x509 - IdentityServer4: How to load Signing Credential from Cert Store when in Docker -


we have identityserver4-based sts running on windows, signing credential has been installed local computer .pfx under personal > certificates, , .cer under trusted people > certificates. able load signing credential common name follows:

services.addidentityserver()     .addsigningcredential("cn=cert_name")     ...

we wanting run our sts implementation within docker container, , have been running following exception:

unhandled exception: system.platformnotsupportedexception: unix localmachine x509store limited root , certificateauthority stores.    @ internal.cryptography.pal.storepal.fromsystemstore(string storename, storelocation storelocation, openflags openflags)    @ system.security.cryptography.x509certificates.x509store.open(openflags flags)    @ identitymodel.x509certificatesfinder.find(object findvalue, boolean validonly)    @ microsoft.extensions.dependencyinjection.identityserverbuilderextensionscrypto.addsigningcredential(iidentityserverbuilder builder, string name, storelocation location, nametype nametype)

based on above error message, , source addsigningcredential method we're using here: https://github.com/identityserver/identityserver4/blob/ec17672d27f9bed42f9110d73755170ee9265116/src/identityserver4/configuration/dependencyinjection/builderextensions/crypto.cs#l73, seems apparent our issue identityserver4 looking certificate in local machine's personal ("my") store, however, such store not available within unix environments per error message.

so, i'm curious know if best practice exists loading signing credential identityserver4 in docker containers, if isn't possible load name or fingerprint. option bundle certificate in our application, load filename?

thanks may able offer!

i developing on windows machine , use following code certificate store

x509certificate2 cert = null;  x509store certstore = new x509store(storename.my, storelocation.currentuser);             certstore.open(openflags.readonly);  x509certificate2collection certcollection = certstore.certificates.find(                         x509findtype.findbythumbprint,                         "‎thumbprint",                         false); if (certcollection.count > 0)     {         cert = certcollection[0];         log.logger.information($"successfully loaded cert registry: {cert.thumbprint}");      }     if (cert == null) // fallback     {         cert = new x509certificate2(path.combine(_env.contentrootpath, "certificate.pfx"), "password");         //log.logger.information($"falling cert file. loaded: {cert.thumbprint}");     }     else     {         certstore.dispose();     }

Comments

Post a Comment

Popular posts from this blog

How to understand 2 main() functions after using uftrace to profile the C++ program? -

i trying uftrace profile following simple c++ program: #include <iostream> class { public: a() {std::cout << "a created" << std::endl;} ~a() {std::cout << "a destroyed" << std::endl;} }; int main() { a; return 0; } the profile result this: # uftrace a.out created destroyed # duration tid function 2.026 [ 4828] | __cxa_atexit(); [ 4828] | main() { [ 4828] | __static_initialization_and_destruction_0() { 89.397 [ 4828] | std::ios_base::init::init(); 0.768 [ 4828] | __cxa_atexit(); 93.029 [ 4828] | } /* __static_initialization_and_destruction_0 */ 94.425 [ 4828] | } /* main */ [ 4828] | main() { [ 4828] | a::a() { 11.104 [ 4828] | std::operator <<(); 10.825 [ 4828] | std::basic_ostream::operator <<(); 24.514 [ 4828] | } /* a::a */ [ 4828] | a::~a() { 0.978 [ 4828] | ...
Read more

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more