Adds 'TEST of KLASS3-SK 2016' certificate and organization certs support #7
Conversation
mrts
force-pushed
the
WE2-745
branch
4 times, most recently
from
8dfaa49
to
0a1d543
Compare
* Added TEST of KLASS3-SK 2016 to trusted CA list; * Uses Common Name in case of an organisation certificate instead of first and last name; * Merged with current main branch. Signed-off-by: Erkki Arus <erkki@raulwalter.com>
| @@ -10,6 +10,14 @@ | |||
| <AllowUnsafeBlocks>true</AllowUnsafeBlocks> | |||
| </PropertyGroup> | |||
|
|
|||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'"> | |||
There was a problem hiding this comment.
I think you should set x64 target. For best compatibility
There was a problem hiding this comment.
For the best compatibility it should be AnyCPU while in that case the architecture stays unspecified in IL and it is able to run on any target platform. x64 limits it with 64-bit platforms.
There was a problem hiding this comment.
We only provide x64 binaries for libdigidocpp. I cannot sign anything under arm64 windows and ubuntu
Replaced AnyCPU configuration with x64 as target platform while libdigidocpp is provided as x64 binaries only. Signed-off-by: Erkki Arus <erkki@raulwalter.com>
| @@ -13,7 +13,7 @@ RUN echo "deb [signed-by=/usr/share/keyrings/ria-repository.gpg] https://install | |||
| apt-get clean && \ | |||
| rm -rf /var/lib/apt/lists | |||
|
|
|||
| COPY ./WebEid.AspNetCore.Example/bin/Release/net6.0/publish/ . | |||
| COPY ./WebEid.AspNetCore.Example/bin/x64/Release/net6.0/publish/ . | |||
There was a problem hiding this comment.
Is there any reason why we cannot use AnyCPU and have to use the x64 build?
Same for the .sln file changes.
There was a problem hiding this comment.
Like I said, RIA provides only x64 binaries on windows and ubuntu.
Most mac developers have arm64 computers, therefore they cannot run/debug/develop the application on windows and ubuntu.
| @@ -60,7 +86,7 @@ dotnet build | |||
|
|
|||
| If you have a test eID card, use the `Development` profile. In this case access to paid services is not required, but you need to upload the authentication and signing certificates of the test card to the test OCSP responder database as described in section _[Using DigiDoc4j in test mode with the `dev` profile](https://github.com/web-eid/web-eid-spring-boot-example#using-digidoc4j-in-test-mode-with-the-dev-profile)_ of the Web eID Java example application documentation. The`Development` profile is activated by default. | |||
There was a problem hiding this comment.
Is there a way to use an organization certificate in a Development mode? Similarly to the test ID-card.
| } | ||
| catch (ArgumentOutOfRangeException) | ||
| { | ||
| logger.LogWarning("Claim {0} not presented", claimGetter.Key); |
There was a problem hiding this comment.
When using an organization certificate, we would not want to log missing fields which we were not expecting in the first place.
As such, Logger is not yet necessary in this file.
| string claimData = claimGetter.Value.Invoke(); | ||
| claims.Add(new Claim(claimGetter.Key, claimData)); | ||
| } | ||
| catch (ArgumentOutOfRangeException) |
There was a problem hiding this comment.
When creating a new Claim, the exception thrown is ArgumentNullException when either the type or value is null.
Furthermore, we should not try to add Claims with missing values but rather skip them.
| var claims = new List<Claim> | ||
| var certificate = await authTokenValidator.Validate(authToken.AuthToken, challengeNonceStore.GetAndRemove().Base64EncodedNonce); | ||
|
|
||
| Dictionary<string, Func<string>> claimDataGetters = new() |
There was a problem hiding this comment.
Since Dictionary is unordered and Claims in ClaimsIdentity are ordered, we should try to maintain that order.
Instead of that, we could introduce a helper method for adding new claims to claims list, such as:
AddNewClaimIfCertificateHasData(List claims, string claimType, Func dataGetter)
This would also make the code more readable and remove the necessity of creating new temporary dictionaries and loops.
launchSettings changes are generated by visual studio |
|
This will be superseded by #21. |
|
Closing in favor of #21. Your work was included there, thanks for your contribution! |
Signed-off-by: Erkki Arus erkki@raulwalter.com