From 9d937cac4b4cb94fa83b2069bb33136dc6b85c3a Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Tue, 22 Aug 2017 18:11:43 -0700
Subject: [PATCH] Disable developer certificate middlware on test website,
 replace developer certificate with pfx from file

---
 .../CredentialsServerBuilder.cs               |  59 ++----------------
 ...re.Identity.Service.FunctionalTests.csproj |   6 ++
 .../test-cert.pfx                             | Bin 0 -> 2758 bytes
 .../Identity.OpenIdConnect.WebSite/Startup.cs |   2 +-
 4 files changed, 13 insertions(+), 54 deletions(-)
 create mode 100644 test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/test-cert.pfx

diff --git a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs
index 7ca7673146..3bc77c007b 100644
--- a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs
+++ b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Infrastructure/CredentialsServerBuilder.cs
@@ -7,12 +7,14 @@ using Identity.OpenIdConnect.WebSite;
 using Identity.OpenIdConnect.WebSite.Identity.Data;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Identity.Service;
 using Microsoft.AspNetCore.Identity.Service.IntegratedWebClient;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Testing;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
 {
@@ -83,61 +85,12 @@ namespace Microsoft.AspnetCore.Identity.Service.FunctionalTests
 
         public CredentialsServerBuilder EnsureDeveloperCertificate()
         {
-            try
-            {
-                using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
-                {
-                    store.Open(OpenFlags.ReadOnly);
-                    var certificates = store.Certificates.OfType<X509Certificate2>().ToList();
-                    var development = certificates.FirstOrDefault(c => c.Subject == "CN=Identity.Development" &&
-                    c.GetRSAPrivateKey() != null &&
-                    c.NotAfter > DateTimeOffset.UtcNow);
-
-                    if (development == null)
-                    {
-                        CreateDevelopmentCertificate();
-                    }
-                }
-            }
-            catch (Exception)
-            {
-                throw new InvalidOperationException("There was an error ensuring the presence of the developer certificate.");
-            }
+            Server.ConfigureBeforeStartup(services => services.Configure<IdentityServiceOptions>(
+                o => o.SigningKeys.Add(
+                    new SigningCredentials(
+                        new X509SecurityKey(new X509Certificate2("./test-cert.pfx", "test")), "RS256"))));
 
             return this;
-
-            void CreateDevelopmentCertificate()
-            {
-#if NETCOREAPP2_0
-            using (var rsa = RSA.Create(2048))
-            {
-                var signingRequest = new CertificateRequest(
-                    new X500DistinguishedName("CN=Identity.Development"), rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
-                var enhacedKeyUsage = new OidCollection();
-                enhacedKeyUsage.Add(new Oid("1.3.6.1.5.5.7.3.1", "Server Authentication"));
-                signingRequest.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(enhacedKeyUsage, critical: true));
-                signingRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
-
-                var certificate = signingRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
-                certificate.FriendlyName = "Identity Service developer certificate";
-
-                // We need to take this step so that the key gets persisted.
-                var export = certificate.Export(X509ContentType.Pkcs12, "");
-                var imported = new X509Certificate2(export, "", X509KeyStorageFlags.PersistKeySet);
-                Array.Clear(export, 0, export.Length);
-
-                using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
-                {
-                    store.Open(OpenFlags.ReadWrite);
-                    store.Add(imported);
-                    store.Close();
-                };
-            }
-#elif NET461
-#else
-#error The target frameworks need to be updated.
-#endif
-            }
         }
 
         public MvcWebApplicationBuilder<Startup> Server { get; }
diff --git a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Microsoft.AspnetCore.Identity.Service.FunctionalTests.csproj b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Microsoft.AspnetCore.Identity.Service.FunctionalTests.csproj
index 0b9c866386..8411eab2cd 100644
--- a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Microsoft.AspnetCore.Identity.Service.FunctionalTests.csproj
+++ b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/Microsoft.AspnetCore.Identity.Service.FunctionalTests.csproj
@@ -7,6 +7,12 @@
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
+  <ItemGroup>
+    <Content Include="test-cert.pfx">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </Content>
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\WebSites\Identity.OpenIdConnect.WebSite\Identity.OpenIdConnect.WebSite.csproj" />
   </ItemGroup>
diff --git a/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/test-cert.pfx b/test/Microsoft.AspnetCore.Identity.Service.FunctionalTests/test-cert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..b3cbc2c709138f3f49ebc357e5929772f5f193fa
GIT binary patch
literal 2758
zcmZXUc{r4NAI6_y7{;2AnC$8ZHP*2&4H{9DeP^s$vhNk9LCR7LQcSkU7Lx47Zje!y
zY{$M6<;YripSsR_&h=jJANTM1KA-#dy`Sf=8;OIrQbDMZIQV^9`is$+=shL~43dR|
zdqHt<cM!WEakRkySTtKu9L)w2N3#lQk(S}_Ek-zmDhmfaM&h7{NCYkXzZeW>hSIfb
z3t2YtZat==f_;SIprc)(S8XzSi|9o~A{IT9817c|l`)a-U~U;OZuj@5yc*HWI~pie
zU??bgXTCpskTIqIiZDsH<fIt$)wm~m7u!TQ%hr>XeQnYXU%$V+S`HuJcAYoN%P|=I
zMr|xtr60^Fl0e5QYeJ2Bb6N3QX;~#NOUkyr*m<L#Y+Eb-c@Bj5^aEGxS@*@QBhq-Q
zDDk2cmH}4!lBBwjn(f!2sZpmD!)x0_K7+tFL+(u2V|3C}FHpoc6Us?}PnQf)!~OOI
zbZ6cqEz6l#$HOpp<=sUC#Ag8(uE&B&;r>~S8X7*6^<qr1C_NM5pNF>nz3c5~f0hb5
z!IX+?XJ=uq8DpU}2_j}|p7f~jk|BLdjme6Kl%2!#*VJBM!_2RgH019KEK^$y#ru2b
z+nY`jU0W_!3v{&SWObk!_RMKZ$>LM0Ld_)Uwr6tY63o=(b#CvFn6tU++eea|!Aw3<
z4KKzYy?R)@m#Jl_uEfV#Xn;BryT?>_zaZ?7(UiVJe4_<f%Sl)~sb#tS!R*UY3yVO>
z)wTG=6ub^Ot?`NV2cgC00KZGe130#|Z;!Tw)ONP%qN2;kUn&{s=5U^oBF_0tA{|r@
zB)*RI&6_i(<W$5JT#_VTk2Vd8Xgal^;vCWbarJJNm#>GNTy0L=y!5WjbbI|LrWt)z
zW6wE`2+vPyL&aBnrj*FsY9&0%$QIv+)gdUjRb`@H{HXCU|4R2zRreEizH=?@Pu-F!
z#`(-2WA6WWH5@>FlpDPs6kX2|Xln$^4p+|G-m`N<(UD^zq~;_}+cPUCS_}|$M)-QN
zXoeqio=wz~zH6&_f0<!K$Kw5GSa;q%Rd=eEpu!I})?+-<+I)Cjqmzi5`jL)ahQlX(
zvBkR$5y;zdT3?2>v9dO-M&i$JS{Su=w~fT)m(Xh)$0Hom5Y(cT%bj=^@%8jU-g`k8
zT}y;$+|6rb?%_mxdwz=ZwiI5f>6Oql@l*Tka&RsL65x#ZK+BO%%dPyDC22dh4J&((
zRg!g)9MaT}?Kj|Jyt8{?-pzmKXdwCF2f#Xtp@fJQYHKlDO{b5->|sxJ!H0(MB2L1@
zV3V7QY_BJ_R5cGzF!+Tk&hL>Bx@-Ja;tbjxRb{qSgNd#aJYDq`O1)>}A|0YmggveY
zroB~~69}pn=R}RY3Qcf-ydCQIx?AyfmGgM&F^{)Y!4gK%E!GA3H25OAAenRKxbX0i
z`;*qnXVEKTo?nPoX+XlpxMh)_^LD&1j>M?gO^tr}F|6#0jYpjMbx#(RBy3numW2hI
zEonl}S)GedUZ*$!Ba3+5to_$gttFb8=S4rQ1rCwfHCmW(J6PtKjgh{}V}bqnoW2Ly
z3leD6=PolM0YcwL4!4T!ohCwy=JeOg;2gOex(9A1nksR%JY9aDDe`e6b;sRfdRv;g
znhrG7j7AYi<|mZp{3tJvMx6rh#b^xqpdzhXqiv&bMDZOq*Ycv36-A|Kk4Dt?+XA-t
zwTSDjLg@hl9f0CRd(_s#mA={dza{j<Z;CoV-PTED0`%*8$d@#(H$Ml^2aQf;>bGG!
zVj(RnkU(N(_)gRtJ$CP*E}gz;e?v5u;!-FKHT^Sh<aOyzg+wBxnc$=$jA&p;%9rF%
zPvd*Yjfk_Cj2uLs{--YKIV5SJPzV43Nb7$gyQBf{4Zt680we$hKnj!s-~h-2j({{s
zuz(C;4@v@*Jm^Y+lRO{^$bnP>JRLwT3rYr@kYI-WuRFiu#b_Z=2o7}$@;m-Ia2vef
z3wQy3pq#<a@dJi`PeI_4FSyDN=z?d+Z^s|>d_nH=n;ZPz3<NVA!FOM<({2Cxe;6%T
z^9CT&qk;h7L+f7$^8dx(cJl5iSN+P=ui}ruLAj=D^Qa25n_g9~`CS@N_|C%UvY|3}
z_G4W#g)lMrb_`uOb%B@O2zC+ZZC#p@ZTv6;CsgXN$0g1uIAjgpo+b~k&{=OACLta}
zy?Y2ns2f*QoE66S?R2}R*ZlbJUON!YO0aJCtF*~n7@`mG8t~((f%VvRQg>0CYGWpF
zdL5*Fpbz1;l5SP97lU~xew0D1*cxk4Yd~nF7X~tQY8>imbm(~;^^z+1o+mB6KlJvx
zpA%Vb>={GT{6O@Nmkx4)okwu*OzmCt*w$3i&#2A1^#u>Klu)rc%+OuB`I8To`K*!M
zJ>2s3CBmctSC;dxhjf3<RMGpHFW)yCE`>h>)=($YC{om9d0Af?5>c5pxQZWU&nY!=
zA6T9-%bjOQK3$x-R<P-=lw{^GB*bWnM6<H>aPDN3-dfMyq9u;_?@RMr*R8)S_Ksak
zH5EMmG23B%dOC6IA_fPOud0%9^5M?x#BV2EMxC?b?dpGc%*kK3X!H!b#|;R-Ml#R@
z7;6r91iyKIyQtw9HUH&J#2YQf0FyhN2{|W3O6{$yQ(qbG@H765^?DHf*1;XQ8zk(g
zUn3|HLuSJhQ`K3Lk0a{iGE#Xzjr((O%h;~v+g$zd=d<?N4$6g+DXfJ#lYF<8?7WU;
zUf3yaRT(YW<>Ztu$I>``mV>ETF9NHnS!<N3ozEVz{=M90lTW2s@bfKQdfoId5{{?Q
z<C5ksJW@Bcz3)m~X+6`^N)8#T4wRHDUb3J=-zUgE;Ejpas-X4_s42qWH-u}0h<6Q1
zBW%hF>O%aMy5gkj)~3&i%NjK^R4r6ySPF-JO1WHj`=xu;v1U=F>8)<KA1R6Bl2<>i
z3L^*$K0Dh2XBS;4l2%77K0QG`jhn8bU7<4M^5ByR<;{uk&Pn*r&iU%Da(8yeLv;Qr
zQqah`#TSt>1r6I#=pn+RuV#OkFRH`z(|OJWuB`7H2dMLguj&P<-_KouXY`vp%5<AD
zadF&wSL{~C6so>fdf}xyz0_e$5M@L#V{WFfTjc2v^A2A{McX+1KCys1@pWEtoPK|A
zsIC-V_STIm-y5OH*Hvu<@M+9-J{Pbyyf@>PRr4>m0{V?-*CU8(8Icf$k;7xixNntv
z>NX`@qmE9!4Em^VLkP|%=$|$G<;Kx$N&}ooUv+)-YQtz>*y+|(WeacIc9inmByi?Z
zzJwzCClNW(bL}*RJKz31U%{EFK&i(!Kt5ey`reVVc33|ehS?F8a!zQg9ZvVpy0^3O
z^xd?bTZSzQP^WhTn<=};3^bc&epi`<xRhNj$fhcT^~88`X}1#Cyo$_5h9bkb3Pvxq
z*ap^}J}1<^YdInvt=8sUMmXUke-j@U^5;x^aVmMIc0)$2+^AyjG*Su4hlJ76h%r-B
zaYNY~eri_OUNM%>lftvRhqa6Lxy`pi*^wqTP1!+nS6rVtg>0tB3hs!o_WmlC{{SFj
B^JoA7

literal 0
HcmV?d00001

diff --git a/test/WebSites/Identity.OpenIdConnect.WebSite/Startup.cs b/test/WebSites/Identity.OpenIdConnect.WebSite/Startup.cs
index ebd37a1adf..48b3c44b3d 100644
--- a/test/WebSites/Identity.OpenIdConnect.WebSite/Startup.cs
+++ b/test/WebSites/Identity.OpenIdConnect.WebSite/Startup.cs
@@ -72,7 +72,7 @@ namespace Identity.OpenIdConnect.WebSite
             {
                 app.UseDeveloperExceptionPage();
                 app.UseDatabaseErrorPage();
-                app.UseDevelopmentCertificateErrorPage(Configuration);
+                //app.UseDevelopmentCertificateErrorPage(Configuration);
             }
             else
             {