Merge pull request 'Hardened certificate loading' (#129 ) from dataprotection into master

Reviewed-on: #129
Hardened certificate loading
2026-06-14 23:34:59 +02:00 · 2026-06-14 23:34:25 +02:00
1 changed files with 7 additions and 1 deletions
@@ -54,7 +54,13 @@ public static class Api

    public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
    {
-        var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(configuration["DataProtection:Certificate"]!), configuration["DataProtection:Password"]);
+        var certString = configuration["DataProtection:Certificate"] ?? configuration["DataProtection__Certificate"];
+        var certPassword = configuration["DataProtection:Password"] ?? configuration["DataProtection__Password"];
+
+        if (string.IsNullOrEmpty(certString))
+            throw new InvalidOperationException("Data Protection Certificate configuration is missing.");
+
+        var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(certString), certPassword);

        services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
            .ProtectKeysWithCertificate(certificate)
Author	SHA1	Message	Date
khwezi	ad2ea48592	Merge pull request 'Hardened certificate loading' (#129 ) from dataprotection into master Reviewed-on: #129	2026-06-14 23:34:59 +02:00
Khwezi Mngoma	bf36bb6bbc	Hardened certificate loading continuous-integration/drone/pr Build is passing Details	2026-06-14 23:34:25 +02:00