diff --git a/TransactionProcessorACL.IntegrationTests/Common/DockerHelper.cs b/TransactionProcessorACL.IntegrationTests/Common/DockerHelper.cs index f61b827..b674c33 100644 --- a/TransactionProcessorACL.IntegrationTests/Common/DockerHelper.cs +++ b/TransactionProcessorACL.IntegrationTests/Common/DockerHelper.cs @@ -300,11 +300,22 @@ await Retry.For(async () => // Setup the base address resolvers String EstateManagementBaseAddressResolver(String api) => $"http://127.0.0.1:{this.EstateManagementApiPort}"; - String SecurityServiceBaseAddressResolver(String api) => $"http://127.0.0.1:{this.SecurityServicePort}"; + String SecurityServiceBaseAddressResolver(String api) => $"https://127.0.0.1:{this.SecurityServicePort}"; String TransactionProcessorBaseAddressResolver(String api) => $"http://127.0.0.1:{this.TransactionProcessorPort}"; String TransactionProcessorAclBaseAddressResolver(String api) => $"http://127.0.0.1:{this.TransactionProcessorACLPort}"; - HttpClient httpClient = new HttpClient(); + HttpClientHandler clientHandler = new HttpClientHandler + { + ServerCertificateCustomValidationCallback = (message, + certificate2, + arg3, + arg4) => + { + return true; + } + + }; + HttpClient httpClient = new HttpClient(clientHandler); this.EstateClient = new EstateClient(EstateManagementBaseAddressResolver, httpClient); this.SecurityServiceClient = new SecurityServiceClient(SecurityServiceBaseAddressResolver, httpClient); this.TransactionProcessorClient = new TransactionProcessorClient(TransactionProcessorBaseAddressResolver, httpClient); diff --git a/TransactionProcessorACL.IntegrationTests/TransactionProcessorACL.IntegrationTests.csproj b/TransactionProcessorACL.IntegrationTests/TransactionProcessorACL.IntegrationTests.csproj index 3696605..0210cab 100644 --- a/TransactionProcessorACL.IntegrationTests/TransactionProcessorACL.IntegrationTests.csproj +++ b/TransactionProcessorACL.IntegrationTests/TransactionProcessorACL.IntegrationTests.csproj @@ -8,7 +8,7 @@ - + @@ -17,7 +17,7 @@ - + diff --git a/TransactionProcessorACL/Dockerfile b/TransactionProcessorACL/Dockerfile index 90730c5..6a0d2ab 100644 --- a/TransactionProcessorACL/Dockerfile +++ b/TransactionProcessorACL/Dockerfile @@ -13,6 +13,11 @@ COPY . . WORKDIR "/src/TransactionProcessorACL" RUN dotnet build "TransactionProcessorACL.csproj" -c Release -o /app/build +# Sort out certificate stuff here +RUN openssl x509 -inform DER -in /src/TransactionProcessorACL/aspnetapp-root-cert.cer -out /src/TransactionProcessorACL/aspnetapp-root-cert.crt +RUN cp /src/TransactionProcessorACL/aspnetapp-root-cert.crt /usr/local/share/ca-certificates/ +RUN update-ca-certificates + FROM build AS publish RUN dotnet publish "TransactionProcessorACL.csproj" -c Release -o /app/publish diff --git a/TransactionProcessorACL/Startup.cs b/TransactionProcessorACL/Startup.cs index 146c59c..f4500a5 100644 --- a/TransactionProcessorACL/Startup.cs +++ b/TransactionProcessorACL/Startup.cs @@ -89,7 +89,18 @@ public void ConfigureServices(IServiceCollection services) { return ConfigurationReader.GetBaseServerUri(serviceName).OriginalString; }); - services.AddSingleton(); + HttpClientHandler httpClientHandler = new HttpClientHandler + { + ServerCertificateCustomValidationCallback = (message, + certificate2, + arg3, + arg4) => + { + return true; + } + }; + HttpClient httpClient = new HttpClient(httpClientHandler); + services.AddSingleton(httpClient); } private void ConfigureMiddlewareServices(IServiceCollection services) @@ -154,17 +165,20 @@ private void ConfigureMiddlewareServices(IServiceCollection services) }) .AddJwtBearer(options => { - //options.SaveToken = true; - options.Authority = ConfigurationReader.GetValue("SecurityConfiguration", "Authority"); + options.BackchannelHttpHandler = new HttpClientHandler + { + ServerCertificateCustomValidationCallback = + (message, certificate, chain, sslPolicyErrors) => true + }; + options.Authority = ConfigurationReader.GetValue("SecurityConfiguration", "Authority"); options.Audience = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName"); - options.RequireHttpsMetadata = false; + options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() - { - ValidateIssuer = true, - ValidateAudience = false, - ValidAudience = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName"), - ValidIssuer = ConfigurationReader.GetValue("SecurityConfiguration", "Authority"), - }; + { + ValidateAudience = false, + ValidAudience = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName"), + ValidIssuer = ConfigurationReader.GetValue("SecurityConfiguration", "Authority"), + }; options.IncludeErrorDetails = true; }); diff --git a/TransactionProcessorACL/appsettings.json b/TransactionProcessorACL/appsettings.json index 0c7e520..5f98c58 100644 --- a/TransactionProcessorACL/appsettings.json +++ b/TransactionProcessorACL/appsettings.json @@ -7,7 +7,7 @@ } }, "AppSettings": { - "SecurityService": "http://192.168.1.133:5001", + "SecurityService": "https://192.168.1.133:5001", "ClientId": "serviceClient", "ClientSecret": "d192cbc46d834d0da90e8a9d50ded543", "TransactionProcessorApi": "http://192.168.1.133:5002", @@ -15,7 +15,7 @@ }, "SecurityConfiguration": { "ApiName": "transactionProcessorACL", - "Authority": "http://192.168.1.133:5001" + "Authority": "https://192.168.1.133:5001" }, "AllowedHosts": "*" } diff --git a/TransactionProcessorACL/aspnetapp-root-cert.cer b/TransactionProcessorACL/aspnetapp-root-cert.cer new file mode 100644 index 0000000..c6ac5e9 Binary files /dev/null and b/TransactionProcessorACL/aspnetapp-root-cert.cer differ