Update CustomHttpClientHandler.cs (#28)

* fixes #24 and #25

* fix pipeline

* fix pipeline

---------

Co-authored-by: Daniele Giallonardo <[email protected]>

.github/workflows/dotnet.yml

@@ -19,10 +19,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - name: Setup .NET 7.0.x
+    - name: Setup .NET 8.0.x
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 7.0.x
+        dotnet-version: 8.0.x
     - name: Restore dependencies
       run: dotnet restore
       working-directory: src
@@ -33,25 +33,29 @@ jobs:
       run: dotnet test --no-build --verbosity normal -p:CollectCoverage=true -p:CoverletOutput=TestResults/ -p:CoverletOutputFormat=opencover
       working-directory: src
     - name: Copy the opencover.xml file
+      if: github.event_name != 'pull_request'
       run: |
         find ./ -type f -name "coverage.opencover.xml" | while read fname; do
           dirname=`dirname "$fname"`
           cp "${dirname}/coverage.opencover.xml" "./coverage.opencover.xml"
         done
     - name: Create Test Coverage Badge Data
+      if: github.event_name != 'pull_request'
       uses: simon-k/[email protected]
       id: create_coverage_badge
       with:
         label: Unit Test Coverage
         color: brightgreen
         path: ./coverage.opencover.xml      
     - name: Create the Coverage Badge Data File
+      if: github.event_name != 'pull_request'
       uses: 1arp/[email protected]
       with:
         path: ./.github
         file: coverage_badge.json
         content: ${{steps.create_coverage_badge.outputs.badge}}
     - name: Commit coverage_badge.json
+      if: github.event_name != 'pull_request'
       run: |
         git config --global user.name 'GitHub Action'
         git config --global user.email '[email protected]'

README.md

@@ -1,6 +1,6 @@
 # SPID/CIE OIDC Federation SDK for AspNetCore
 
-![aspnetcore-versions](https://img.shields.io/badge/aspnetcore-7.0%20%7C%206.0%20%7C%205.0%20%7C%203.1-brightgreen)
+![aspnetcore-versions](https://img.shields.io/badge/aspnetcore-8.0%20%7C%207.0%20%7C%206.0%20%7C%205.0%20%7C%203.1-brightgreen)
 ![CI build](https://github.com/italia/spid-cie-oidc-aspnetcore/workflows/spid_cie_oidc/badge.svg)
 ![badge](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/italia/spid-cie-oidc-aspnetcore/main/.github/coverage_badge.json)
 ![Apache license](https://img.shields.io/badge/license-Apache%202-blue.svg)

src/Spid.Cie.OIDC.AspNetCore.Tests/IntegrationTests/AuthenticateTests.cs

@@ -94,7 +94,7 @@ public async Task ErrorOnGetRequestToCallbackPath()
 
         var queryString = QueryHelpers.ParseQuery(location.OriginalString);
 
-        Assert.ThrowsAnyAsync<Exception>(async () => await GetAsync(server, $"signin-spidcie?state={queryString["state"]}&error=test_error&error_description=error_description", cookies));
+        await Assert.ThrowsAnyAsync<Exception>(async () => await GetAsync(server, $"signin-spidcie?state={queryString["state"]}&error=test_error&error_description=error_description", cookies));
     }
 
     private Task<HttpResponseMessage> GetAsync(TestServer server, string path, IEnumerable<SetCookieHeaderValue> cookies)

src/Spid.Cie.OIDC.AspNetCore.Tests/Mocks/MockTokenValidationParametersRetriever.cs

@@ -1,4 +1,5 @@
-using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
 using Spid.Cie.OIDC.AspNetCore.Models;
 using System;
 using System.Threading.Tasks;
@@ -28,6 +29,12 @@ public async Task<TokenValidationParameters> RetrieveTokenValidationParameter()
             ValidateActor = false,
             ValidateIssuerSigningKey = false,
             ValidateTokenReplay = false,
+            SignatureValidator = (string token, TokenValidationParameters validationParameters) =>
+            {
+                var handler = new JsonWebTokenHandler();
+                var securityToken = handler.ReadToken(token);
+                return securityToken;
+            }
         };
     }
 }

src/Spid.Cie.OIDC.AspNetCore.Tests/Spid.Cie.OIDC.AspNetCore.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFramework>net7.0</TargetFramework>
+		<TargetFramework>net8.0</TargetFramework>
 		<Nullable>enable</Nullable>
 
 		<IsPackable>false</IsPackable>
@@ -28,15 +28,15 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="7.0.13" />
-		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.2" />
-		<PackageReference Include="Moq" Version="4.20.69" />
-		<PackageReference Include="xunit" Version="2.6.1" />
-		<PackageReference Include="xunit.runner.visualstudio" Version="2.5.3">
+		<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.4" />
+		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
+		<PackageReference Include="Moq" Version="4.20.70" />
+		<PackageReference Include="xunit" Version="2.8.0" />
+		<PackageReference Include="xunit.runner.visualstudio" Version="2.8.0">
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
-		<PackageReference Include="coverlet.collector" Version="6.0.0">
+		<PackageReference Include="coverlet.collector" Version="6.0.2">
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>

src/Spid.Cie.OIDC.AspNetCore.Tests/TrustChainManagerTests.cs

@@ -2,23 +2,26 @@
 using Moq;
 using Spid.Cie.OIDC.AspNetCore.Services;
 using Spid.Cie.OIDC.AspNetCore.Services.Defaults;
-using System;
 using System.Net.Http;
+using System.Threading.Tasks;
 using Xunit;
 
 namespace Spid.Cie.OIDC.AspNetCore.Tests;
 
 public class TrustChainManagerTests
 {
     [Fact]
-    public void EnsureTrailingSlash()
+    public async Task EnsureTrailingSlash()
     {
         var tcm = new TrustChainManager(Mock.Of<IHttpClientFactory>(),
             new Mocks.MockCryptoService(),
             new Mocks.MockMetadataPolicyHandler(),
             new DefaultLogPersister(Mock.Of<ILogger<DefaultLogPersister>>()),
             Mock.Of<ILogger<TrustChainManager>>());
-        Assert.ThrowsAnyAsync<Exception>(async () => await tcm.BuildTrustChain("http://127.0.0.1:8003/"));
+
+        var result = await tcm.BuildTrustChain("http://127.0.0.1:8003/");
+
+        Assert.Null(result);
     }
 
 }

src/Spid.Cie.OIDC.AspNetCore/Configuration/CustomHttpClientHandler.cs

@@ -37,23 +37,25 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
     public async Task<HttpResponseMessage> DecodeJoseResponse(HttpResponseMessage response)
     {
-        if (response.Content.Headers.ContentType!.MediaType == "application/jose")
+        if (("application/jose").Equals(response.Content.Headers.ContentType!.MediaType, StringComparison.OrdinalIgnoreCase)
+            || ("application/jwt").Equals(response.Content.Headers.ContentType!.MediaType, StringComparison.OrdinalIgnoreCase))
         {
             var token = await response.Content.ReadAsStringAsync();
             Throw<Exception>.If(string.IsNullOrWhiteSpace(token), "No Body Content found in the Jose response");
 
+            Throw<Exception>.If(token.Count(c => c == '.') != 2 && token.Count(c => c == '.') != 4,
+                "Invalid Jose response according to https://www.rfc-editor.org/rfc/rfc7516#section-9");
+
             var provider = await _rpSelector.GetSelectedRelyingParty();
             Throw<Exception>.If(provider is null, "No currently selected RelyingParty was found");
             Throw<Exception>.If(provider!.OpenIdCoreCertificates is null || provider!.OpenIdCoreCertificates.Count() == 0,
                 "No OpenIdCore Certificates were found in the currently selected RelyingParty");
 
             var certificate = provider!.OpenIdCoreCertificates!.FirstOrDefault()!;
+            var decodedToken = _cryptoService.DecodeJose(token, certificate);
 
-            var decodedToken = _cryptoService.DecodeJWT(_cryptoService.DecodeJose(token, certificate));
-
-            var httpResponse = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
-            httpResponse.Content = new StringContent(decodedToken, Encoding.UTF8, "application/json");
-            return httpResponse;
+            /* edit response to mantain detail of original request */
+            response.Content = new StringContent(decodedToken, Encoding.UTF8, "application/jwt");
         }
         return response;
     }

src/Spid.Cie.OIDC.AspNetCore/Spid.Cie.OIDC.AspNetCore.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFrameworks>net7.0;net6.0;net5.0;netcoreapp3.1</TargetFrameworks>
+		<TargetFrameworks>net8.0;net7.0;net6.0;net5.0;netcoreapp3.1</TargetFrameworks>
 		<LangVersion>latest</LangVersion>
 		<Nullable>enable</Nullable>
 		<Description>Spid/Cie OIDC Federation AspNetCore SDK</Description>
@@ -43,10 +43,14 @@
 
 	<ItemGroup>
 		<PackageReference Include="IdentityModel.AspNetCore" Version="4.3.0" />
-		<PackageReference Include="jose-jwt" Version="4.1.0" />
+		<PackageReference Include="jose-jwt" Version="5.0.0" />
 		<PackageReference Include="JWT" Version="10.1.1" />
 	</ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.4" />
+  </ItemGroup>
+
   <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="7.0.13" />
   </ItemGroup>