diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index e27a610037..8d64d878ea 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -1,7 +1,6 @@ using System; using System.Security.Claims; using Microsoft.AspNetCore.Authentication.JwtBearer; -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Identity; @@ -29,6 +28,7 @@ using IdentityServer4.Validation; using IdentityServer4.Services; using IdentityModel.AspNetCore.OAuth2Introspection; using IdentityServer4.Stores; +using Bit.Core.Utilities; namespace Bit.Api { @@ -87,9 +87,9 @@ namespace Bit.Api services.AddSingleton(); // IdentityServer + var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint); services.AddIdentityServer() - // TODO: Add proper signing creds - .AddTemporarySigningCredential() + .AddSigningCredential(identityServerCert) .AddInMemoryApiResources(ApiResources.GetApiResources()) .AddInMemoryClients(Clients.GetClients()); services.AddSingleton(); diff --git a/src/Api/settings.json b/src/Api/settings.json index 23e5683f04..3ceb60cdb0 100644 --- a/src/Api/settings.json +++ b/src/Api/settings.json @@ -24,6 +24,9 @@ "gcmApiKey": "SECRET", "gcmAppPackageName": "com.x8bit.bitwarden" }, + "identityServer": { + "certificateThumbprint": "SECRET" + }, "storage": { "connectionString": "SECRET" } diff --git a/src/Core/GlobalSettings.cs b/src/Core/GlobalSettings.cs index b3e1a45a11..5fa0bea6aa 100644 --- a/src/Core/GlobalSettings.cs +++ b/src/Core/GlobalSettings.cs @@ -10,6 +10,7 @@ public virtual LoggrSettings Loggr { get; set; } = new LoggrSettings(); public virtual PushSettings Push { get; set; } = new PushSettings(); public virtual StorageSettings Storage { get; set; } = new StorageSettings(); + public virtual IdentityServerSettings IdentityServer { get; set; } = new IdentityServerSettings(); public class SqlServerSettings { @@ -41,5 +42,10 @@ public string GcmApiKey { get; set; } public string GcmAppPackageName { get; set; } } + + public class IdentityServerSettings + { + public string CertificateThumbprint { get; set; } + } } } diff --git a/src/Core/Services/Implementations/PushSharpPushService.cs b/src/Core/Services/Implementations/PushSharpPushService.cs index 6d5ddbddc7..b841bb526b 100644 --- a/src/Core/Services/Implementations/PushSharpPushService.cs +++ b/src/Core/Services/Implementations/PushSharpPushService.cs @@ -8,13 +8,12 @@ using PushSharp.Google; using PushSharp.Apple; using Microsoft.AspNetCore.Hosting; using PushSharp.Core; -using System.Security.Cryptography.X509Certificates; using Bit.Core.Domains; using Bit.Core.Enums; -using System.Text.RegularExpressions; using Newtonsoft.Json; using Microsoft.Extensions.Logging; using System.Diagnostics; +using Bit.Core.Utilities; namespace Bit.Core.Services { @@ -191,7 +190,7 @@ namespace Bit.Core.Services return; } - var apnsCertificate = GetCertificate(globalSettings.Push.ApnsCertificateThumbprint); + var apnsCertificate = CoreHelpers.GetCertificate(globalSettings.Push.ApnsCertificateThumbprint); if(apnsCertificate == null) { return; @@ -240,24 +239,6 @@ namespace Bit.Core.Services }); } - private X509Certificate2 GetCertificate(string thumbprint) - { - // Clean possible garbage characters from thumbprint copy/paste - // ref http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint - thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper(); - - X509Certificate2 cert = null; - var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); - certStore.Open(OpenFlags.ReadOnly); - var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false); - if(certCollection.Count > 0) - { - cert = certCollection[0]; - } - certStore.Close(); - return cert; - } - private void FeedbackService_FeedbackReceived(string deviceToken, DateTime timestamp) { // Remove the deviceToken from your database diff --git a/src/Core/Utilities/CoreHelpers.cs b/src/Core/Utilities/CoreHelpers.cs index e1d1d9951f..b3317c74d1 100644 --- a/src/Core/Utilities/CoreHelpers.cs +++ b/src/Core/Utilities/CoreHelpers.cs @@ -1,4 +1,6 @@ using System; +using System.Security.Cryptography.X509Certificates; +using System.Text.RegularExpressions; namespace Bit.Core.Utilities { @@ -36,5 +38,24 @@ namespace Bit.Core.Utilities return new Guid(guidArray); } + + public static X509Certificate2 GetCertificate(string thumbprint) + { + // Clean possible garbage characters from thumbprint copy/paste + // ref http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint + thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper(); + + X509Certificate2 cert = null; + var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); + certStore.Open(OpenFlags.ReadOnly); + var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false); + if(certCollection.Count > 0) + { + cert = certCollection[0]; + } + + certStore.Close(); + return cert; + } } }