nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-03 00:52:49 -05:00
Code Activity

load certs from azure storage

Browse Source
This commit is contained in:
Kyle Spearrin
2019-07-10 20:05:07 -04:00
parent f97539d558
commit b5d2a1da75
4 changed files with 67 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Core/Utilities/ServiceCollectionExtensions.cs
View File

@ -29,6 +29,7 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.HttpOverrides;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
namespace Bit.Core.Utilities
{
@ -131,7 +132,7 @@ namespace Bit.Core.Utilities
services.AddSingleton<IPushRegistrationService, NoopPushRegistrationService>();
}
if(!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage.ConnectionString))
if(!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString))
{
services.AddSingleton<IBlockIpService, AzureQueueBlockIpService>();
}
@ -326,7 +327,8 @@ namespace Bit.Core.Utilities
{
identityServerBuilder.AddDeveloperSigningCredential(false);
}
else if(!string.IsNullOrWhiteSpace(globalSettings.IdentityServer.CertificatePassword)
else if(globalSettings.SelfHosted &&
!string.IsNullOrWhiteSpace(globalSettings.IdentityServer.CertificatePassword)
&& File.Exists("identity.pfx"))
{
var identityServerCert = CoreHelpers.GetCertificate("identity.pfx",
@ -338,6 +340,15 @@ namespace Bit.Core.Utilities
var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if(!globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult();
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else
{
throw new Exception("No identity certificate to use.");
@ -366,12 +377,21 @@ namespace Bit.Core.Utilities
.PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory));
}
if(!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificateThumbprint))
if(!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString))
{
var dataProtectionCert = CoreHelpers.GetCertificate(
globalSettings.DataProtection.CertificateThumbprint);
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
X509Certificate2 dataProtectionCert = null;
if(CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificateThumbprint))
{
dataProtectionCert = CoreHelpers.GetCertificate(
globalSettings.DataProtection.CertificateThumbprint);
}
else if(CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificatePassword))
{
dataProtectionCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"dataprotection.pfx", globalSettings.DataProtection.CertificatePassword)
.GetAwaiter().GetResult();
}
services.AddDataProtection()
.PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml")
.ProtectKeysWithCertificate(dataProtectionCert);