Merge pull request #35 from TransactionProcessing/task/httpssecurityservice

Use HTTPS Security Service

Author: StuartFerguson

FileProcessor.IntegrationTests/Common/DockerHelper.cs

@@ -332,11 +332,22 @@ await Retry.For(async () =>
 
             // Setup the base address resolvers
             String EstateManagementBaseAddressResolver(String api) => $"http://127.0.0.1:{this.EstateManagementApiPort}";
-            String SecurityServiceBaseAddressResolver(String api) => $"http://127.0.0.1:{this.SecurityServicePort}";
+            String SecurityServiceBaseAddressResolver(String api) => $"https://127.0.0.1:{this.SecurityServicePort}";
             String FileProcessorBaseAddressResolver(String api) => $"http://127.0.0.1:{this.FileProcessorPort}";
             String EstateReportingBaseAddressResolver(String api) => $"http://127.0.0.1:{this.EstateReportingApiPort}";
-            
-            HttpClient httpClient = new HttpClient();
+
+            HttpClientHandler clientHandler = new HttpClientHandler
+                                              {
+                                                  ServerCertificateCustomValidationCallback = (message,
+                                                                                               certificate2,
+                                                                                               arg3,
+                                                                                               arg4) =>
+                                                                                              {
+                                                                                                  return true;
+                                                                                              }
+
+                                              };
+            HttpClient httpClient = new HttpClient(clientHandler);
             this.EstateClient = new EstateClient(EstateManagementBaseAddressResolver, httpClient);
             this.SecurityServiceClient = new SecurityServiceClient(SecurityServiceBaseAddressResolver, httpClient);
             this.EstateReportingClient = new EstateReportingClient(EstateReportingBaseAddressResolver, httpClient);
@@ -363,8 +374,8 @@ private IContainerService SetupFileProcessorContainer(String containerName, ILog
             logger.LogInformation("About to Start File Processor Container");
             List<String> environmentVariables = new List<String>();
             environmentVariables.Add($"EventStoreSettings:ConnectionString={eventStoreAddress}:{DockerHelper.EventStoreHttpDockerPort}");
-            environmentVariables.Add($"AppSettings:SecurityService=http://{securityServiceContainerName}:{securityServicePort}");
-            environmentVariables.Add($"SecurityConfiguration:Authority=http://{securityServiceContainerName}:{securityServicePort}");
+            environmentVariables.Add($"AppSettings:SecurityService=https://{securityServiceContainerName}:{securityServicePort}");
+            environmentVariables.Add($"SecurityConfiguration:Authority=https://{securityServiceContainerName}:{securityServicePort}");
             environmentVariables.Add($"urls=http://*:{DockerHelper.FileProcessorDockerPort}");
             environmentVariables.Add($"AppSettings:TransactionProcessorApi=http://{transactionProcessorContainerName}:{DockerHelper.TransactionProcessorDockerPort}");
             environmentVariables.Add($"AppSettings:EstateManagementApi=http://{estateManamgementContainerName}:{DockerHelper.EstateManagementDockerPort}");

FileProcessor.IntegrationTests/FileProcessor.IntegrationTests.csproj

@@ -9,15 +9,15 @@
   <ItemGroup>
 	  <PackageReference Include="EstateReporting.Client" Version="1.0.13.1" />
 	  <PackageReference Include="Grpc.Net.Client" Version="2.35.0" />
-	  <PackageReference Include="Ductus.FluentDocker" Version="2.7.3" />
+	  <PackageReference Include="Ductus.FluentDocker" Version="2.10.7" />
 	  <PackageReference Include="EstateReporting.Database" Version="1.0.13.1" />
 	  <PackageReference Include="EstateManagement.Client" Version="1.0.10.2" />
 	  <PackageReference Include="EventStore.Client.Grpc.PersistentSubscriptions" Version="20.10.0" />
 	  <PackageReference Include="EventStore.Client.Grpc.ProjectionManagement" Version="20.10.0" />
 	  <PackageReference Include="EventStore.Client.Grpc.Streams" Version="20.10.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.9.4" />
     <PackageReference Include="SecurityService.Client" Version="1.0.6.2" />
-    <PackageReference Include="Shared.IntegrationTesting" Version="1.0.5" />
+    <PackageReference Include="Shared.IntegrationTesting" Version="1.0.7" />
     <PackageReference Include="Shouldly" Version="4.0.3" />
     <PackageReference Include="SpecFlow.xUnit" Version="3.7.38" />
     <PackageReference Include="xunit" Version="2.4.1" />

FileProcessor/Dockerfile

@@ -12,6 +12,11 @@ COPY . .
 WORKDIR "/src/FileProcessor"
 RUN dotnet build "FileProcessor.csproj" -c Release -o /app/build
 
+# Sort out certificate stuff here
+RUN openssl x509 -inform DER -in /src/FileProcessor/aspnetapp-root-cert.cer -out /src/FileProcessor/aspnetapp-root-cert.crt
+RUN cp /src/FileProcessor/aspnetapp-root-cert.crt /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 FROM build AS publish
 RUN dotnet publish "FileProcessor.csproj" -c Release -o /app/publish
 

FileProcessor/Startup.cs

@@ -304,17 +304,20 @@ private void ConfigureMiddlewareServices(IServiceCollection services)
             })
                 .AddJwtBearer(options =>
                 {
-                    //options.SaveToken = true;
+                    options.BackchannelHttpHandler = new HttpClientHandler
+                                                     {
+                                                         ServerCertificateCustomValidationCallback =
+                                                             (message, certificate, chain, sslPolicyErrors) => true
+                                                     };
                     options.Authority = ConfigurationReader.GetValue("SecurityConfiguration", "Authority");
                     options.Audience = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName");
-                    options.RequireHttpsMetadata = false;
+
                     options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
-                    {
-                        ValidateIssuer = true,
-                        ValidateAudience = false,
-                        ValidAudience = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName"),
-                        ValidIssuer = ConfigurationReader.GetValue("SecurityConfiguration", "Authority"),
-                    };
+                                                        {
+                                                            ValidateAudience = false,
+                                                            ValidAudience = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName"),
+                                                            ValidIssuer = ConfigurationReader.GetValue("SecurityConfiguration", "Authority"),
+                                                        };
                     options.IncludeErrorDetails = true;
                 });
 

FileProcessor/appsettings.json

@@ -19,7 +19,7 @@
   },
   "SecurityConfiguration": {
     "ApiName": "fileProcessor",
-    "Authority": "http://192.168.1.133:5001"
+    "Authority": "https://192.168.1.133:5001"
   },
   "AppSettings": {
     "FileProfilePollingWindowInSeconds": 20,
@@ -37,7 +37,7 @@
       ]
     },
     "UseConnectionStringConfig": false,
-    "SecurityService": "http://192.168.1.133:5001",
+    "SecurityService": "https://192.168.1.133:5001",
     "TemporaryFileLocation": "/home/txnproc/bulkfiles/temporary",
     "FileProfiles": [
       {