using System; using System.IdentityModel.Tokens.Jwt; using System.IO; using System.Security.Cryptography; using IdentityModel; using IdentityServer4; using IdentityServer4.Configuration; using IdentityServer4.Services; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection.Extensions; using Newtonsoft.Json.Linq; using Volo.Abp.Identity; using Volo.Abp.IdentityServer.AspNetIdentity; using Volo.Abp.Security.Claims; namespace Volo.Abp.IdentityServer { public static class AbpIdentityServerBuilderExtensions { public static IIdentityServerBuilder AddAbpIdentityServer( this IIdentityServerBuilder builder, AbpIdentityServerBuilderOptions options = null) { if (options == null) { options = new AbpIdentityServerBuilderOptions(); } //TODO: AspNet Identity integration lines. Can be extracted to a extension method if (options.IntegrateToAspNetIdentity) { builder.AddAspNetIdentity(); builder.AddProfileService(); builder.AddResourceOwnerValidator(); } builder.Services.Replace(ServiceDescriptor.Transient()); if (options.UpdateAbpClaimTypes) { AbpClaimTypes.UserId = JwtClaimTypes.Subject; AbpClaimTypes.UserName = JwtClaimTypes.Name; AbpClaimTypes.Role = JwtClaimTypes.Role; AbpClaimTypes.Email = JwtClaimTypes.Email; } if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserId] = AbpClaimTypes.UserId; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserName] = AbpClaimTypes.UserName; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Role] = AbpClaimTypes.Role; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Email] = AbpClaimTypes.Email; } return builder; } public static IIdentityServerBuilder AddAbpDeveloperSigningCredential( this IIdentityServerBuilder builder, bool persistKey = true, string filename = null, IdentityServerConstants.RsaSigningAlgorithm signingAlgorithm = IdentityServerConstants.RsaSigningAlgorithm.RS256) { if (filename == null) { filename = Path.Combine(Directory.GetCurrentDirectory(), "tempkey.rsa"); } if (File.Exists(filename)) { var keyFile = File.ReadAllText(filename); var json = JObject.Parse(keyFile); var keyId = json.GetValue("KeyId").Value(); var jsonParameters = json.GetValue("Parameters"); RSAParameters rsaParameters; rsaParameters.D = Convert.FromBase64String(jsonParameters["D"].Value()); rsaParameters.DP = Convert.FromBase64String(jsonParameters["DP"].Value()); rsaParameters.DQ = Convert.FromBase64String(jsonParameters["DQ"].Value()); rsaParameters.Exponent = Convert.FromBase64String(jsonParameters["Exponent"].Value()); rsaParameters.InverseQ = Convert.FromBase64String(jsonParameters["InverseQ"].Value()); rsaParameters.Modulus = Convert.FromBase64String(jsonParameters["Modulus"].Value()); rsaParameters.P = Convert.FromBase64String(jsonParameters["P"].Value()); rsaParameters.Q = Convert.FromBase64String(jsonParameters["Q"].Value()); return builder.AddSigningCredential(CryptoHelper.CreateRsaSecurityKey(rsaParameters, keyId), signingAlgorithm); } else { var key = CryptoHelper.CreateRsaSecurityKey(); RSAParameters parameters; if (key.Rsa != null) { parameters = key.Rsa.ExportParameters(includePrivateParameters: true); } else { parameters = key.Parameters; } var jObject = new JObject { { "KeyId", key.KeyId }, { "Parameters", new JObject { {"D", Convert.ToBase64String(parameters.D)}, {"DP", Convert.ToBase64String(parameters.DP)}, {"DQ", Convert.ToBase64String(parameters.DQ)}, {"Exponent", Convert.ToBase64String(parameters.Exponent)}, {"InverseQ", Convert.ToBase64String(parameters.InverseQ)}, {"Modulus", Convert.ToBase64String(parameters.Modulus)}, {"P", Convert.ToBase64String(parameters.P)}, {"Q", Convert.ToBase64String(parameters.Q)} } } }; if (persistKey) { File.WriteAllText(filename, jObject.ToString()); } return builder.AddSigningCredential(key, signingAlgorithm); } } } }