added identity server real cert loading

src/Api/Startup.cs

@@ -1,7 +1,6 @@
 using System;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
@@ -29,6 +28,7 @@ using IdentityServer4.Validation;
 using IdentityServer4.Services;
 using IdentityModel.AspNetCore.OAuth2Introspection;
 using IdentityServer4.Stores;
+using Bit.Core.Utilities;
 
 namespace Bit.Api
 {
@@ -87,9 +87,9 @@ namespace Bit.Api
             services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
 
             // IdentityServer
+            var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
             services.AddIdentityServer()
-                // TODO: Add proper signing creds
+                .AddSigningCredential(identityServerCert)
-                .AddTemporarySigningCredential()
                 .AddInMemoryApiResources(ApiResources.GetApiResources())
                 .AddInMemoryClients(Clients.GetClients());
             services.AddSingleton<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();

src/Api/settings.json

@@ -24,6 +24,9 @@
       "gcmApiKey": "SECRET",
       "gcmAppPackageName": "com.x8bit.bitwarden"
     },
+    "identityServer": {
+      "certificateThumbprint": "SECRET"
+    },
     "storage": {
       "connectionString": "SECRET"
     }

src/Core/GlobalSettings.cs

@@ -10,6 +10,7 @@
         public virtual LoggrSettings Loggr { get; set; } = new LoggrSettings();
         public virtual PushSettings Push { get; set; } = new PushSettings();
         public virtual StorageSettings Storage { get; set; } = new StorageSettings();
+        public virtual IdentityServerSettings IdentityServer { get; set; } = new IdentityServerSettings();
 
         public class SqlServerSettings
         {
@@ -41,5 +42,10 @@
             public string GcmApiKey { get; set; }
             public string GcmAppPackageName { get; set; }
         }
+
+        public class IdentityServerSettings
+        {
+            public string CertificateThumbprint { get; set; }
+        }
     }
 }

src/Core/Services/Implementations/PushSharpPushService.cs

@@ -8,13 +8,12 @@ using PushSharp.Google;
 using PushSharp.Apple;
 using Microsoft.AspNetCore.Hosting;
 using PushSharp.Core;
-using System.Security.Cryptography.X509Certificates;
 using Bit.Core.Domains;
 using Bit.Core.Enums;
-using System.Text.RegularExpressions;
 using Newtonsoft.Json;
 using Microsoft.Extensions.Logging;
 using System.Diagnostics;
+using Bit.Core.Utilities;
 
 namespace Bit.Core.Services
 {
@@ -191,7 +190,7 @@ namespace Bit.Core.Services
                 return;
             }
 
-            var apnsCertificate = GetCertificate(globalSettings.Push.ApnsCertificateThumbprint);
+            var apnsCertificate = CoreHelpers.GetCertificate(globalSettings.Push.ApnsCertificateThumbprint);
             if(apnsCertificate == null)
             {
                 return;
@@ -240,24 +239,6 @@ namespace Bit.Core.Services
             });
         }
 
-        private X509Certificate2 GetCertificate(string thumbprint)
-        {
-            // Clean possible garbage characters from thumbprint copy/paste
-            // ref http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint
-            thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper();
-
-            X509Certificate2 cert = null;
-            var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
-            certStore.Open(OpenFlags.ReadOnly);
-            var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
-            if(certCollection.Count > 0)
-            {
-                cert = certCollection[0];
-            }
-            certStore.Close();
-            return cert;
-        }
-
         private void FeedbackService_FeedbackReceived(string deviceToken, DateTime timestamp)
         {
             // Remove the deviceToken from your database

src/Core/Utilities/CoreHelpers.cs

@@ -1,4 +1,6 @@
 using System;
+using System.Security.Cryptography.X509Certificates;
+using System.Text.RegularExpressions;
 
 namespace Bit.Core.Utilities
 {
@@ -36,5 +38,24 @@ namespace Bit.Core.Utilities
 
             return new Guid(guidArray);
         }
+
+        public static X509Certificate2 GetCertificate(string thumbprint)
+        {
+            // Clean possible garbage characters from thumbprint copy/paste
+            // ref http://stackoverflow.com/questions/8448147/problems-with-x509store-certificates-find-findbythumbprint
+            thumbprint = Regex.Replace(thumbprint, @"[^\da-zA-z]", string.Empty).ToUpper();
+
+            X509Certificate2 cert = null;
+            var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
+            certStore.Open(OpenFlags.ReadOnly);
+            var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
+            if(certCollection.Count > 0)
+            {
+                cert = certCollection[0];
+            }
+
+            certStore.Close();
+            return cert;
+        }
     }
 }