签名

src/Shentun.Peis.HttpApi.Host/Filter/GenerateCertificateHelper.cs

@@ -0,0 +1,54 @@
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System;
+using Volo.Abp.DependencyInjection;
+using OpenIddict.Abstractions;
+using System.Threading.Tasks;
+using System.Threading;
+using System.Linq;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Text.Json;
+using System.ComponentModel.DataAnnotations;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Cryptography;
+using System.IO;
+
+namespace Shentun.Peis.Filter
+{
+    /// <summary>
+    /// 生成自己的证书文件（需要生成2个证书），并上传至站点目录
+    /// </summary>
+    public class GenerateCertificateHelper
+    {
+        public void GenerateEncryptionCertificate()
+        {
+            using var algorithm = RSA.Create(keySizeInBits: 2048);
+
+            var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
+            var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
+
+            var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10));
+
+            File.WriteAllBytes("encryption-certificate.pfx", certificate.Export(X509ContentType.Pfx, string.Empty));
+
+
+        }
+
+        public void GenerateSigningCertificate()
+        {
+            using var algorithm = RSA.Create(keySizeInBits: 2048);
+
+            var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
+            var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+            request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
+
+            var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(10));
+
+            File.WriteAllBytes("signing-certificate.pfx", certificate.Export(X509ContentType.Pfx, string.Empty));
+        }
+    }
+}

src/Shentun.Peis.HttpApi.Host/PeisHttpApiHostModule.cs

@@ -64,6 +64,15 @@ using Volo.Abp.BackgroundWorkers;
 using Shentun.Peis.Schedulers;
 using System.Threading.Tasks;
 using Shentun.Peis.ThirdInterfaces;
+using OpenIddict.Server;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+using System.Security.Cryptography;
+using Microsoft.AspNetCore.DataProtection;
+using Volo.Abp.OpenIddict;
+using System.Security.Cryptography.X509Certificates;
 
 
 namespace Shentun.Peis;
@@ -84,6 +93,15 @@ public class PeisHttpApiHostModule : AbpModule
 
     public override void PreConfigureServices(ServiceConfigurationContext context)
     {
+        //自定义DataProtection路径  
+        context.Services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(context.Services.GetHostingEnvironment().WebRootPath));
+
+        //关闭开发证书  
+        PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
+        {
+            options.AddDevelopmentEncryptionAndSigningCertificate = false;
+        });
+
         PreConfigure<OpenIddictBuilder>(builder =>
         {
             builder.AddValidation(options =>
@@ -99,6 +117,9 @@ public class PeisHttpApiHostModule : AbpModule
         {
             //builder.SetAccessTokenLifetime(TimeSpan.FromHours(8)).SetRefreshTokenLifetime(TimeSpan.FromDays(15));
             builder.SetAccessTokenLifetime(TimeSpan.FromDays(30)).SetRefreshTokenLifetime(TimeSpan.FromDays(60));
+            //导入自定义证书，低版本windows要用openssl1.1.1生成  
+            builder.AddEncryptionCertificate(new X509Certificate2(File.ReadAllBytes(context.Services.GetHostingEnvironment().WebRootPath + "\\encryption-certificate.pfx"), "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet));
+            builder.AddSigningCertificate(new X509Certificate2(File.ReadAllBytes(context.Services.GetHostingEnvironment().WebRootPath + "\\signing-certificate.pfx"), "", X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet));  
         });
 
 
@@ -188,14 +209,18 @@ public class PeisHttpApiHostModule : AbpModule
 
         //context.Services.TryAddTransient<IAuthorizationMiddlewareResultHandler, AuthorizationMiddlewareResultHandler>();
 
+   
+
         ///解除https限制
         context.Services.AddOpenIddict()
             .AddServer(option =>
             {
+                option.SetIssuer(new Uri(configuration["AuthServer:IssuerBase"]));
                 option.UseAspNetCore().DisableTransportSecurityRequirement();
             });
 
         
+
         //虚拟目录 
         context.Services.AddSingleton(new MyFileProvider(configuration["VirtualPath:RealPath"], configuration["VirtualPath:Alias"]));
 
@@ -611,6 +636,8 @@ public class PeisHttpApiHostModule : AbpModule
         await StartScheduler(context);
     }
 
+
+
     private async Task StartScheduler(ApplicationInitializationContext context)
     {
         //await context.AddBackgroundWorkerAsync<ChargeRequestInterfaceQueryWorker>();

src/Shentun.Peis.HttpApi.Host/Program.cs

@@ -5,6 +5,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Serilog;
 using Serilog.Events;
+using Shentun.Peis.Filter;
 
 namespace Shentun.Peis;
 
@@ -36,6 +37,9 @@ public class Program
             await builder.AddApplicationAsync<PeisHttpApiHostModule>();
             var app = builder.Build();
             await app.InitializeApplicationAsync();
+            //GenerateCertificateHelper gc = new GenerateCertificateHelper();
+            //gc.GenerateEncryptionCertificate();
+            //gc.GenerateSigningCertificate();
             await app.RunAsync();
             return 0;
         }

src/Shentun.Peis.HttpApi.Host/appsettings.json

@@ -6,19 +6,20 @@
     "CorsOrigins": "https://*.Peis.com,http://localhost:4200,http://localhost:9530,http://192.168.1.108:9530,http://localhost:8080,http://localhost:8081",
     "RedirectAllowedUrls": "http://localhost:9530",
     "SelfUser": "admin",
-    "SelfPassword": "666666",
+    "SelfPassword": "Shentun!@#qwe123",
     "LisUser": "admin",
-    "LisPassword": "666666"
+    "LisPassword": "Shentun!@#qwe123"
   },
   "ConnectionStrings": {
     //"Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis070703;User ID=postgres;Password=shentun123;"
-    //"Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis240701;User ID=postgres;Password=shentun123;",
-    "Default": "Host=192.168.2.67;Port=5432;Database=ShentunPeis;User ID=postgres;Password=st123;"
+    "Default": "Host=140.143.162.39;Port=5432;Database=ShentunPeis240701;User ID=postgres;Password=shentun123;",
+    //"Default": "Host=192.168.2.67;Port=5432;Database=ShentunPeis;User ID=postgres;Password=st123;"
   },
   "AuthServer": {
     "Authority": "http://localhost:9530",
     "RequireHttpsMetadata": "false",
-    "SwaggerClientId": "localhost_Swagger"
+    "SwaggerClientId": "localhost_Swagger",
+    "IssuerBase": "http://140.143.162.39:9529" 
   },
   "StringEncryption": {
     "DefaultPassPhrase": "ROCjBbDQK9rNq82v"