From 5439eb493ea0df38005e61bbb96555751c035420 Mon Sep 17 00:00:00 2001 From: Joseph Shook Date: Sun, 12 May 2024 09:46:46 -0700 Subject: [PATCH] Final removal of deprecated ServerSupport ServerSetting property. --- Udap.Server/Configuration/ServerSettings.cs | 10 - .../UdapDynamicClientRegistrationValidator.cs | 45 +- Udap.Server/docs/README.md | 1 - .../IdServerRegistrationTests.cs | 11 - .../UdapServer.Tests/Hl7RegistrationTests.cs | 3 +- .../UdapServer.Tests/UdapRegistrationTests.cs | 1375 ----------------- .../Udap.Auth.Server/HostingExtensions.cs | 1 - .../Properties/launchSettings.json | 2 - .../appsettings.Development.json | 1 - .../appsettings.Production.json | 1 - .../appsettings.Development.json | 1 - .../appsettings.Production.json | 1 - .../HostingExtensions.cs | 1 - .../appsettings.Development.json | 1 - .../appsettings.Production.json | 1 - 15 files changed, 2 insertions(+), 1453 deletions(-) delete mode 100644 _tests/UdapServer.Tests/UdapRegistrationTests.cs diff --git a/Udap.Server/Configuration/ServerSettings.cs b/Udap.Server/Configuration/ServerSettings.cs index 623d9677..933ffaef 100644 --- a/Udap.Server/Configuration/ServerSettings.cs +++ b/Udap.Server/Configuration/ServerSettings.cs @@ -13,10 +13,6 @@ namespace Udap.Server.Configuration; public class ServerSettings { - // [JsonPropertyName("ServerSupport")] - // [JsonConverter(typeof(JsonStringEnumConverter))] - // public ServerSupport ServerSupport { get; set; } - [JsonPropertyName("DefaultSystemScopes")] public string? DefaultSystemScopes { get; set; } @@ -56,12 +52,6 @@ public class ServerSettings } -public enum ServerSupport -{ - UDAP = 0, - Hl7SecurityIG = 1 -} - public static class ConfigurationExtension { public static TOptions GetOption(this IConfiguration configuration, string settingKey) diff --git a/Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs b/Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs index 92153b6f..3df8586d 100644 --- a/Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs +++ b/Udap.Server/Registration/UdapDynamicClientRegistrationValidator.cs @@ -88,10 +88,7 @@ IEnumerable anchors ) { using var activity = Tracing.ValidationActivitySource.StartActivity("UdapDynamicClientRegistrationValidator.Validate"); - - // _logger.LogDebug($"Start client validation with Server Support Type {_serverSettings.ServerSupport}"); - - + var tokenHandler = new JsonWebTokenHandler(); var jsonWebToken = tokenHandler.ReadJsonWebToken(request.SoftwareStatement); var jwtHeader = JwtHeader.Base64UrlDeserialize(jsonWebToken.EncodedHeader); @@ -452,53 +449,13 @@ IEnumerable anchors ////////////////////////////// if (client.AllowedGrantTypes.Count != 0 && //Cancel Registration - // _serverSettings.ServerSupport == ServerSupport.Hl7SecurityIG && (document.Scope == null || !document.Scope.Any())) { return await Task.FromResult(new UdapDynamicClientRegistrationValidationResult( UdapDynamicClientRegistrationErrors.InvalidClientMetadata, "scope is required")); } - - // Enrich Scopes: Todo: inject a ScopeEnricher - // TODO: Need a policy engine for various things. UDAP ServerMode allows and empty scope during registration. - // So some kind of policy linked to maybe issued certificate certification and/or community or something - // There are a lot of choices left up to a community. The HL7 ServerMode requires scopes to be sent during registration. - // This doesn't mean the problem is easier it just means we could filter down during registration even if policy - // allowed for a broader list of scopes. - // Below I use ServerSettings from appsettings. This basically says that server is either UDAP or HL7 mode. Well - // sort of. The code is only trying to pass udap.org tests and survive a HL7 connect-a-thon. By putting the logic in - // a policy engine we can have one server UDAP and Hl7 Mode or whatever the policy engine allows. - - // - // Also there should be a better way to do this. It will repeat many scope entries per client. - // - // TODO: Remove when we prove we no longer need legacy UDAP server support - // if (_serverSettings.ServerSupport == ServerSupport.UDAP) - // { - // if (string.IsNullOrWhiteSpace(document.Scope)) - // { - // IEnumerable? scopes = null; - // - // if (document.GrantTypes != null && document.GrantTypes.Contains(OidcConstants.GrantTypes.ClientCredentials)) - // { - // scopes = _serverSettings.DefaultSystemScopes?.FromSpaceSeparatedString(); - // } - // else if (document.GrantTypes != null && document.GrantTypes.Contains(OidcConstants.GrantTypes.AuthorizationCode)) - // { - // scopes = _serverSettings.DefaultUserScopes?.FromSpaceSeparatedString(); - // } - // - // if (scopes != null) - // { - // foreach (var scope in scopes) - // { - // client?.AllowedScopes.Add(scope); - // } - // } - // } - // } if (document.Scope != null && document.Any()) { var scopes = document.Scope.Split(' ', StringSplitOptions.RemoveEmptyEntries); diff --git a/Udap.Server/docs/README.md b/Udap.Server/docs/README.md index db75c561..29a49163 100644 --- a/Udap.Server/docs/README.md +++ b/Udap.Server/docs/README.md @@ -39,7 +39,6 @@ builder.Services.AddIdentityServer() var udapServerOptions = builder.Configuration.GetOption("ServerSettings"); options.DefaultSystemScopes = udapServerOptions.DefaultSystemScopes; options.DefaultUserScopes = udapServerOptions.DefaultUserScopes; - options.ServerSupport = udapServerOptions.ServerSupport; options.ForceStateParamOnAuthorizationCode = udapServerOptions. ForceStateParamOnAuthorizationCode; }, diff --git a/_tests/Udap.Client.System.Tests/IdServerRegistrationTests.cs b/_tests/Udap.Client.System.Tests/IdServerRegistrationTests.cs index c5a465d5..21e12f25 100644 --- a/_tests/Udap.Client.System.Tests/IdServerRegistrationTests.cs +++ b/_tests/Udap.Client.System.Tests/IdServerRegistrationTests.cs @@ -1336,17 +1336,6 @@ public async Task RegistrationSuccess_authorization_code_FhirLabs_desktop_Test() } - - // - // IDP Server must be running in ServerSupport mode of ServerSupport.UDAP for this to fail and pass the test. - // See part of test where getting Access Token - // var jwtPayload = new JwtPayload( - // result.Issuer, - // - // vs normal - // - // var jwtPayload = new JwtPayload( - // result.ClientId, // // If you want Udap.Idp to run in UDAP mode the use "ASPNETCORE_ENVIRONMENT": "Production" to launch. Or // however you get the serer to pickup appsettings.Production.json diff --git a/_tests/UdapServer.Tests/Hl7RegistrationTests.cs b/_tests/UdapServer.Tests/Hl7RegistrationTests.cs index c4f5c2f9..3cea2628 100644 --- a/_tests/UdapServer.Tests/Hl7RegistrationTests.cs +++ b/_tests/UdapServer.Tests/Hl7RegistrationTests.cs @@ -93,8 +93,7 @@ protected override IHost CreateHost(IHostBuilder builder) var overrideSettings = new Dictionary { - { "ConnectionStrings:DefaultConnection", "Data Source=Udap.Idp.db.HL7;" }, - { "ServerSettings:ServerSupport", "Hl7SecurityIG" } + { "ConnectionStrings:DefaultConnection", "Data Source=Udap.Idp.db.HL7;" } }; builder.ConfigureHostConfiguration(b => b.AddInMemoryCollection(overrideSettings!)); diff --git a/_tests/UdapServer.Tests/UdapRegistrationTests.cs b/_tests/UdapServer.Tests/UdapRegistrationTests.cs deleted file mode 100644 index e4eed714..00000000 --- a/_tests/UdapServer.Tests/UdapRegistrationTests.cs +++ /dev/null @@ -1,1375 +0,0 @@ -// #region (c) 2023 Joseph Shook. All rights reserved. -// // /* -// // Authors: -// // Joseph Shook Joseph.Shook@Surescripts.com -// // -// // See LICENSE in the project root for license information. -// // */ -// #endregion -// -// using System.Net; -// using System.Net.Http.Json; -// using System.Security.Cryptography.X509Certificates; -// using System.Text; -// using System.Text.Json; -// using Duende.IdentityServer.EntityFramework.DbContexts; -// using FluentAssertions; -// using Hl7.Fhir.Model; -// using IdentityModel; -// using Microsoft.AspNetCore.Hosting; -// using Microsoft.AspNetCore.Mvc.Testing; -// using Microsoft.EntityFrameworkCore; -// using Microsoft.Extensions.Configuration; -// using Microsoft.Extensions.DependencyInjection; -// using Microsoft.Extensions.Hosting; -// using Microsoft.Extensions.Logging; -// using Microsoft.IdentityModel.Tokens; -// using NSubstitute; -// using Udap.Client.Client.Extensions; -// using Udap.Common.Certificates; -// using Udap.Model; -// using Udap.Model.Registration; -// using Udap.Model.Statement; -// using Udap.Server.DbContexts; -// using Xunit.Abstractions; -// using Task = System.Threading.Tasks.Task; -// -// namespace UdapServer.Tests; -// -// public class UdapApiTestFixture : WebApplicationFactory -// { -// public ITestOutputHelper? Output { get; set; } -// public IUdapDbAdminContext UdapDbAdminContext { get; set; } = null!; -// -// private ServiceProvider _serviceProvider = null!; -// private IServiceScope _serviceScope = null!; -// -// -// public UdapApiTestFixture() -// { -// SeedData.EnsureSeedData("Data Source=./Udap.Idp.db;", Substitute.For()).GetAwaiter().GetResult(); -// } -// -// protected override IHost CreateHost(IHostBuilder builder) -// { -// Environment.SetEnvironmentVariable("ASPNETCORE_URLS", "http://localhost"); -// //Similar to pushing to the cloud where the docker image runs as localhost:8080 but we want to inform Udap.Idp -// //that it is some other https url for settings like aud, register and other metadata published settings. -// Environment.SetEnvironmentVariable("UdapIdpBaseUrl", "http://localhost"); -// Environment.SetEnvironmentVariable("provider", "Sqlite"); -// builder.UseEnvironment("Development"); -// -// builder.ConfigureServices(services => -// { -// services.AddSingleton(); -// -// // -// // Fix-up TrustChainValidator to ignore certificate revocation -// // -// var descriptor = services.SingleOrDefault(d => d.ServiceType == typeof(TrustChainValidator)); -// -// -// if (descriptor != null) -// { -// Console.WriteLine($"Removing {descriptor}"); -// services.Remove(descriptor); -// } -// else -// { -// Console.WriteLine("Nothing to remove???"); -// } -// -// services.AddSingleton(new TrustChainValidator( -// new X509ChainPolicy -// { -// VerificationFlags = X509VerificationFlags.IgnoreWrongUsage, -// RevocationFlag = X509RevocationFlag.ExcludeRoot, -// RevocationMode = X509RevocationMode.NoCheck // This is the change unit testing with no revocation endpoint to host the revocation list. -// }, -// Output!.ToLogger())); -// -// _serviceProvider = services.BuildServiceProvider(); -// _serviceScope = _serviceProvider.GetRequiredService().CreateScope(); -// UdapDbAdminContext = _serviceScope.ServiceProvider.GetRequiredService(); -// }); -// -// var overrideSettings = new Dictionary -// { -// { "ConnectionStrings:DefaultConnection", "Data Source=Udap.Idp.db;" }, -// { "ServerSettings:ServerSupport", "UDAP"}, -// { "ServerSettings:LogoRequired", "false"} -// -// }; -// -// var sb = new StringBuilder(); -// -// foreach (var resName in ModelInfo.SupportedResources) -// { -// sb.Append(' ').Append($"user/{resName}.*"); -// sb.Append(' ').Append($"user/{resName}.read"); -// } -// -// overrideSettings.Add("ServerSettings:DefaultUserScopes", sb.ToString().TrimStart()); -// -// sb = new StringBuilder(); -// -// foreach (var resName in ModelInfo.SupportedResources) -// { -// sb.Append(' ').Append($"system/{resName}.*"); -// sb.Append(' ').Append($"system/{resName}.read"); -// } -// -// overrideSettings.Add("ServerSettings:DefaultSystemScopes", sb.ToString().TrimStart()); -// -// -// -// builder.ConfigureHostConfiguration(b => b.AddInMemoryCollection(overrideSettings!)); -// -// builder.ConfigureLogging(logging => -// { -// logging.ClearProviders(); -// logging.AddXUnit(Output!); -// }); -// -// var app = base.CreateHost(builder); -// -// return app; -// } -// -// /// -// public override async ValueTask DisposeAsync() -// { -// _serviceScope.Dispose(); -// await _serviceProvider.DisposeAsync(); -// } -// -// protected override void ConfigureWebHost(IWebHostBuilder builder) -// { -// builder.UseSetting("skipRateLimiting", null); -// -// // -// // Linux needs to know how to find appsettings file in web api under test. -// // Still works with Windows but what a pain. This feels fragile -// // TODO: -// // -// //This is not working for linux tests like it did in other projects. -// builder.UseSetting("contentRoot", "../../../../../examples/Udap.Auth.Server/"); -// } -// } -// -// /// -// /// Full Web tests. Using web server. -// /// -// [Collection("Udap.Auth.Server")] -// public class UdapServerRegistrationTests : IClassFixture -// { -// private UdapApiTestFixture _fixture; -// private readonly ITestOutputHelper _testOutputHelper; -// -// public UdapServerRegistrationTests(UdapApiTestFixture fixture, ITestOutputHelper testOutputHelper) -// { -// if (fixture == null) throw new ArgumentNullException(nameof(fixture)); -// fixture.Output = testOutputHelper; -// _fixture = fixture; -// _testOutputHelper = testOutputHelper; -// } -// -// [Fact] -// public async Task RegistrationSuccess_authorization_code_Test() -// { -// using var client = _fixture.CreateClient(); -// await ResetClientInDatabase(); -// -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// // var discoJsonFormatted = -// // JsonSerializer.Serialize(disco.Json, new JsonSerializerOptions { WriteIndented = true }); -// // _testOutputHelper.WriteLine(discoJsonFormatted); -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine("CertStore/issued", -// "weatherApiClientLocalhostCert1.pfx"); -// -// _testOutputHelper.WriteLine($"Path to Cert: {cert}"); -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// // -// // Could use JwtPayload. But because we have a typed object, UdapDynamicClientRegistrationDocument -// // I have it implementing IDictionary so the JsonExtensions.SerializeToJson method -// // can prepare it the same way JwtPayLoad is essentially implemented, but light weight -// // and specific to this Udap Dynamic Registration. -// // -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "http://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "authorization_code", "refresh_token" }, -// ResponseTypes = new HashSet { "code" }, -// RedirectUris = new List(){ "http://localhost/signin-oidc" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "user/Patient.*" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = -// await client.PostAsJsonAsync(reg, -// requestBody); //TODO on server side fail for Certifications empty collection -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.Created); -// -// // var documentAsJson = JsonSerializer.Serialize(document); -// // var result = await response.Content.ReadAsStringAsync(); -// // _testOutputHelper.WriteLine(result); -// // result.Should().BeEquivalentTo(documentAsJson); -// -// var responseUdapDocument = -// await response.Content.ReadFromJsonAsync(); -// -// responseUdapDocument.Should().NotBeNull(); -// responseUdapDocument!.ClientId.Should().NotBeNullOrEmpty(); -// _testOutputHelper.WriteLine(JsonSerializer.Serialize(responseUdapDocument, -// new JsonSerializerOptions { WriteIndented = true })); -// -// // -// // Assertions according to -// // https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1 -// // -// responseUdapDocument.SoftwareStatement.Should().Be(signedSoftwareStatement); -// responseUdapDocument.ClientName.Should().Be(document.ClientName); -// responseUdapDocument.Issuer.Should().Be(document.Issuer); -// -// ((JsonElement)responseUdapDocument["Extra"]).GetString().Should().Be(document["Extra"].ToString()); -// -// -// using var scope = _fixture.Services.GetRequiredService().CreateScope(); -// var udapContext = scope.ServiceProvider.GetRequiredService(); -// -// var clientEntity = await udapContext.Clients -// .Include(c => c.RedirectUris) -// .SingleAsync(c => c.ClientId == responseUdapDocument.ClientId); -// -// clientEntity.RequirePkce.Should().BeFalse(); -// -// clientEntity.RedirectUris.Single().RedirectUri.Should().Be("http://localhost/signin-oidc"); -// clientEntity.AllowOfflineAccess.Should().BeTrue(); -// } -// -// [Fact] -// public async Task RegistrationSuccessTest() -// { -// using var client = _fixture.CreateClient(); -// await ResetClientInDatabase(); -// -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// // var discoJsonFormatted = -// // JsonSerializer.Serialize(disco.Json, new JsonSerializerOptions { WriteIndented = true }); -// // _testOutputHelper.WriteLine(discoJsonFormatted); -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine("CertStore/issued", "weatherApiClientLocalhostCert1.pfx"); -// -// _testOutputHelper.WriteLine($"Path to Cert: {cert}"); -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = -// await client.PostAsJsonAsync(reg, -// requestBody); //TODO on server side fail for Certifications empty collection -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.Created); -// -// // var documentAsJson = JsonSerializer.Serialize(document); -// // var result = await response.Content.ReadAsStringAsync(); -// // _testOutputHelper.WriteLine(result); -// // result.Should().BeEquivalentTo(documentAsJson); -// -// var responseUdapDocument = -// await response.Content.ReadFromJsonAsync(); -// -// responseUdapDocument.Should().NotBeNull(); -// responseUdapDocument!.ClientId.Should().NotBeNullOrEmpty(); -// _testOutputHelper.WriteLine(JsonSerializer.Serialize(responseUdapDocument, -// new JsonSerializerOptions { WriteIndented = true })); -// -// // -// // Assertions according to -// // https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1 -// // -// responseUdapDocument.SoftwareStatement.Should().Be(signedSoftwareStatement); -// responseUdapDocument.ClientName.Should().Be(document.ClientName); -// responseUdapDocument.Issuer.Should().Be(document.Issuer); -// -// ((JsonElement)responseUdapDocument["Extra"]).GetString().Should().Be(document["Extra"].ToString()); -// -// -// using var scope = _fixture.Services.GetRequiredService().CreateScope(); -// var udapContext = scope.ServiceProvider.GetRequiredService(); -// -// var clientEntity = await udapContext.Clients -// .Include(c => c.AllowedScopes) -// .SingleAsync(c => c.ClientId == responseUdapDocument.ClientId); -// -// clientEntity.RequirePkce.Should().BeTrue(); -// -// clientEntity.AllowedScopes.Count.Should().Be(ModelInfo.SupportedResources.Count * 2); -// clientEntity.AllowOfflineAccess.Should().BeFalse(); -// } -// -// [Fact] -// public async Task RegistrationMissingx5cHeaderTest() -// { -// // var clientPolicyStore = _fixture.Services.GetService(); -// // -// // -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// // var discoJsonFormatted = -// // JsonSerializer.Serialize(disco.Json, new JsonSerializerOptions { WriteIndented = true }); -// // _testOutputHelper.WriteLine(discoJsonFormatted); -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "https://weatherapi.lab:5021/fhir", -// Subject = "https://weatherapi.lab:5021/fhir", -// Audience = "https://weatherapi.lab:5021/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegistrationInvalidSoftwareStatement_Signature_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement + "Invalid", -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_issMatchesUriName_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost:9999/", -// Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_issMissing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// // Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_subMissing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// // Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Be(UdapDynamicClientRegistrationErrorDescriptions.SubIsMissing); -// } -// -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_subNotEqualtoIss_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost:9999/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Be(UdapDynamicClientRegistrationErrorDescriptions.SubNotEqualToIss); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_audMissing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// // Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.InvalidAud}: "); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_audEqualsRegistrationEndpoint_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.InvalidMatchAud}"); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_expMissing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// // Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.ExpMissing}"); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_expExpired_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost:5002/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(-5).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Contain($"{UdapDynamicClientRegistrationErrorDescriptions.ExpExpired}"); -// } -// -// //invalid_software_statement -// [Fact] -// public async Task RegisrationInvalidSotwareStatement_iatMissing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// //IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidSoftwareStatement); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.IssuedAtMissing}"); -// } -// -// //invalid_client_metadata -// [Fact] -// public async Task RegistrationInvalidClientMetadata_clientName_Missing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// // ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidClientMetadata); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.ClientNameMissing}"); -// } -// -// //invalid_client_metadata -// // -// // Remember and empty grant_types is a cancel registration -// // http://hl7.org/fhir/us/udap-security/registration.html#modifying-and-cancelling-registrations -// // But a missing grant_types is an error -// // -// [Fact] -// public async Task RegisrationInvalidClientMetadata_grant_types_Missing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// // GrantTypes = new HashSet { "client_credentials" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidClientMetadata); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.GrantTypeMissing}"); -// } -// -// //invalid_client_metadata -// [Fact] -// public async Task RegisrationInvalidClientMetadata_responseTypes_Missing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "authorization_code" }, -// TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "user/Patient.* user/Practitioner.read", -// RedirectUris = new List { new Uri($"https://client.fhirlabs.net/redirect/{Guid.NewGuid()}").AbsoluteUri }, -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidClientMetadata); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.ResponseTypesMissing}"); -// } -// -// //invalid_client_metadata -// [Fact] -// public async Task RegisrationInvalidClientMetadata_tokenEndpointAuthMethodMissing_Test() -// { -// using var client = _fixture.CreateClient(); -// var disco = await client.GetUdapDiscoveryDocument(); -// -// disco.HttpResponse.StatusCode.Should().Be(HttpStatusCode.OK); -// disco.IsError.Should().BeFalse($"{disco.Error} :: {disco.HttpErrorReason}"); -// -// var regEndpoint = disco.RegistrationEndpoint; -// var reg = new Uri(regEndpoint!); -// -// var cert = Path.Combine(Path.Combine(AppContext.BaseDirectory, "CertStore/issued"), -// "weatherApiClientLocalhostCert1.pfx"); -// -// var clientCert = new X509Certificate2(cert, "udap-test"); -// var now = DateTime.UtcNow; -// var jwtId = CryptoRandom.CreateUniqueId(); -// -// var document = new UdapDynamicClientRegistrationDocument -// { -// Issuer = "http://localhost/", -// Subject = "http://localhost/", -// Audience = "https://localhost/connect/register", -// Expiration = EpochTime.GetIntDate(now.AddMinutes(1).ToUniversalTime()), -// IssuedAt = EpochTime.GetIntDate(now.ToUniversalTime()), -// JwtId = jwtId, -// ClientName = "udapTestClient", -// Contacts = new HashSet { "FhirJoe@BridgeTown.lab", "FhirJoe@test.lab" }, -// GrantTypes = new HashSet { "client_credentials" }, -// //TokenEndpointAuthMethod = UdapConstants.RegistrationDocumentValues.TokenEndpointAuthMethodValue, -// Scope = "system/Patient.* system/Practitioner.read" -// }; -// -// document.Add("Extra", "Stuff" as string); -// -// var signedSoftwareStatement = -// SignedSoftwareStatementBuilder -// .Create(clientCert, document) -// .Build(); -// -// var requestBody = new UdapRegisterRequest -// ( -// signedSoftwareStatement, -// UdapConstants.UdapVersionsSupportedValue -// ); -// -// var response = await client.PostAsJsonAsync(reg, requestBody); -// -// if (response.StatusCode != HttpStatusCode.Created) -// { -// _testOutputHelper.WriteLine(await response.Content.ReadAsStringAsync()); -// } -// -// response.StatusCode.Should().Be(HttpStatusCode.BadRequest); -// -// var errorResponse = -// await response.Content.ReadFromJsonAsync(); -// -// errorResponse.Should().NotBeNull(); -// errorResponse!.Error.Should().Be(UdapDynamicClientRegistrationErrors.InvalidClientMetadata); -// errorResponse.ErrorDescription.Should().Be($"{UdapDynamicClientRegistrationErrorDescriptions.TokenEndpointAuthMethodMissing}"); -// } -// -// private async Task ResetClientInDatabase() -// { -// foreach (var dbClient in _fixture.UdapDbAdminContext.Clients) -// { -// _fixture.UdapDbAdminContext.Clients.Remove(dbClient); -// } -// -// await _fixture.UdapDbAdminContext.SaveChangesAsync(); -// } -// } \ No newline at end of file diff --git a/examples/Udap.Auth.Server/HostingExtensions.cs b/examples/Udap.Auth.Server/HostingExtensions.cs index 25e52b91..bfd05299 100644 --- a/examples/Udap.Auth.Server/HostingExtensions.cs +++ b/examples/Udap.Auth.Server/HostingExtensions.cs @@ -71,7 +71,6 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde var udapServerOptions = builder.Configuration.GetOption("ServerSettings"); options.DefaultSystemScopes = udapServerOptions.DefaultSystemScopes; options.DefaultUserScopes = udapServerOptions.DefaultUserScopes; - // options.ServerSupport = udapServerOptions.ServerSupport; options.ForceStateParamOnAuthorizationCode = udapServerOptions.ForceStateParamOnAuthorizationCode; options.LogoRequired = udapServerOptions.LogoRequired; options.RequireConsent = udapServerOptions.RequireConsent; diff --git a/examples/Udap.Auth.Server/Properties/launchSettings.json b/examples/Udap.Auth.Server/Properties/launchSettings.json index 01984f75..1aa5bc78 100644 --- a/examples/Udap.Auth.Server/Properties/launchSettings.json +++ b/examples/Udap.Auth.Server/Properties/launchSettings.json @@ -17,7 +17,6 @@ "environmentVariables": { "GCPDeploy": "false", "ASPNETCORE_ENVIRONMENT": "Development", - "ServerSettings:ServerSupport": "UDAP", "ServerSettings:DefaultSystemScopes": "udap system.cruds system/*.rs", "ServerSettings:DefaultUserScopes": "udap user.cruds", "ServerSettings:ForceStateParamOnAuthorizationCode": "true", @@ -32,7 +31,6 @@ "environmentVariables": { "GCPDeploy": "true", "ASPNETCORE_ENVIRONMENT": "Development", - "ServerSettings:ServerSupport": "UDAP", "ServerSettings:DefaultSystemScopes": "udap system.cruds", "ServerSettings:DefaultUserScopes": "udap user.cruds", "UdapIdpBaseUrl": "https://host.docker.internal:5002" diff --git a/examples/Udap.Auth.Server/appsettings.Development.json b/examples/Udap.Auth.Server/appsettings.Development.json index 89948884..7e98e96d 100644 --- a/examples/Udap.Auth.Server/appsettings.Development.json +++ b/examples/Udap.Auth.Server/appsettings.Development.json @@ -22,7 +22,6 @@ }, "ServerSettings": { - "ServerSupport": "Hl7SecurityIG", "LogoRequired": "true" }, diff --git a/examples/Udap.Auth.Server/appsettings.Production.json b/examples/Udap.Auth.Server/appsettings.Production.json index b9be8fd1..e04fbe50 100644 --- a/examples/Udap.Auth.Server/appsettings.Production.json +++ b/examples/Udap.Auth.Server/appsettings.Production.json @@ -22,7 +22,6 @@ "ServerSettings": { - "ServerSupport": "UDAP", "LogoRequired": "true", //https://hl7.org/fhir/smart-app-launch/scopes-and-launch-context.html "DefaultSystemScopes": "openid system/*.rs system/*.read", diff --git a/examples/Udap.Identity.Provider.2/appsettings.Development.json b/examples/Udap.Identity.Provider.2/appsettings.Development.json index 7b65143a..eed4d293 100644 --- a/examples/Udap.Identity.Provider.2/appsettings.Development.json +++ b/examples/Udap.Identity.Provider.2/appsettings.Development.json @@ -7,7 +7,6 @@ }, "ServerSettings": { - "ServerSupport": "UDAP", "DefaultUserScopes": "openid udap fhirUser email profile", "ForceStateParamOnAuthorizationCode": true }, diff --git a/examples/Udap.Identity.Provider.2/appsettings.Production.json b/examples/Udap.Identity.Provider.2/appsettings.Production.json index de57cf40..d31ca33c 100644 --- a/examples/Udap.Identity.Provider.2/appsettings.Production.json +++ b/examples/Udap.Identity.Provider.2/appsettings.Production.json @@ -1,6 +1,5 @@ { "ServerSettings": { - "ServerSupport": "UDAP", "DefaultUserScopes": "openid fhirUser email profile", "ForceStateParamOnAuthorizationCode": true }, diff --git a/examples/Udap.Identity.Provider/HostingExtensions.cs b/examples/Udap.Identity.Provider/HostingExtensions.cs index ba6d08ab..261227f7 100644 --- a/examples/Udap.Identity.Provider/HostingExtensions.cs +++ b/examples/Udap.Identity.Provider/HostingExtensions.cs @@ -51,7 +51,6 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde var udapServerOptions = builder.Configuration.GetOption("ServerSettings"); options.DefaultSystemScopes = udapServerOptions.DefaultSystemScopes; options.DefaultUserScopes = udapServerOptions.DefaultUserScopes; - // options.ServerSupport = udapServerOptions.ServerSupport; options.ForceStateParamOnAuthorizationCode = udapServerOptions.ForceStateParamOnAuthorizationCode; options.LogoRequired = udapServerOptions.LogoRequired; options.AlwaysIncludeUserClaimsInIdToken = udapServerOptions.AlwaysIncludeUserClaimsInIdToken; diff --git a/examples/Udap.Identity.Provider/appsettings.Development.json b/examples/Udap.Identity.Provider/appsettings.Development.json index 893b638a..bf880c3a 100644 --- a/examples/Udap.Identity.Provider/appsettings.Development.json +++ b/examples/Udap.Identity.Provider/appsettings.Development.json @@ -11,7 +11,6 @@ }, "ServerSettings": { - "ServerSupport": "UDAP", "DefaultUserScopes": "openid udap fhirUser email profile", "ForceStateParamOnAuthorizationCode": true, "AlwaysIncludeUserClaimsInIdToken": true diff --git a/examples/Udap.Identity.Provider/appsettings.Production.json b/examples/Udap.Identity.Provider/appsettings.Production.json index 71193336..babcf513 100644 --- a/examples/Udap.Identity.Provider/appsettings.Production.json +++ b/examples/Udap.Identity.Provider/appsettings.Production.json @@ -1,6 +1,5 @@ { "ServerSettings": { - "ServerSupport": "UDAP", "LogoRequired": "false", "DefaultUserScopes": "openid fhirUser email profile", "ForceStateParamOnAuthorizationCode": true,