Update obsolete code and enabled static content fingerprinting

The new X509Certificate2 technique is obsolete along with some usages of new UdapCertificate2Collection. Updated all of these. Also added change app.UseStaticFiles() to app.MapStaticAssets() which is middleware to fingerprint static content so the client will know when to the static content is new it's cache needs to update.
JoeShook · Dec 21, 2024 · ad125cc · ad125cc
1 parent 9c230b9
commit ad125cc
Show file tree

Hide file tree

Showing 20 changed files with 146 additions and 147 deletions.
diff --git a/Server/Controllers/AccessController.cs b/Server/Controllers/AccessController.cs
@@ -92,8 +92,8 @@ public Task<IActionResult> RequestAccessTokenAuthCode(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
-
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        
         var tokenRequestBuilder = AccessTokenRequestForAuthorizationCodeBuilder.Create(
             tokenRequestModel.ClientId,
             tokenRequestModel.TokenEndpointUrl,
@@ -124,7 +124,7 @@ public Task<IActionResult> RequestAccessTokenClientCredentials(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         var tokenRequestBuilder = AccessTokenRequestForClientCredentialsBuilder.Create(
             tokenRequestModel.ClientId,

diff --git a/Server/Controllers/CertificationsController.cs b/Server/Controllers/CertificationsController.cs
@@ -53,7 +53,7 @@ public IActionResult LoadTestCertificate([FromBody] string testClientCert)
 
         try
         {
-            var certificate = new X509Certificate2(testClientCert, "udap-test", X509KeyStorageFlags.Exportable);
+            var certificate = X509CertificateLoader.LoadPkcs12FromFile(testClientCert, "udap-test", X509KeyStorageFlags.Exportable);
 
             var subjectName = certificate.SubjectName.Name;
             var clientCertWithKeyBytes = certificate.Export(X509ContentType.Pkcs12, "ILikePasswords");
@@ -114,7 +114,7 @@ public IActionResult ValidateCertificate([FromBody] string password)
         var certBytes = Convert.FromBase64String(clientCertSession);
         try
         {
-            var certificate = new X509Certificate2(certBytes, password, X509KeyStorageFlags.Exportable);
+            var certificate = X509CertificateLoader.LoadPkcs12(certBytes, password, X509KeyStorageFlags.Exportable);
             var clientCertWithKeyBytes = certificate.Export(X509ContentType.Pkcs12, "ILikePasswords");
             HttpContext.Session.SetString(UdapEdConstants.CERTIFICATION_CERTIFICATE_WITH_KEY, Convert.ToBase64String(clientCertWithKeyBytes));
             result.DistinguishedName = certificate.SubjectName.Name;
@@ -185,7 +185,7 @@ public IActionResult IsClientCertificateLoaded()
             if (certBytesWithKey != null)
             {
                 var certBytes = Convert.FromBase64String(certBytesWithKey);
-                var certificate = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+                var certificate = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
                 result.DistinguishedName = certificate.SubjectName.Name;
                 result.Thumbprint = certificate.Thumbprint;
                 result.CertLoaded = CertLoadedEnum.Positive;
@@ -230,7 +230,7 @@ public IActionResult BuildSoftwareStatementWithHeaderForClientCredentials(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         var certificationBuilder = UdapCertificationsAndEndorsementBuilder.Create(request.CertificationName, clientCert);
 
@@ -289,7 +289,7 @@ public IActionResult BuildRequestBodyForClientCredentials(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         var document = JsonSerializer
             .Deserialize<UdapCertificationAndEndorsementDocument>(request.SoftwareStatement)!;

diff --git a/Server/Controllers/MetadataController.cs b/Server/Controllers/MetadataController.cs
@@ -24,6 +24,7 @@
 using Udap.Util.Extensions;
 using UdapEd.Server.Extensions;
 using UdapEd.Shared;
+using UdapEd.Shared.Extensions;
 using UdapEd.Shared.Model;
 using UdapEd.Shared.Model.Discovery;
 
@@ -57,7 +58,7 @@ public async Task<IActionResult> Get([FromQuery] string metadataUrl, [FromQuery]
             var result = new MetadataVerificationModel();
 
             var certBytes = Convert.FromBase64String(anchorString);
-            var anchorCert = new X509Certificate2(certBytes);
+            var anchorCert = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
             var trustAnchorStore = new TrustAnchorMemoryStore()
             {
                 AnchorCertificates = new HashSet<Anchor>
@@ -178,7 +179,7 @@ public IActionResult UploadAnchorCertificate([FromBody] string base64String)
         try
         {
             var certBytes = Convert.FromBase64String(base64String);
-            var certificate = new X509Certificate2(certBytes);
+            var certificate = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
             result.DistinguishedName = certificate.SubjectName.Name;
             result.Thumbprint = certificate.Thumbprint;
             result.CertLoaded = CertLoadedEnum.Positive;
@@ -207,7 +208,7 @@ public async Task<IActionResult> LoadUdapOrgAnchor([FromBody] string anchorCerti
             var response = await _httpClient.GetAsync(new Uri(anchorCertificate));
             response.EnsureSuccessStatusCode();
             var certBytes = await response.Content.ReadAsByteArrayAsync();
-            var certificate = new X509Certificate2(certBytes);
+            var certificate =  X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
             result.DistinguishedName = certificate.SubjectName.Name;
             result.Thumbprint = certificate.Thumbprint;
             result.CertLoaded = CertLoadedEnum.Positive;
@@ -241,7 +242,7 @@ public IActionResult IsAnchorCertificateLoaded()
             if (base64String != null)
             {
                 var certBytes = Convert.FromBase64String(base64String);
-                var certificate = new X509Certificate2(certBytes);
+                var certificate = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
                 result.DistinguishedName = certificate.SubjectName.Name;
                 result.Thumbprint = certificate.Thumbprint;
                 result.CertLoaded = CertLoadedEnum.Positive;
@@ -318,7 +319,7 @@ public async Task<IActionResult> GetFhirLabsCommunityList()
     public IActionResult BuildCertificateDisplay([FromBody] List<string> certificates)
     {
         var certBytes = Convert.FromBase64String(certificates.First());
-        var cert = new X509Certificate2(certBytes);
+        var cert = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
         var result = new CertificateDisplayBuilder(cert).BuildCertificateDisplayData();
 
         return Ok(result);
@@ -328,7 +329,7 @@ public IActionResult BuildCertificateDisplay([FromBody] List<string> certificate
     public IActionResult BuildCertificateDisplay([FromBody] string certificate)
     {
         var certBytes = Convert.FromBase64String(certificate);
-        var cert = new X509Certificate2(certBytes);
+        var cert = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
         var result = new CertificateDisplayBuilder(cert).BuildCertificateDisplayData();
 
         return Ok(result);

diff --git a/Server/Controllers/MutualTlsController.cs b/Server/Controllers/MutualTlsController.cs
@@ -45,7 +45,7 @@ public IActionResult UploadTestClientCertificate([FromBody] string testClientCer
 
         try
         {
-            var certificate = new X509Certificate2(testClientCert, "udap-test", X509KeyStorageFlags.Exportable);
+            var certificate = X509CertificateLoader.LoadPkcs12FromFile(testClientCert, "udap-test", X509KeyStorageFlags.Exportable);
             var clientCertWithKeyBytes = certificate.Export(X509ContentType.Pkcs12, "ILikePasswords");
             HttpContext.Session.SetString(UdapEdConstants.MTLS_CLIENT_CERTIFICATE_WITH_KEY,
                 Convert.ToBase64String(clientCertWithKeyBytes));
@@ -99,7 +99,7 @@ public IActionResult ValidateCertificate([FromBody] string password)
         var certBytes = Convert.FromBase64String(clientCertSession);
         try
         {
-            var certificate = new X509Certificate2(certBytes, password, X509KeyStorageFlags.Exportable);
+            var certificate = X509CertificateLoader.LoadPkcs12(certBytes, password, X509KeyStorageFlags.Exportable);
 
             var clientCertWithKeyBytes = certificate.Export(X509ContentType.Pkcs12, "ILikePasswords");
             HttpContext.Session.SetString(UdapEdConstants.MTLS_CLIENT_CERTIFICATE_WITH_KEY,
@@ -157,7 +157,7 @@ public IActionResult IsClientCertificateLoaded()
             if (certBytesWithKey != null)
             {
                 var certBytes = Convert.FromBase64String(certBytesWithKey);
-                var certificate = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+                var certificate = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
                 result.DistinguishedName = certificate.SubjectName.Name;
                 result.Thumbprint = certificate.Thumbprint;
                 result.CertLoaded = CertLoadedEnum.Positive;
@@ -195,7 +195,7 @@ public IActionResult UploadAnchorCertificate([FromBody] string base64String)
         try
         {
             var certBytes = Convert.FromBase64String(base64String);
-            var certificate = new X509Certificate2(certBytes);
+            var certificate = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
             result.DistinguishedName = certificate.SubjectName.Name;
             result.Thumbprint = certificate.Thumbprint;
             result.CertLoaded = CertLoadedEnum.Positive;
@@ -224,7 +224,7 @@ public async Task<IActionResult> LoadUdapOrgAnchor([FromBody] string anchorCerti
             var response = await _httpClient.GetAsync(new Uri(anchorCertificate));
             response.EnsureSuccessStatusCode();
             var certBytes = await response.Content.ReadAsByteArrayAsync();
-            var certificate = new X509Certificate2(certBytes);
+            var certificate = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
             result.DistinguishedName = certificate.SubjectName.Name;
             result.Thumbprint = certificate.Thumbprint;
             result.CertLoaded = CertLoadedEnum.Positive;
@@ -258,7 +258,7 @@ public IActionResult IsAnchorCertificateLoaded()
             if (base64String != null)
             {
                 var certBytes = Convert.FromBase64String(base64String);
-                var certificate = new X509Certificate2(certBytes);
+                var certificate = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
                 result.DistinguishedName = certificate.SubjectName.Name;
                 result.Thumbprint = certificate.Thumbprint;
                 result.CertLoaded = CertLoadedEnum.Positive;
@@ -284,7 +284,7 @@ public IActionResult IsAnchorCertificateLoaded()
     public IActionResult VerifyMtlsTrust([FromBody] string publicCertificate)
     {
         var clientCertBytes = Convert.FromBase64String(publicCertificate);
-        var clientCertificate = new X509Certificate2(clientCertBytes);
+        var clientCertificate = X509CertificateLoader.LoadCertificate(clientCertBytes);
 
         var base64String = HttpContext.Session.GetString(UdapEdConstants.MTLS_ANCHOR_CERTIFICATE);
 
@@ -294,7 +294,7 @@ public IActionResult VerifyMtlsTrust([FromBody] string publicCertificate)
         }
 
         var certBytes = Convert.FromBase64String(base64String);
-        var certificate = new X509Certificate2(certBytes);
+        var certificate = X509Certificate2.CreateFromPem(certBytes.ToPemFormat());
 
         var notifications = new List<string>();
         _trustChainValidator.Problem += element => notifications.Add($"Validation Problem: {element.ChainElementStatus.Summarize(TrustChainValidator.DefaultProblemFlags)}");

diff --git a/Server/Controllers/RegisterController.cs b/Server/Controllers/RegisterController.cs
@@ -60,11 +60,12 @@ public IActionResult UploadTestClientCertificate([FromBody] string testClientCer
 
             try
             {
-                certificate = new X509Certificate2(testClientCert, "udap-test", X509KeyStorageFlags.Exportable);
+                certificate = X509CertificateLoader.LoadPkcs12FromFile(testClientCert, "udap-test", X509KeyStorageFlags.Exportable);
             }
             catch
             {
-                certificate = new X509Certificate2(testClientCert, _configuration["sampleKeyC"], X509KeyStorageFlags.Exportable);
+
+                certificate = X509CertificateLoader.LoadPkcs12FromFile(testClientCert, _configuration["sampleKeyC"], X509KeyStorageFlags.Exportable);
             }
 
             var clientCertWithKeyBytes = certificate.Export(X509ContentType.Pkcs12, "ILikePasswords");
@@ -122,7 +123,7 @@ public IActionResult ValidateCertificate([FromBody] string password)
         var certBytes = Convert.FromBase64String(clientCertSession);
         try
         {
-            var certificate = new X509Certificate2(certBytes, password, X509KeyStorageFlags.Exportable);
+            var certificate = X509CertificateLoader.LoadPkcs12(certBytes, password, X509KeyStorageFlags.Exportable);
 
             var clientCertWithKeyBytes = certificate.Export(X509ContentType.Pkcs12, "ILikePasswords");
             HttpContext.Session.SetString(UdapEdConstants.UDAP_CLIENT_CERTIFICATE_WITH_KEY, Convert.ToBase64String(clientCertWithKeyBytes));
@@ -181,7 +182,7 @@ public IActionResult IsClientCertificateLoaded()
             if (certBytesWithKey != null)
             {
                 var certBytes = Convert.FromBase64String(certBytesWithKey);
-                var certificate = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+                var certificate = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
                 result.DistinguishedName = certificate.SubjectName.Name;
                 result.Thumbprint = certificate.Thumbprint;
                 result.CertLoaded = CertLoadedEnum.Positive;
@@ -223,7 +224,7 @@ public IActionResult BuildSoftwareStatementWithHeaderForClientCredentials(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         UdapDcrBuilderForClientCredentialsUnchecked dcrBuilder;
 
@@ -296,7 +297,7 @@ public IActionResult BuildSoftwareStatementWithHeaderForAuthorizationCode(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         UdapDcrBuilderForAuthorizationCodeUnchecked dcrBuilder;
 
@@ -371,7 +372,7 @@ public IActionResult BuildRequestBodyForClientCredentials(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         var document = JsonSerializer
             .Deserialize<UdapDynamicClientRegistrationDocument>(request.SoftwareStatement)!;
@@ -436,7 +437,7 @@ public IActionResult BuildRequestBodyForAuthorizationCode(
         }
 
         var certBytes = Convert.FromBase64String(clientCertWithKey);
-        var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+        var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
 
         var document = JsonSerializer
             .Deserialize<UdapDynamicClientRegistrationDocument>(request.SoftwareStatement)!;

diff --git a/Server/Program.cs b/Server/Program.cs
@@ -234,7 +234,7 @@
 }
 
 app.UseBlazorFrameworkFiles();
-app.UseStaticFiles();
+app.MapStaticAssets();
 
 app.UseRouting();
 app.UseRateLimiter(); //after routing

diff --git a/Server/Services/Authentication/ClientCertificateProvider.cs b/Server/Services/Authentication/ClientCertificateProvider.cs
@@ -22,7 +22,7 @@ public ClientCertificateProvider(IHttpContextAccessor httpContextAccessor, ILogg
         if (certBytesWithKey != null)
         {
             var certBytes = Convert.FromBase64String(certBytesWithKey);
-            var clientCert = new X509Certificate2(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
+            var clientCert = X509CertificateLoader.LoadPkcs12(certBytes, "ILikePasswords", X509KeyStorageFlags.Exportable);
             return clientCert;
         }
 
@@ -36,7 +36,7 @@ public ClientCertificateProvider(IHttpContextAccessor httpContextAccessor, ILogg
         if (anchorBytes != null)
         {
             var certBytes = Convert.FromBase64String(anchorBytes);
-            var anchorCerts = new X509Certificate2Collection() { new(certBytes) };
+            var anchorCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificate(certBytes));
             return anchorCerts;
         }
 

diff --git a/Server/UdapEd - Backup.Server.csproj b/Server/UdapEd - Backup.Server.csproj