mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-05-24 02:02:36 -04:00
138 lines
5.4 KiB
C#
138 lines
5.4 KiB
C#
// Kyoo - A portable and vast media library solution.
|
|
// Copyright (c) Kyoo.
|
|
//
|
|
// See AUTHORS.md and LICENSE file in the project root for full license information.
|
|
//
|
|
// Kyoo is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// any later version.
|
|
//
|
|
// Kyoo is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Kyoo. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
using System;
|
|
using System.IO;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using Kyoo.Authentication.Models;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Org.BouncyCastle.Asn1.X509;
|
|
using Org.BouncyCastle.Crypto;
|
|
using Org.BouncyCastle.Crypto.Generators;
|
|
using Org.BouncyCastle.Crypto.Operators;
|
|
using Org.BouncyCastle.Math;
|
|
using Org.BouncyCastle.Pkcs;
|
|
using Org.BouncyCastle.Security;
|
|
using Org.BouncyCastle.Utilities;
|
|
using Org.BouncyCastle.X509;
|
|
using X509Certificate = Org.BouncyCastle.X509.X509Certificate;
|
|
|
|
namespace Kyoo.Authentication
|
|
{
|
|
/// <summary>
|
|
/// A class containing multiple extensions methods to manage certificates.
|
|
/// </summary>
|
|
public static class Certificates
|
|
{
|
|
/// <summary>
|
|
/// Add the certificate file to the identity server. If the certificate will expire soon, automatically renew it.
|
|
/// If no certificate exists, one is generated.
|
|
/// </summary>
|
|
/// <param name="builder">The identity server that will be modified.</param>
|
|
/// <param name="options">The certificate options</param>
|
|
/// <returns>The initial builder to allow chain-calls.</returns>
|
|
public static IIdentityServerBuilder AddSigninKeys(this IIdentityServerBuilder builder,
|
|
CertificateOption options)
|
|
{
|
|
X509Certificate2 certificate = _GetCertificate(options);
|
|
builder.AddSigningCredential(certificate);
|
|
|
|
if (certificate.NotAfter.AddDays(-7) <= DateTime.UtcNow)
|
|
{
|
|
Console.WriteLine("Signin certificate will expire soon, renewing it.");
|
|
if (File.Exists(options.OldFile))
|
|
File.Delete(options.OldFile);
|
|
File.Move(options.File, options.OldFile);
|
|
builder.AddValidationKey(_GenerateCertificate(options.File, options.Password));
|
|
}
|
|
else if (File.Exists(options.OldFile))
|
|
builder.AddValidationKey(_GetExistingCredential(options.OldFile, options.Password));
|
|
return builder;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Get or generate the sign-in certificate.
|
|
/// </summary>
|
|
/// <param name="options">The certificate options</param>
|
|
/// <returns>A valid certificate</returns>
|
|
private static X509Certificate2 _GetCertificate(CertificateOption options)
|
|
{
|
|
return File.Exists(options.File)
|
|
? _GetExistingCredential(options.File, options.Password)
|
|
: _GenerateCertificate(options.File, options.Password);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Load a certificate from a file
|
|
/// </summary>
|
|
/// <param name="file">The path of the certificate</param>
|
|
/// <param name="password">The password of the certificate</param>
|
|
/// <returns>The loaded certificate</returns>
|
|
private static X509Certificate2 _GetExistingCredential(string file, string password)
|
|
{
|
|
X509KeyStorageFlags storeFlags = X509KeyStorageFlags.MachineKeySet |
|
|
X509KeyStorageFlags.PersistKeySet |
|
|
X509KeyStorageFlags.Exportable;
|
|
return new X509Certificate2(file, password, storeFlags);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Generate a new certificate key and put it in the file at <paramref name="file"/>.
|
|
/// </summary>
|
|
/// <param name="file">The path of the output file</param>
|
|
/// <param name="password">The password of the new certificate</param>
|
|
/// <returns>The generated certificate</returns>
|
|
private static X509Certificate2 _GenerateCertificate(string file, string password)
|
|
{
|
|
SecureRandom random = new();
|
|
|
|
X509V3CertificateGenerator certificateGenerator = new();
|
|
certificateGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One,
|
|
BigInteger.ValueOf(long.MaxValue), random));
|
|
certificateGenerator.SetIssuerDN(new X509Name($"C=NL, O=SDG, CN=Kyoo"));
|
|
certificateGenerator.SetSubjectDN(new X509Name($"C=NL, O=SDG, CN=Kyoo"));
|
|
certificateGenerator.SetNotBefore(DateTime.UtcNow.Date);
|
|
certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddMonths(3));
|
|
|
|
KeyGenerationParameters keyGenerationParameters = new(random, 2048);
|
|
RsaKeyPairGenerator keyPairGenerator = new();
|
|
keyPairGenerator.Init(keyGenerationParameters);
|
|
|
|
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
|
|
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
|
|
|
|
const string signatureAlgorithm = "MD5WithRSA";
|
|
Asn1SignatureFactory signatureFactory = new(signatureAlgorithm, subjectKeyPair.Private);
|
|
X509Certificate bouncyCert = certificateGenerator.Generate(signatureFactory);
|
|
|
|
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
|
|
store.SetKeyEntry("Kyoo_key", new AsymmetricKeyEntry(subjectKeyPair.Private), new[]
|
|
{
|
|
new X509CertificateEntry(bouncyCert)
|
|
});
|
|
|
|
using MemoryStream pfxStream = new();
|
|
store.Save(pfxStream, password.ToCharArray(), random);
|
|
X509Certificate2 certificate = new(pfxStream.ToArray(), password, X509KeyStorageFlags.Exportable);
|
|
using FileStream fileStream = File.OpenWrite(file);
|
|
pfxStream.WriteTo(fileStream);
|
|
return certificate;
|
|
}
|
|
}
|
|
}
|