diff --git a/src/Shentun.Peis.HttpApi.Host/Filter/GenerateCertificateHelper.cs b/src/Shentun.Peis.HttpApi.Host/Filter/GenerateCertificateHelper.cs
new file mode 100644
index 0000000..4016d71
--- /dev/null
+++ b/src/Shentun.Peis.HttpApi.Host/Filter/GenerateCertificateHelper.cs
@@ -0,0 +1,54 @@
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System;
+using Volo.Abp.DependencyInjection;
+using OpenIddict.Abstractions;
+using System.Threading.Tasks;
+using System.Threading;
+using System.Linq;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Text.Json;
+using System.ComponentModel.DataAnnotations;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Cryptography;
+using System.IO;
+
+namespace Shentun.Peis.Filter
+{
+ ///
+ /// 生成自己的证书文件(需要生成2个证书),并上传至站点目录
+ ///
+ public class GenerateCertificateHelper
+ {
+ public void GenerateEncryptionCertificate()
+ {
+ using var algorithm = RSA.Create(keySizeInBits: 2048);
+
+ var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
+ var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+ request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
+
+ var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10));
+
+ File.WriteAllBytes("encryption-certificate.pfx", certificate.Export(X509ContentType.Pfx, string.Empty));
+
+
+ }
+
+ public void GenerateSigningCertificate()
+ {
+ using var algorithm = RSA.Create(keySizeInBits: 2048);
+
+ var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
+ var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+ request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
+
+ var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10));
+
+ File.WriteAllBytes("signing-certificate.pfx", certificate.Export(X509ContentType.Pfx, string.Empty));
+ }
+ }
+}
diff --git a/src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs b/src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs
index cffac60..5f745b9 100644
--- a/src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs
+++ b/src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs
@@ -64,6 +64,15 @@ using Volo.Abp.BackgroundWorkers;
using Shentun.Peis.Schedulers;
using System.Threading.Tasks;
using Shentun.Peis.ThirdInterfaces;
+using OpenIddict.Server;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System.Security.Cryptography;
+using Microsoft.AspNetCore.DataProtection;
+using Volo.Abp.OpenIddict;
+using System.Security.Cryptography.X509Certificates;
namespace Shentun.Peis;
@@ -84,6 +93,15 @@ public class PeisHttpApiHostModule : AbpModule
public override void PreConfigureServices(ServiceConfigurationContext context)
{
+ //自定义DataProtection路径
+ context.Services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(context.Services.GetHostingEnvironment().WebRootPath));
+
+ //关闭开发证书
+ PreConfigure(options =>
+ {
+ options.AddDevelopmentEncryptionAndSigningCertificate = false;
+ });
+
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -99,6 +117,9 @@ public class PeisHttpApiHostModule : AbpModule
{
//builder.SetAccessTokenLifetime(TimeSpan.FromHours(8)).SetRefreshTokenLifetime(TimeSpan.FromDays(15));
builder.SetAccessTokenLifetime(TimeSpan.FromDays(30)).SetRefreshTokenLifetime(TimeSpan.FromDays(60));
+ //导入自定义证书,低版本windows要用openssl1.1.1生成
+ builder.AddEncryptionCertificate(new X509Certificate2(File.ReadAllBytes(context.Services.GetHostingEnvironment().WebRootPath + "\\encryption-certificate.pfx"), "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet));
+ builder.AddSigningCertificate(new X509Certificate2(File.ReadAllBytes(context.Services.GetHostingEnvironment().WebRootPath + "\\signing-certificate.pfx"), "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet));
});
@@ -188,20 +209,24 @@ public class PeisHttpApiHostModule : AbpModule
//context.Services.TryAddTransient();
+
+
///解除https限制
context.Services.AddOpenIddict()
.AddServer(option =>
{
+ option.SetIssuer(new Uri(configuration["AuthServer:IssuerBase"]));
option.UseAspNetCore().DisableTransportSecurityRequirement();
});
+
//虚拟目录
context.Services.AddSingleton(new MyFileProvider(configuration["VirtualPath:RealPath"], configuration["VirtualPath:Alias"]));
//Pacs虚拟目录
context.Services.AddSingleton(new MyFileProvider(configuration["PacsVirtualPath:RealPath"], configuration["PacsVirtualPath:Alias"]));
-
+
/*
Configure(options =>
{
@@ -611,6 +636,8 @@ public class PeisHttpApiHostModule : AbpModule
await StartScheduler(context);
}
+
+
private async Task StartScheduler(ApplicationInitializationContext context)
{
//await context.AddBackgroundWorkerAsync();
diff --git a/src/Shentun.Peis.HttpApi.Host/Program.cs b/src/Shentun.Peis.HttpApi.Host/Program.cs
index 92445f4..5eccc56 100644
--- a/src/Shentun.Peis.HttpApi.Host/Program.cs
+++ b/src/Shentun.Peis.HttpApi.Host/Program.cs
@@ -5,6 +5,7 @@ using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Serilog;
using Serilog.Events;
+using Shentun.Peis.Filter;
namespace Shentun.Peis;
@@ -36,6 +37,9 @@ public class Program
await builder.AddApplicationAsync();
var app = builder.Build();
await app.InitializeApplicationAsync();
+ //GenerateCertificateHelper gc = new GenerateCertificateHelper();
+ //gc.GenerateEncryptionCertificate();
+ //gc.GenerateSigningCertificate();
await app.RunAsync();
return 0;
}
diff --git a/src/Shentun.Peis.HttpApi.Host/appsettings.json b/src/Shentun.Peis.HttpApi.Host/appsettings.json
index d203a84..6732c07 100644
--- a/src/Shentun.Peis.HttpApi.Host/appsettings.json
+++ b/src/Shentun.Peis.HttpApi.Host/appsettings.json
@@ -6,19 +6,20 @@
"CorsOrigins": "https://*.Peis.com,http://localhost:4200,http://localhost:9530,http://192.168.1.108:9530,http://localhost:8080,http://localhost:8081",
"RedirectAllowedUrls": "http://localhost:9530",
"SelfUser": "admin",
- "SelfPassword": "666666",
+ "SelfPassword": "Shentun!@#qwe123",
"LisUser": "admin",
- "LisPassword": "666666"
+ "LisPassword": "Shentun!@#qwe123"
},
"ConnectionStrings": {
//"Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis070703;User ID=postgres;Password=shentun123;"
- //"Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis240701;User ID=postgres;Password=shentun123;",
- "Default": "Host=192.168.2.67;Port=5432;Database=ShentunPeis;User ID=postgres;Password=st123;"
+ "Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis240701;User ID=postgres;Password=shentun123;",
+ //"Default": "Host=192.168.2.67;Port=5432;Database=ShentunPeis;User ID=postgres;Password=st123;"
},
"AuthServer": {
"Authority": "http://localhost:9530",
"RequireHttpsMetadata": "false",
- "SwaggerClientId": "localhost_Swagger"
+ "SwaggerClientId": "localhost_Swagger",
+ "IssuerBase": "http://140.143.162.39:9529"
},
"StringEncryption": {
"DefaultPassPhrase": "ROCjBbDQK9rNq82v"