Merge pull request 'Hardened certificate loading' (#129 ) from dataprotection into master

Reviewed-on: #129
Hardened certificate loading
2026-06-14 23:34:59 +02:00 · 2026-06-14 23:34:25 +02:00 · 2026-06-14 23:10:42 +02:00 · 2026-06-14 23:10:09 +02:00
1 changed files with 9 additions and 1 deletions
@@ -54,12 +54,20 @@ public static class Api

    public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
    {
-        var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(configuration["DataProtection:Certificate"]!), configuration["DataProtection:Password"]);
+        var certString = configuration["DataProtection:Certificate"] ?? configuration["DataProtection__Certificate"];
+        var certPassword = configuration["DataProtection:Password"] ?? configuration["DataProtection__Password"];
+
+        if (string.IsNullOrEmpty(certString))
+            throw new InvalidOperationException("Data Protection Certificate configuration is missing.");
+
+        var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(certString), certPassword);

        services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
            .ProtectKeysWithCertificate(certificate)
            .SetApplicationName("LiteCharmsApp");

+        services.Configure<DataProtectionOptions>(options => options.ApplicationDiscriminator = "LiteCharmsApp");
+
        services.ConfigureCookieOidcSameSiteSupport();

        var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
Author	SHA1	Message	Date
khwezi	ad2ea48592	Merge pull request 'Hardened certificate loading' (#129 ) from dataprotection into master Reviewed-on: #129	2026-06-14 23:34:59 +02:00
Khwezi Mngoma	bf36bb6bbc	Hardened certificate loading continuous-integration/drone/pr Build is passing Details	2026-06-14 23:34:25 +02:00
khwezi	0a9a459892	Merge pull request 'Refactored AddLiteCharmsWebSecurity to force a session recycling of keys on other pods' (#128 ) from dataprotection into master Reviewed-on: #128	2026-06-14 23:10:42 +02:00
Khwezi Mngoma	00d43c8f10	Refactored AddLiteCharmsWebSecurity to force a session recycling of keys on other pods continuous-integration/drone/pr Build is passing Details	2026-06-14 23:10:09 +02:00