Setting for certificate path, in cases where mounted from a secrets mount

DavidBoike · DavidBoike · commit 9e0efb34dbc2 · 2025-01-31T16:03:13.000-06:00
diff --git a/src/ServiceControl.Audit.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs b/src/ServiceControl.Audit.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs
@@ -39,7 +39,7 @@ public async Task Initialize(CancellationToken cancellationToken = default)
                 {
                     Database = configuration.Name,
                     Urls = [configuration.ServerConfiguration.ConnectionString],
-                    Certificate = RavenClientCertificate.FindClientCertificate(configuration.ServerConfiguration.ClientCertificateBase64),
+                    Certificate = RavenClientCertificate.FindClientCertificate(configuration.ServerConfiguration),
                     Conventions = new DocumentConventions
                     {
                         SaveEnumsAsIntegers = true
diff --git a/src/ServiceControl.Audit.Persistence.RavenDB/RavenPersistenceConfiguration.cs b/src/ServiceControl.Audit.Persistence.RavenDB/RavenPersistenceConfiguration.cs
@@ -12,6 +12,7 @@ public class RavenPersistenceConfiguration : IPersistenceConfiguration
         public const string DatabaseNameKey = "RavenDB/DatabaseName";
         public const string DatabasePathKey = "DbPath";
         public const string ConnectionStringKey = "RavenDB/ConnectionString";
+        public const string ClientCertificatePathKey = "RavenDB/ClientCertificatePath";
         public const string ClientCertificateBase64Key = "RavenDB/ClientCertificateBase64";
         public const string DatabaseMaintenancePortKey = "DatabaseMaintenancePort";
         public const string ExpirationProcessTimerInSecondsKey = "ExpirationProcessTimerInSeconds";
@@ -25,6 +26,7 @@ public class RavenPersistenceConfiguration : IPersistenceConfiguration
             DatabaseNameKey,
             DatabasePathKey,
             ConnectionStringKey,
+            ClientCertificatePathKey,
             ClientCertificateBase64Key,
             DatabaseMaintenancePortKey,
             ExpirationProcessTimerInSecondsKey,
@@ -62,6 +64,10 @@ internal static DatabaseConfiguration GetDatabaseConfiguration(PersistenceSettin
 
                 serverConfiguration = new ServerConfiguration(connectionString);
 
+                if (settings.PersisterSpecificSettings.TryGetValue(ClientCertificatePathKey, out var clientCertificatePath))
+                {
+                    serverConfiguration.ClientCertificatePath = clientCertificatePath;
+                }
                 if (settings.PersisterSpecificSettings.TryGetValue(ClientCertificateBase64Key, out var clientCertificateBase64))
                 {
                     serverConfiguration.ClientCertificateBase64 = clientCertificateBase64;
diff --git a/src/ServiceControl.Audit.Persistence.RavenDB/ServerConfiguration.cs b/src/ServiceControl.Audit.Persistence.RavenDB/ServerConfiguration.cs
@@ -1,6 +1,8 @@
 ﻿namespace ServiceControl.Audit.Persistence.RavenDB
 {
-    public class ServerConfiguration
+    using ServiceControl.RavenDB;
+
+    public class ServerConfiguration : IRavenClientCertificateInfo
     {
         public ServerConfiguration(string connectionString)
         {
@@ -18,6 +20,7 @@ public ServerConfiguration(string dbPath, string serverUrl, string logPath, stri
         }
 
         public string ConnectionString { get; }
+        public string ClientCertificatePath { get; internal set; }
         public string ClientCertificateBase64 { get; internal set; }
         public bool UseEmbeddedServer { get; }
         public string DbPath { get; internal set; } //Setter for ATT only
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenBootstrapper.cs b/src/ServiceControl.Persistence.RavenDB/RavenBootstrapper.cs
@@ -7,6 +7,7 @@ static class RavenBootstrapper
         public const string DatabaseMaintenancePortKey = "DatabaseMaintenancePort";
         public const string ExpirationProcessTimerInSecondsKey = "ExpirationProcessTimerInSeconds";
         public const string ConnectionStringKey = "RavenDB/ConnectionString";
+        public const string ClientCertificatePathKey = "RavenDB/ClientCertificatePath";
         public const string ClientCertificateBase64Key = "RavenDB/ClientCertificateBase64";
         public const string MinimumStorageLeftRequiredForIngestionKey = "MinimumStorageLeftRequiredForIngestion";
         public const string DatabaseNameKey = "RavenDB/DatabaseName";
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs b/src/ServiceControl.Persistence.RavenDB/RavenExternalPersistenceLifecycle.cs
@@ -39,7 +39,7 @@ public async Task Initialize(CancellationToken cancellationToken)
                 {
                     Database = settings.DatabaseName,
                     Urls = [settings.ConnectionString],
-                    Certificate = RavenClientCertificate.FindClientCertificate(settings.ClientCertificateBase64),
+                    Certificate = RavenClientCertificate.FindClientCertificate(settings),
                     Conventions = new DocumentConventions
                     {
                         SaveEnumsAsIntegers = true
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenPersistenceConfiguration.cs b/src/ServiceControl.Persistence.RavenDB/RavenPersistenceConfiguration.cs
@@ -34,6 +34,7 @@ static T GetRequiredSetting<T>(SettingsRootNamespace settingsRootNamespace, stri
             var settings = new RavenPersisterSettings
             {
                 ConnectionString = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ConnectionStringKey),
+                ClientCertificatePath = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ClientCertificatePathKey),
                 ClientCertificateBase64 = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ClientCertificateBase64Key),
                 DatabaseName = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabaseNameKey, RavenPersisterSettings.DatabaseNameDefault),
                 DatabasePath = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabasePathKey, DefaultDatabaseLocation()),
diff --git a/src/ServiceControl.Persistence.RavenDB/RavenPersisterSettings.cs b/src/ServiceControl.Persistence.RavenDB/RavenPersisterSettings.cs
@@ -2,8 +2,9 @@
 using Particular.LicensingComponent.Contracts;
 using ServiceControl.Persistence;
 using ServiceControl.Persistence.RavenDB.CustomChecks;
+using ServiceControl.RavenDB;
 
-class RavenPersisterSettings : PersistenceSettings
+class RavenPersisterSettings : PersistenceSettings, IRavenClientCertificateInfo
 {
     public int DatabaseMaintenancePort { get; set; } = DatabaseMaintenancePortDefault;
     public int ExpirationProcessTimerInSeconds { get; set; } = ExpirationProcessTimerInSecondsDefault;
@@ -23,6 +24,7 @@ class RavenPersisterSettings : PersistenceSettings
     /// User provided external RavenDB instance connection string
     /// </summary>
     public string ConnectionString { get; set; }
+    public string ClientCertificatePath { get; set; }
     public string ClientCertificateBase64 { get; set; }
     public bool UseEmbeddedServer => string.IsNullOrWhiteSpace(ConnectionString);
     public string LogPath { get; set; }
diff --git a/src/ServiceControl.RavenDB/RavenClientCertificate.cs b/src/ServiceControl.RavenDB/RavenClientCertificate.cs
@@ -8,13 +8,13 @@ namespace ServiceControl.RavenDB;
 
 public static class RavenClientCertificate
 {
-    public static X509Certificate2? FindClientCertificate(string? base64String)
+    public static X509Certificate2? FindClientCertificate(IRavenClientCertificateInfo certInfo)
     {
-        if (base64String is not null)
+        if (certInfo.ClientCertificateBase64 is not null)
         {
             try
             {
-                var bytes = Convert.FromBase64String(base64String);
+                var bytes = Convert.FromBase64String(certInfo.ClientCertificateBase64);
                 return new X509Certificate2(bytes);
             }
             catch (Exception x) when (x is FormatException or CryptographicException)
@@ -23,6 +23,11 @@ public static class RavenClientCertificate
             }
         }
 
+        if (certInfo.ClientCertificatePath is not null)
+        {
+            return new X509Certificate2(certInfo.ClientCertificatePath);
+        }
+
         var applicationDirectory = Path.GetDirectoryName(Assembly.GetEntryAssembly()?.Location) ?? string.Empty;
         var certificatePath = Path.Combine(applicationDirectory, "raven-client-certificate.pfx");
 
@@ -32,4 +37,10 @@ public static class RavenClientCertificate
         }
         return null;
     }
+}
+
+public interface IRavenClientCertificateInfo
+{
+    string? ClientCertificatePath { get; }
+    string? ClientCertificateBase64 { get; }
 }

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public async Task Initialize(CancellationToken cancellationToken = default)`
`39`	`39`	`{`
`40`	`40`	`Database = configuration.Name,`
`41`	`41`	`Urls = [configuration.ServerConfiguration.ConnectionString],`
`42`		`- Certificate = RavenClientCertificate.FindClientCertificate(configuration.ServerConfiguration.ClientCertificateBase64),`
	`42`	`+ Certificate = RavenClientCertificate.FindClientCertificate(configuration.ServerConfiguration),`
`43`	`43`	`Conventions = new DocumentConventions`
`44`	`44`	`{`
`45`	`45`	`SaveEnumsAsIntegers = true`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
`1`	`1`	`namespace ServiceControl.Audit.Persistence.RavenDB`
`2`	`2`	`{`
`3`		`- public class ServerConfiguration`
	`3`	`+ using ServiceControl.RavenDB;`
	`4`	`+`
	`5`	`+ public class ServerConfiguration : IRavenClientCertificateInfo`
`4`	`6`	`{`
`5`	`7`	`public ServerConfiguration(string connectionString)`
`6`	`8`	`{`
`@@ -18,6 +20,7 @@ public ServerConfiguration(string dbPath, string serverUrl, string logPath, stri`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`public string ConnectionString { get; }`
	`23`	`+ public string ClientCertificatePath { get; internal set; }`
`21`	`24`	`public string ClientCertificateBase64 { get; internal set; }`
`22`	`25`	`public bool UseEmbeddedServer { get; }`
`23`	`26`	`public string DbPath { get; internal set; } //Setter for ATT only`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ static T GetRequiredSetting<T>(SettingsRootNamespace settingsRootNamespace, stri`
`34`	`34`	`var settings = new RavenPersisterSettings`
`35`	`35`	`{`
`36`	`36`	`ConnectionString = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ConnectionStringKey),`
	`37`	`+ ClientCertificatePath = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ClientCertificatePathKey),`
`37`	`38`	`ClientCertificateBase64 = SettingsReader.Read<string>(settingsRootNamespace, RavenBootstrapper.ClientCertificateBase64Key),`
`38`	`39`	`DatabaseName = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabaseNameKey, RavenPersisterSettings.DatabaseNameDefault),`
`39`	`40`	`DatabasePath = SettingsReader.Read(settingsRootNamespace, RavenBootstrapper.DatabasePathKey, DefaultDatabaseLocation()),`
Original file line number	Diff line number	Diff line change
`@@ -8,13 +8,13 @@ namespace ServiceControl.RavenDB;`
`8`	`8`
`9`	`9`	`public static class RavenClientCertificate`
`10`	`10`	`{`
`11`		`- public static X509Certificate2? FindClientCertificate(string? base64String)`
	`11`	`+ public static X509Certificate2? FindClientCertificate(IRavenClientCertificateInfo certInfo)`
`12`	`12`	`{`
`13`		`- if (base64String is not null)`
	`13`	`+ if (certInfo.ClientCertificateBase64 is not null)`
`14`	`14`	`{`
`15`	`15`	`try`
`16`	`16`	`{`
`17`		`- var bytes = Convert.FromBase64String(base64String);`
	`17`	`+ var bytes = Convert.FromBase64String(certInfo.ClientCertificateBase64);`
`18`	`18`	`return new X509Certificate2(bytes);`
`19`	`19`	`}`
`20`	`20`	`catch (Exception x) when (x is FormatException or CryptographicException)`
`@@ -23,6 +23,11 @@ public static class RavenClientCertificate`
`23`	`23`	`}`
`24`	`24`	`}`
`25`	`25`
	`26`	`+ if (certInfo.ClientCertificatePath is not null)`
	`27`	`+ {`
	`28`	`+ return new X509Certificate2(certInfo.ClientCertificatePath);`
	`29`	`+ }`
	`30`	`+`
`26`	`31`	`var applicationDirectory = Path.GetDirectoryName(Assembly.GetEntryAssembly()?.Location) ?? string.Empty;`
`27`	`32`	`var certificatePath = Path.Combine(applicationDirectory, "raven-client-certificate.pfx");`
`28`	`33`
`@@ -32,4 +37,10 @@ public static class RavenClientCertificate`
`32`	`37`	`}`
`33`	`38`	`return null;`
`34`	`39`	`}`
	`40`	`+}`
	`41`	`+`
	`42`	`+public interface IRavenClientCertificateInfo`
	`43`	`+{`
	`44`	`+ string? ClientCertificatePath { get; }`
	`45`	`+ string? ClientCertificateBase64 { get; }`
`35`	`46`	`}`