From eb43a41a4cb7a84961c6823b7481a31ca28b32f4 Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Tue, 15 Aug 2017 18:53:56 -0700
Subject: [PATCH] Add a step to ensure the development certificate is on the
 machine

---
 .../CredentialsServerBuilder.cs               | 62 +++++++++++++++++++
 .../TraditionalWebApplicationTests.cs         |  2 +
 2 files changed, 64 insertions(+)

diff --git a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs
index bd6c643c84..7ca7673146 100644
--- a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs
+++ b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs
@@ -1,5 +1,8 @@
 using System;
+using System.Linq;
 using System.Net.Http;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 using Identity.OpenIdConnect.WebSite;
 using Identity.OpenIdConnect.WebSite.Identity.Data;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -78,6 +81,65 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
             return this;
         }
 
+        public CredentialsServerBuilder EnsureDeveloperCertificate()
+        {
+            try
+            {
+                using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
+                {
+                    store.Open(OpenFlags.ReadOnly);
+                    var certificates = store.Certificates.OfType<X509Certificate2>().ToList();
+                    var development = certificates.FirstOrDefault(c => c.Subject == "CN=Identity.Development" &&
+                    c.GetRSAPrivateKey() != null &&
+                    c.NotAfter > DateTimeOffset.UtcNow);
+
+                    if (development == null)
+                    {
+                        CreateDevelopmentCertificate();
+                    }
+                }
+            }
+            catch (Exception)
+            {
+                throw new InvalidOperationException("There was an error ensuring the presence of the developer certificate.");
+            }
+
+            return this;
+
+            void CreateDevelopmentCertificate()
+            {
+#if NETCOREAPP2_0
+            using (var rsa = RSA.Create(2048))
+            {
+                var signingRequest = new CertificateRequest(
+                    new X500DistinguishedName("CN=Identity.Development"), rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+                var enhacedKeyUsage = new OidCollection();
+                enhacedKeyUsage.Add(new Oid("1.3.6.1.5.5.7.3.1", "Server Authentication"));
+                signingRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(enhacedKeyUsage, critical: true));
+                signingRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
+
+                var certificate = signingRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
+                certificate.FriendlyName = "Identity Service developer certificate";
+
+                // We need to take this step so that the key gets persisted.
+                var export = certificate.Export(X509ContentType.Pkcs12, "");
+                var imported = new X509Certificate2(export, "", X509KeyStorageFlags.PersistKeySet);
+                Array.Clear(export, 0, export.Length);
+
+                using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
+                {
+                    store.Open(OpenFlags.ReadWrite);
+                    store.Add(imported);
+                    store.Close();
+                };
+            }
+#elif NET461
+#else
+#error The target frameworks need to be updated.
+#endif
+            }
+        }
+
         public MvcWebApplicationBuilder<Startup> Server { get; }
 
         public HttpClient Build()
diff --git a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/TraditionalWebApplicationTests.cs b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/TraditionalWebApplicationTests.cs
index 145b58e12f..bb5eaca5f7 100644
--- a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/TraditionalWebApplicationTests.cs
+++ b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/TraditionalWebApplicationTests.cs
@@ -25,6 +25,7 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
             var resourceId = Guid.NewGuid().ToString();
 
             var appBuilder = new CredentialsServerBuilder()
+                .EnsureDeveloperCertificate()
                 .ConfigureReferenceData(data => data
                     .CreateIntegratedWebClientApplication(clientId)
                     .CreateResourceApplication(resourceId, "ResourceApplication", "read")
@@ -122,6 +123,7 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
             var resourceId = Guid.NewGuid().ToString();
 
             var appBuilder = new CredentialsServerBuilder()
+                .EnsureDeveloperCertificate()
                 .ConfigureReferenceData(data => data
                     .CreateIntegratedWebClientApplication(clientId)
                     .CreateUser("testUser", "Pa$$w0rd"))