settings updates

4 years ago · 45af4e4251
3 changed files with 24 additions and 47 deletions
--- a/src/CryptoAgent/CryptoAgentSettings.cs
+++ b/src/CryptoAgent/CryptoAgentSettings.cs
@ -8,17 +8,18 @@
				@@ -8,17 +8,18 @@

        public class CertificateSettings
        {
-            // Filesystem
+            public string Provider { get; set; }
+            // filesystem
            public string FilesystemPath { get; set; }
            public string FilesystemPassword { get; set; }
-            // Local store
+            // store
            public string StoreThumbprint { get; set; }
-            // Azure blob storage
+            // azurestorage
            public string AzureStorageConnectionString { get; set; }
            public string AzureStorageContainer { get; set; }
            public string AzureStorageFileName { get; set; }
            public string AzureStorageFilePassword { get; set; }
-            // Azure key vault
+            // azurekv
            public string AzureKeyvaultUri { get; set; }
            public string AzureKeyvaultCertificateName { get; set; }
            public string AzureKeyvaultAdTenantId { get; set; }
@ -28,26 +29,25 @@
				@@ -28,26 +29,25 @@

        public class RsaKeySettings
        {
-            // Local certificate provider
            public string Provider { get; set; }
-            // Azure key vault
+            // azurekv
            public string AzureKeyvaultUri { get; set; }
            public string AzureKeyvaultKeyName { get; set; }
            public string AzureKeyvaultAdTenantId { get; set; }
            public string AzureKeyvaultAdAppId { get; set; }
            public string AzureKeyvaultAdSecret { get; set; }
-            // Google Cloud KMS
+            // gcpkms
            public string GoogleCloudProjectId { get; set; }
            public string GoogleCloudLocationId { get; set; }
            public string GoogleCloudKeyringId { get; set; }
            public string GoogleCloudKeyId { get; set; }
            public string GoogleCloudKeyVersionId { get; set; }
-            // AWS KMS
+            // awskms
            public string AwsAccessKeyId { get; set; }
            public string AwsAccessKeySecret { get; set; }
            public string AwsRegion { get; set; }
            public string AwsKeyId { get; set; }
-            // Hashicorp Vault...
+            // vault...
            // Other HSMs...
        }

--- a/src/CryptoAgent/Startup.cs
+++ b/src/CryptoAgent/Startup.cs
@ -34,73 +34,53 @@ namespace Bit.CryptoAgent
				@@ -34,73 +34,53 @@ namespace Bit.CryptoAgent
            {
                services.AddSingleton<IRsaKeyService, LocalCertificateRsaKeyService>();

-                if (!string.IsNullOrWhiteSpace(settings.Certificate?.StoreThumbprint))
+                var certificateProvider = settings.Certificate.Provider?.ToLowerInvariant();
+                if (certificateProvider == "store")
                {
                    services.AddSingleton<ICertificateProviderService, StoreCertificateProviderService>();
                }
-                else if (!string.IsNullOrWhiteSpace(settings.Certificate?.FilesystemPath))
+                else if (certificateProvider == "filesystem")
                {
                    services.AddSingleton<ICertificateProviderService, FilesystemCertificateProviderService>();
                }
-                else if (!string.IsNullOrWhiteSpace(settings.Certificate?.AzureStorageConnectionString))
+                else if (certificateProvider == "azurestorage")
                {
                    services.AddSingleton<ICertificateProviderService, AzureStorageCertificateProviderService>();
                }
-                else if (!string.IsNullOrWhiteSpace(settings.Certificate?.AzureKeyvaultUri))
+                else if (certificateProvider == "azurekv")
                {
                    services.AddSingleton<ICertificateProviderService, AzureKeyVaultCertificateProviderService>();
                }
                else
                {
-                    throw new Exception("No certificate provider configured.");
+                    throw new Exception("Unknown certificate provider configured.");
                }
            }
-            else if (rsaKeyProvider == "azure")
+            else if (rsaKeyProvider == "azurekv")
            {
-                if (!string.IsNullOrWhiteSpace(settings.RsaKey?.AzureKeyvaultUri))
-                {
-                    services.AddSingleton<IRsaKeyService, AzureKeyVaultRsaKeyService>();
-                }
-                else
-                {
-                    throw new Exception("No azure key vault configured.");
-                }
+                services.AddSingleton<IRsaKeyService, AzureKeyVaultRsaKeyService>();
            }
-            else if (rsaKeyProvider == "gcp")
+            else if (rsaKeyProvider == "gcpkms")
            {
-                if (!string.IsNullOrWhiteSpace(settings.RsaKey?.GoogleCloudKeyId))
-                {
-                    services.AddSingleton<IRsaKeyService, GoogleCloudKmsRsaKeyService>();
-                }
-                else
-                {
-                    throw new Exception("No gcp kms configured.");
-                }
+                services.AddSingleton<IRsaKeyService, GoogleCloudKmsRsaKeyService>();
            }
-            else if (rsaKeyProvider == "aws")
+            else if (rsaKeyProvider == "awskms")
            {
-                if (!string.IsNullOrWhiteSpace(settings.RsaKey?.AwsAccessKeyId))
-                {
-                    services.AddSingleton<IRsaKeyService, AwsKmsRsaKeyService>();
-                }
-                else
-                {
-                    throw new Exception("No aws kms configured.");
-                }
+                services.AddSingleton<IRsaKeyService, AwsKmsRsaKeyService>();
            }
            else
            {
-                throw new Exception("Unknown rsa key provider.");
+                throw new Exception("Unknown rsa key provider configured.");
            }

            services.AddSingleton<ICryptoFunctionService, CryptoFunctionService>();
            services.AddSingleton<ICryptoService, CryptoService>();

-            // JsonFlatFileDataStore
            if (!string.IsNullOrWhiteSpace(settings.Database?.JsonFilePath))
            {
                // Assign foobar to keyProperty in order to not use incrementing Id functionality
-                services.AddSingleton<IDataStore>(new DataStore(settings.Database.JsonFilePath, keyProperty: "--foobar--"));
+                services.AddSingleton<IDataStore>(
+                    new DataStore(settings.Database.JsonFilePath, keyProperty: "--foobar--"));
                services.AddSingleton<IApplicationDataRepository, Repositories.JsonFile.ApplicationDataRepository>();
                services.AddSingleton<IUserKeyRepository, Repositories.JsonFile.UserKeyRepository>();
            }
--- a/src/CryptoAgent/appsettings.json
+++ b/src/CryptoAgent/appsettings.json
@ -8,8 +8,5 @@
				@@ -8,8 +8,5 @@
  },
  "AllowedHosts": "*",
  "cryptoAgentSettings": {
-    "rsaKey": {
-      "provider": "certificate"
-    }
  }
 }