public AuthorizationService(IOptions <AuthorizationServerOptions> options, ITransaction transaction, IDistributedLockManager lockManager,
SignInTokenBiz signInTokenBiz, IIdentityService identityService /*, ILogger<AuthorizationService> logger*/)
{
_options = options.Value;
_transaction = transaction;
_lockManager = lockManager;
_identityService = identityService;
_signInTokenBiz = signInTokenBiz;
#region Initialize Jwt Signing Credentials
X509Certificate2?cert = CertificateUtil.GetBySubject(_options.SigningCertificateSubject);
if (cert == null)
{
throw new AuthorizationException(ErrorCode.JwtSigningCertNotFound, $"Subject:{_options.SigningCertificateSubject}");
}
_jsonWebKeySet = CredentialHelper.CreateJsonWebKeySet(cert);
_issuerSigningKeys = _jsonWebKeySet.GetSigningKeys();
#endregion
#region Initialize Jwt Content Encrypt/Decrypt Credentials
X509Certificate2?encryptionCert = CertificateUtil.GetBySubject(_options.EncryptingCertificateSubject);
if (encryptionCert == null)
{
throw new FrameworkException(ErrorCode.JwtEncryptionCertNotFound, $"Subject:{_options.EncryptingCertificateSubject}");
}
_encryptingCredentials = CredentialHelper.GetEncryptingCredentials(encryptionCert);
_decryptionSecurityKey = CredentialHelper.GetSecurityKey(encryptionCert);
#endregion
}
/// <summary>
///
/// </summary>
/// <param name="options"></param>
/// <param name="logger"></param>
/// <exception cref="FileNotFoundException">证书文件不存在</exception>
/// <exception cref="ArgumentException">Json无法解析</exception>
public CredentialBiz(IOptions <AuthorizationServerOptions> options)
{
_options = options.Value;
#region Signing Credentials
//证书
X509Certificate2?cert = CertificateUtil.GetBySubject(_options.SigningCertificateSubject);
if (cert == null)
{
throw new FrameworkException(ErrorCode.JwtSigningCertNotFound, $"Subject:{_options.SigningCertificateSubject}");
}
//密钥
X509SecurityKey securityKey = new X509SecurityKey(cert);
_signingCredentials = new SigningCredentials(securityKey, _options.SigningAlgorithm.IsNullOrEmpty() ? SecurityAlgorithms.RsaSha256Signature : _options.SigningAlgorithm);
#endregion
#region JsonWebKeySet
RSA publicKey = (RSA)securityKey.PublicKey;
RSAParameters parameters = publicKey.ExportParameters(false);
IList <JsonWebKey> jsonWebKeys = new List <JsonWebKey> {
new JsonWebKey {
Kty = "RSA",
Use = "sig",
Kid = securityKey.KeyId,
E = Base64UrlEncoder.Encode(parameters.Exponent),
N = Base64UrlEncoder.Encode(parameters.Modulus)
}
};
string jsonWebKeySetString = SerializeUtil.ToJson(new { Keys = jsonWebKeys });
_jsonWebKeySet = new JsonWebKeySet(jsonWebKeySetString);
#endregion
#region Encryption Credentials
X509Certificate2?encryptionCert = CertificateUtil.GetBySubject(_options.EncryptingCertificateSubject);
if (encryptionCert == null)
{
throw new FrameworkException(ErrorCode.JwtEncryptionCertNotFound, $"Subject:{_options.EncryptingCertificateSubject}");
}
_encryptingCredentials = new X509EncryptingCredentials(encryptionCert);
#endregion
#region Decryption Security Key
_decryptionSecurityKey = new X509SecurityKey(encryptionCert);
#endregion
}