Merge pull request 'Hardened certificate loading' (#129) from dataprotection into master
Reviewed-on: #129
This commit was merged in pull request #129.
This commit is contained in:
@@ -54,7 +54,13 @@ public static class Api
|
|||||||
|
|
||||||
public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
|
public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
|
||||||
{
|
{
|
||||||
var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(configuration["DataProtection:Certificate"]!), configuration["DataProtection:Password"]);
|
var certString = configuration["DataProtection:Certificate"] ?? configuration["DataProtection__Certificate"];
|
||||||
|
var certPassword = configuration["DataProtection:Password"] ?? configuration["DataProtection__Password"];
|
||||||
|
|
||||||
|
if (string.IsNullOrEmpty(certString))
|
||||||
|
throw new InvalidOperationException("Data Protection Certificate configuration is missing.");
|
||||||
|
|
||||||
|
var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(certString), certPassword);
|
||||||
|
|
||||||
services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
|
services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
|
||||||
.ProtectKeysWithCertificate(certificate)
|
.ProtectKeysWithCertificate(certificate)
|
||||||
|
|||||||
Reference in New Issue
Block a user