NFC-99 Web eID for mobile support#64
NFC-99 Web eID for mobile support#64SanderKondratjevNortal wants to merge 1 commit intoweb-eid-mobilefrom
Conversation
SanderKondratjevNortal
force-pushed
the
NFC-99
branch
2 times, most recently
from
0315bc1 to
076734c
Compare
SanderKondratjevNortal
force-pushed
the
NFC-99
branch
from
17782b1 to
38eec6d
Compare
…eid example Signed-off-by: Sander Kondratjev <sander.kondratjev@nortal.com>
SanderKondratjevNortal
force-pushed
the
NFC-99
branch
from
46c9709 to
025a58c
Compare
| JsonSerializer.Serialize(authToken.SupportedSignatureAlgorithms))); | ||
| } | ||
|
|
||
| var identity = new ClaimsIdentity(claims,CookieAuthenticationDefaults.AuthenticationScheme); |
There was a problem hiding this comment.
Formatting issue, missing space:
| var identity = new ClaimsIdentity(claims,CookieAuthenticationDefaults.AuthenticationScheme); | |
| var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); |
|
|
||
| const path = window.location.pathname; | ||
| let endpoint; | ||
| if (path === "/sign/mobile/certificate") { |
There was a problem hiding this comment.
As discussed during Java code review, you can just validate the path and then reuse it directly:
const path = window.location.pathname;
const allowedEndpoints = ["/sign/mobile/certificate", "/sign/mobile/signature"];
if (!allowedEndpoints.includes(path)) {
const error = new Error("Unexpected callback path: " + path);
error.code = "INVALID_CALLBACK_PATH";
throw error;
}| method: "POST", | ||
| headers: { | ||
| "Content-Type": "application/json", | ||
| "RequestVerificationToken": csrf |
There was a problem hiding this comment.
Consider using the same pattern as with other pages (needs meta tag with id also):
| "RequestVerificationToken": csrf | |
| [csrfHeaderName]: csrf |
| }; | ||
| } | ||
|
|
||
| private static string Base64UrlEncode(string input) |
There was a problem hiding this comment.
Is this needed given that WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(input)) exists?
| .Replace("=", ""); | ||
| } | ||
|
|
||
| private string BuildMobileRequestUri(string path, string encoded) |
There was a problem hiding this comment.
Can we make code more DRY by extracting this into utility/extension method and reusing in all places (MobileAuthInitController etc)?
| <PackageReference Include="System.Runtime.Caching" Version="8.0.1" /> | ||
| <PackageReference Include="System.Text.Json" Version="8.0.5" /> | ||
| <PackageReference Include="WebEid.Security" Version="1.2.0" /> | ||
| <ProjectReference Include="..\..\..\src\WebEid.Security\WebEid.Security.csproj" /> |
There was a problem hiding this comment.
Leave the previous line with a comment as well so that it serves as an example how to use the library in a real project.
| */ | ||
| namespace WebEid.Security.AuthToken | ||
| { | ||
| using Newtonsoft.Json; |
There was a problem hiding this comment.
Maybe we should use .NET built-in JSON support (System.Text.Json) instead of Newtonsoft in the new version?
| /// They are used by AuthTokenValidator internally and are not part of the public API. | ||
| /// </summary> | ||
| internal interface ISubjectCertificateValidator | ||
| public interface ISubjectCertificateValidator |
| using WebEid.Security.Util; | ||
|
|
||
| internal sealed class SubjectCertificateNotRevokedValidator : ISubjectCertificateValidator | ||
| public sealed class SubjectCertificateNotRevokedValidator : ISubjectCertificateValidator |
| using Org.BouncyCastle.Security; | ||
|
|
||
| internal sealed class SubjectCertificatePolicyValidator : ISubjectCertificateValidator | ||
| public sealed class SubjectCertificatePolicyValidator : ISubjectCertificateValidator |
| using WebEid.Security.Exceptions; | ||
|
|
||
| internal sealed class SubjectCertificateTrustedValidator : ISubjectCertificateValidator | ||
| public sealed class SubjectCertificateTrustedValidator : ISubjectCertificateValidator |
| /// Represents an ordered batch of subject certificate validators that are executed sequentially | ||
| /// during authentication token validation. | ||
| /// </summary> | ||
| public sealed class SubjectCertificateValidatorBatch |
| /// <summary> | ||
| /// Determines whether this validator supports the specified token format. | ||
| /// </summary> | ||
| public virtual bool Supports(string format) => |
There was a problem hiding this comment.
As in Java, to make code more DRY, use a template method getSupportedFormatPrefix() and implement it in AuthTokenV1Validator and AuthTokenV11Validator:
public override bool Supports(string format) =>
format != null &&
format.StartsWith(getSupportedFormatPrefix());
public string getSupportedFormatPrefix() => V1_SUPPORTED_TOKEN_FORMAT_PREFIX;| /// <summary> | ||
| /// Determines whether this validator supports the specified token format. | ||
| /// </summary> | ||
| public override bool Supports(string format) => |
There was a problem hiding this comment.
As in Java:
| public override bool Supports(string format) => | |
| protected override string getSupportedFormatPrefix() => V11_SUPPORTED_TOKEN_FORMAT_PREFIX; |
| @@ -0,0 +1,236 @@ | |||
| /* | |||
There was a problem hiding this comment.
In general, please apply all review comments from Java PR web-eid/web-eid-authtoken-validation-java#82.
2 participants
Signed-off-by: Sander Kondratjev sander.kondratjev@nortal.com