udap-tools · JoeShook · Sep 12, 2024 · Aug 28, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -27,6 +27,7 @@ jobs:
     - name: Pack
       run: |
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Model/Udap.Model.csproj 
+        dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Tefca.Model/Udap.Tefca.Model.csproj 
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Util/Udap.Util.csproj 
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Common/Udap.Common.csproj 
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Metadata.Server/Udap.Metadata.Server.csproj 
@@ -39,6 +40,7 @@ jobs:
     - name: Push
       run: |
         dotnet nuget push ./Udap.Model/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
+        dotnet nuget push ./Udap.Tefca.Model/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
         dotnet nuget push ./Udap.Util/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
         dotnet nuget push ./Udap.Common/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
         dotnet nuget push ./Udap.Metadata.Server/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,6 +27,7 @@ jobs:
     - name: Pack
       run: |
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Model/Udap.Model.csproj 
+        dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Tefca.Model/Udap.Tefca.Model.csproj 
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Util/Udap.Util.csproj 
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Common/Udap.Common.csproj 
         dotnet pack -v normal -c Release --include-source -p:PackageVersion=${VERSION} ./Udap.Metadata.Server/Udap.Metadata.Server.csproj 
@@ -39,6 +40,7 @@ jobs:
     - name: Push
       run: |
         dotnet nuget push ./Udap.Model/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
+        dotnet nuget push ./Udap.Tefca.Model/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
         dotnet nuget push ./Udap.Util/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
         dotnet nuget push ./Udap.Common/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}
         dotnet nuget push ./Udap.Metadata.Server/bin/Release/*.symbols.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_API_KEY }}

diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -6,6 +6,7 @@
     <!-- https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges -->
     <PackageVersion Include="Duende.IdentityServer.Storage" Version="7.0.6" />
     <PackageVersion Include="Google.Apis.Auth" Version="1.68.0" />
+    <PackageVersion Include="Hl7.Fhir.R4B" Version="5.9.1" />
     <PackageVersion Include="LazyCache" Version="2.4.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="[6.0.32,8.0.8]" />
     <PackageVersion Include="AspNetCoreRateLimit" Version="5.0.0" />
@@ -36,7 +37,7 @@
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="[6.0.0,7.0.1]" />
     <PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.1" />
+    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.2" />
     <PackageVersion Include="OpenTelemetry" Version="1.9.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.9.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
@@ -47,7 +48,7 @@
     <PackageVersion Include="Serilog.AspNetCore" Version="[6.1.0,7.0.0]" />
     <PackageVersion Include="Serilog.Extensions.Logging" Version="[3.1.0,7.0.0]" />
     <PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
-    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.0.1" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.0.2" />
     <PackageVersion Include="Udap.Metadata.Server" Version="0.3.24" />
     <PackageVersion Include="Yarp.ReverseProxy" Version="2.1.0" />
   </ItemGroup>

diff --git a/Udap.Common/Metadata/UdapMetaDataBuilder.cs b/Udap.Common/Metadata/UdapMetaDataBuilder.cs
@@ -9,8 +9,10 @@
 
 using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
+using System.Web;
 using IdentityModel;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using Udap.Common.Certificates;
 using Udap.Model;
@@ -20,19 +22,20 @@
 
 namespace Udap.Common.Metadata;
 
-public class UdapMetaDataBuilder
+public class UdapMetaDataBuilder<TUdapMetadataOptions, TUdapMetadata> 
+    where TUdapMetadataOptions : UdapMetadataOptions
+    where TUdapMetadata : UdapMetadata
 {
-    private UdapMetadata _udapMetadata;
+    private readonly IOptionsMonitor<TUdapMetadataOptions> _optionsMonitor;
     private readonly IPrivateCertificateStore _certificateStore;
-    private readonly ILogger<UdapMetaDataBuilder> _logger;
-
+    private readonly ILogger<UdapMetaDataBuilder<TUdapMetadataOptions, TUdapMetadata>> _logger;
 
     public UdapMetaDataBuilder(
-        UdapMetadata udapMetadata,
+        IOptionsMonitor<TUdapMetadataOptions> optionsMonitor,
         IPrivateCertificateStore certificateStore,
-        ILogger<UdapMetaDataBuilder> logger)
+        ILogger<UdapMetaDataBuilder<TUdapMetadataOptions, TUdapMetadata>> logger)
     {
-        _udapMetadata = udapMetadata;
+        _optionsMonitor = optionsMonitor;
         _certificateStore = certificateStore;
         _logger = logger;
     }
@@ -43,7 +46,10 @@
     /// <returns></returns>
     public ICollection<string> GetCommunities()
     {
-        return _udapMetadata.Communities();
+        var options = _optionsMonitor.CurrentValue;
+        var udapMetaData = (TUdapMetadata)Activator.CreateInstance(typeof(TUdapMetadata), options)!;
+
+        return udapMetaData.Communities();
     }
 
     /// <summary>
@@ -53,7 +59,10 @@
     /// <returns></returns>
     public string GetCommunitiesAsHtml(string path)
     {
-        return _udapMetadata.CommunitiesAsHtml(path);
+        var options = _optionsMonitor.CurrentValue;
+        var udapMetaData = (TUdapMetadata)Activator.CreateInstance(typeof(TUdapMetadata), options)!;
+
+        return udapMetaData.CommunitiesAsHtml(path);
     }
 
     /// <summary>
@@ -64,25 +73,27 @@
     /// <exception cref="System.NotImplementedException"></exception>
     public async Task<UdapMetadata?> SignMetaData(string baseUrl, string? community = null, CancellationToken token = default)
     {
-        var udapMetaData = _udapMetadata.Clone();
+        var options = _optionsMonitor.CurrentValue;
+        var udapMetaData = (TUdapMetadata)Activator.CreateInstance(typeof(TUdapMetadata), options)!;
+
         var udapMetadataConfig = udapMetaData.GetUdapMetadataConfig(community);
 
         if (udapMetadataConfig == null)
         {
-            _logger.LogWarning($"Missing metadata for community: {System.Web.HttpUtility.UrlEncode(community)}");
+            _logger.LogWarning($"Missing metadata for community: {System.Net.WebUtility.UrlEncode(community)}");
             return null;
         }
 
         udapMetaData.AuthorizationEndpoint = udapMetadataConfig.SignedMetadataConfig.AuthorizationEndpoint;
         udapMetaData.TokenEndpoint = udapMetadataConfig.SignedMetadataConfig.TokenEndpoint;
         udapMetaData.RegistrationEndpoint = udapMetadataConfig.SignedMetadataConfig.RegistrationEndpoint;
 
-        if (Enumerable.Any<string>(udapMetadataConfig.SignedMetadataConfig.RegistrationSigningAlgorithms))
+        if (udapMetadataConfig.SignedMetadataConfig.RegistrationSigningAlgorithms.Any())
         {
             udapMetaData.RegistrationEndpointJwtSigningAlgValuesSupported = udapMetadataConfig.SignedMetadataConfig.RegistrationSigningAlgorithms;
         }
 
-        if (Enumerable.Any<string>(udapMetadataConfig.SignedMetadataConfig.TokenSigningAlgorithms))
+        if (udapMetadataConfig.SignedMetadataConfig.TokenSigningAlgorithms.Any())
         {
             udapMetaData.TokenEndpointAuthSigningAlgValuesSupported = udapMetadataConfig.SignedMetadataConfig.TokenSigningAlgorithms;
         }
@@ -91,7 +102,7 @@
 
         if (certificate == null)
         {
-            _logger.LogWarning($"Missing default community certificate: {System.Web.HttpUtility.UrlEncode(community)}");
+            _logger.LogWarning($"Missing default community certificate: {System.Net.WebUtility.UrlEncode(community)}");
             return null;
         }
 
@@ -114,15 +125,15 @@
 
         var builder = SignedSoftwareStatementBuilder<ISoftwareStatementSerializer>.Create(certificate, jwtPayload);
 
-        if (Enumerable.First<string>(udapMetaData.RegistrationEndpointJwtSigningAlgValuesSupported).IsECDSA())
+        if (udapMetaData.RegistrationEndpointJwtSigningAlgValuesSupported.First().IsECDSA())
         {
-            udapMetaData.SignedMetadata = builder.BuildECDSA(Enumerable.First<string>(udapMetaData.
-                    RegistrationEndpointJwtSigningAlgValuesSupported));
+            udapMetaData.SignedMetadata = builder.BuildECDSA(udapMetaData.
+                RegistrationEndpointJwtSigningAlgValuesSupported.First());
         }
         else
         {
-            udapMetaData.SignedMetadata = builder.Build(Enumerable.First<string>(udapMetaData.
-                    RegistrationEndpointJwtSigningAlgValuesSupported));
+            udapMetaData.SignedMetadata = builder.Build(udapMetaData.
+                RegistrationEndpointJwtSigningAlgValuesSupported.First());
         }
 
         return udapMetaData;

diff --git a/Udap.Metadata.Server/Configuration/DependencyInjection/ServiceCollectionExtensions.cs b/Udap.Metadata.Server/Configuration/DependencyInjection/ServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-#region (c) 2023 Joseph Shook. All rights reserved.
+#region (c) 2024 Joseph Shook. All rights reserved.
 // /*
 //  Authors:
 //     Joseph Shook   [email protected]
@@ -7,18 +7,16 @@
 // */
 #endregion
 
-
-
 //
 // See reason for Microsoft.Extensions.DependencyInjection namespace
 // here: https://learn.microsoft.com/en-us/dotnet/core/extensions/dependency-injection-usage
 //
+using Hl7.Fhir.Utility;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using Hl7.Fhir.Utility;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Udap.Common;
@@ -27,7 +25,6 @@
 using Udap.Common.Metadata;
 using Udap.Metadata.Server;
 using Udap.Model;
-using Constants = Udap.Common.Constants;
 
 // ReSharper disable once CheckNamespace
 namespace Microsoft.Extensions.DependencyInjection;
@@ -36,66 +33,79 @@ public static class ServiceCollectionExtensions
 {
     public static IServiceCollection AddUdapMetadataServer(
         this IServiceCollection services,
-        IConfiguration configuration,
-        string? applicationName = null)
+        IConfiguration configuration)
+    {
+        return AddUdapMetadataServer<UdapMetadataOptions, UdapMetadata>(services, configuration);
+    }
+
+    public static IServiceCollection AddUdapMetadataServer<TUdapMetadataOptions, TUdapMetadata>(
+        this IServiceCollection services,
+        IConfiguration configuration)
+    where TUdapMetadataOptions : UdapMetadataOptions
+    where TUdapMetadata : UdapMetadata
     {
-        var udapMetadataOptions = new UdapMetadataOptions();
-        configuration.GetSection("UdapMetadataOptions").Bind(udapMetadataOptions);
+        services.TryAddSingleton<IPrivateCertificateStore>(sp =>
+            new IssuedCertificateStore(
+                sp.GetRequiredService<IOptionsMonitor<UdapFileCertStoreManifest>>(),
+                sp.GetRequiredService<ILogger<IssuedCertificateStore>>()));
 
-        services.Configure<UdapMetadataOptions>(configuration.GetSection("UdapMetadataOptions"));
-
-        //TODO: this could use some DI work...
-        var udapMetadata = new UdapMetadata(
-            udapMetadataOptions!,
-            new List<string>
-            {
-                "openid", "patient/*.read", "user/*.read", "system/*.read", "patient/*.rs", "user/*.rs", "system/*.rs"
-            });
+        services.Configure<TUdapMetadataOptions>(configuration.GetSection("UdapMetadataOptions"));
+        services.TryAddScoped<UdapMetaDataBuilder<TUdapMetadataOptions, TUdapMetadata>>();
+        services.AddScoped<UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata>>();
 
-        services.AddSingleton(udapMetadata);
-        services.TryAddScoped<UdapMetaDataBuilder>();
-        services.AddScoped<UdapMetaDataEndpoint>();
-
         return services;
     }
-
 
-     public static WebApplication UseUdapMetadataServer(this WebApplication app, string? prefixRoute = null)
+    public static WebApplication UseUdapMetadataServer(this WebApplication app, string? prefixRoute = null)
+    {
+        return UseUdapMetadataServer<UdapMetadataOptions, UdapMetadata>(app, prefixRoute);
+    }
+
+    public static WebApplication UseUdapMetadataServer<TUdapMetadataOptions, TUdapMetadata>(this WebApplication app, string? prefixRoute = null)
+        where TUdapMetadataOptions : UdapMetadataOptions
+        where TUdapMetadata : UdapMetadata
     {
         app.MapGet($"/{prefixRoute?.EnsureTrailingSlash().RemovePrefix("/")}{UdapConstants.Discovery.DiscoveryEndpoint}", (
-                    [FromServices] UdapMetaDataEndpoint endpoint,
+                    [FromServices] UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata> endpoint,
                     HttpContext httpContext,
                     [FromQuery] string? community,
                     CancellationToken token) => endpoint.Process(httpContext, community, token))
             .AllowAnonymous()
             .Produces(StatusCodes.Status200OK)
             .Produces(StatusCodes.Status404NotFound); // community doesn't exist
-    
+
         app.MapGet($"/{prefixRoute?.EnsureTrailingSlash().RemovePrefix("/")}{UdapConstants.Discovery.DiscoveryEndpoint}/communities",
-                ([FromServices] UdapMetaDataEndpoint endpoint) => endpoint.GetCommunities())
+                ([FromServices] UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata> endpoint) => endpoint.GetCommunities())
             .AllowAnonymous()
             .Produces(StatusCodes.Status200OK)
             .Produces(StatusCodes.Status404NotFound); // community doesn't exist
-    
+
         app.MapGet($"/{prefixRoute?.EnsureTrailingSlash().RemovePrefix("/")}{UdapConstants.Discovery.DiscoveryEndpoint}/communities/ashtml",
                 (
-                    [FromServices] UdapMetaDataEndpoint endpoint,
+                    [FromServices] UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata> endpoint,
                     HttpContext httpContext) => endpoint.GetCommunitiesAsHtml(httpContext))
             .AllowAnonymous()
             .Produces(StatusCodes.Status200OK)
             .Produces(StatusCodes.Status404NotFound); // community doesn't exist
-    
+
         return app;
     }
 
     public static IApplicationBuilder UseUdapMetadataServer(this IApplicationBuilder app, string? prefixRoute = null)
+    {
+        return UseUdapMetadataServer<UdapMetadataOptions, UdapMetadata>(app, prefixRoute);
+    }
+
+    public static IApplicationBuilder UseUdapMetadataServer<TUdapMetadataOptions, TUdapMetadata>(this IApplicationBuilder app, string? prefixRoute = null)
+        where TUdapMetadataOptions : UdapMetadataOptions
+        where TUdapMetadata : UdapMetadata
     {
 
         app.Map($"/{prefixRoute?.EnsureTrailingSlash().RemovePrefix("/")}{UdapConstants.Discovery.DiscoveryEndpoint}", path =>
         {
             path.Run(async ctx =>
             {
-                var endpoint = ctx.RequestServices.GetRequiredService<UdapMetaDataEndpoint>();
+                var endpoint = ctx.RequestServices.GetRequiredService<UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata>>();
                 var result = await endpoint.Process(ctx, null, default);
                 if (result != null)
                 {
@@ -107,7 +117,7 @@ public static IApplicationBuilder UseUdapMetadataServer(this IApplicationBuilder
                 }
             });
         });
-        
+
         return app;
     }
 }
diff --git a/Udap.Metadata.Server/UdapMetaDataEndpoint.cs b/Udap.Metadata.Server/UdapMetaDataEndpoint.cs
@@ -12,15 +12,18 @@
 using Microsoft.Extensions.Logging;
 using Udap.Common.Extensions;
 using Udap.Common.Metadata;
+using Udap.Model;
 
 namespace Udap.Metadata.Server;
 
-public class UdapMetaDataEndpoint
+public class UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata> 
+    where TUdapMetadataOptions : UdapMetadataOptions
+    where TUdapMetadata : UdapMetadata
 {
-    private readonly UdapMetaDataBuilder _metaDataBuilder;
-    private readonly ILogger<UdapMetaDataEndpoint> _logger;
+    private readonly UdapMetaDataBuilder<TUdapMetadataOptions, TUdapMetadata> _metaDataBuilder;
+    private readonly ILogger<UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata>> _logger;
 
-    public UdapMetaDataEndpoint(UdapMetaDataBuilder metaDataBuilder, ILogger<UdapMetaDataEndpoint> logger)
+    public UdapMetaDataEndpoint(UdapMetaDataBuilder<TUdapMetadataOptions, TUdapMetadata> metaDataBuilder, ILogger<UdapMetaDataEndpoint<TUdapMetadataOptions, TUdapMetadata>> logger)
     {
         _metaDataBuilder = metaDataBuilder;
         _logger = logger;

diff --git a/Udap.Metadata.Server/docs/README.md b/Udap.Metadata.Server/docs/README.md
@@ -64,7 +64,7 @@ Add UseUdapMetaData to program.cs
 
 ```
 
-```AddUdapMetaDataServer``` extension will find the UdapMetadataOptions in AppSettings.  These settings will match the issued certificate.  
+```AddUdapMetaDataServer``` extension will find the UdapMetadataOptions in AppSettings.  These settings will match the IssuedCerts settings in UdapFileCertStoreManifest settings below.  
 
 Reference [Required UDAP Metadata](http://hl7.org/fhir/us/udap-security/discovery.html#signed-metadata-elements).
 
@@ -73,6 +73,17 @@ Issuer and Subject must match the issued certificates, Subject Alternative Name
 ```json
 
 "UdapMetadataOptions": {
+  "UdapVersionsSupported": [ "1" ],
+    "UdapProfilesSupported": [ "udap_dcr", "udap_authn", "udap_authz", "udap_to" ],
+    "UdapAuthorizationExtensionsSupported": [ "hl7-b2b" ],
+    "UdapAuthorizationExtensionsRequired": [ "hl7-b2b" ],
+    "ScopesSupported": [ "openid", "system/*.read", "user/*.read", "patient/*.read" ],
+    "UdapCertificationsSupported": [ "http://MyUdapCertification", "http://MyUdapCertification2" ],
+    "UdapCertificationsRequired": [ "http://MyUdapCertification" ],
+    "GrantTypesSupported": [ "authorization_code", "refresh_token", "client_credentials" ],
+    //"TokenEndpointAuthSigningAlgValuesSupported": [ "RS256", "RS384", "ES256", "ES384" ],
+    //"RegistrationEndpointJwtSigningAlgValuesSupported": [ "RS256", "RS384", "ES256", "ES384" ],
+
     "UdapMetadataConfigs": [
       {
         "Community": "http://localhost",