Disable developer certificate middlware on test website, replace developer certificate with pfx from file
This commit is contained in:
parent
7216144fb8
commit
9d937cac4b
|
|
@ -7,12 +7,14 @@ using Identity.OpenIdConnect.WebSite;
|
||||||
using Identity.OpenIdConnect.WebSite.Identity.Data;
|
using Identity.OpenIdConnect.WebSite.Identity.Data;
|
||||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
|
using Microsoft.AspNetCore.Identity.Service;
|
||||||
using Microsoft.AspNetCore.Identity.Service.IntegratedWebClient;
|
using Microsoft.AspNetCore.Identity.Service.IntegratedWebClient;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using Microsoft.AspNetCore.Mvc.Testing;
|
using Microsoft.AspNetCore.Mvc.Testing;
|
||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||||
|
using Microsoft.IdentityModel.Tokens;
|
||||||
|
|
||||||
namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
||||||
{
|
{
|
||||||
|
|
@ -83,61 +85,12 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
||||||
|
|
||||||
public CredentialsServerBuilder EnsureDeveloperCertificate()
|
public CredentialsServerBuilder EnsureDeveloperCertificate()
|
||||||
{
|
{
|
||||||
try
|
Server.ConfigureBeforeStartup(services => services.Configure<IdentityServiceOptions>(
|
||||||
{
|
o => o.SigningKeys.Add(
|
||||||
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
|
new SigningCredentials(
|
||||||
{
|
new X509SecurityKey(new X509Certificate2("./test-cert.pfx", "test")), "RS256"))));
|
||||||
store.Open(OpenFlags.ReadOnly);
|
|
||||||
var certificates = store.Certificates.OfType<X509Certificate2>().ToList();
|
|
||||||
var development = certificates.FirstOrDefault(c => c.Subject == "CN=Identity.Development" &&
|
|
||||||
c.GetRSAPrivateKey() != null &&
|
|
||||||
c.NotAfter > DateTimeOffset.UtcNow);
|
|
||||||
|
|
||||||
if (development == null)
|
|
||||||
{
|
|
||||||
CreateDevelopmentCertificate();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (Exception)
|
|
||||||
{
|
|
||||||
throw new InvalidOperationException("There was an error ensuring the presence of the developer certificate.");
|
|
||||||
}
|
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
|
|
||||||
void CreateDevelopmentCertificate()
|
|
||||||
{
|
|
||||||
#if NETCOREAPP2_0
|
|
||||||
using (var rsa = RSA.Create(2048))
|
|
||||||
{
|
|
||||||
var signingRequest = new CertificateRequest(
|
|
||||||
new X500DistinguishedName("CN=Identity.Development"), rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
|
|
||||||
var enhacedKeyUsage = new OidCollection();
|
|
||||||
enhacedKeyUsage.Add(new Oid("1.3.6.1.5.5.7.3.1", "Server Authentication"));
|
|
||||||
signingRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(enhacedKeyUsage, critical: true));
|
|
||||||
signingRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
|
|
||||||
|
|
||||||
var certificate = signingRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
|
|
||||||
certificate.FriendlyName = "Identity Service developer certificate";
|
|
||||||
|
|
||||||
// We need to take this step so that the key gets persisted.
|
|
||||||
var export = certificate.Export(X509ContentType.Pkcs12, "");
|
|
||||||
var imported = new X509Certificate2(export, "", X509KeyStorageFlags.PersistKeySet);
|
|
||||||
Array.Clear(export, 0, export.Length);
|
|
||||||
|
|
||||||
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
|
|
||||||
{
|
|
||||||
store.Open(OpenFlags.ReadWrite);
|
|
||||||
store.Add(imported);
|
|
||||||
store.Close();
|
|
||||||
};
|
|
||||||
}
|
|
||||||
#elif NET461
|
|
||||||
#else
|
|
||||||
#error The target frameworks need to be updated.
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public MvcWebApplicationBuilder<Startup> Server { get; }
|
public MvcWebApplicationBuilder<Startup> Server { get; }
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,12 @@
|
||||||
<TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
|
<TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
<ItemGroup>
|
||||||
|
<Content Include="test-cert.pfx">
|
||||||
|
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
|
||||||
|
</Content>
|
||||||
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ProjectReference Include="..\WebSites\Identity.OpenIdConnect.WebSite\Identity.OpenIdConnect.WebSite.csproj" />
|
<ProjectReference Include="..\WebSites\Identity.OpenIdConnect.WebSite\Identity.OpenIdConnect.WebSite.csproj" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -72,7 +72,7 @@ namespace Identity.OpenIdConnect.WebSite
|
||||||
{
|
{
|
||||||
app.UseDeveloperExceptionPage();
|
app.UseDeveloperExceptionPage();
|
||||||
app.UseDatabaseErrorPage();
|
app.UseDatabaseErrorPage();
|
||||||
app.UseDevelopmentCertificateErrorPage(Configuration);
|
//app.UseDevelopmentCertificateErrorPage(Configuration);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue