签名

1 year ago · 206c82b142
4 changed files with 92 additions and 6 deletions
--- a/src/Shentun.Peis.HttpApi.Host/Filter/GenerateCertificateHelper.cs
+++ b/src/Shentun.Peis.HttpApi.Host/Filter/GenerateCertificateHelper.cs
@ -0,0 +1,54 @@
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System;
+using Volo.Abp.DependencyInjection;
+using OpenIddict.Abstractions;
+using System.Threading.Tasks;
+using System.Threading;
+using System.Linq;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Text.Json;
+using System.ComponentModel.DataAnnotations;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Cryptography;
+using System.IO;
+
+namespace Shentun.Peis.Filter
+{
+    /// <summary>
+    /// 生成自己的证书文件（需要生成2个证书），并上传至站点目录
+    /// </summary>
+    public class GenerateCertificateHelper
+    {
+        public void GenerateEncryptionCertificate()
+        {
+            using var algorithm = RSA.Create(keySizeInBits: 2048);
+
+            var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
+            var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
+
+            var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10));
+
+            File.WriteAllBytes("encryption-certificate.pfx", certificate.Export(X509ContentType.Pfx, string.Empty));
+
+
+        }
+
+        public void GenerateSigningCertificate()
+        {
+            using var algorithm = RSA.Create(keySizeInBits: 2048);
+
+            var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
+            var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
+
+            var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10));
+
+            File.WriteAllBytes("signing-certificate.pfx", certificate.Export(X509ContentType.Pfx, string.Empty));
+        }
+    }
+}
--- a/src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs
+++ b/src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs
@ -64,6 +64,15 @@ using Volo.Abp.BackgroundWorkers;
 using Shentun.Peis.Schedulers;
 using System.Threading.Tasks;
 using Shentun.Peis.ThirdInterfaces;
+using OpenIddict.Server;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System.Security.Cryptography;
+using Microsoft.AspNetCore.DataProtection;
+using Volo.Abp.OpenIddict;
+using System.Security.Cryptography.X509Certificates;


 namespace Shentun.Peis;
@ -84,6 +93,15 @@ public class PeisHttpApiHostModule : AbpModule

    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
+        //自定义DataProtection路径  
+        context.Services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(context.Services.GetHostingEnvironment().WebRootPath));
+
+        //关闭开发证书  
+        PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
+        {
+            options.AddDevelopmentEncryptionAndSigningCertificate = false;
+        });
+
        PreConfigure<OpenIddictBuilder>(builder =>
        {
            builder.AddValidation(options =>
@ -99,6 +117,9 @@ public class PeisHttpApiHostModule : AbpModule
        {
            //builder.SetAccessTokenLifetime(TimeSpan.FromHours(8)).SetRefreshTokenLifetime(TimeSpan.FromDays(15));
            builder.SetAccessTokenLifetime(TimeSpan.FromDays(30)).SetRefreshTokenLifetime(TimeSpan.FromDays(60));
+            //导入自定义证书，低版本windows要用openssl1.1.1生成  
+            builder.AddEncryptionCertificate(new X509Certificate2(File.ReadAllBytes(context.Services.GetHostingEnvironment().WebRootPath + "\\encryption-certificate.pfx"), "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet));
+            builder.AddSigningCertificate(new X509Certificate2(File.ReadAllBytes(context.Services.GetHostingEnvironment().WebRootPath + "\\signing-certificate.pfx"), "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet));  
        });


@ -188,20 +209,24 @@ public class PeisHttpApiHostModule : AbpModule

        //context.Services.TryAddTransient<IAuthorizationMiddlewareResultHandler, AuthorizationMiddlewareResultHandler>();

+   
+
        ///解除https限制
        context.Services.AddOpenIddict()
            .AddServer(option =>
            {
+                option.SetIssuer(new Uri(configuration["AuthServer:IssuerBase"]));
                option.UseAspNetCore().DisableTransportSecurityRequirement();
            });

+        

        //虚拟目录 
        context.Services.AddSingleton(new MyFileProvider(configuration["VirtualPath:RealPath"], configuration["VirtualPath:Alias"]));

        //Pacs虚拟目录 
        context.Services.AddSingleton(new MyFileProvider(configuration["PacsVirtualPath:RealPath"], configuration["PacsVirtualPath:Alias"]));
-       
+
        /*
        Configure<AbpAspNetCoreMvcOptions>(options =>
        {
@ -611,6 +636,8 @@ public class PeisHttpApiHostModule : AbpModule
        await StartScheduler(context);
    }

+
+
    private async Task StartScheduler(ApplicationInitializationContext context)
    {
        //await context.AddBackgroundWorkerAsync<ChargeRequestInterfaceQueryWorker>();
--- a/src/Shentun.Peis.HttpApi.Host/Program.cs
+++ b/src/Shentun.Peis.HttpApi.Host/Program.cs
@ -5,6 +5,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Serilog;
 using Serilog.Events;
+using Shentun.Peis.Filter;

 namespace Shentun.Peis;

@ -36,6 +37,9 @@ public class Program
            await builder.AddApplicationAsync<PeisHttpApiHostModule>();
            var app = builder.Build();
            await app.InitializeApplicationAsync();
+            //GenerateCertificateHelper gc = new GenerateCertificateHelper();
+            //gc.GenerateEncryptionCertificate();
+            //gc.GenerateSigningCertificate();
            await app.RunAsync();
            return 0;
        }
--- a/src/Shentun.Peis.HttpApi.Host/appsettings.json
+++ b/src/Shentun.Peis.HttpApi.Host/appsettings.json
@ -6,19 +6,20 @@
    "CorsOrigins": "https://*.Peis.com,http://localhost:4200,http://localhost:9530,http://192.168.1.108:9530,http://localhost:8080,http://localhost:8081",
    "RedirectAllowedUrls": "http://localhost:9530",
    "SelfUser": "admin",
-    "SelfPassword": "666666",
+    "SelfPassword": "Shentun!@#qwe123",
    "LisUser": "admin",
-    "LisPassword": "666666"
+    "LisPassword": "Shentun!@#qwe123"
  },
  "ConnectionStrings": {
    //"Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis070703;User ID=postgres;Password=shentun123;"
-    //"Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis240701;User ID=postgres;Password=shentun123;",
-    "Default": "Host=192.168.2.67;Port=5432;Database=ShentunPeis;User ID=postgres;Password=st123;"
+    "Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis240701;User ID=postgres;Password=shentun123;",
+    //"Default": "Host=192.168.2.67;Port=5432;Database=ShentunPeis;User ID=postgres;Password=st123;"
  },
  "AuthServer": {
    "Authority": "http://localhost:9530",
    "RequireHttpsMetadata": "false",
-    "SwaggerClientId": "localhost_Swagger"
+    "SwaggerClientId": "localhost_Swagger",
+    "IssuerBase": "http://140.143.162.39:9529" 
  },
  "StringEncryption": {
    "DefaultPassPhrase": "ROCjBbDQK9rNq82v"