diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Startup.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Startup.cs index 353bc6f9b..b33bae644 100644 --- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Startup.cs +++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Startup.cs @@ -1,4 +1,3 @@ -using Azure.Identity; using Dfe.Academisation.CorrelationIdMiddleware; using Dfe.PrepareTransfers.Web.Services; using Dfe.PrepareTransfers.Web.Services.Interfaces; @@ -20,7 +19,6 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.CookiePolicy; -using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.HttpOverrides; @@ -32,7 +30,6 @@ using Microsoft.Identity.Web; using Microsoft.Identity.Web.UI; using System; -using System.IO; using System.Security.Claims; using System.Threading.Tasks; @@ -98,26 +95,7 @@ public void ConfigureServices(IServiceCollection services) options.MaxAge = TimeSpan.FromDays(365); }); - // Only proceed if this is not a local development environment (path is only valid when running in a Container) - var dpTargetPath = "@/srv/app/storage"; - - if (Directory.Exists(dpTargetPath)) { - // If a Key Vault Key URI is defined, expect to encrypt the keys.xml - string kvProtectionKeyUri = Configuration.GetValue("DataProtection:KeyVaultKey"); - - // Setup basic Data Protection and persist keys.xml to local file system - var dp = services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath)); - - if (!string.IsNullOrEmpty(kvProtectionKeyUri)) - { - // Encrypt the keys using Key Vault - var credentials = new DefaultAzureCredential(); - dp.ProtectKeysWithAzureKeyVault( - new Uri(kvProtectionKeyUri), - credentials - ); - } - } + services.AddDataProtectionService(Configuration); services.AddScoped(sp => sp.GetService()?.HttpContext?.Session); services.AddSession(options => diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs new file mode 100644 index 000000000..fd76c82fb --- /dev/null +++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs @@ -0,0 +1,31 @@ +using Azure.Identity; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.AspNetCore.DataProtection; +using System; +using System.IO; + +namespace Dfe.PrepareConversions.Utils +{ + internal static class DataProtectionService + { + public static void AddDataProtectionService(this IServiceCollection services, IConfiguration configuration) + { + var dp = services.AddDataProtection(); + var dpTargetPath = "@/srv/app/storage"; + + if (Directory.Exists(dpTargetPath)) { + // If a Key Vault Key URI is defined, expect to encrypt the keys.xml + string kvProtectionKeyUri = configuration.GetValue("DataProtection:KeyVaultKey"); + + if (!string.IsNullOrWhiteSpace(kvProtectionKeyUri)) + { + throw new InvalidOperationException("DataProtection:Path is undefined or empty"); + } + + dp.PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath)); + dp.ProtectKeysWithAzureKeyVault(new Uri(kvProtectionKeyUri), new DefaultAzureCredential()); + } + } + } +}