From 562b68362af3219402c8ae3ba70a343836113c74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Thu, 22 Aug 2019 18:33:24 +0200 Subject: [PATCH] Use X509KeyStorageFlags.EphemeralKeySet on supported platforms --- .../OpenIddict.Server.csproj | 1 + .../OpenIddictServerBuilder.cs | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/src/OpenIddict.Server/OpenIddict.Server.csproj b/src/OpenIddict.Server/OpenIddict.Server.csproj index c2a63ab2..00f1c8e5 100644 --- a/src/OpenIddict.Server/OpenIddict.Server.csproj +++ b/src/OpenIddict.Server/OpenIddict.Server.csproj @@ -23,6 +23,7 @@ $(DefineConstants);SUPPORTS_CERTIFICATE_GENERATION $(DefineConstants);SUPPORTS_DIRECT_KEY_CREATION_WITH_SPECIFIED_SIZE $(DefineConstants);SUPPORTS_ECDSA + $(DefineConstants);SUPPORTS_EPHEMERAL_KEY_SETS diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs index 3ef0d668..a67e35b4 100644 --- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs +++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs @@ -411,7 +411,14 @@ namespace Microsoft.Extensions.DependencyInjection /// The . public OpenIddictServerBuilder AddEncryptionCertificate( [NotNull] Assembly assembly, [NotNull] string resource, [NotNull] string password) +#if SUPPORTS_EPHEMERAL_KEY_SETS + // Note: ephemeral key sets are currently not supported on macOS. + => AddEncryptionCertificate(assembly, resource, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? + X509KeyStorageFlags.MachineKeySet : + X509KeyStorageFlags.EphemeralKeySet); +#else => AddEncryptionCertificate(assembly, resource, password, X509KeyStorageFlags.MachineKeySet); +#endif /// /// Registers a retrieved from an @@ -458,7 +465,14 @@ namespace Microsoft.Extensions.DependencyInjection /// The password used to open the certificate. /// The . public OpenIddictServerBuilder AddEncryptionCertificate([NotNull] Stream stream, [NotNull] string password) +#if SUPPORTS_EPHEMERAL_KEY_SETS + // Note: ephemeral key sets are currently not supported on macOS. + => AddEncryptionCertificate(stream, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? + X509KeyStorageFlags.MachineKeySet : + X509KeyStorageFlags.EphemeralKeySet); +#else => AddEncryptionCertificate(stream, password, X509KeyStorageFlags.MachineKeySet); +#endif /// /// Registers a extracted from a @@ -856,7 +870,14 @@ namespace Microsoft.Extensions.DependencyInjection /// The . public OpenIddictServerBuilder AddSigningCertificate( [NotNull] Assembly assembly, [NotNull] string resource, [NotNull] string password) +#if SUPPORTS_EPHEMERAL_KEY_SETS + // Note: ephemeral key sets are currently not supported on macOS. + => AddSigningCertificate(assembly, resource, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? + X509KeyStorageFlags.MachineKeySet : + X509KeyStorageFlags.EphemeralKeySet); +#else => AddSigningCertificate(assembly, resource, password, X509KeyStorageFlags.MachineKeySet); +#endif /// /// Registers a retrieved from an @@ -903,7 +924,14 @@ namespace Microsoft.Extensions.DependencyInjection /// The password used to open the certificate. /// The . public OpenIddictServerBuilder AddSigningCertificate([NotNull] Stream stream, [NotNull] string password) +#if SUPPORTS_EPHEMERAL_KEY_SETS + // Note: ephemeral key sets are currently not supported on macOS. + => AddSigningCertificate(stream, password, RuntimeInformation.IsOSPlatform(OSPlatform.OSX) ? + X509KeyStorageFlags.MachineKeySet : + X509KeyStorageFlags.EphemeralKeySet); +#else => AddSigningCertificate(stream, password, X509KeyStorageFlags.MachineKeySet); +#endif /// /// Registers a extracted from a