Merge pull request #275 from ITfoxtec/1.1.x-net6

1.1.x net6
ITfoxtec · Jan 3, 2022 · 9d409d2 · 9d409d2
2 parents 2bbc180 + 55815ed
commit 9d409d2
Show file tree

Hide file tree

Showing 62 changed files with 756 additions and 643 deletions.
diff --git a/FoxIDs.sln b/FoxIDs.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.28803.156
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.32014.148
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FoxIDs", "src\FoxIDs\FoxIDs.csproj", "{82C6C190-C560-4A25-94C4-BF8233D5043C}"
 EndProject
@@ -141,8 +141,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{CB8812
 		docs\images\upload-risk-passwords.png = docs\images\upload-risk-passwords.png
 	EndProjectSection
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FoxIDs.ConvertCertificateTool", "tools\FoxIDs.ConvertCertificateTool\FoxIDs.ConvertCertificateTool.csproj", "{4A6F1993-D5A6-4CC2-910D-88469B8F3A9A}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -181,10 +179,6 @@ Global
 		{11FB6E8F-F726-4AAA-95E1-82C360A9AF4E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{11FB6E8F-F726-4AAA-95E1-82C360A9AF4E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{11FB6E8F-F726-4AAA-95E1-82C360A9AF4E}.Release|Any CPU.Build.0 = Release|Any CPU
-		{4A6F1993-D5A6-4CC2-910D-88469B8F3A9A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{4A6F1993-D5A6-4CC2-910D-88469B8F3A9A}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{4A6F1993-D5A6-4CC2-910D-88469B8F3A9A}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{4A6F1993-D5A6-4CC2-910D-88469B8F3A9A}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -199,7 +193,6 @@ Global
 		{56C8921F-64BA-4AD0-A2EA-BAE0A183269F} = {48D65B3F-F81D-4A30-AD0E-855D0ADC29E1}
 		{11FB6E8F-F726-4AAA-95E1-82C360A9AF4E} = {48D65B3F-F81D-4A30-AD0E-855D0ADC29E1}
 		{CB88126F-3F28-4511-93E1-2454E239E9C7} = {CB5D86A0-DD55-49F6-B7AF-8162E9DA4CAF}
-		{4A6F1993-D5A6-4CC2-910D-88469B8F3A9A} = {66AA1AF7-CBCC-46AA-ACAB-9E1B7A8532EF}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {AD8F0D8F-FD1F-4DE2-AC92-4948FC1EDE56}

diff --git a/azuredeploy-autodeployment.json b/azuredeploy-autodeployment.json
@@ -271,7 +271,7 @@
       "properties": {
         "name": "[variables('foxidsSiteName')]",
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false
@@ -298,7 +298,7 @@
       "properties": {
         "name": "[variables('foxidsControlSiteName')]",
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false
@@ -324,7 +324,7 @@
       },
       "properties": {
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false,
@@ -351,7 +351,7 @@
       },
       "properties": {
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false,

diff --git a/azuredeploy.json b/azuredeploy.json
@@ -271,7 +271,7 @@
       "properties": {
         "name": "[variables('foxidsSiteName')]",
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false
@@ -298,7 +298,7 @@
       "properties": {
         "name": "[variables('foxidsControlSiteName')]",
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false
@@ -324,7 +324,7 @@
       },
       "properties": {
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false,
@@ -351,7 +351,7 @@
       },
       "properties": {
         "siteConfig": {
-          "netFrameworkVersion": "v5.0",
+          "netFrameworkVersion": "v6.0",
           "ftpsState": "Disabled",
           "alwaysOn": true,
           "webSocketsEnabled": false,
@@ -470,10 +470,10 @@
       "properties": {
         "appSettingNames": [ "PROJECT", "SCM_BUILD_ARGS", "APPINSIGHTS:INSTRUMENTATIONKEY", "ApplicationInsights:InstrumentationKey", "Settings:FoxIDsEndpoint", "Settings:FoxIDsControlEndpoint", "MasterSeedEnabled", "Settings:CosmosDb:EndpointUri", "Settings:KeyVault:EndpointUri" ]
       }
-    },   
+    },
     {
       "type": "Microsoft.Web/sites/slots/sourcecontrols",
-      "apiVersion": "2018-11-01",
+      "apiVersion": "2021-02-01",
       "name": "[concat(variables('foxidsSiteName'), '/test/web')]",
       "dependsOn": [
         "[concat('Microsoft.Web/sites/', variables('foxidsSiteName'))]",
@@ -485,14 +485,14 @@
         "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), 'Settings--Sendgrid--ApiKey')]"
       ],
       "properties": {
-        "RepoUrl": "[parameters('repoURL')]",
+        "repoUrl": "[parameters('repoURL')]",
         "branch": "[parameters('branch')]",
         "IsManualIntegration": true
       }
     },
     {
       "type": "Microsoft.Web/sites/slots/sourcecontrols",
-      "apiVersion": "2018-11-01",
+      "apiVersion": "2021-02-01",
       "name": "[concat(variables('foxidsControlSiteName'), '/test/web')]",
       "dependsOn": [
         "[concat('Microsoft.Web/sites/', variables('foxidsControlSiteName'))]",
@@ -504,7 +504,7 @@
         "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('keyVaultName'), 'Settings--Sendgrid--ApiKey')]"
       ],
       "properties": {
-        "RepoUrl": "[parameters('repoURL')]",
+        "repoUrl": "[parameters('repoURL')]",
         "branch": "[parameters('branch')]",
         "IsManualIntegration": true
       }

diff --git a/docs/up-party-howto-saml-2.0-nemlogin.md b/docs/up-party-howto-saml-2.0-nemlogin.md
@@ -32,15 +32,7 @@ NemLog-in3 requires all requests (authn and logout) from the Relying Party (RP)
 
 A OCES certificate is valid for three years where after it manually has to be updated.
 
-FoxIDs require the certificate to be a `.PFX` file. Where a OCES certificate default is a `.P12` file. The OCES certificate can be converted from a `.P12` file to a `.PFX` file with the following [.NET code sample](https://github.com/ITfoxtec/FoxIDs/tree/master/tools/FoxIDs.ConvertCertificateTool). 
-
-    var certificateFileName = "serviceprovider";
-    var password = "Test1234";
-
-    var certificate = new X509Certificate2($"{certificateFileName}.p12", password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet);
-    File.WriteAllBytes($"{certificateFileName}.pfx", certificate.Export(X509ContentType.Pfx, password));
-
-The `.PFX` OCES certificate file is added as the primary certificate in the track.
+The `.P12` OCES certificate file is added as the primary certificate in the track.
 
 ![Add OCES certificate](images/howto-saml-nemlogin3-certificate.png)
 

diff --git a/src/FoxIDs.Control/Controllers/Helpers/TReadCertificateController.cs b/src/FoxIDs.Control/Controllers/Helpers/TReadCertificateController.cs
@@ -0,0 +1,51 @@
+using AutoMapper;
+using FoxIDs.Infrastructure;
+using Api = FoxIDs.Models.Api;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using System.Threading.Tasks;
+using ITfoxtec.Identity;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.AspNetCore.WebUtilities;
+using System;
+using System.ComponentModel.DataAnnotations;
+
+namespace FoxIDs.Controllers
+{
+    public class TReadCertificateController : TenantApiController
+    {
+        private readonly IMapper mapper;
+
+        public TReadCertificateController(TelemetryScopedLogger logger, IMapper mapper) : base(logger)
+        {
+            this.mapper = mapper;
+        }
+
+        /// <summary>
+        /// Read JWT with certificate information.
+        /// </summary>
+        /// <param name="certificateAndPassword">Base64 url encode certificate and optionally password.</param>
+        /// <returns>User.</returns>
+        [ProducesResponseType(typeof(Api.JwtWithCertificateInfo), StatusCodes.Status200OK)]
+        public async Task<ActionResult<Api.JwtWithCertificateInfo>> PostReadCertificate([FromBody] Api.CertificateAndPassword certificateAndPassword)
+        {
+            if (!await ModelState.TryValidateObjectAsync(certificateAndPassword)) return BadRequest(ModelState);
+
+            try
+            {
+                var certificate = certificateAndPassword.Password.IsNullOrWhiteSpace() switch
+                {
+                    true => new X509Certificate2(WebEncoders.Base64UrlDecode(certificateAndPassword.EncodeCertificate), string.Empty, keyStorageFlags: X509KeyStorageFlags.Exportable),
+                    false => new X509Certificate2(WebEncoders.Base64UrlDecode(certificateAndPassword.EncodeCertificate), certificateAndPassword.Password, keyStorageFlags: X509KeyStorageFlags.Exportable),
+                };
+
+                var jwt = await certificate.ToFTJsonWebKeyAsync(includePrivateKey: true);
+                return Ok(mapper.Map<Api.JwtWithCertificateInfo>(jwt));
+            }
+            catch (Exception ex)
+            {
+                throw new ValidationException("Unable to read certificate.", ex);
+            }
+        }
+    }
+}
diff --git a/src/FoxIDs.Control/Controllers/Parties/TSamlUpPartyReadMetadataController.cs b/src/FoxIDs.Control/Controllers/Parties/TSamlUpPartyReadMetadataController.cs
@@ -0,0 +1,58 @@
+using AutoMapper;
+using FoxIDs.Infrastructure;
+using Api = FoxIDs.Models.Api;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using System.Threading.Tasks;
+using System;
+using System.ComponentModel.DataAnnotations;
+using FoxIDs.Logic;
+using FoxIDs.Models;
+
+namespace FoxIDs.Controllers
+{
+    public class TSamlUpPartyReadMetadataController : TenantApiController
+    {
+        private readonly IMapper mapper;
+        private readonly SamlMetadataReadLogic samlMetadataReadLogic;
+
+        public TSamlUpPartyReadMetadataController(TelemetryScopedLogger logger, IMapper mapper, SamlMetadataReadLogic samlMetadataReadLogic) : base(logger)
+        {
+            this.mapper = mapper;
+            this.samlMetadataReadLogic = samlMetadataReadLogic;
+        }
+
+        /// <summary>
+        /// Read saml 2.0 up-party metadata.
+        /// </summary>
+        /// <param name="samlReadMetadataRequest">SAML 2.0 metadata.</param>
+        /// <returns>SAML 2.0 up-party.</returns>
+        [ProducesResponseType(typeof(Api.SamlUpParty), StatusCodes.Status200OK)]
+        public async Task<ActionResult<Api.SamlUpParty>> PostSamlUpPartyReadMetadata([FromBody] Api.SamlReadMetadataRequest samlReadMetadataRequest)
+        {
+            if (!await ModelState.TryValidateObjectAsync(samlReadMetadataRequest)) return BadRequest(ModelState);
+
+            try
+            {
+                var samlUpParty = new SamlUpParty { AuthnBinding = new SamlBinding() };
+                switch (samlReadMetadataRequest.Type)
+                {
+                    case Api.SamlReadMetadataType.Url:
+                        samlUpParty.MetadataUrl = samlReadMetadataRequest.Metadata;
+                        await samlMetadataReadLogic.PopulateModelAsync(samlUpParty);
+                        break;
+                    case Api.SamlReadMetadataType.Xml:
+                        await samlMetadataReadLogic.PopulateModelAsync(samlUpParty, samlReadMetadataRequest.Metadata);
+                        break;
+                    default:
+                        throw new NotSupportedException();
+                }
+                return Ok(mapper.Map<Api.SamlUpParty>(samlUpParty));
+            }
+            catch (Exception ex)
+            {
+                throw new ValidationException("Unable to read SAML 2.0 metadata.", ex);
+            }
+        }
+    }
+}
diff --git a/src/FoxIDs.Control/Controllers/Tracks/TTrackKeyContainedController.cs b/src/FoxIDs.Control/Controllers/Tracks/TTrackKeyContainedController.cs
@@ -49,6 +49,7 @@ public TTrackKeyContainedController(TelemetryScopedLogger logger, IMapper mapper
                     ModelState.TryAddModelError(string.Empty, vex.Message);
                     return BadRequest(ModelState);
                 }
+
                 return Ok(mapper.Map<Api.TrackKeyItemsContained>(mTrack.Key));
             }
             catch (CosmosDataException ex)

diff --git a/src/FoxIDs.Control/Controllers/Tracks/TTrackLogController.cs b/src/FoxIDs.Control/Controllers/Tracks/TTrackLogController.cs
@@ -51,7 +51,7 @@ public TTrackLogController(FoxIDsControlSettings settings, TelemetryScopedLogger
                 logRequest.QueryEvents = true;
             }
 
-            var httpClient = httpClientFactory.CreateClient();
+            var httpClient = httpClientFactory.CreateClient(nameof(HttpClient));
             httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(IdentityConstants.TokenTypes.Bearer, await GetAccessToken());
 
             var from = DateTimeOffset.FromUnixTimeSeconds(logRequest.FromTime);

diff --git a/src/FoxIDs.Control/FoxIDs.Control.csproj b/src/FoxIDs.Control/FoxIDs.Control.csproj
@@ -1,8 +1,8 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
 	<PropertyGroup>
-		<TargetFramework>net5.0</TargetFramework>
-		<Version>1.0.0.2</Version>
+		<TargetFramework>net6.0</TargetFramework>
+		<Version>1.0.1.0</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>
@@ -18,22 +18,22 @@
 		<ErrorOnDuplicatePublishOutputFiles>false</ErrorOnDuplicatePublishOutputFiles>
 	</PropertyGroup>
 
-	<ItemGroup>
-		<PackageReference Include="AutoMapper" Version="10.1.1" />
-		<PackageReference Include="Azure.Identity" Version="1.3.0" />
-		<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.1.0" />
-		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.18.0" />
-		<PackageReference Include="Microsoft.Azure.ApplicationInsights.Query" Version="1.0.0" />
-		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="5.0.1" />
-		<PackageReference Include="Microsoft.Extensions.Configuration.AzureKeyVault" Version="3.1.13" />
-		<PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
-		<PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="5.6.3" />
-	</ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="AutoMapper" Version="10.1.1" />
+    <PackageReference Include="Azure.Identity" Version="1.3.0" />
+    <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.1.0" />
+    <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.18.0" />
+    <PackageReference Include="Microsoft.Azure.ApplicationInsights.Query" Version="1.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="5.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.AzureKeyVault" Version="3.1.13" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="5.6.3" />
+  </ItemGroup>
 
-	<ItemGroup>
-		<ProjectReference Include="..\FoxIDs.ControlClient\FoxIDs.ControlClient.csproj" />
-		<ProjectReference Include="..\FoxIDs.ControlShared\FoxIDs.ControlShared.csproj" />
-		<ProjectReference Include="..\FoxIDs.Shared\FoxIDs.Shared.csproj" />
-	</ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\FoxIDs.ControlClient\FoxIDs.ControlClient.csproj" />
+	<ProjectReference Include="..\FoxIDs.ControlShared\FoxIDs.ControlShared.csproj" />
+    <ProjectReference Include="..\FoxIDs.Shared\FoxIDs.Shared.csproj" />
+  </ItemGroup>
 
 </Project>
diff --git a/src/FoxIDs.Control/Infrastructure/Hosting/ServiceCollectionExtensions.cs b/src/FoxIDs.Control/Infrastructure/Hosting/ServiceCollectionExtensions.cs
@@ -77,9 +77,6 @@ public static IServiceCollection AddInfrastructure(this IServiceCollection servi
                 });
             }
 
-            services.AddHttpContextAccessor();
-            services.AddHttpClient();
-
             services.AddApiSwagger();
             services.AddAutoMapper();
 

diff --git a/src/FoxIDs.Control/Logic/ValidateSamlPartyLogic.cs b/src/FoxIDs.Control/Logic/ValidateSamlPartyLogic.cs
@@ -47,7 +47,7 @@ private bool ValidateSignatureAlgorithmAndSigningKeys(ModelStateDictionary model
                 ValidateSigningKeys(modelState, nameof(samlDownParty.Keys), samlDownParty.Keys);
         }
 
-        private bool ValidateSigningKeys(ModelStateDictionary modelState, string propertyName, List<JsonWebKey> keys)
+        private bool ValidateSigningKeys(ModelStateDictionary modelState, string propertyName, List<Api.JwtWithCertificateInfo> keys)
         {
             var isValid = true;
             try