Merge branch 'feature/562-SET-signature-check' of...

Merge branch 'feature/562-SET-signature-check' of https://git.fitko.de/fit-connect/sdk-dotnet into feature/562-SET-signature-check

# Conflicts:
#	BasicUnitTest/SecurityEventTokenTests.cs
#	BasicUnitTest/SenderTests.cs
#	E2ETest/RejectSubmissionTest.cs
#	FitConnect/Client.cs
#	FitConnect/Encryption/FitEncryption.cs
#	FitConnect/FitConnectClient.cs
#	FitConnect/Interfaces/IFitConnectClient.cs
#	FitConnect/Interfaces/Sender/ISenderWithService.cs
#	FitConnect/Models/Callback.cs
#	FitConnect/Models/FitConnectEnvironment.cs
#	FitConnect/Models/SecurityEventToken.cs
#	FitConnect/Router.cs
#	FitConnect/Sender.cs
#	FitConnect/Services/Interfaces/ISelfServicePortalService.cs
#	FitConnect/Services/Models/v1/Routes/Routes.cs
#	FitConnect/Services/SelfServicePortalService.cs
#	FitConnect/Services/SubmissionService.cs
#	FitConnect/Subscriber.cs
#	IntegrationTests/JwtTokenValidation.cs

BasicUnitTest/SecurityEventTokenTests.cs

@@ -13,31 +13,24 @@ namespace BasicUnitTest;
 
 [TestFixture]
 public class SecurityEventTokenTests {
-    private const string rejectSubmission =
-        SecurityEventToken.RejectSubmissionSchema;
-
-    private FitEncryption _encryption = null!;
-
-    private const string acceptSubmission =
-        SecurityEventToken.AcceptSubmissionSchema;
-
     [SetUp]
     public void Setup() {
         var container = Container.Create();
         _encryption = new FitEncryption(container.Resolve<KeySet>(), null);
     }
 
+    private FitEncryption _encryption = null!;
 
     [Test]
     public void CreateJwt_AcceptSubmission() {
         var token = _encryption.CreateAcceptSecurityEventToken(new SubmissionForPickupDto {
             SubmissionId = Guid.NewGuid().ToString(), CaseId = Guid.NewGuid().ToString(),
-            DestinationId = Guid.NewGuid().ToString(),
+            DestinationId = Guid.NewGuid().ToString()
         });
         Console.WriteLine(token);
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(acceptSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/accept-submission");
         decoded.EventType.Should().Be(EventType.Accept);
     }
 
@@ -51,7 +44,7 @@ public class SecurityEventTokenTests {
         Console.WriteLine(token);
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(rejectSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
         decoded.EventType.Should().Be(EventType.Reject);
     }
 
@@ -65,7 +58,7 @@ public class SecurityEventTokenTests {
         Console.WriteLine(token);
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(rejectSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
 
         decoded.EventType.Should().Be(EventType.Reject);
     }
@@ -80,7 +73,7 @@ public class SecurityEventTokenTests {
         Console.WriteLine(token);
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(rejectSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
         decoded.EventType.Should().Be(EventType.Reject);
     }
 
@@ -95,7 +88,7 @@ public class SecurityEventTokenTests {
 
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(rejectSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
         decoded.EventType.Should().Be(EventType.Reject);
     }
 
@@ -109,7 +102,7 @@ public class SecurityEventTokenTests {
         Console.WriteLine(token);
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(rejectSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
         decoded.EventType.Should().Be(EventType.Reject);
     }
 
@@ -123,7 +116,22 @@ public class SecurityEventTokenTests {
         Console.WriteLine(token);
         var decoded = new SecurityEventToken(token);
         decoded.Event?.Type.Should()
-            .Be(rejectSubmission);
+            .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
         decoded.EventType.Should().Be(EventType.Reject);
     }
+
+    // [Test]
+    // public void CreateJwt_Reject_WithCustomProblem() {
+    //     var token = _encryption.CreateSecurityEventToken(Guid.NewGuid().ToString(),
+    //         Guid.NewGuid().ToString(),
+    //         Guid.NewGuid().ToString(),
+    //         "https://schema.fitko.de/fit-connect/events/reject-submission",
+    //         new[] { new Problems { Description = "A real big issue" } }
+    //     );
+    //     Console.WriteLine(token);
+    //     var decoded = new SecurityEventToken(token);
+    //     decoded.Event?.Type.Should()
+    //         .Be("https://schema.fitko.de/fit-connect/events/reject-submission");
+    //     decoded.EventType.Should().Be(EventType.Reject);
+    // }
 }

FitConnect/Client.cs

@@ -3,10 +3,17 @@ using FitConnect.Interfaces.Sender;
 using FitConnect.Interfaces.Subscriber;
 using FitConnect.Models;
 using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Logging;
 
 namespace FitConnect;
 
 public static class Client {
+    static Client() {
+#if DEBUG
+        IdentityModelEventSource.ShowPII = true;
+#endif
+    }
+
     /// <summary>
     ///     Creates the Sender Client
     /// </summary>

FitConnect/Encryption/JoseEncryptor.cs

@@ -64,6 +64,15 @@ public class JoseEncryptor : IEncryptor {
         }
     }
 
+    // public bool TokenValidator(string signature, string key) {
+    //     Jose.Jwk jwk = Jwk.FromJson(key, new JsonMapper());
+    //     var token = Jose.JweToken.FromString(signature);
+    //     Jose.
+    //     
+    //     
+    //     
+    // }
+
     private (string plainText, byte[] plainBytes, byte[] tag) Decrypt(Jwk key, string payload) {
         var result = JWE.Decrypt(payload, key, Algorithm, Encryption);
 

FitConnect/Interfaces/Sender/ISenderWithAttachments.cs

-using FitConnect.Models;
-
 namespace FitConnect.Interfaces.Sender;
 
 public interface ISenderWithAttachments : ISenderReady {

FitConnect/Interfaces/Sender/ISenderWithService.cs

@@ -3,7 +3,6 @@ using FitConnect.Models;
 namespace FitConnect.Interfaces.Sender;
 
 public interface ISenderWithService {
-
     /// <summary>
     ///     Sends the submission with a list of attachments
     /// </summary>

FitConnect/Models/FitConnectEnvironment.cs

 namespace FitConnect.Models;
 
-// public enum FitConnectEnvironment {
-//     Development,
-//     Testing,
-//     Production
-// }
-
 public class FitConnectEnvironment {
     // List of Domains
     // https://wiki.fit-connect.fitko.dev/de/Betrieb/Dokumentation/Domains
@@ -21,14 +15,14 @@ public class FitConnectEnvironment {
         "https://auth-refz.fit-connect.fitko.dev/token",
         new[] { "https://submission-api-refz.fit-connect.fitko.dev" },
         "https://routing-api-refz.fit-connect.fitko.dev",
-        "https://portal.auth-testing.fit-connect.fitko.dev/.well-known/jwks.json"
+        "https://portal.auth-refz.fit-connect.fitko.dev"
     );
 
     public static readonly FitConnectEnvironment Production = new(
         "https://auth.fit-connect.fitko.net/token",
         new[] { "https://submission-api.fit-connect.fitko.net" },
         "https://routing-api.fit-connect.fitko.net",
-        "https://portal.auth-testing.fit-connect.fitko.dev/.well-known/jwks.json"
+        "https://portal.auth.fit-connect.fitko.net"
     );
 
     public FitConnectEnvironment(string sspUrl, string tokenUrl, string[] submissionUrl,

FitConnect/Models/SecurityEventToken.cs

@@ -84,12 +84,13 @@ public class SecurityEventToken {
         if (eventsClaim.Value.Contains(
                 ForwardSubmissionSchema))
             return EventType.Forward;
-        if (eventsClaim.Value.Contains(
+        if (eventsClaim.Value.Contains(Reject)) {
                 RejectSubmissionSchema)) {
             Problems = GetProblems(events?.Values?.FirstOrDefault()?.ToString() ?? "");
             return EventType.Reject;
         }
 
+        if (eventsClaim.Value.Contains(Accept)) return EventType.Accept;
 
         if (eventsClaim.Value.Contains(AcceptSubmissionSchema))
             return EventType.Accept;

FitConnect/Router.cs

-using System.Text;
+using System.Text;
 using FitConnect.Encryption;
 using FitConnect.Models;
 using FitConnect.Services;
@@ -83,7 +83,7 @@ internal class Router : IRouter {
         var header = JsonConvert.DeserializeObject<dynamic>(
             Base64UrlEncoder.Decode(route.DestinationParametersSignature.Split('.')[0])
         );
-        
+
         var kid = (string)header?.kid!;
 
         _logger?.LogInformation("Testing with kid: {Kid}", kid);

FitConnect/Services/Interfaces/ISelfServicePortalService.cs

 using Jose;
 using Microsoft.IdentityModel.Tokens;
 
-namespace FitConnect.Services;
+namespace FitConnect.Services.Interfaces;
 
 public interface ISelfServicePortalService {
     public Task<JsonWebKeySet> GetValidationJwk();

FitConnect/Services/SubmissionService.cs

@@ -155,7 +155,7 @@ internal class SubmissionService : RestCallService, ISubmissionService {
         // Download well known keys
         var valid = await ValidateSignature(events, destinationId);
         // TODO Check JSON Schema
-        valid &= await ValidateSchema(events, false);
+        valid &= await ValidateSchema(events);
 
         if (!valid) {
             _logger?.LogError("Invalid SET, signature can not be verified");

IntegrationTests/JwtTokenValidation.cs

 using FitConnect.Encryption;
 using FluentAssertions;
+using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens;
 using NUnit.Framework;
 
@@ -7,6 +8,11 @@ namespace IntegrationTests;
 
 [TestFixture]
 public class JwtTokenValidation {
+    [OneTimeSetUp]
+    public void OneTimeSetUp() {
+        IdentityModelEventSource.ShowPII = true;
+    }
+
 
     [Test]
     public void ExampleFromFitConnect_passes() {