public async Task <IActionResult> GetCertificate(long uln, string familyName, [SwaggerParameter("Standard Code or Standard Reference Number")] string standard)
{
var getRequest = new GetBatchCertificateRequest {
UkPrn = _headerInfo.Ukprn, Uln = uln, FamilyName = familyName, Standard = standard
};
var response = await _apiClient.GetCertificate(getRequest);
if (response.ValidationErrors.Any())
{
ApiResponse error = new ApiResponse((int)HttpStatusCode.Forbidden, string.Join("; ", response.ValidationErrors));
return(StatusCode(error.StatusCode, error));
}
else if (response.Certificate is null)
{
return(NoContent());
}
else
{
if (CertificateHelpers.IsDraftCertificateDeemedAsReady(response.Certificate))
{
response.Certificate.Status.CurrentStatus = CertificateStatus.Ready;
}
else if (response.Certificate.Status.CurrentStatus == CertificateStatus.Printed || response.Certificate.Status.CurrentStatus == CertificateStatus.Reprint)
{
response.Certificate.Status.CurrentStatus = CertificateStatus.Submitted;
}
return(Ok(response.Certificate));
}
}
public async Task <IActionResult> CreateCertificates([FromBody] IEnumerable <CreateCertificateRequest> request)
{
if (request.Count() > MAX_CERTIFICATES_IN_REQUEST)
{
ApiResponse error = new ApiResponse((int)HttpStatusCode.Forbidden, MAX_CERTIFICATES_IN_REQUEST_ERROR_MESSAGE);
return(StatusCode(error.StatusCode, error));
}
var createRequest = request.Select(req =>
new CreateBatchCertificateRequest {
UkPrn = _headerInfo.Ukprn,
RequestId = req.RequestId,
CertificateData = new Models.Request.Certificates.CertificateData
{
Standard = req.Standard,
Learner = req.Learner,
LearningDetails = req.LearningDetails,
PostalContact = req.PostalContact
}
});
var results = await _apiClient.CreateCertificates(createRequest);
foreach (var result in results)
{
if (CertificateHelpers.IsDraftCertificateDeemedAsReady(result.Certificate))
{
result.Certificate.Status.CurrentStatus = CertificateStatus.Ready;
}
}
return(Ok(results));
}
private async Task <Certificate> UpdateCertificate(UpdateBatchCertificateRequest request)
{
_logger.LogInformation("UpdateCertificate Before Get Standard from API");
var standard = await _standardService.GetStandard(request.StandardCode);
_logger.LogInformation("UpdateCertificate Before Get Certificate from db");
var certificate = await _certificateRepository.GetCertificate(request.Uln, request.StandardCode);
if (standard != null && certificate != null)
{
var certData = CombineCertificateData(JsonConvert.DeserializeObject <CertificateData>(certificate.CertificateData), request.CertificateData, standard);
_logger.LogInformation("UpdateCertificate Before Update CertificateData");
// need to update EPA Reference too
certData.EpaDetails.EpaReference = certificate.CertificateReference;
certificate.CertificateData = JsonConvert.SerializeObject(certData);
// adjust Status appropriately
if (certificate.Status == CertificateStatus.Deleted)
{
certificate.Status = CertificateStatus.Draft;
}
_logger.LogInformation("UpdateCertificate Before Update Cert in db");
await _certificateRepository.Update(certificate, ExternalApiConstants.ApiUserName, CertificateActions.Amend);
return(await CertificateHelpers.ApplyStatusInformation(_certificateRepository, _contactQueryRepository, certificate));
}
else
{
_logger.LogWarning($"UpdateCertificate Did not find Certificate for Uln {request.Uln} and StandardCode {request.StandardCode}");
throw new NotFound();
}
}
public IActionResult Add(ModelCertificate certificate)
{
try
{
_repository.Add(certificate);
var certificateProductId = certificate.CertificateId;
var certificateCustomer = _repository.Get().Include(c => c.Customer).Where(c => c.CertificateId == certificateProductId).First();
//Adicionar o diretório na estrutura de arquivos !!! e depois fazer o upload do arquivo!!
if (CertificateHelpers.CreateFileRepositorie(Path.Combine(@"c:\Celta Business Solutions\" + certificateCustomer.Customer.RootDirectory + @"\bsf\certificados", certificateCustomer.FileRepositorie)))
{
//faça o upload
}
else
{
return(NotFound());
}
return(Ok(certificateProductId));
}
catch (Exception err)
{
return(NotFound(err.Message));
}
}
// ReSharper disable once InconsistentNaming
public ActionResult SAWPost(string returnUrl)
{
using (var sawSamlResponse = new SawSamlResponse(CertificateHelpers.GetX509Certificate2FromUri(FirmaWebConfiguration.SAWEndPoint)))
{
try
{
// SAML providers usually POST the data into this var
var base64SawSamlResponse = Request.Form["SAMLResponse"];
Logger.Debug($"SAML Debugging - SAWPost Received Base64 Encoded Form Variable SAMLResponse: {base64SawSamlResponse}");
sawSamlResponse.LoadXmlFromBase64(base64SawSamlResponse);
if (sawSamlResponse.IsValid(userDisplayableValidationErrorMessage: out var userDisplayableValidationErrorMessage))
{
var firstName = sawSamlResponse.GetFirstName();
var lastName = sawSamlResponse.GetLastName();
var email = sawSamlResponse.GetEmail();
var roleGroups = sawSamlResponse.GetRoleGroups();
var sawAuthenticator = sawSamlResponse.GetWhichSawAuthenticator();
ProcessLogin(firstName, lastName, email, roleGroups, sawAuthenticator);
}
else
{
SitkaHttpApplication.Logger.Error($"Processing SAW login, SAML Response invalid. Validation error: {userDisplayableValidationErrorMessage}, SAW SAML XML:\r\n{sawSamlResponse.GetSamlAsPrettyPrintXml()}");
SetErrorForDisplay($"There was a SAW validation problem while trying to log into your account. {userDisplayableValidationErrorMessage} Please try again in a few minutes. If this issue keeps happening, please contact support: <a href=\"mailto:{FirmaWebConfiguration.SitkaSupportEmail}\">{FirmaWebConfiguration.SitkaSupportEmail}</a>");
}
return(new RedirectResult(HomeUrl));
}
private CertificateData CombineCertificateData(CertificateData certData, CertificateData requestData, StandardOptions options)
{
var epaDetails = certData.EpaDetails ?? new EpaDetails();
if (epaDetails.Epas is null)
{
epaDetails.Epas = new List <EpaRecord>();
}
var epaOutcome = certData.OverallGrade == CertificateGrade.Fail ? EpaOutcome.Fail : EpaOutcome.Pass;
if (requestData.AchievementDate != null && !epaDetails.Epas.Any(rec => rec.EpaDate == requestData.AchievementDate.Value && rec.EpaOutcome == epaOutcome))
{
var record = new EpaRecord {
EpaDate = requestData.AchievementDate.Value, EpaOutcome = epaOutcome
};
epaDetails.Epas.Add(record);
// sort pass outcomes before fail outcomes as pass is the final state even if earlier than the fail
var latestRecord = epaDetails.Epas
.OrderByDescending(epa => epa.EpaOutcome != EpaOutcome.Fail ? 1 : 0)
.ThenByDescending(epa => epa.EpaDate)
.First();
epaDetails.LatestEpaDate = latestRecord.EpaDate;
epaDetails.LatestEpaOutcome = latestRecord.EpaOutcome;
}
return(new CertificateData()
{
LearnerGivenNames = certData.LearnerGivenNames,
LearnerFamilyName = certData.LearnerFamilyName,
LearningStartDate = certData.LearningStartDate,
StandardReference = certData.StandardReference,
StandardName = certData.StandardName,
StandardLevel = certData.StandardLevel,
StandardPublicationDate = certData.StandardPublicationDate,
FullName = certData.FullName,
ProviderName = certData.ProviderName,
ContactName = requestData.ContactName,
ContactOrganisation = requestData.ContactOrganisation,
Department = requestData.Department,
ContactAddLine1 = requestData.ContactAddLine1,
ContactAddLine2 = requestData.ContactAddLine2,
ContactAddLine3 = requestData.ContactAddLine3,
ContactAddLine4 = requestData.ContactAddLine4,
ContactPostCode = requestData.ContactPostCode,
Registration = requestData.Registration,
AchievementDate = requestData.AchievementDate,
CourseOption = CertificateHelpers.NormalizeCourseOption(options, requestData.CourseOption),
Version = requestData.Version,
OverallGrade = CertificateHelpers.NormalizeOverallGrade(requestData.OverallGrade),
EpaDetails = epaDetails
});
}
private async Task <Certificate> CreateNewCertificate(CreateBatchCertificateRequest request)
{
_logger.LogInformation("CreateNewCertificate Before Get Ilr from db");
var ilr = await _ilrRepository.Get(request.Uln, request.StandardCode);
if (ilr is null)
{
_logger.LogWarning($"CreateNewCertificate Did not find ILR for Uln {request.Uln} and StandardCode {request.StandardCode}");
return(null);
}
_logger.LogInformation("CreateNewCertificate Before Get Organisation from db");
var organisation = await _organisationQueryRepository.GetByUkPrn(request.UkPrn);
_logger.LogInformation("CreateNewCertificate Before Get Standard from API");
var standard = await _standardService.GetStandard(ilr.StdCode);
_logger.LogInformation("CreateNewCertificate Before Get Provider from API");
var provider = await GetProviderFromUkprn(ilr.UkPrn);
var certData = CombineCertificateData(request.CertificateData, ilr, standard, provider);
var certificate = await _certificateRepository.GetCertificate(request.Uln, request.StandardCode);
if (certificate == null)
{
_logger.LogInformation("CreateNewCertificate Before create new Certificate");
certificate = await _certificateRepository.New(
new Certificate()
{
Uln = request.Uln,
StandardCode = request.StandardCode,
ProviderUkPrn = ilr.UkPrn,
OrganisationId = organisation.Id,
CreatedBy = ExternalApiConstants.ApiUserName,
CertificateData = JsonConvert.SerializeObject(certData),
Status = CertificateStatus.Draft, // NOTE: Web & Staff always creates Draft first
CertificateReference = string.Empty,
LearnRefNumber = ilr.LearnRefNumber,
CreateDay = DateTime.UtcNow.Date
});
}
else
{
_logger.LogInformation("CreateNewCertificate Before resurrecting deleted Certificate");
certData.EpaDetails.EpaReference = certificate.CertificateReference;
certificate.CertificateData = JsonConvert.SerializeObject(certData);
certificate.Status = CertificateStatus.Draft;
await _certificateRepository.Update(certificate, ExternalApiConstants.ApiUserName, CertificateActions.Start);
}
_logger.LogInformation(LoggingConstants.CertificateStarted);
_logger.LogInformation($"Certificate with ID: {certificate.Id} Started with reference of {certificate.CertificateReference}");
return(await CertificateHelpers.ApplyStatusInformation(_certificateRepository, _contactQueryRepository, certificate));
}
private CertificateData CombineCertificateData(CertificateData data, Ilr ilr, StandardCollation standard, Provider provider)
{
var epaDetails = data.EpaDetails ?? new EpaDetails();
if (epaDetails.Epas is null)
{
epaDetails.Epas = new List <EpaRecord>();
}
var epaOutcome = data.OverallGrade == CertificateGrade.Fail ? EpaOutcome.Fail : EpaOutcome.Pass;
if (data.AchievementDate != null && !epaDetails.Epas.Any(rec => rec.EpaDate == data.AchievementDate.Value && rec.EpaOutcome == epaOutcome))
{
var record = new EpaRecord {
EpaDate = data.AchievementDate.Value, EpaOutcome = epaOutcome
};
epaDetails.Epas.Add(record);
var latestRecord = epaDetails.Epas.OrderByDescending(epa => epa.EpaDate).First();
epaDetails.LatestEpaDate = latestRecord.EpaDate;
epaDetails.LatestEpaOutcome = latestRecord.EpaOutcome;
}
return(new CertificateData()
{
LearnerGivenNames = ilr.GivenNames,
LearnerFamilyName = ilr.FamilyName,
LearningStartDate = ilr.LearnStartDate,
StandardReference = standard.ReferenceNumber,
StandardName = standard.Title,
StandardLevel = standard.StandardData.Level.GetValueOrDefault(),
StandardPublicationDate = standard.StandardData.EffectiveFrom,
FullName = $"{ilr.GivenNames} {ilr.FamilyName}",
ProviderName = provider.ProviderName,
ContactName = data.ContactName,
ContactOrganisation = data.ContactOrganisation,
Department = data.Department,
ContactAddLine1 = data.ContactAddLine1,
ContactAddLine2 = data.ContactAddLine2,
ContactAddLine3 = data.ContactAddLine3,
ContactAddLine4 = data.ContactAddLine4,
ContactPostCode = data.ContactPostCode,
Registration = data.Registration,
AchievementDate = data.AchievementDate,
CourseOption = CertificateHelpers.NormalizeCourseOption(standard, data.CourseOption),
OverallGrade = CertificateHelpers.NormalizeOverallGrade(data.OverallGrade),
EpaDetails = epaDetails
});
}
private async Task <Certificate> GetCertificate(GetBatchCertificateRequest request)
{
_logger.LogInformation("GetCertificate Before Get Certificate from db");
var certificate = await _certificateRepository.GetCertificate(request.Uln, request.StandardCode);
_logger.LogInformation("GetCertificate Before Get Searching Organisation from db");
var searchingOrganisation = await _organisationQueryRepository.GetByUkPrn(request.UkPrn);
var allowedCertificateStatus = new string[] { CertificateStatus.Draft, CertificateStatus.Submitted, CertificateStatus.Printed, CertificateStatus.Reprint };
if (certificate != null && searchingOrganisation != null && allowedCertificateStatus.Contains(certificate.Status))
{
var certData = JsonConvert.DeserializeObject <CertificateData>(certificate.CertificateData);
if (string.Equals(certData.LearnerFamilyName, request.FamilyName, StringComparison.InvariantCultureIgnoreCase))
{
certificate = await CertificateHelpers.ApplyStatusInformation(_certificateRepository, _contactQueryRepository, certificate);
if (!EpaOutcome.Pass.Equals(certData.EpaDetails?.LatestEpaOutcome, StringComparison.InvariantCultureIgnoreCase))
{
// As EPA has not passed, only give access to basic information & EPA Details
certificate = RedactCertificateInformation(certificate, true);
}
if (certificate.OrganisationId != searchingOrganisation.Id)
{
var providedStandards = await _standardRepository.GetEpaoRegisteredStandards(searchingOrganisation.EndPointAssessorOrganisationId, short.MaxValue, null);
if (providedStandards.PageOfResults.Any(s => s.StandardCode == certificate.StandardCode))
{
// Shared standard but not the EPAO who created the certificate
certificate = RedactCertificateInformation(certificate, false);
}
else
{
certificate = null;
}
}
}
else
{
certificate = null;
}
}
else
{
certificate = null;
}
return(certificate);
}
public async Task <IActionResult> InstallCertificate([FromBody] int certificateIdForInstall)
{
try
{
var certificate = _repository.Get()
.Include(c => c.Customer).
Where(x => x.CertificateId == certificateIdForInstall).
First();
//string fileName = certificate.FileName;
//string fullpath = @"C:\Celta Business Solutions\" + certificate.Customer.RootDirectory + @"\bsf\certificados\" + certificate.FileRepositorie;
//1- Pegar data de Expiração, NotAfter:
var dateOfExpiration = await CertificateHelpers.GetNotAfter(certificate);
//2- Pegar Impressão Digital Thumbprint HashCert
var certHash = await CertificateHelpers.GetHashCert(certificate);
//3- Atualizar o model
certificate.DateHourExpiration = dateOfExpiration;
certificate.HashCert = certHash;
certificate.IsInstalled = true;
_repository.Update(certificate);
//4- Agora é instalar mesmo!!!
var responseInstallCert = await CertificateHelpers.InstallCert(certificate);
if (responseInstallCert == "oiErro")
{
return(BadRequest("Erro ao instalar certificado: " + responseInstallCert));
}
//5- Atribuir permissão todos
var responseChangerPermission = await CertificateHelpers.ChangePermissions(certificate);
if (responseInstallCert == "oiErro")
{
return(BadRequest("Erro ao configurar permissão de certificado: " + responseChangerPermission));
}
return(Ok("Certificado: " + certificate.FriendlyName + " instalado com sucesso"));
}
catch (Exception err)
{
var certificate = _repository.Get()
.Include(c => c.Customer).
Where(x => x.CertificateId == certificateIdForInstall).
First();
certificate.IsInstalled = false;
_repository.Update(certificate);
return(BadRequest(err.Message));
}
}
private async Task <Certificate> GetCertificate(GetBatchCertificateRequest request)
{
_logger.LogInformation("GetCertificate Before Get Certificate from db");
var certificate = await _certificateRepository.GetCertificate(request.Uln, request.StandardCode, request.FamilyName, request.IncludeLogs);
_logger.LogInformation("GetCertificate Before Get Searching Organisation from db");
var searchingOrganisation = await _organisationQueryRepository.GetByUkPrn(request.UkPrn);
var allowedCertificateStatus = new[] { CertificateStatus.Draft, CertificateStatus.Submitted }.Concat(CertificateStatus.PrintProcessStatus);
if (certificate == null || searchingOrganisation == null || !allowedCertificateStatus.Contains(certificate.Status))
{
return(null);
}
var certData = JsonConvert.DeserializeObject <CertificateData>(certificate.CertificateData);
certificate = await CertificateHelpers.ApplyStatusInformation(_certificateRepository, _contactQueryRepository, certificate);
if ((certificate.Status == CertificateStatus.Submitted || CertificateStatus.HasPrintProcessStatus(certificate.Status)) && certData.OverallGrade == CertificateGrade.Fail)
{
return(null);
}
else if (certificate.Status == CertificateStatus.Draft &&
EpaOutcome.Pass.Equals(certData.EpaDetails?.LatestEpaOutcome, StringComparison.InvariantCultureIgnoreCase) &&
certData.OverallGrade == null)
{
return(null);
}
if (certificate.OrganisationId != searchingOrganisation.Id)
{
var providedStandards = await _standardRepository.GetEpaoRegisteredStandards(searchingOrganisation.EndPointAssessorOrganisationId, int.MaxValue, 1);
if (providedStandards.PageOfResults.Any(s => s.StandardCode == certificate.StandardCode))
{
// Shared standard but not the EPAO who created the certificate
certificate = RedactCertificateInformation(certificate, false);
}
else
{
certificate = null;
}
}
return(certificate);
}
public async Task <IActionResult> GetCertificate(long uln, string familyName, [SwaggerParameter("Standard Code or Standard Reference Number")] string standard)
{
var getRequest = new GetBatchCertificateRequest {
UkPrn = _headerInfo.Ukprn, Uln = uln, FamilyName = familyName, Standard = standard
};
var response = await _apiClient.GetCertificate(getRequest);
if (response.ValidationErrors.Any())
{
ApiResponse error = new ApiResponse((int)HttpStatusCode.Forbidden, string.Join("; ", response.ValidationErrors));
return(StatusCode(error.StatusCode, error));
}
else if (response.Certificate is null)
{
return(NoContent());
}
if (response.Certificate.Status.CurrentStatus == CertificateStatus.Printed)
{
response.Certificate.Delivered = new Delivered {
Status = "WaitingForDelivery"
};
}
if (CertificateStatus.HasPrintProcessStatus(response.Certificate.Status.CurrentStatus) is false) // status could be Draft or Deleted (or Privately Funded statuses)
{
var certificateData = response.Certificate.CertificateData;
if (!string.IsNullOrEmpty(certificateData.Standard?.StandardReference) && !string.IsNullOrEmpty(certificateData?.LearningDetails?.Version))
{
var standardOptions = await _apiClient.GetStandardOptionsByStandardIdAndVersion(certificateData.Standard.StandardReference, certificateData.LearningDetails.Version);
var hasOptions = standardOptions != null && standardOptions.CourseOption?.Count() > 0;
if (CertificateHelpers.IsDraftCertificateDeemedAsReady(response.Certificate, hasOptions))
{
response.Certificate.Status.CurrentStatus = CertificateStatus.Ready;
}
}
}
return(Ok(response.Certificate));
}
public IActionResult Remove(int id)
{
try
{
var certificate = _repository.Get()
.Include(c => c.Customer)
.Where(x => x.CertificateId == id).
First();
var response = CertificateHelpers.Remove(certificate);
_repository.Delete(certificate);
return(Ok());
}
catch (Exception err)
{
throw err;
}
}
private async Task <Certificate> SubmitCertificate(SubmitBatchCertificateRequest request)
{
_logger.LogInformation("SubmitCertificate Before Get Certificate from db");
var certificate = await _certificateRepository.GetCertificate(request.Uln, request.StandardCode);
if (certificate != null)
{
_logger.LogInformation("SubmitCertificate Before Update Certificate Status");
certificate.Status = CertificateStatus.Submitted;
_logger.LogInformation("SubmitCertificate Before Update Cert in db");
var submittedCertificate = await _certificateRepository.Update(certificate, ExternalApiConstants.ApiUserName, CertificateActions.Submit);
return(await CertificateHelpers.ApplyStatusInformation(_certificateRepository, _contactQueryRepository, submittedCertificate));
}
else
{
_logger.LogWarning($"SubmitCertificate Did not find Certificate for Uln {request.Uln} and StandardCode {request.StandardCode}");
return(null);
}
}
public void When_AllRequiredFieldsAreComplete_Then_ReturnTrue()
{
var result = CertificateHelpers.IsDraftCertificateDeemedAsReady(_certificate);
result.Should().BeTrue();
}
private void CheckHelperReturnsFalse()
{
var result = CertificateHelpers.IsDraftCertificateDeemedAsReady(_certificate, hasOptions: true);
result.Should().BeFalse();
}
private CertificateData CombineCertificateData(CertificateData data, Domain.Entities.Learner learner, Standard standard, Provider provider, StandardOptions options, Certificate certificate)
{
var epaDetails = new EpaDetails();
if (certificate != null)
{
var certData = JsonConvert.DeserializeObject <CertificateData>(certificate.CertificateData);
if (certData.EpaDetails != null)
{
epaDetails = certData.EpaDetails;
}
}
if (epaDetails.Epas is null)
{
epaDetails.Epas = new List <EpaRecord>();
}
var epaOutcome = data.OverallGrade == CertificateGrade.Fail ? EpaOutcome.Fail : EpaOutcome.Pass;
if (data.AchievementDate != null && !epaDetails.Epas.Any(rec => rec.EpaDate == data.AchievementDate.Value && rec.EpaOutcome == epaOutcome))
{
var record = new EpaRecord {
EpaDate = data.AchievementDate.Value, EpaOutcome = epaOutcome
};
epaDetails.Epas.Add(record);
var latestRecord = epaDetails.Epas.OrderByDescending(epa => epa.EpaDate).First();
epaDetails.LatestEpaDate = latestRecord.EpaDate;
epaDetails.LatestEpaOutcome = latestRecord.EpaOutcome;
}
return(new CertificateData()
{
LearnerGivenNames = learner.GivenNames,
LearnerFamilyName = learner.FamilyName,
LearningStartDate = learner.LearnStartDate,
StandardReference = standard.IfateReferenceNumber,
StandardName = standard.Title,
StandardLevel = standard.Level,
StandardPublicationDate = standard.EffectiveFrom,
FullName = $"{learner.GivenNames} {learner.FamilyName}",
ProviderName = provider.Name,
ContactName = data.ContactName,
ContactOrganisation = data.ContactOrganisation,
Department = data.Department,
ContactAddLine1 = data.ContactAddLine1,
ContactAddLine2 = data.ContactAddLine2,
ContactAddLine3 = data.ContactAddLine3,
ContactAddLine4 = data.ContactAddLine4,
ContactPostCode = data.ContactPostCode,
Registration = data.Registration,
AchievementDate = data.AchievementDate,
CourseOption = CertificateHelpers.NormalizeCourseOption(options, data.CourseOption),
OverallGrade = CertificateHelpers.NormalizeOverallGrade(data.OverallGrade),
Version = data.Version,
EpaDetails = epaDetails
});
}
public void TestSawSamlResponseDateValidity()
{
var samlXml = @"
<samlp:Response xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion"" xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:xs=""http://www.w3.org/2001/XMLSchema"" xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" Destination=""https://wadnrforesthealth.qa.projectfirma.com/Account/SAWPost"" ID=""FIMRSP_d38b3f33-0175-192a-8f59-a9b3208be3fe"" IssueInstant=""2020-11-17T00:11:59Z"" Version=""2.0"">
<saml:Issuer Format=""urn:oasis:names:tc:SAML:2.0:nameid-format:entity"">https://test-secureaccess.wa.gov/FIM2/sps/sawidp/saml20</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"">
</samlp:StatusCode>
</samlp:Status>
<saml:Assertion ID=""Assertion-uuidd38b3f13-0175-16c6-b3b5-a9b3208be3fe"" IssueInstant=""2020-11-17T00:11:59Z"" Version=""2.0"">
<saml:Issuer Format=""urn:oasis:names:tc:SAML:2.0:nameid-format:entity"">https://test-secureaccess.wa.gov/FIM2/sps/sawidp/saml20</saml:Issuer>
<ds:Signature xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"" Id=""uuidd38b3f18-0175-1072-a058-a9b3208be3fe"">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm=""http://www.w3.org/2001/10/xml-exc-c14n#"">
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"">
</ds:SignatureMethod>
<ds:Reference URI=""#Assertion-uuidd38b3f13-0175-16c6-b3b5-a9b3208be3fe"">
<ds:Transforms>
<ds:Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"">
</ds:Transform>
<ds:Transform Algorithm=""http://www.w3.org/2001/10/xml-exc-c14n#"">
<xc14n:InclusiveNamespaces xmlns:xc14n=""http://www.w3.org/2001/10/xml-exc-c14n#"" PrefixList=""xs saml xsi"">
</xc14n:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm=""http://www.w3.org/2001/04/xmlenc#sha256"">
</ds:DigestMethod>
<ds:DigestValue>4JDoIy8WFOLjFGGNcJB/fUTA9rLVU8RtCMx9VJZzXU0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>RUkq+y/ccsfJVrlvTZuoSirJktnSUhiK7NYeJ/oO8kScR7E8ZcVViSlvjbSYZOTc5dlDbCqdNlDpEu/s/FGjBcGHSLnBrbdJid/8aJhdn2h05l/2vGrbhKnP3X3b7PHwMGC2HCARr0w9VxT/yoXwfoYi9caaJ2UhrEfZNQ4QBHAv3uYHumvEEmkMepW+RfRCGVmn84Hx0DyAN98Q8E2e9+r+UT2Tsv0jIpCocFXiVl4hvSCdLZE88hr8HSJWryvgh4DCdi4bsxWusXjPA1VeULwslH7EPWBWOLMt+vejE3Q7s3TiEwDF0eFoqYOQXsTiCIfu/ZjYzfY5RR20aBUehg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIGzjCCBbagAwIBAgIRANppqRydHQpiAAAAAFEEi1wwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMjAwNTE1MjAyMDExWhcNMjEwNjE1MjA1MDEwWjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHT2x5bXBpYTEcMBoGA1UEChMTU3RhdGUgb2YgV2FzaGluZ3RvbjEhMB8GA1UEAxMYdGVzdC1zZWN1cmVhY2Nlc3Mud2EuZ292MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHAT/51sNgiyQlnbo688AD7xm0ETWFQWq2Xo1yCF6CQWTtQnoWmEUqIFsXuKzcBP87eZVSJdugpcpAo0CTgKwS4LkGJ0Wxvs1yufa2GCqGsK1NVWArv/fDTJNskZCeOxUWM9qHg/v9ltr1uNlWYvyqv3n1xObacrirUsBM7x/8/yg/5ge+rmRlS/8xxiEWT1aJCvdTtSIf6D/IHsvAq9zS4CRk8JTTgP9bv+bkqP40/nml+p+XxKhrDnx//3rDOxk/w+2y/oww5v5tyiDiCdygnuoRqGglP1q86+6XxzUeq/q3juCcgO5DvNDjbVSnOmqnvhENLAFHLRiOglY9zx1wIDAQABo4IDETCCAw0wIwYDVR0RBBwwGoIYdGVzdC1zZWN1cmVhY2Nlc3Mud2EuZ292MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXIaGgVSAAAEAwBHMEUCIHSGURb7+W6aVQKfNjChAe3fG/E8hr5DsWqhfrriqIK8AiEAmABVgqvYclpWtLEpHgJcWIotAudZORppP7caH0fCvjIAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAXIaGgVxAAAEAwBHMEUCIQCP07yFr1c9+2rWIiEoHrKm4scoK/ID9Z44w0ZctyjwXgIgLnRSbXA9o9VvPejUmxci4ByTf3OXh8Ww3aj338qHRF0AdgB9PvL4j/+IVWgkwsDKnlKJeSvFDngJfy5ql2iZfiLw1wAAAXIaGgWQAAAEAwBHMEUCIHQ4WjlZWbAAJZl1awfHih8H7vu04o4xt17aUvEoF61SAiEA48/P6Ej2f9ceE3394h6O9S4mu1ar7+dWEAJMzQjUbMEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBQz02paHjOMwByIcMH/BQQw7YufrjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB6ZBRCOb36s/VyW3zYY7d2PtAxn+HFlNf+0vBP3Ux6F2pGkPs4xEeMJtchimOYxGhM++nEGAeZOww9Ai533Jo0dGZDKei+bCjkzalO3Z0D3xFqPAR7F9SmuIGVLD5ofgrtENYZzx6+CtHeqjGNC9/Y6xebTyCVLnkbbfe+q/tVrutqit1JsG+RxwVQdHmAUJcBYTNQGwFh1EZA+bDWw5bWOWxIFUPTbibQc3DxSxGqUAU+NUPw7E+fS7/F6JbV/81M2zA3RO3tODluUp+mFj4AzZbGLVzgb1ZdgKG5TGSAt0ih1rwVsidUrFUxFMir7ZClFnE4MtiVsMWCr/uGrVQa</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format=""urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"">DP4VD4ZP8QQ6L-1PF0ZV2FF4-D1LW4VZ0FD-DW9QW8ZL9Q</saml:NameID>
<saml:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"">
<saml:SubjectConfirmationData NotOnOrAfter=""2020-11-17T00:12:59Z"" Recipient=""https://wadnrforesthealth.qa.projectfirma.com/Account/SAWPost"">
</saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore=""2020-11-17T00:10:59Z"" NotOnOrAfter=""2020-11-17T00:12:59Z"">
<saml:AudienceRestriction>
<saml:Audience>https://wadnrforesthealth.qa.projectfirma.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=""2020-11-17T00:11:59Z"" SessionIndex=""uuidd35793e5-0175-1dc9-afb8-a9b3208be3fe"" SessionNotOnOrAfter=""2020-11-17T01:11:59Z"">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name=""level"" NameFormat=""urn:oasis:names:tc:SAML:2.0:assertion"">
<saml:AttributeValue xsi:type=""xs:string"">1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=""groups"" NameFormat=""urn:oasis:names:tc:SAML:2.0:assertion"">
<saml:AttributeValue xsi:type=""xs:string"">f3_users</saml:AttributeValue>
<saml:AttributeValue xsi:type=""xs:string"">DNR-ForestHealthTrackerQA-USER-REG</saml:AttributeValue>
<saml:AttributeValue xsi:type=""xs:string"">DNR-ForestHealthTrackerQA-DEFAULT_UMG-USER-REG</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=""guid"" NameFormat=""urn:oasis:names:tc:SAML:2.0:assertion"">
<saml:AttributeValue xsi:type=""xs:string"">DP4VD4ZP8QQ6L-1PF0ZV2FF4-D1LW4VZ0FD-DW9QW8ZL9Q</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=""user"" NameFormat=""urn:oasis:names:tc:SAML:2.0:assertion"">
<saml:AttributeValue xsi:type=""xs:string"">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=""name"" NameFormat=""urn:oasis:names:tc:SAML:2.0:assertion"">
<saml:AttributeValue xsi:type=""xs:string"">Michael Ferrante</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=""email"" NameFormat=""urn:oasis:names:tc:SAML:2.0:assertion"">
<saml:AttributeValue xsi:type=""xs:string"">[email protected]</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
";
using (var sawSamlResponse = new SawSamlResponse(CertificateHelpers.GetX509Certificate2FromUri(FirmaWebConfiguration.SAWEndPoint)))
{
sawSamlResponse.LoadXmlFromString(samlXml);
Console.Write(DateTimeOffset.Now);
// NotOnOrAfter=""2020-11-17T00:12:59Z""
var now = DateTimeOffset.Parse("11/16/2020 4:11:59 PM -08:00");
var isResponseStillWithinValidTimePeriod = sawSamlResponse.IsResponseStillWithinValidTimePeriod(now);
Assert.That(sawSamlResponse.IsResponseStillWithinValidTimePeriod(now), Is.True, "Should be valid date");
Assert.That(sawSamlResponse.IsResponseStillWithinValidTimePeriod(now.AddMinutes(5)), Is.False, "Should be invalid date too old");
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
AppSettings appSettings = Configuration.GetSection("AppSettings").Get <AppSettings>();
services.AddControllers()
.AddJsonOptions(opts =>
{
opts.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
});
services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
builder.WithOrigins(appSettings.AllowedHosts)
.SetIsOriginAllowedToAllowWildcardSubdomains());
});
#region Database (RavenDb)
RavenSettings ravenSettings = new RavenSettings();
Configuration.Bind(ravenSettings);
X509Certificate2 certificate = new X509Certificate2();
if (ravenSettings.Database.RawCert.IsNotNullOrEmpty() && ravenSettings.Database.RawCertKey.IsNotNullOrEmpty())
{
certificate = CertificateHelpers.CreateRavenCertificate(ravenSettings.Database.RawCert, ravenSettings.Database.RawCertKey);
}
else
{
certificate = new X509Certificate2(ravenSettings.Database.CertPath, ravenSettings.Database.CertPass);
}
DocumentStore store = new DocumentStore
{
Urls = ravenSettings.Database.Urls,
Database = ravenSettings.Database.DatabaseName,
Certificate = certificate
};
store.Initialize();
services.AddSingleton <IDocumentStore>(store);
services.AddScoped <IDocumentSession>(serviceProvider =>
{
return(serviceProvider
.GetService <IDocumentStore>()
.OpenSession());
});
// Register Indexes
new Item_Smart_Search().Execute(store);
new Items_ByName_ForAll().Execute(store);
new Items_ByBsgId().Execute(store);
new Characters_ByType().Execute(store);
#endregion
#region Configure strongly typed settings objects
// This should be stored in a secrets.json file. Right click the project in solution explorer
// and select "Manage User Secrets" to create this file. Use secrets.example.json as a template.
var secretsSection = Configuration.GetSection("Secrets");
services.Configure <Secrets>(secretsSection);
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure <AppSettings>(appSettingsSection);
#endregion
#region Configure DI for application services
//services.AddScoped<ITarkovDatabaseService, TarkovDatabaseService>(); commented as AddHttpClient registers this service
//services.AddScoped<ITarkovMarketService, TarkovMarketService>(); commented as AddHttpClient registers this service
services.AddScoped <IItemUpdaterService, ItemUpdaterService>();
services.AddScoped <IItemRepository, ItemRepository>();
services.AddScoped <ICharacterRepository, CharacterRepository>();
services.AddScoped <ITarkovToolsService, TarkovToolsService>();
#endregion
#region HTTP Clients
services.AddHttpClient <ITarkovDatabaseService, TarkovDatabaseService>();
services.AddHttpClient <ITarkovMarketService, TarkovMarketService>();
#endregion
#region Hangfire automatic jobs
services.AddHangfire(config =>
config.SetDataCompatibilityLevel(CompatibilityLevel.Version_170)
.UseSimpleAssemblyNameTypeSerializer()
.UseDefaultTypeSerializer()
.UseMemoryStorage());
services.AddHangfireServer();
#endregion
}
public void GetSubjectFromCertificate()
{
var certificate = CertificateHelpers.LoadCertificate(CryptoFundamentalsCertificate);
certificate.SubjectDN.ToString().Should().Be("CN=www.cryptofundamentals.com");
}
public void ConfigureServices(IServiceCollection services)
{
// Config
var cert = CertificateHelpers.CreateCertificateFromPfx(Configuration["RESTER_OAUTH2_CERTIFICATE"]);
var issuer = "https://rester.kuehle.me";
services.Configure <OAuth2Config>(config =>
{
config.ExpiresIn = 3600; // 1h
config.Issuer = issuer;
config.SigningCredentials = CertificateHelpers.CreateSigningCredentials(cert);
});
// Database
var db = new MongoClient(Configuration["RESTER_MONGO_DB_URL"]);
db.GetDatabase(Configuration["RESTER_MONGO_DB_NAME"]).SetupIndexes();
services.AddSingleton <IMongoClient>(db);
services.AddScoped <IMongoDatabase>(serviceProvider =>
serviceProvider.GetService <IMongoClient>().GetDatabase(Configuration["RESTER_MONGO_DB_NAME"]));
// Services
services.AddTransient <IOAuth2Service, OAuth2Service>();
// Repositories
services.AddTransient <IStsOAuth2CodeRepository, StsOAuth2CodeRepository>();
services.AddTransient <IStsOAuth2RefreshTokenRepository, StsOAuth2RefreshTokenRepository>();
services.AddTransient <IUserRepository, UserRepository>();
// Authentication MVC
services.TryAddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services
.AddIdentityCore <User>(identityOptions => { })
.AddUserStore <IdentityUserStore>()
.AddSignInManager <SignInManager <User> >()
.AddDefaultTokenProviders();
services
.AddAuthentication(authOptions =>
{
authOptions.DefaultScheme = IdentityConstants.ApplicationScheme;
authOptions.DefaultSignInScheme = IdentityConstants.ExternalScheme;
})
.AddCookie(IdentityConstants.ApplicationScheme, cookieOptions =>
{
cookieOptions.LoginPath = "/sts/login";
})
.AddCookie(IdentityConstants.ExternalScheme)
.AddCookie(IdentityConstants.TwoFactorUserIdScheme) // Needed for SignInManager.SignOutAsync
.AddGoogle(googleOptions =>
{
googleOptions.ClientId = Configuration["RESTER_IDP_GOOGLE_CLIENT_ID"];
googleOptions.ClientSecret = Configuration["RESTER_IDP_GOOGLE_CLIENT_SECRET"];
googleOptions.CallbackPath = "/sts/callback/google";
googleOptions.ClaimActions.MapJsonSubKey("urn:rester:picture", "image", "url");
});
// Authentication WebAPI
services
.AddAuthentication()
.AddJwtBearer(jwtBearerOptions =>
{
jwtBearerOptions.TokenValidationParameters.IssuerSigningKey = CertificateHelpers.CreateIssuerSigningKey(cert);
jwtBearerOptions.TokenValidationParameters.ValidAudience = "rester";
jwtBearerOptions.TokenValidationParameters.ValidIssuer = issuer;
var validator = (JwtSecurityTokenHandler)jwtBearerOptions.SecurityTokenValidators[0];
validator.MapInboundClaims = false;
});
// MVC
services.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
