Merge pull request #1702 from bcgov/dev

Dev

Author: JamesPasta

applications/Unity.GrantManager/modules/Unity.Flex/src/Unity.Flex.Application/Worksheets/Collectors/BCAddressCollector.cs

@@ -4,6 +4,7 @@
 using System.Text.Json;
 using System.Threading.Tasks;
 using Unity.Flex.Worksheets.Values;
+using Unity.GrantManager.Integration.Geocoder;
 using Unity.GrantManager.Integrations.Geocoder;
 
 namespace Unity.Flex.Worksheets.Collectors

applications/Unity.GrantManager/modules/Unity.Notifications/src/Unity.Notifications.Application/Integrations/Ches/ChesClientService.cs

@@ -8,6 +8,7 @@
 using System.Net.Http;
 using Volo.Abp.Caching;
 using Unity.GrantManager.Integrations;
+using Unity.GrantManager.Integrations.Css;
 
 namespace Unity.Notifications.Integrations.Ches
 {
@@ -27,22 +28,18 @@ IOptions<ChesClientOptions> chesClientOptions
             string authToken = await GetAuthTokenAsync();
             string notificationsApiUrl = await endpointManagementAppService.GetUgmUrlByKeyNameAsync(DynamicUrlKeyNames.NOTIFICATION_API_BASE);
             var resource = $"{notificationsApiUrl}/email";
-
             // Pass the object directly; ResilientHttpRequest will serialize it to JSON
             var response = await resilientHttpRequest.HttpAsync(
                 HttpMethod.Post,
                 resource,
                 emailRequest,
                 authToken
             );
-
             return response;
         }
-
         private async Task<string> GetAuthTokenAsync()
         {
             string notificationsAuthUrl = await endpointManagementAppService.GetUgmUrlByKeyNameAsync(DynamicUrlKeyNames.NOTIFICATION_AUTH);
-
             ClientOptions clientOptions = new()
             {
                 Url = notificationsAuthUrl,
@@ -55,4 +52,4 @@ private async Task<string> GetAuthTokenAsync()
             return await tokenService.GetAuthTokenAsync(clientOptions);
         }
     }
-}
+}

applications/Unity.GrantManager/modules/Unity.Payments/src/Unity.Payments.Application/Integrations/Cas/CasTokenService.cs

@@ -6,12 +6,14 @@
 using Volo.Abp;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Caching;
-using Volo.Abp.DependencyInjection;
+using Unity.GrantManager.Integrations.Css;
 
+using Volo.Abp.DependencyInjection;
 namespace Unity.Payments.Integrations.Cas
 {
     [IntegrationService]
     [ExposeServices(typeof(CasTokenService), typeof(ICasTokenService))]
+
     public class CasTokenService(
         IEndpointManagementAppService endpointManagementAppService,
         IOptions<CasClientOptions> casClientOptions,

applications/Unity.GrantManager/modules/Unity.Payments/src/Unity.Payments.Application/Integrations/Cas/ICasTokenService.cs

@@ -1,10 +1,9 @@
 using System.Threading.Tasks;
 using Volo.Abp.Application.Services;
-
 namespace Unity.Payments.Integrations.Cas
 {
     public interface ICasTokenService : IApplicationService
     {
         Task<string> GetAuthTokenAsync();
     }
-}
+}

applications/Unity.GrantManager/modules/Unity.Payments/src/Unity.Payments.Application/Integrations/Cas/SupplierService.cs

@@ -41,13 +41,13 @@ public SupplierService  (ILocalEventBus localEventBus,
                 // Initialize the base API URL once during construction
                 casBaseApiTask = InitializeBaseApiAsync(endpointManagementAppService);
         }
+
         private static async Task<string> InitializeBaseApiAsync(IEndpointManagementAppService endpointManagementAppService)
         {
             var url = await endpointManagementAppService.GetUgmUrlByKeyNameAsync(DynamicUrlKeyNames.PAYMENT_API_BASE);
             return url ?? throw new UserFriendlyException("Payment API base URL is not configured.");
         }
 
-
         public virtual async Task UpdateApplicantSupplierInfo(string? supplierNumber, Guid applicantId)
         {
             Logger.LogInformation("SupplierService->UpdateApplicantSupplierInfo: {SupplierNumber}, {ApplicantId}", supplierNumber, applicantId);

applications/Unity.GrantManager/modules/Unity.SharedKernel/Http/IResilientHttpRequest.cs

@@ -23,5 +23,15 @@ Task<HttpResponseMessage> HttpAsync(
         /// Set a base URL to be used for relative request paths.
         /// </summary>
         void SetBaseUrl(string baseUrl);
+        
+        Task<HttpResponseMessage> HttpAsyncSecured(
+            HttpMethod httpVerb,
+            string resource,
+            string certPath,
+            string? certPassword = null,
+            object? body = null,
+            string? authToken = null,
+            (string username, string password)? basicAuth = null,
+            CancellationToken cancellationToken = default);
     }
 }

applications/Unity.GrantManager/modules/Unity.SharedKernel/Http/ResilientHttpRequest.cs

@@ -4,6 +4,7 @@
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -18,22 +19,19 @@ public class ResilientHttpRequest(HttpClient httpClient) : IResilientHttpRequest
         private static int _maxRetryAttempts = 3;
         private static TimeSpan _pauseBetweenFailures = TimeSpan.FromSeconds(2);
         private static TimeSpan _httpRequestTimeout = TimeSpan.FromSeconds(60);
-
         private const string AuthorizationHeader = "Authorization";
-
         private static ResiliencePipeline<HttpResponseMessage> _pipeline = BuildPipeline();
-
         private string? _baseUrl;
         private readonly HttpClient _httpClient = httpClient;
 
-        private static readonly HttpStatusCode[] RetryableStatusCodes =
-        [
+        private static readonly HttpStatusCode[] RetryableStatusCodes = new[]
+        {
             HttpStatusCode.TooManyRequests,
             HttpStatusCode.InternalServerError,
             HttpStatusCode.BadGateway,
             HttpStatusCode.ServiceUnavailable,
             HttpStatusCode.GatewayTimeout
-        ];
+        };
 
         public static void SetPipelineOptions(
             int maxRetryAttempts,
@@ -43,7 +41,6 @@ public static void SetPipelineOptions(
             _maxRetryAttempts = maxRetryAttempts;
             _pauseBetweenFailures = pauseBetweenFailures;
             _httpRequestTimeout = httpRequestTimeout;
-
             _pipeline = BuildPipeline(); // rebuild with new settings
         }
 
@@ -70,12 +67,10 @@ public void SetBaseUrl(string baseUrl)
             {
                 throw new ArgumentException("Base URL is not a valid absolute URI.", nameof(baseUrl));
             }
-
             _baseUrl = baseUrl.TrimEnd('/');
         }
 
-        private static bool ShouldRetry(HttpStatusCode statusCode) =>
-            RetryableStatusCodes.Contains(statusCode);
+        private static bool ShouldRetry(HttpStatusCode statusCode) => RetryableStatusCodes.Contains(statusCode);
 
         /// <summary>
         /// Send an HTTP request with resilience policies applied.
@@ -87,6 +82,57 @@ public async Task<HttpResponseMessage> HttpAsync(
             string? authToken = null,
             (string username, string password)? basicAuth = null,
             CancellationToken cancellationToken = default)
+        {
+            return await SendWithClientAsync(_httpClient, httpVerb, resource, body, authToken, basicAuth, cancellationToken);
+        }
+
+        /// <summary>
+        /// HTTP request with mutual TLS (client certificate).
+        /// </summary>
+        public Task<HttpResponseMessage> HttpAsyncSecured(
+            HttpMethod httpVerb,
+            string resource,
+            string certPath,
+            string? certPassword = null,
+            object? body = null,
+            string? authToken = null,
+            (string username, string password)? basicAuth = null,
+            CancellationToken cancellationToken = default)
+        {
+            var handler = new HttpClientHandler
+            {
+                ClientCertificateOptions = ClientCertificateOption.Manual
+            };
+
+            X509Certificate2 clientCert = LoadCertificate(certPath, certPassword);
+            handler.ClientCertificates.Add(clientCert);
+
+            using var securedHttpClient = new HttpClient(handler);
+            return SendWithClientAsync(securedHttpClient, httpVerb, resource, body, authToken, basicAuth, cancellationToken);
+        }
+
+        private static X509Certificate2 LoadCertificate(string certPath, string? certPassword = null)
+        {
+            if (string.IsNullOrWhiteSpace(certPassword))
+            {
+                // Load PEM or DER certificates
+                return X509CertificateLoader.LoadCertificateFromFile(certPath);
+            }
+            else
+            {
+                // Load PFX/PKCS12 certificates with password
+                return X509CertificateLoader.LoadPkcs12FromFile(certPath, certPassword);
+            }
+        }
+
+        private async Task<HttpResponseMessage> SendWithClientAsync(
+            HttpClient client,
+            HttpMethod httpVerb,
+            string resource,
+            object? body,
+            string? authToken,
+            (string username, string password)? basicAuth,
+            CancellationToken cancellationToken)
         {
             // Determine final URL
             if (!Uri.TryCreate(resource, UriKind.Absolute, out Uri? fullUrl))
@@ -98,45 +144,47 @@ public async Task<HttpResponseMessage> HttpAsync(
                 fullUrl = new Uri(new Uri(_baseUrl, UriKind.Absolute), resource);
             }
 
-            // Execute through resilience pipeline
             return await _pipeline.ExecuteAsync(async ct =>
             {
-                using var requestMessage = new HttpRequestMessage(httpVerb, fullUrl);
+                using var requestMessage = BuildRequestMessage(httpVerb, fullUrl, body, authToken, basicAuth);
+                return await client.SendAsync(requestMessage, ct);
+            }, cancellationToken);
+        }
 
-                // Headers are per-request, not global
-                requestMessage.Headers.Accept.Clear();
-                requestMessage.Headers.ConnectionClose = true;
+        private static HttpRequestMessage BuildRequestMessage(
+            HttpMethod httpVerb,
+            Uri fullUrl,
+            object? body,
+            string? authToken,
+            (string username, string password)? basicAuth)
+        {
+            var requestMessage = new HttpRequestMessage(httpVerb, fullUrl);
+            requestMessage.Headers.Accept.Clear();
+            requestMessage.Headers.ConnectionClose = true;
 
-                if (!string.IsNullOrWhiteSpace(authToken))
-                {
-                    requestMessage.Headers.Remove(AuthorizationHeader);
-                    requestMessage.Headers.Add(AuthorizationHeader, $"Bearer {authToken}");
-                }
-                else if (basicAuth.HasValue)
-                {
-                    var credentials = Convert.ToBase64String(
-                        Encoding.ASCII.GetBytes($"{basicAuth.Value.username}:{basicAuth.Value.password}")
-                    );
-                    requestMessage.Headers.Remove(AuthorizationHeader);
-                    requestMessage.Headers.Add(AuthorizationHeader, $"Basic {credentials}");
-                }
+            if (!string.IsNullOrWhiteSpace(authToken))
+            {
+                requestMessage.Headers.Remove(AuthorizationHeader);
+                requestMessage.Headers.Add(AuthorizationHeader, $"Bearer {authToken}");
+            }
+            else if (basicAuth.HasValue)
+            {
+                var credentials = Convert.ToBase64String(
+                    Encoding.ASCII.GetBytes($"{basicAuth.Value.username}:{basicAuth.Value.password}")
+                );
+                requestMessage.Headers.Remove(AuthorizationHeader);
+                requestMessage.Headers.Add(AuthorizationHeader, $"Basic {credentials}");
+            }
 
-                // Handle body if present
-                if (body != null)
-                {
-                    string bodyString = body is string s
-                        ? s
-                        : JsonConvert.SerializeObject(body); // allow passing objects directly
-
-                    requestMessage.Content = new StringContent(
-                        bodyString,
-                        Encoding.UTF8,
-                        "application/json"
-                    );
-                }
+            if (body != null)
+            {
+                string bodyString = body is string s ? s : JsonConvert.SerializeObject(body);
+                requestMessage.Content = new StringContent(
+                    bodyString, Encoding.UTF8, "application/json"
+                );
+            }
 
-                return await _httpClient.SendAsync(requestMessage, ct);
-            }, cancellationToken);
+            return requestMessage;
         }
 
         public static async Task<string> ContentToStringAsync(HttpContent httpContent)

applications/Unity.GrantManager/modules/Unity.SharedKernel/Integrations/ClientOptions.cs

@@ -6,5 +6,7 @@ public class ClientOptions
         public string ClientId { get; set; } = string.Empty;
         public string ClientSecret { get; set; } = string.Empty;
         public string ApiKey { get; set; } = string.Empty;
+        public string CertificatePath { get; set; } = string.Empty;        
+        public string CertificatePassword { get; set; } = string.Empty;
     }
 }

applications/Unity.GrantManager/modules/Unity.SharedKernel/Integrations/TokenService.cs

@@ -1,4 +1,4 @@
-using Volo.Abp;
+using Volo.Abp;
 using System.Net;
 using System.Threading.Tasks;
 using System.Text.Json;
@@ -9,6 +9,7 @@
 using System.Net.Http.Headers;
 using Microsoft.Extensions.Caching.Distributed;
 using Volo.Abp.Caching;
+using Unity.GrantManager.Integrations.Css;
 
 namespace Unity.Modules.Shared.Integrations
 {

applications/Unity.GrantManager/modules/Unity.SharedKernel/Integrations/TokenValidationResponse.cs

@@ -1,6 +1,6 @@
-using System.Text.Json.Serialization;
+using System.Text.Json.Serialization;
 
-namespace Unity.Modules.Shared.Integrations
+namespace Unity.GrantManager.Integrations.Css
 {
     public class TokenValidationResponse
     {
@@ -28,4 +28,4 @@ public class TokenValidationResponse
         [JsonPropertyName("error_decription")]
         public string? ErrorDetails { get; set; }
     }
-}
+}