mirror of
https://github.com/aliasvault/aliasvault.git
synced 2026-04-10 17:47:51 -04:00
Refactor DataProtection setup to common extension class (#130)
This commit is contained in:
Leendert de Borst
@@ -8,7 +8,6 @@
|
||||
using System.Data.Common;
|
||||
using System.Globalization;
|
||||
using System.Reflection;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using AliasServerDb;
|
||||
using AliasVault.Admin;
|
||||
using AliasVault.Admin.Auth.Providers;
|
||||
@@ -17,9 +16,7 @@ using AliasVault.Admin.Services;
|
||||
using AliasVault.Logging;
|
||||
using Cryptography;
|
||||
using Microsoft.AspNetCore.Components.Authorization;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.AspNetCore.Mvc.ViewFeatures;
|
||||
using Microsoft.Data.Sqlite;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
@@ -96,30 +93,7 @@ builder.Services.AddIdentityCore<AdminUser>(options =>
|
||||
.AddSignInManager()
|
||||
.AddDefaultTokenProviders();
|
||||
|
||||
// Generate or load the certificate
|
||||
X509Certificate2 cert;
|
||||
string certPath = "../../certificates/AliasVault.DataProtection.pfx";
|
||||
string certPassword = Environment.GetEnvironmentVariable("DATA_PROTECTION_CERT_PASS") ?? throw new KeyNotFoundException("DATA_PROTECTION_CERT_PASS environment variable is not set.");
|
||||
if (certPassword == "Development")
|
||||
{
|
||||
// For development use local certificate so it doesn't interfere with Docker setup which uses a unique generated password.
|
||||
certPath = Path.Combine(AppContext.BaseDirectory, "AliasVault.DataProtection.Development.pfx");
|
||||
}
|
||||
|
||||
if (!File.Exists(certPath))
|
||||
{
|
||||
cert = CertificateGenerator.GeneratePfx("AliasVault.DataProtection", certPassword);
|
||||
CertificateGenerator.SaveCertificateToFile(cert, certPassword, certPath);
|
||||
}
|
||||
else
|
||||
{
|
||||
cert = new X509Certificate2(certPath, certPassword);
|
||||
}
|
||||
|
||||
builder.Services.AddDataProtection()
|
||||
.ProtectKeysWithCertificate(cert)
|
||||
.PersistKeysToDbContext<AliasServerDbContext>()
|
||||
.SetApplicationName("AliasVault.Admin");
|
||||
builder.Services.AddAliasVaultDataProtection("AliasVault.Admin");
|
||||
|
||||
builder.Services.Configure<DataProtectionTokenProviderOptions>(options =>
|
||||
{
|
||||
|
||||
@@ -7,7 +7,6 @@
|
||||
|
||||
using System.Data.Common;
|
||||
using System.Reflection;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Text;
|
||||
using AliasServerDb;
|
||||
using AliasVault.Api.Jwt;
|
||||
@@ -16,7 +15,6 @@ using AliasVault.Shared.Providers.Time;
|
||||
using Asp.Versioning;
|
||||
using Cryptography;
|
||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.Data.Sqlite;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
@@ -53,30 +51,7 @@ builder.Services.AddDbContextFactory<AliasServerDbContext>((container, options)
|
||||
options.UseSqlite(connection).UseLazyLoadingProxies();
|
||||
});
|
||||
|
||||
// Generate or load the DataProtection certificate.
|
||||
X509Certificate2 cert;
|
||||
string certPath = "../../certificates/AliasVault.DataProtection.pfx";
|
||||
string certPassword = Environment.GetEnvironmentVariable("DATA_PROTECTION_CERT_PASS") ?? throw new KeyNotFoundException("DATA_PROTECTION_CERT_PASS environment variable is not set.");
|
||||
if (certPassword == "Development")
|
||||
{
|
||||
// For development use local certificate so it doesn't interfere with Docker setup which uses a unique generated password.
|
||||
certPath = Path.Combine(AppContext.BaseDirectory, "AliasVault.DataProtection.Development.pfx");
|
||||
}
|
||||
|
||||
if (!File.Exists(certPath))
|
||||
{
|
||||
cert = CertificateGenerator.GeneratePfx("AliasVault.DataProtection", certPassword);
|
||||
CertificateGenerator.SaveCertificateToFile(cert, certPassword, certPath);
|
||||
}
|
||||
else
|
||||
{
|
||||
cert = new X509Certificate2(certPath, certPassword);
|
||||
}
|
||||
|
||||
builder.Services.AddDataProtection()
|
||||
.ProtectKeysWithCertificate(cert)
|
||||
.PersistKeysToDbContext<AliasServerDbContext>()
|
||||
.SetApplicationName("AliasVault.Api");
|
||||
builder.Services.AddAliasVaultDataProtection("AliasVault.Api");
|
||||
|
||||
builder.Services.AddIdentity<AliasVaultUser, AliasVaultRole>(options =>
|
||||
{
|
||||
|
||||
59
src/Utilities/Cryptography/DataProtectionExtensions.cs
Normal file
59
src/Utilities/Cryptography/DataProtectionExtensions.cs
Normal file
@@ -0,0 +1,59 @@
|
||||
//-----------------------------------------------------------------------
|
||||
// <copyright file="DataProtectionExtensions.cs" company="lanedirt">
|
||||
// Copyright (c) lanedirt. All rights reserved.
|
||||
// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
|
||||
// </copyright>
|
||||
//-----------------------------------------------------------------------
|
||||
|
||||
namespace Cryptography;
|
||||
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using AliasServerDb;
|
||||
using Microsoft.AspNetCore.DataProtection;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
|
||||
/// <summary>
|
||||
/// Helper utility to configure DataProtection for web projects.
|
||||
/// </summary>
|
||||
public static class DataProtectionExtensions
|
||||
{
|
||||
/// <summary>
|
||||
/// Setup .NET DataProtection to use common AliasVault settings with self-signed certificate.
|
||||
/// </summary>
|
||||
/// <param name="services">Services.</param>
|
||||
/// <param name="applicationName">Application name.</param>
|
||||
/// <returns>IServiceCollection.</returns>
|
||||
/// <exception cref="KeyNotFoundException">Thrown if environment variable is not set.</exception>
|
||||
public static IServiceCollection AddAliasVaultDataProtection(
|
||||
this IServiceCollection services,
|
||||
string applicationName)
|
||||
{
|
||||
string certPassword = Environment.GetEnvironmentVariable("DATA_PROTECTION_CERT_PASS")
|
||||
?? throw new KeyNotFoundException("DATA_PROTECTION_CERT_PASS is not set in configuration or environment variables.");
|
||||
|
||||
string certPath = "../../certificates/AliasVault.DataProtection.pfx";
|
||||
if (certPassword == "Development")
|
||||
{
|
||||
certPath = Path.Combine(AppContext.BaseDirectory, "AliasVault.DataProtection.Development.pfx");
|
||||
}
|
||||
|
||||
X509Certificate2 cert;
|
||||
if (!File.Exists(certPath))
|
||||
{
|
||||
cert = CertificateGenerator.GeneratePfx("AliasVault.DataProtection", certPassword);
|
||||
CertificateGenerator.SaveCertificateToFile(cert, certPassword, certPath);
|
||||
}
|
||||
else
|
||||
{
|
||||
cert = new X509Certificate2(certPath, certPassword);
|
||||
}
|
||||
|
||||
services.AddDataProtection()
|
||||
.ProtectKeysWithCertificate(cert)
|
||||
.PersistKeysToDbContext<AliasServerDbContext>()
|
||||
.SetApplicationName(applicationName);
|
||||
|
||||
return services;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user