Add a step to ensure the development certificate is on the machine
This commit is contained in:
Javier Calvarro Nelson
parent
b3c8ff4ae5
commit
eb43a41a4c
|
|
@ -1,5 +1,8 @@
|
||||||
using System;
|
using System;
|
||||||
|
using System.Linq;
|
||||||
using System.Net.Http;
|
using System.Net.Http;
|
||||||
|
using System.Security.Cryptography;
|
||||||
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using Identity.OpenIdConnect.WebSite;
|
using Identity.OpenIdConnect.WebSite;
|
||||||
using Identity.OpenIdConnect.WebSite.Identity.Data;
|
using Identity.OpenIdConnect.WebSite.Identity.Data;
|
||||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||||
|
|
@ -78,6 +81,65 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public CredentialsServerBuilder EnsureDeveloperCertificate()
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
|
||||||
|
{
|
||||||
|
store.Open(OpenFlags.ReadOnly);
|
||||||
|
var certificates = store.Certificates.OfType<X509Certificate2>().ToList();
|
||||||
|
var development = certificates.FirstOrDefault(c => c.Subject == "CN=Identity.Development" &&
|
||||||
|
c.GetRSAPrivateKey() != null &&
|
||||||
|
c.NotAfter > DateTimeOffset.UtcNow);
|
||||||
|
|
||||||
|
if (development == null)
|
||||||
|
{
|
||||||
|
CreateDevelopmentCertificate();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception)
|
||||||
|
{
|
||||||
|
throw new InvalidOperationException("There was an error ensuring the presence of the developer certificate.");
|
||||||
|
}
|
||||||
|
|
||||||
|
return this;
|
||||||
|
|
||||||
|
void CreateDevelopmentCertificate()
|
||||||
|
{
|
||||||
|
#if NETCOREAPP2_0
|
||||||
|
using (var rsa = RSA.Create(2048))
|
||||||
|
{
|
||||||
|
var signingRequest = new CertificateRequest(
|
||||||
|
new X500DistinguishedName("CN=Identity.Development"), rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
|
||||||
|
var enhacedKeyUsage = new OidCollection();
|
||||||
|
enhacedKeyUsage.Add(new Oid("1.3.6.1.5.5.7.3.1", "Server Authentication"));
|
||||||
|
signingRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(enhacedKeyUsage, critical: true));
|
||||||
|
signingRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
|
||||||
|
|
||||||
|
var certificate = signingRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
|
||||||
|
certificate.FriendlyName = "Identity Service developer certificate";
|
||||||
|
|
||||||
|
// We need to take this step so that the key gets persisted.
|
||||||
|
var export = certificate.Export(X509ContentType.Pkcs12, "");
|
||||||
|
var imported = new X509Certificate2(export, "", X509KeyStorageFlags.PersistKeySet);
|
||||||
|
Array.Clear(export, 0, export.Length);
|
||||||
|
|
||||||
|
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
|
||||||
|
{
|
||||||
|
store.Open(OpenFlags.ReadWrite);
|
||||||
|
store.Add(imported);
|
||||||
|
store.Close();
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#elif NET461
|
||||||
|
#else
|
||||||
|
#error The target frameworks need to be updated.
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public MvcWebApplicationBuilder<Startup> Server { get; }
|
public MvcWebApplicationBuilder<Startup> Server { get; }
|
||||||
|
|
||||||
public HttpClient Build()
|
public HttpClient Build()
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
||||||
var resourceId = Guid.NewGuid().ToString();
|
var resourceId = Guid.NewGuid().ToString();
|
||||||
|
|
||||||
var appBuilder = new CredentialsServerBuilder()
|
var appBuilder = new CredentialsServerBuilder()
|
||||||
|
.EnsureDeveloperCertificate()
|
||||||
.ConfigureReferenceData(data => data
|
.ConfigureReferenceData(data => data
|
||||||
.CreateIntegratedWebClientApplication(clientId)
|
.CreateIntegratedWebClientApplication(clientId)
|
||||||
.CreateResourceApplication(resourceId, "ResourceApplication", "read")
|
.CreateResourceApplication(resourceId, "ResourceApplication", "read")
|
||||||
|
|
@ -122,6 +123,7 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
|
||||||
var resourceId = Guid.NewGuid().ToString();
|
var resourceId = Guid.NewGuid().ToString();
|
||||||
|
|
||||||
var appBuilder = new CredentialsServerBuilder()
|
var appBuilder = new CredentialsServerBuilder()
|
||||||
|
.EnsureDeveloperCertificate()
|
||||||
.ConfigureReferenceData(data => data
|
.ConfigureReferenceData(data => data
|
||||||
.CreateIntegratedWebClientApplication(clientId)
|
.CreateIntegratedWebClientApplication(clientId)
|
||||||
.CreateUser("testUser", "Pa$$w0rd"))
|
.CreateUser("testUser", "Pa$$w0rd"))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue