public Handler(
ITelemetryLogger telemetryLogger,
IOptions <WCACoreSettings> appSettingsAccessor)
{
this.telemetryLogger = telemetryLogger;
appSettings = appSettingsAccessor.Value;
}
public FirstTitleCredentialRepository(
IKeyVaultClient keyVaultClient,
IOptions <WCACoreSettings> options)
{
this.keyVaultClient = keyVaultClient;
settings = options.Value;
}
public GlobalXApiTokenRepository(
ITelemetryLogger telemetry,
IKeyVaultClient keyVaultClient,
CloudStorageAccount cloudStorageAccount,
IClock clock,
IOptions <WCACoreSettings> appSettingsAccessor)
{
if (cloudStorageAccount is null)
{
throw new ArgumentNullException(nameof(cloudStorageAccount));
}
if (appSettingsAccessor is null)
{
throw new ArgumentNullException(nameof(appSettingsAccessor));
}
_telemetry = telemetry ?? throw new ArgumentNullException(nameof(telemetry));
_appSettings = appSettingsAccessor.Value;
_keyVaultClient = keyVaultClient ?? throw new ArgumentNullException(nameof(keyVaultClient));
_clock = clock ?? throw new ArgumentNullException(nameof(clock));
var tableClient = cloudStorageAccount.CreateCloudTableClient();
_lockTableReference = tableClient.GetTableReference(_globalXTokenLockTableName);
_lockTableReference.CreateIfNotExistsAsync().GetAwaiter().GetResult();
_expiryTableReference = tableClient.GetTableReference(_globalXTokenExpiryTableName);
_expiryTableReference.CreateIfNotExistsAsync().GetAwaiter().GetResult();
}
public StorePexaApiTokenCommandHandler(
IKeyVaultClient keyVaultClient,
StorePexaApiTokenCommand.Validator validator,
IOptions <WCACoreSettings> appSettingsAccessor)
{
_appSettings = appSettingsAccessor.Value;
_keyVaultClient = keyVaultClient;
_validator = validator;
}
public InfoTrackCredentialRepository(
IKeyVaultClient keyVaultClient,
IOptions <WCACoreSettings> options)
{
if (options is null)
{
throw new System.ArgumentNullException(nameof(options));
}
this.keyVaultClient = keyVaultClient ?? throw new System.ArgumentNullException(nameof(keyVaultClient));
settings = options.Value;
}
public Handler(
Validator validator,
ITelemetryLogger telemetryLogger,
ILogger <SendMappingsToInfoTrack> logger,
IOptions <WCACoreSettings> appSettingsAccessor,
IHttpClientFactory httpClientFactory)
{
_validator = validator;
_telemetryLogger = telemetryLogger;
_logger = logger;
_httpClientFactory = httpClientFactory;
_appSettings = appSettingsAccessor?.Value;
}
public GlobalXCredentialsRepository(
ITelemetryLogger telemetry,
IKeyVaultClient keyVaultClient,
IOptions <WCACoreSettings> appSettingsAccessor)
{
if (appSettingsAccessor is null)
{
throw new ArgumentNullException(nameof(appSettingsAccessor));
}
_telemetry = telemetry ?? throw new ArgumentNullException(nameof(telemetry));
_appSettings = appSettingsAccessor.Value;
_keyVaultClient = keyVaultClient ?? throw new ArgumentNullException(nameof(keyVaultClient));
}
public Handler(
WCADbContext wCADbContext,
Validator validator,
IOptions <WCACoreSettings> appSettingsAccessor,
IInfoTrackCredentialRepository infoTrackCredentialRepository,
IEmailSender emailSender)
{
if (appSettingsAccessor is null)
{
throw new ArgumentNullException(nameof(appSettingsAccessor));
}
_appSettings = appSettingsAccessor.Value;
_wCADbContext = wCADbContext;
_validator = validator;
_infoTrackCredentialRepository = infoTrackCredentialRepository;
_emailSender = emailSender;
}
private void AddWCADataProtection(IServiceCollection services, WCACoreSettings wcaCoreSettings)
{
const string dpapiKeyName = "wca-web-dpapi";
var cloudStorageAccount = CloudStorageAccount.Parse(Configuration.GetConnectionString("StorageConnection"));
var newCloudStorageAccount = Microsoft.Azure.Storage.CloudStorageAccount.Parse(Configuration.GetConnectionString("StorageConnection"));
services.AddSingleton(cloudStorageAccount);
var azureServiceTokenProvider = new AzureServiceTokenProvider();
// If you have issues with authenticating to Azure Key Vault, make sure you're using the correct principal
// by checking azureServiceTokenProvider.PrincipalUsed.UserPrincipalName.
// For local dev this uses the account that you're logged in to VS2017 with.
#pragma warning disable CA2000 // Dispose objects before losing scope: Not disposing as we're registering it as a singleton
var wcaKeyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
#pragma warning restore CA2000 // Dispose objects before losing scope
services.AddSingleton <IKeyVaultClient>(wcaKeyVaultClient);
if (wcaCoreSettings.UseAzureStorageAndKeyVaultForDPAPI)
{
string dpapiKeyIdentifier;
try
{
var keyTask = wcaKeyVaultClient.GetKeyAsync(wcaCoreSettings.CredentialAzureKeyVaultUrl, dpapiKeyName);
keyTask.Wait();
dpapiKeyIdentifier = keyTask.Result.KeyIdentifier.Identifier;
}
catch (AggregateException aex)
{
if ((aex.InnerException as KeyVaultErrorException)?.Response.StatusCode == System.Net.HttpStatusCode.NotFound)
{
var createKeyTask = wcaKeyVaultClient.CreateKeyAsync(
wcaCoreSettings.CredentialAzureKeyVaultUrl,
dpapiKeyName,
new NewKeyParameters()
{
Kty = "RSA",
KeySize = 4096
});
createKeyTask.Wait();
dpapiKeyIdentifier = createKeyTask.Result.KeyIdentifier.Identifier;
}
else
{
throw;
}
}
// Ensure container exists for DPAPI
cloudStorageAccount.CreateCloudBlobClient().GetContainerReference(dpapiKeyName).CreateIfNotExistsAsync();
// Configure Data Protection (DPAPI) to use Azure Storage/Key Vault
// so that sessions are persisted across deployments/slot swaps.
services.AddDataProtection(opts =>
{
opts.ApplicationDiscriminator = "WCA.Web";
})
.PersistKeysToAzureBlobStorage(newCloudStorageAccount, $"/{dpapiKeyName}/keys.xml")
.ProtectKeysWithAzureKeyVault(wcaKeyVaultClient, dpapiKeyIdentifier);
}
else
{
services.AddDataProtection(opts =>
{
opts.ApplicationDiscriminator = "WCA.Web";
});
}
}
