feat: Encrypt data protection data with a cert

4 files changed, 28 insertions, 8 deletions

diff --git a/server/src/Data/Static/AppConfiguration.cs b/server/src/Data/Static/AppConfiguration.cs
index 08fc716..d05f2c2 100644
--- a/server/src/Data/Static/AppConfiguration.cs
+++ b/server/src/Data/Static/AppConfiguration.cs
@@ -1,3 +1,6 @@
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+
 namespace IOL.GreatOffice.Api.Data.Static;
 
 public class AppConfiguration
@@ -24,7 +27,10 @@ public class AppConfiguration
 	public string GITHUB_CLIENT_ID { get; set; }
 	public string GITHUB_CLIENT_SECRET { get; set; }
 	public string APP_AES_KEY { get; set; }
+	public string APP_CERT { get; set; }
 
+	public X509Certificate2 CERT1() => new (Convert.FromBase64String(APP_CERT));
+	
 	public object GetPublicVersion() {
 		return new {
 				DB_HOST,
@@ -47,6 +53,7 @@ public class AppConfiguration
 				GITHUB_CLIENT_ID = GITHUB_CLIENT_ID.Obfuscate() ?? "",
 				GITHUB_CLIENT_SECRET = GITHUB_CLIENT_SECRET.Obfuscate() ?? "",
 				APP_AES_KEY = APP_AES_KEY.Obfuscate() ?? "",
+				CERT1 = CERT1().PublicKey.Oid.FriendlyName
 		};
 	}
 }
diff --git a/server/src/Data/Static/AppEnvironmentVariables.cs b/server/src/Data/Static/AppEnvironmentVariables.cs
index 2a2d591..c3f821d 100644
--- a/server/src/Data/Static/AppEnvironmentVariables.cs
+++ b/server/src/Data/Static/AppEnvironmentVariables.cs
@@ -11,11 +11,11 @@ public static class AppEnvironmentVariables
 	/// </summary>
 	public const string VAULT_URL = "VAULT_URL";
 	/// <summary>
-	/// The vault key name for the main configuration json object, described by <see cref="AppConfiguration"/> 
+	/// The duration of which to keep a local cached version of the configuration
 	/// </summary>
-	public const string MAIN_CONFIG_SHEET = "MAIN_CONFIG_SHEET";
+	public const string VAULT_CACHE_TTL = "VAULT_CACHE_TTL";
 	/// <summary>
-	/// The duration of which to keep a local cached version of the configuration
+	/// The vault key name for the main configuration json object, described by <see cref="AppConfiguration"/> 
 	/// </summary>
-	public const string VAULT_CACHE_TTL = "CONFIG_CACHE_TTL";
+	public const string MAIN_CONFIG_SHEET = "MAIN_CONFIG_SHEET";
 }
diff --git a/server/src/IOL.GreatOffice.Api.csproj b/server/src/IOL.GreatOffice.Api.csproj
index 4ba9db3..3264d70 100644
--- a/server/src/IOL.GreatOffice.Api.csproj
+++ b/server/src/IOL.GreatOffice.Api.csproj
@@ -57,4 +57,15 @@
     <ItemGroup>
       <Folder Include="wwwroot" />
     </ItemGroup>
+
+    <ItemGroup>
+      <None Remove="2022.crt" />
+      <Resource Include="2022.crt">
+        <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      </Resource>
+      <None Remove="2022.pfx" />
+      <Resource Include="2022.pfx">
+        <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      </Resource>
+    </ItemGroup>
 </Project>
diff --git a/server/src/Program.cs b/server/src/Program.cs
index 0d6b3d3..b74f348 100644
--- a/server/src/Program.cs
+++ b/server/src/Program.cs
@@ -39,6 +39,7 @@ global using IOL.GreatOffice.Api.Services;
 global using IOL.GreatOffice.Api.Utilities;
 using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
+using System.Text;
 using IOL.GreatOffice.Api.Endpoints.V1;
 using IOL.GreatOffice.Api.Jobs;
 using Microsoft.AspNetCore.HttpOverrides;
@@ -89,11 +90,12 @@ public static class Program
 				options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
 			});
 		}
-
+		
 		builder.Services
-			   .AddDataProtection()
-			   .PersistKeysToDbContext<AppDbContext>()
-			   .ProtectKeysWithCertificate(vaultService.Get<X509Certificate2>(""));
+			.AddDataProtection()
+			.ProtectKeysWithCertificate(configuration.CERT1())
+			.PersistKeysToDbContext<AppDbContext>();
+
 		builder.Services.Configure(JsonSettings.Default);
 		builder.Services.AddQuartz(options => {
 			options.UsePersistentStore(o => {