added identity server real cert loading

2025-05-28 06:44:50 -05:00 · 2017-01-12 18:35:26 -05:00 · 2017-01-12 18:35:26 -05:00 · 6cde9ed223
commit 6cde9ed223
parent f105bd775d
5 changed files with 35 additions and 24 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -1,7 +1,6 @@
 using System;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
@ -29,6 +28,7 @@ using IdentityServer4.Validation;
 using IdentityServer4.Services;
 using IdentityModel.AspNetCore.OAuth2Introspection;
 using IdentityServer4.Stores;
+using Bit.Core.Utilities;

 namespace Bit.Api
 {
@ -87,9 +87,9 @@ namespace Bit.Api
            services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();

            // IdentityServer
+            var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
            services.AddIdentityServer()
-                // TODO: Add proper signing creds
-                .AddTemporarySigningCredential()
+                .AddSigningCredential(identityServerCert)
                .AddInMemoryApiResources(ApiResources.GetApiResources())
                .AddInMemoryClients(Clients.GetClients());
            services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
--- a/src/Api/settings.json
+++ b/src/Api/settings.json
@ -24,6 +24,9 @@
      "gcmApiKey": "SECRET",
      "gcmAppPackageName": "com.x8bit.bitwarden"
    },
+    "identityServer": {
+      "certificateThumbprint": "SECRET"
+    },
    "storage": {
      "connectionString": "SECRET"
    }
--- a/src/Core/GlobalSettings.cs
+++ b/src/Core/GlobalSettings.cs
@ -10,6 +10,7 @@
        public virtual LoggrSettings Loggr { get; set; } = new LoggrSettings();
        public virtual PushSettings Push { get; set; } = new PushSettings();
        public virtual StorageSettings Storage { get; set; } = new StorageSettings();
+        public virtual IdentityServerSettings IdentityServer { get; set; } = new IdentityServerSettings();

        public class SqlServerSettings
        {
@ -41,5 +42,10 @@
            public string GcmApiKey { get; set; }
            public string GcmAppPackageName { get; set; }
        }
+
+        public class IdentityServerSettings
+        {
+            public string CertificateThumbprint { get; set; }
+        }
    }
 }
--- a/src/Core/Services/Implementations/PushSharpPushService.cs
+++ b/src/Core/Services/Implementations/PushSharpPushService.cs
@ -8,13 +8,12 @@ using PushSharp.Google;
 using PushSharp.Apple;
 using Microsoft.AspNetCore.Hosting;
 using PushSharp.Core;
-using System.Security.Cryptography.X509Certificates;
 using Bit.Core.Domains;
 using Bit.Core.Enums;
-using System.Text.RegularExpressions;
 using Newtonsoft.Json;
 using Microsoft.Extensions.Logging;
 using System.Diagnostics;
+using Bit.Core.Utilities;

 namespace Bit.Core.Services
 {
@ -191,7 +190,7 @@ namespace Bit.Core.Services
                return;
            }

-            var apnsCertificate = GetCertificate(globalSettings.Push.ApnsCertificateThumbprint);
+            var apnsCertificate = CoreHelpers.GetCertificate(globalSettings.Push.ApnsCertificateThumbprint);
            if(apnsCertificate == null)
            {
                return;
@ -240,24 +239,6 @@ namespace Bit.Core.Services
            });
        }

-        private X509Certificate2 GetCertificate(string thumbprint)
-        {
-            // Clean possible garbage characters from thumbprint copy/paste
-            // ref http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint
-            thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper();
-
-            X509Certificate2 cert = null;
-            var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
-            certStore.Open(OpenFlags.ReadOnly);
-            var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
-            if(certCollection.Count > 0)
-            {
-                cert = certCollection[0];
-            }
-            certStore.Close();
-            return cert;
-        }
-
        private void FeedbackService_FeedbackReceived(string deviceToken, DateTime timestamp)
        {
            // Remove the deviceToken from your database
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -1,4 +1,6 @@
 using System;
+using System.Security.Cryptography.X509Certificates;
+using System.Text.RegularExpressions;

 namespace Bit.Core.Utilities
 {
@ -36,5 +38,24 @@ namespace Bit.Core.Utilities

            return new Guid(guidArray);
        }
+
+        public static X509Certificate2 GetCertificate(string thumbprint)
+        {
+            // Clean possible garbage characters from thumbprint copy/paste
+            // ref http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint
+            thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper();
+
+            X509Certificate2 cert = null;
+            var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
+            certStore.Open(OpenFlags.ReadOnly);
+            var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
+            if(certCollection.Count > 0)
+            {
+                cert = certCollection[0];
+            }
+
+            certStore.Close();
+            return cert;
+        }
    }
 }