exists(systemClientDataFile) || !File.Exists(systemClientKeyFile);
AsymmetricKeyParameter publicKey = null;
if (File.Exists(systemClientDataFile))
{
try
{
var systemClientData =
JsonConvert.DeserializeObject <ClientConfigModel>(File.ReadAllText(systemClientDataFile));
publicKey = CertHelper.GetPublicKey(systemClientData.X509CertificateBase64);
}
catch (Exception)
{
recreateSystemClient = true;
}
}
AsymmetricCipherKeyPair privateKeyPair = null;
if (!recreateSystemClient && File.Exists(systemClientKeyFile))
{
try
{
privateKeyPair = CertHelper.ReadPrivateKeyFile(systemClientKeyFile);
}
catch (Exception)
{
recreateSystemClient = true;
}
}
if (!recreateSystemClient && publicKey != null && privateKeyPair != null)
{
if (privateKeyPair.Public.Equals(publicKey))
{
return;
}
}
RemoveSystemClient();
var(certificate, keyPair) = X509Generation.GenerateSelfSignedCertificate("system-client");
var newClient = new ClientConfigModel
{
ClientId = "system-client",
X509CertificateBase64 = Convert.ToBase64String(certificate.GetEncoded()),
AllowedScopes = new [] { "openid", "compute_api", "identity:clients:write:all" }
};
newClient.SaveConfigFile();
CertHelper.WritePrivateKeyFile(systemClientKeyFile, keyPair);
}
public static async Task <string> NewClientCertificate(this IClientApiModel client)
{
var(certificate, keyPair) = X509Generation.GenerateSelfSignedCertificate(client.Id);
client.Certificate = Convert.ToBase64String(certificate.GetEncoded());
var stringBuilder = new StringBuilder();
await using var writer = new StringWriter(stringBuilder);
new PemWriter(writer).WriteObject(keyPair);
return(stringBuilder.ToString());
}