From 1bc2e0578356a3482c827d85eb44bf86c2895a4b Mon Sep 17 00:00:00 2001 From: ivarlovlie Date: Sun, 10 Jul 2022 22:22:41 +0200 Subject: feat: Encrypt data protection data with a cert --- server/src/Data/Static/AppConfiguration.cs | 7 +++++++ server/src/Data/Static/AppEnvironmentVariables.cs | 8 ++++---- server/src/IOL.GreatOffice.Api.csproj | 11 +++++++++++ server/src/Program.cs | 10 ++++++---- 4 files changed, 28 insertions(+), 8 deletions(-) (limited to 'server/src') diff --git a/server/src/Data/Static/AppConfiguration.cs b/server/src/Data/Static/AppConfiguration.cs index 08fc716..d05f2c2 100644 --- a/server/src/Data/Static/AppConfiguration.cs +++ b/server/src/Data/Static/AppConfiguration.cs @@ -1,3 +1,6 @@ +using System.Security.Cryptography.X509Certificates; +using System.Text; + namespace IOL.GreatOffice.Api.Data.Static; public class AppConfiguration @@ -24,7 +27,10 @@ public class AppConfiguration public string GITHUB_CLIENT_ID { get; set; } public string GITHUB_CLIENT_SECRET { get; set; } public string APP_AES_KEY { get; set; } + public string APP_CERT { get; set; } + public X509Certificate2 CERT1() => new (Convert.FromBase64String(APP_CERT)); + public object GetPublicVersion() { return new { DB_HOST, @@ -47,6 +53,7 @@ public class AppConfiguration GITHUB_CLIENT_ID = GITHUB_CLIENT_ID.Obfuscate() ?? "", GITHUB_CLIENT_SECRET = GITHUB_CLIENT_SECRET.Obfuscate() ?? "", APP_AES_KEY = APP_AES_KEY.Obfuscate() ?? "", + CERT1 = CERT1().PublicKey.Oid.FriendlyName }; } } diff --git a/server/src/Data/Static/AppEnvironmentVariables.cs b/server/src/Data/Static/AppEnvironmentVariables.cs index 2a2d591..c3f821d 100644 --- a/server/src/Data/Static/AppEnvironmentVariables.cs +++ b/server/src/Data/Static/AppEnvironmentVariables.cs @@ -11,11 +11,11 @@ public static class AppEnvironmentVariables /// public const string VAULT_URL = "VAULT_URL"; /// - /// The vault key name for the main configuration json object, described by + /// The duration of which to keep a local cached version of the configuration /// - public const string MAIN_CONFIG_SHEET = "MAIN_CONFIG_SHEET"; + public const string VAULT_CACHE_TTL = "VAULT_CACHE_TTL"; /// - /// The duration of which to keep a local cached version of the configuration + /// The vault key name for the main configuration json object, described by /// - public const string VAULT_CACHE_TTL = "CONFIG_CACHE_TTL"; + public const string MAIN_CONFIG_SHEET = "MAIN_CONFIG_SHEET"; } diff --git a/server/src/IOL.GreatOffice.Api.csproj b/server/src/IOL.GreatOffice.Api.csproj index 4ba9db3..3264d70 100644 --- a/server/src/IOL.GreatOffice.Api.csproj +++ b/server/src/IOL.GreatOffice.Api.csproj @@ -57,4 +57,15 @@ + + + + + Always + + + + Always + + diff --git a/server/src/Program.cs b/server/src/Program.cs index 0d6b3d3..b74f348 100644 --- a/server/src/Program.cs +++ b/server/src/Program.cs @@ -39,6 +39,7 @@ global using IOL.GreatOffice.Api.Services; global using IOL.GreatOffice.Api.Utilities; using System.Reflection; using System.Security.Cryptography.X509Certificates; +using System.Text; using IOL.GreatOffice.Api.Endpoints.V1; using IOL.GreatOffice.Api.Jobs; using Microsoft.AspNetCore.HttpOverrides; @@ -89,11 +90,12 @@ public static class Program options.ForwardedHeaders = ForwardedHeaders.XForwardedProto; }); } - + builder.Services - .AddDataProtection() - .PersistKeysToDbContext() - .ProtectKeysWithCertificate(vaultService.Get("")); + .AddDataProtection() + .ProtectKeysWithCertificate(configuration.CERT1()) + .PersistKeysToDbContext(); + builder.Services.Configure(JsonSettings.Default); builder.Services.AddQuartz(options => { options.UsePersistentStore(o => { -- cgit v1.3