trying to get cluster working

2025-11-04 09:15:27 +08:00 · 2017-06-23 11:25:23 +01:00
parent bc7bfc8917
commit 2d94884c6f
7 changed files with 75 additions and 6 deletions
--- a/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs
+++ b/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs
@@ -13,6 +13,8 @@ namespace Ocelot.Configuration.Creator
            var username = Environment.GetEnvironmentVariable("OCELOT_USERNAME");
            var hash = Environment.GetEnvironmentVariable("OCELOT_HASH");
            var salt = Environment.GetEnvironmentVariable("OCELOT_SALT");
+            var credentialsSigningCertificateLocation = Environment.GetEnvironmentVariable("OCELOT_CERTIFICATE");
+            var credentialsSigningCertificatePassword = Environment.GetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD");

            return new IdentityServerConfiguration(
                "admin",
@@ -28,7 +30,9 @@ namespace Ocelot.Configuration.Creator
                new List<User>
                {
                    new User("admin", username, hash, salt)
-                }
+                },
+                credentialsSigningCertificateLocation,
+                credentialsSigningCertificatePassword
            );
        }
    }
--- a/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs
+++ b/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs
@@ -17,5 +17,7 @@ namespace Ocelot.Configuration.Provider
        AccessTokenType AccessTokenType {get;}
        bool RequireClientSecret {get;}
        List<User> Users {get;}
+        string CredentialsSigningCertificateLocation { get; }
+        string CredentialsSigningCertificatePassword { get; }
    }
 }
--- a/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs
+++ b/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs
@@ -17,7 +17,7 @@ namespace Ocelot.Configuration.Provider
            IEnumerable<string>  grantType,
            AccessTokenType accessTokenType,
            bool requireClientSecret,
-            List<User> users)
+            List<User> users, string credentialsSigningCertificateLocation, string credentialsSigningCertificatePassword)
        {
            ApiName = apiName;
            RequireHttps = requireHttps;
@@ -30,6 +30,8 @@ namespace Ocelot.Configuration.Provider
            AccessTokenType = accessTokenType;
            RequireClientSecret = requireClientSecret;
            Users = users;
+            CredentialsSigningCertificateLocation = credentialsSigningCertificateLocation;
+            CredentialsSigningCertificatePassword = credentialsSigningCertificatePassword;
        }

        public string ApiName { get; private set; }
@@ -43,5 +45,7 @@ namespace Ocelot.Configuration.Provider
        public AccessTokenType AccessTokenType {get;private set;}
        public bool RequireClientSecret {get;private set;}
        public List<User> Users {get;private set;}
+        public string CredentialsSigningCertificateLocation { get; private set; }
+        public string CredentialsSigningCertificatePassword { get; private set; }
    }
 }
--- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
+++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
@@ -41,6 +41,8 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Reflection;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.IdentityModel.Tokens;
 using Ocelot.Configuration;
 using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider;

@@ -87,8 +89,7 @@ namespace Ocelot.DependencyInjection
            {
                services.TryAddSingleton<IIdentityServerConfiguration>(identityServerConfiguration);
                services.TryAddSingleton<IHashMatcher, HashMatcher>();
-                services.AddIdentityServer()
-                    .AddTemporarySigningCredential()
+                var identityServerBuilder = services.AddIdentityServer()
                    .AddInMemoryApiResources(new List<ApiResource>
                    {
                        new ApiResource
@@ -120,6 +121,16 @@ namespace Ocelot.DependencyInjection
                            RequireClientSecret = identityServerConfiguration.RequireClientSecret
                        }
                    }).AddResourceOwnerValidator<OcelotResourceOwnerPasswordValidator>();
+
+                if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword))
+                {
+                    identityServerBuilder.AddTemporarySigningCredential();
+                }
+                else
+                {
+                    var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword);
+                    identityServerBuilder.AddSigningCredential(cert);
+                }
            }

            var assembly = typeof(FileConfigurationController).GetTypeInfo().Assembly;