WIP: OnBoard validation

FitConnect/Encryption/CertificateHelper.cs

+using System.Security.Cryptography.X509Certificates;
+using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Tokens;
+
+namespace FitConnect.Encryption;
+
+public class CertificateHelper {
+    private readonly ILogger? _logger;
+
+    public CertificateHelper(ILogger? logger = null) {
+        _logger = logger;
+    }
+
+    internal bool ValidateCertificate(JsonWebKey key) {
+        var certificates = key.X5c.Select(s => new X509Certificate2(Convert.FromBase64String(s)))
+            .ToList();
+        var valid = certificates.Aggregate(true,
+            (result, cert) => result
+                              && cert.Verify()
+                              && OcspCheck(cert, cert.Issuer)
+        );
+        return valid;
+    }
+
+    private bool OcspCheck(X509Certificate2 certificateX509, string issuer) {
+        var issuerBytes = Convert.FromBase64String(issuer);
+
+        var issuerX509 = new X509Certificate2(issuerBytes);
+        var certificateChain = new X509Chain();
+        certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
+        certificateChain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
+        certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
+        certificateChain.ChainPolicy.ExtraStore.Add(issuerX509);
+        certificateChain.Build(certificateX509);
+
+
+        return certificateChain.ChainStatus.Length == 0;
+    }
+}

FitConnect/Encryption/FitEncryption.cs

@@ -272,4 +272,4 @@ public class FitEncryption {
 
         return result.IsValid;
     }
-}
+}
\ No newline at end of file

FitConnect/FitConnect.csproj

@@ -11,28 +11,28 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Autofac" Version="6.4.0"/>
-        <PackageReference Include="IdentityModel" Version="6.0.0"/>
-        <PackageReference Include="jose-jwt" Version="4.0.0"/>
-        <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0"/>
-        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.1"/>
-        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.22.0"/>
-        <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.22.0"/>
-        <PackageReference Include="Newtonsoft.Json" Version="13.0.1"/>
-        <PackageReference Include="Newtonsoft.Json.Schema" Version="3.0.14"/>
-        <PackageReference Include="NJsonSchema" Version="10.7.2"/>
-        <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.21.0"/>
+        <PackageReference Include="Autofac" Version="6.4.0" />
+        <PackageReference Include="IdentityModel" Version="6.0.0" />
+        <PackageReference Include="jose-jwt" Version="4.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.1" />
+        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.22.0" />
+        <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.22.0" />
+        <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+        <PackageReference Include="Newtonsoft.Json.Schema" Version="3.0.14" />
+        <PackageReference Include="NJsonSchema" Version="10.7.2" />
+        <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.21.0" />
     </ItemGroup>
 
     <ItemGroup>
-        <None Remove="metadata.schema.json"/>
-        <EmbeddedResource Include="metadata.schema.json"/>
+        <None Remove="metadata.schema.json" />
+        <EmbeddedResource Include="metadata.schema.json" />
     </ItemGroup>
 
     <ItemGroup>
-        <Compile Remove="FunctionalBaseClass.cs"/>
-        <Compile Remove="Models\OAuthAccessToken.cs"/>
-        <Compile Remove="DiContainer.cs"/>
+        <Compile Remove="FunctionalBaseClass.cs" />
+        <Compile Remove="Models\OAuthAccessToken.cs" />
+        <Compile Remove="DiContainer.cs" />
     </ItemGroup>
 
 </Project>

IntegrationTests/CertificateValidation.cs

+using Autofac;
+using FitConnect.Encryption;
+using FluentAssertions;
+using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Tokens;
+using MockContainer;
+using NUnit.Framework;
+
+namespace IntegrationTests;
+
+[TestFixture]
+public class CertificateValidation {
+    private MockSettings _settings = null!;
+    private ILogger _logger = null!;
+    private CertificateHelper _certificateHelper = null!;
+
+    [SetUp]
+    public void Setup() {
+        var container = Container.Create();
+        _settings = container.Resolve<MockSettings>();
+
+        _logger = LoggerFactory.Create(
+            builder => {
+                builder.AddConsole();
+                builder.SetMinimumLevel(LogLevel.Debug);
+            }).CreateLogger("E2E Test");
+
+        _certificateHelper = new CertificateHelper(_logger);
+    }
+
+    [Test]
+    public void CheckPublicKeyEncryption() {
+        _certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PublicKeyEncryption))
+            .Should().BeTrue();
+    }
+
+    [Test]
+    public void CheckPrivateKeyDecryption() {
+        _certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PrivateKeyDecryption))
+            .Should().BeTrue();
+    }
+}