public static IIdentityServiceBuilder AddSigningCertificates( this IIdentityServiceBuilder builder, Func <IEnumerable <X509Certificate2> > certificatesLoader) { builder.Services.Configure <IdentityServiceOptions>(o => { var certificates = certificatesLoader(); foreach (var certificate in certificates) { var algorithm = CryptographyHelpers.FindAlgorithm(certificate); o.SigningKeys.Add(new SigningCredentials(new X509SecurityKey(certificate), algorithm)); } }); return(builder); }
public static IIdentityServiceBuilder AddSigningCertificate( this IIdentityServiceBuilder builder, X509Certificate2 certificate) { CryptographyHelpers.ValidateRsaKeyLength(certificate); var key = new X509SecurityKey(certificate); builder.Services.Configure <IdentityServiceOptions>( options => { var algorithm = CryptographyHelpers.FindAlgorithm(certificate); options.SigningKeys.Add(new SigningCredentials(key, algorithm)); }); return(builder); }
private SigningCredentialsDescriptor CreateDescriptor(X509Certificate2 certificate) { CryptographyHelpers.ValidateRsaKeyLength(certificate); var credentials = new SigningCredentials(new X509SecurityKey(certificate), CryptographyHelpers.FindAlgorithm(certificate)); return(new SigningCredentialsDescriptor( credentials, CryptographyHelpers.GetAlgorithm(credentials), certificate.NotBefore, certificate.NotAfter, GetMetadata())); IDictionary <string, string> GetMetadata() { var rsaParameters = CryptographyHelpers.GetRSAParameters(credentials); return(new Dictionary <string, string> { [JsonWebKeyParameterNames.E] = Base64UrlEncoder.Encode(rsaParameters.Exponent), [JsonWebKeyParameterNames.N] = Base64UrlEncoder.Encode(rsaParameters.Modulus), }); } }