public X509Certificate2 GetEncryptionCertificate(EncryptionCertificateSettings settings)
{
if (string.IsNullOrEmpty(settings?.EncryptionCertificateThumbprint))
{
throw new IdentityConfigurationException("No certificate defined in configuration for EncryptionCertificateSettings.EncryptionCertificateThumbprint, encrypted value cannot be decrypted");
}
if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
{
throw new IdentityConfigurationException("Do not encrypt settings when running on a Linux container, instead use Docker Secrets to protect sensitive configuration settings.");
}
var cert = GetCertificateByThumbprint(settings.EncryptionCertificateThumbprint);
return(cert);
}
public string DecryptString(string encryptedString, EncryptionCertificateSettings certificateSettings)
{
if (!IsEncrypted(encryptedString))
{
return(encryptedString);
}
var privateKey =
_certificateService.GetEncryptionCertificatePrivateKey(certificateSettings);
var encryptedPasswordAsBytes =
Convert.FromBase64String(
encryptedString.Replace(EncryptionPrefix, string.Empty));
var decryptedPasswordAsBytes = privateKey.Decrypt(encryptedPasswordAsBytes, RSAEncryptionPadding.OaepSHA1);
return(System.Text.Encoding.UTF8.GetString(decryptedPasswordAsBytes));
}
public RSA GetEncryptionCertificatePrivateKey(EncryptionCertificateSettings certificateSettings)
{
var cert = GetEncryptionCertificate(certificateSettings);
return(cert.GetRSAPrivateKey());
}
