Add a step to ensure the development certificate is on the machine
This commit is contained in:
Javier Calvarro Nelson
parent
b3c8ff4ae5
commit
eb43a41a4c
|
|
@ -1,5 +1,8 @@
|
|||
using System;
|
||||
using System.Linq;
|
||||
using System.Net.Http;
|
||||
using System.Security.Cryptography;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using Identity.OpenIdConnect.WebSite;
|
||||
using Identity.OpenIdConnect.WebSite.Identity.Data;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
|
@ -78,6 +81,65 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
|||
return this;
|
||||
}
|
||||
|
||||
public CredentialsServerBuilder EnsureDeveloperCertificate()
|
||||
{
|
||||
try
|
||||
{
|
||||
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
|
||||
{
|
||||
store.Open(OpenFlags.ReadOnly);
|
||||
var certificates = store.Certificates.OfType<X509Certificate2>().ToList();
|
||||
var development = certificates.FirstOrDefault(c => c.Subject == "CN=Identity.Development" &&
|
||||
c.GetRSAPrivateKey() != null &&
|
||||
c.NotAfter > DateTimeOffset.UtcNow);
|
||||
|
||||
if (development == null)
|
||||
{
|
||||
CreateDevelopmentCertificate();
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
throw new InvalidOperationException("There was an error ensuring the presence of the developer certificate.");
|
||||
}
|
||||
|
||||
return this;
|
||||
|
||||
void CreateDevelopmentCertificate()
|
||||
{
|
||||
#if NETCOREAPP2_0
|
||||
using (var rsa = RSA.Create(2048))
|
||||
{
|
||||
var signingRequest = new CertificateRequest(
|
||||
new X500DistinguishedName("CN=Identity.Development"), rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
|
||||
var enhacedKeyUsage = new OidCollection();
|
||||
enhacedKeyUsage.Add(new Oid("1.3.6.1.5.5.7.3.1", "Server Authentication"));
|
||||
signingRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(enhacedKeyUsage, critical: true));
|
||||
signingRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
|
||||
|
||||
var certificate = signingRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
|
||||
certificate.FriendlyName = "Identity Service developer certificate";
|
||||
|
||||
// We need to take this step so that the key gets persisted.
|
||||
var export = certificate.Export(X509ContentType.Pkcs12, "");
|
||||
var imported = new X509Certificate2(export, "", X509KeyStorageFlags.PersistKeySet);
|
||||
Array.Clear(export, 0, export.Length);
|
||||
|
||||
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
|
||||
{
|
||||
store.Open(OpenFlags.ReadWrite);
|
||||
store.Add(imported);
|
||||
store.Close();
|
||||
};
|
||||
}
|
||||
#elif NET461
|
||||
#else
|
||||
#error The target frameworks need to be updated.
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
public MvcWebApplicationBuilder<Startup> Server { get; }
|
||||
|
||||
public HttpClient Build()
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
|||
var resourceId = Guid.NewGuid().ToString();
|
||||
|
||||
var appBuilder = new CredentialsServerBuilder()
|
||||
.EnsureDeveloperCertificate()
|
||||
.ConfigureReferenceData(data => data
|
||||
.CreateIntegratedWebClientApplication(clientId)
|
||||
.CreateResourceApplication(resourceId, "ResourceApplication", "read")
|
||||
|
|
@ -122,6 +123,7 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
|||
var resourceId = Guid.NewGuid().ToString();
|
||||
|
||||
var appBuilder = new CredentialsServerBuilder()
|
||||
.EnsureDeveloperCertificate()
|
||||
.ConfigureReferenceData(data => data
|
||||
.CreateIntegratedWebClientApplication(clientId)
|
||||
.CreateUser("testUser", "Pa$$w0rd"))
|
||||
|
|
|
|||
Loading…
Reference in New Issue