Steeltoe Security Updates

build/security.yml

@@ -18,7 +18,9 @@ jobs:
     parameters:
       component: Security
       skipFilter: --filter "Category!=SkipOnLinux"
+      skipNET6: true
   - template: templates/component-build.yaml
     parameters:
       component: Security
       OS: windows
+      skipNET6: true

build/templates/component-build.yaml

@@ -2,6 +2,7 @@ parameters:
   component: ''
   runConfigServer: false
   runRabbitMQ: false
+  skipNET6: false
   skipFilter: ''
   OS: ubuntu
 
@@ -27,6 +28,7 @@ jobs:
   - checkout: self
     fetchDepth: 0
   - task: UseDotNet@2
+    condition: ne(${{parameters.skipNET6}}, 'true')
     displayName: Install .NET 6
     inputs:
       version: 6.0.x
@@ -68,6 +70,7 @@ jobs:
     condition: eq(${{parameters.runConfigServer}}, 'true')
     displayName: Start Config Server
   - task: DotNetCoreCLI@2
+    condition: ne(${{parameters.skipNET6}}, 'true')
     displayName: dotnet test 6.0
     inputs:
       command: test

shared-package.props

@@ -54,14 +54,18 @@
   </Target>
 
   <ItemGroup
-    Condition="$(MSBuildProjectName.StartsWith('Steeltoe.Configuration')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Management')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Connectors')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Logging')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Bootstrap')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Discovery')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Security.DataProtection'))">
+    Condition="$(MSBuildProjectName.StartsWith('Steeltoe.Bootstrap')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Common.Certificates')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Configuration')) Or
+                $(MSBuildProjectName.StartsWith('Steeltoe.Connectors')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Discovery')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Logging')) Or
+                $(MSBuildProjectName.StartsWith('Steeltoe.Management')) Or $(MSBuildProjectName.StartsWith('Steeltoe.Security'))">
 
     <!-- Widen the condition above as we're completing more public API reviews -->
     <PackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="$(PublicApiAnalyzersVersion)" PrivateAssets="All" />
   </ItemGroup>
 
   <PropertyGroup
-    Condition="!$(MSBuildProjectName.StartsWith('Steeltoe.Configuration')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Management')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Connectors')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Logging')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Bootstrap')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Discovery')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Security.DataProtection'))">
+    Condition="!$(MSBuildProjectName.StartsWith('Steeltoe.Bootstrap')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Common.Certificates')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Configuration')) And
+                !$(MSBuildProjectName.StartsWith('Steeltoe.Connectors')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Discovery')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Logging')) And
+                !$(MSBuildProjectName.StartsWith('Steeltoe.Management')) And !$(MSBuildProjectName.StartsWith('Steeltoe.Security'))">
 
     <!-- Narrow the condition above as we're completing more public API reviews -->
     <NoWarn>$(NoWarn);SA1401;S1168;S2360;S3900;S3956;S4004;S4023</NoWarn>

shared-project.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <NoWarn>$(NoWarn);SA0001;S3900</NoWarn>
+    <NoWarn>$(NoWarn);SA0001</NoWarn>
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 

shared-test.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <NoWarn>$(NoWarn);S2094;NU5104</NoWarn>
+    <NoWarn>$(NoWarn);S2094;S3900;NU5104</NoWarn>
   </PropertyGroup>
 
   <ItemGroup>

src/Bootstrap/src/AutoConfiguration/BootstrapScanner.cs

@@ -35,7 +35,6 @@
 using Steeltoe.Management.Tracing;
 using Steeltoe.Management.Wavefront;
 using Steeltoe.Management.Wavefront.Exporters;
-using Steeltoe.Security.Authentication.CloudFoundry;
 
 namespace Steeltoe.Bootstrap.AutoConfiguration;
 
@@ -81,7 +80,6 @@ public void ConfigureSteeltoe()
         WireIfLoaded(WirePrometheus, SteeltoeAssemblyNames.ManagementPrometheus);
         WireIfLoaded(WireWavefrontMetrics, SteeltoeAssemblyNames.ManagementWavefront);
         WireIfLoaded(WireDistributedTracing, SteeltoeAssemblyNames.ManagementTracing);
-        WireIfLoaded(WireCloudFoundryContainerIdentity, SteeltoeAssemblyNames.SecurityAuthenticationCloudFoundry);
     }
 
     private void WireConfigServer()
@@ -256,14 +254,6 @@ private void WireDistributedTracing()
         _logger.LogInformation("Configured distributed tracing");
     }
 
-    private void WireCloudFoundryContainerIdentity()
-    {
-        _wrapper.ConfigureAppConfiguration(configurationBuilder => configurationBuilder.AddCloudFoundryContainerIdentity());
-        _wrapper.ConfigureServices(services => services.AddCloudFoundryCertificateAuth());
-
-        _logger.LogInformation("Configured Cloud Foundry mTLS security");
-    }
-
     private bool WireIfLoaded(Action wireAction, string assemblyName)
     {
         if (!_loader.IsAssemblyLoaded(assemblyName))

src/Bootstrap/src/AutoConfiguration/PublicAPI.Unshipped.txt

@@ -12,7 +12,6 @@ const Steeltoe.Bootstrap.AutoConfiguration.SteeltoeAssemblyNames.ManagementEndpo
 const Steeltoe.Bootstrap.AutoConfiguration.SteeltoeAssemblyNames.ManagementPrometheus = "Steeltoe.Management.Prometheus" -> string!
 const Steeltoe.Bootstrap.AutoConfiguration.SteeltoeAssemblyNames.ManagementTracing = "Steeltoe.Management.Tracing" -> string!
 const Steeltoe.Bootstrap.AutoConfiguration.SteeltoeAssemblyNames.ManagementWavefront = "Steeltoe.Management.Wavefront" -> string!
-const Steeltoe.Bootstrap.AutoConfiguration.SteeltoeAssemblyNames.SecurityAuthenticationCloudFoundry = "Steeltoe.Security.Authentication.CloudFoundry" -> string!
 static Steeltoe.Bootstrap.AutoConfiguration.HostBuilderExtensions.AddSteeltoe(this Microsoft.Extensions.Hosting.IHostBuilder! builder) -> Microsoft.Extensions.Hosting.IHostBuilder!
 static Steeltoe.Bootstrap.AutoConfiguration.HostBuilderExtensions.AddSteeltoe(this Microsoft.Extensions.Hosting.IHostBuilder! builder, Microsoft.Extensions.Logging.ILoggerFactory! loggerFactory) -> Microsoft.Extensions.Hosting.IHostBuilder!
 static Steeltoe.Bootstrap.AutoConfiguration.HostBuilderExtensions.AddSteeltoe(this Microsoft.Extensions.Hosting.IHostBuilder! builder, System.Collections.Generic.IReadOnlySet<string!>! assemblyNamesToExclude) -> Microsoft.Extensions.Hosting.IHostBuilder!

src/Bootstrap/src/AutoConfiguration/Steeltoe.Bootstrap.AutoConfiguration.csproj

@@ -14,8 +14,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\..\..\Common\src\Common.Hosting\Steeltoe.Common.Hosting.csproj" />
     <ProjectReference Include="..\..\..\Common\src\Common\Steeltoe.Common.csproj" />
+    <ProjectReference Include="..\..\..\Common\src\Common.Hosting\Steeltoe.Common.Hosting.csproj" />
     <ProjectReference Include="..\..\..\Configuration\src\CloudFoundry\Steeltoe.Configuration.CloudFoundry.csproj" PrivateAssets="All" />
     <ProjectReference Include="..\..\..\Configuration\src\ConfigServer\Steeltoe.Configuration.ConfigServer.csproj" PrivateAssets="All" />
     <ProjectReference Include="..\..\..\Configuration\src\RandomValue\Steeltoe.Configuration.RandomValue.csproj" PrivateAssets="All" />
@@ -30,10 +30,7 @@
     <ProjectReference Include="..\..\..\Management\src\Task\Steeltoe.Management.Task.csproj" PrivateAssets="All" />
     <ProjectReference Include="..\..\..\Management\src\Tracing\Steeltoe.Management.Tracing.csproj" PrivateAssets="All" />
     <ProjectReference Include="..\..\..\Management\src\Wavefront\Steeltoe.Management.Wavefront.csproj" PrivateAssets="All" />
-    <ProjectReference Include="..\..\..\Security\src\Authentication.CloudFoundry\Steeltoe.Security.Authentication.CloudFoundry.csproj" PrivateAssets="All" />
-    <ProjectReference Include="..\..\..\Security\src\Authentication.Mtls\Steeltoe.Security.Authentication.Mtls.csproj" PrivateAssets="All" />
     <ProjectReference Include="..\..\..\Security\src\DataProtection.Redis\Steeltoe.Security.DataProtection.Redis.csproj" PrivateAssets="All" />
-    <ProjectReference Include="..\..\..\Connectors\src\CloudFoundry\Steeltoe.Connectors.CloudFoundry.csproj" PrivateAssets="All" />
     <ProjectReference Include="..\..\..\Logging\src\DynamicLogger\Steeltoe.Logging.DynamicLogger.csproj" PrivateAssets="All" />
   </ItemGroup>
 

src/Bootstrap/src/AutoConfiguration/SteeltoeAssemblyNames.cs

@@ -24,7 +24,6 @@ public static class SteeltoeAssemblyNames
     public const string ManagementPrometheus = "Steeltoe.Management.Prometheus";
     public const string ManagementTracing = "Steeltoe.Management.Tracing";
     public const string ManagementWavefront = "Steeltoe.Management.Wavefront";
-    public const string SecurityAuthenticationCloudFoundry = "Steeltoe.Security.Authentication.CloudFoundry";
 
     internal static readonly IReadOnlySet<string> All = typeof(SteeltoeAssemblyNames).GetFields().Where(field => field.FieldType == typeof(string))
         .Select(field => field.GetValue(null)).Cast<string>().ToHashSet();

src/Bootstrap/test/AutoConfiguration.Test/HostBuilderExtensionsTest.cs

@@ -4,7 +4,6 @@
 
 using System.Reflection;
 using FluentAssertions;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
@@ -14,7 +13,6 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Options;
 using MongoDB.Driver;
 using MySqlConnector;
 using Npgsql;
@@ -23,7 +21,6 @@
 using RabbitMQ.Client;
 using StackExchange.Redis;
 using Steeltoe.Common;
-using Steeltoe.Common.Configuration;
 using Steeltoe.Common.Discovery;
 using Steeltoe.Common.TestResources;
 using Steeltoe.Configuration;
@@ -226,20 +223,6 @@ public void Tracing_IsAutowired()
         instrumentations.Should().ContainSingle(instance => instance.GetType().Name == "AspNetCoreInstrumentation");
     }
 
-    [Fact]
-    public void CloudFoundryContainerSecurity_IsAutowired()
-    {
-        using IHost host = GetHostForOnly(SteeltoeAssemblyNames.SecurityAuthenticationCloudFoundry);
-        var configuration = host.Services.GetRequiredService<IConfiguration>();
-
-        configuration[$"{CertificateOptions.ConfigurationKeyPrefix}:AppInstanceIdentity:CertificateFilePath"].Should().NotBeNull();
-        configuration[$"{CertificateOptions.ConfigurationKeyPrefix}:AppInstanceIdentity:PrivateKeyFilePath"].Should().NotBeNull();
-
-        host.Services.GetService<IOptionsMonitor<CertificateOptions>>()?.Get("AppInstanceIdentity").Certificate.Should().NotBeNull();
-        host.Services.GetService<IOptionsChangeTokenSource<CertificateOptions>>().Should().NotBeNull();
-        host.Services.GetService<IAuthorizationHandler>().Should().NotBeNull();
-    }
-
     private static IHost GetHostForOnly(string assemblyNameToInclude)
     {
         IReadOnlySet<string> exclusions = SteeltoeAssemblyNames.Only(assemblyNameToInclude);

src/Bootstrap/test/AutoConfiguration.Test/Steeltoe.Bootstrap.AutoConfiguration.Test.csproj

@@ -9,13 +9,13 @@
   <ItemGroup>
     <ProjectReference Include="..\..\..\Configuration\src\ConfigServer\Steeltoe.Configuration.ConfigServer.csproj" />
     <ProjectReference Include="..\..\..\Configuration\src\RandomValue\Steeltoe.Configuration.RandomValue.csproj" />
+    <ProjectReference Include="..\..\..\Connectors\src\Connectors\Steeltoe.Connectors.csproj" />
     <ProjectReference Include="..\..\..\Discovery\src\Configuration\Steeltoe.Discovery.Configuration.csproj" />
     <ProjectReference Include="..\..\..\Discovery\src\Consul\Steeltoe.Discovery.Consul.csproj" />
     <ProjectReference Include="..\..\..\Discovery\src\Eureka\Steeltoe.Discovery.Eureka.csproj" />
     <ProjectReference Include="..\..\..\Logging\src\DynamicSerilog\Steeltoe.Logging.DynamicSerilog.csproj" />
     <ProjectReference Include="..\..\..\Management\src\Endpoint\Steeltoe.Management.Endpoint.csproj" />
     <ProjectReference Include="..\..\..\Management\src\Tracing\Steeltoe.Management.Tracing.csproj" />
-    <ProjectReference Include="..\..\..\Security\src\Authentication.CloudFoundry\Steeltoe.Security.Authentication.CloudFoundry.csproj" />
     <ProjectReference Include="..\..\src\AutoConfiguration\Steeltoe.Bootstrap.AutoConfiguration.csproj" />
   </ItemGroup>
 

src/Bootstrap/test/AutoConfiguration.Test/WebApplicationBuilderExtensionsTest.cs

@@ -5,7 +5,6 @@
 using System.Net;
 using System.Reflection;
 using FluentAssertions;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
@@ -15,7 +14,6 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Options;
 using MongoDB.Driver;
 using MySqlConnector;
 using Npgsql;
@@ -24,7 +22,6 @@
 using RabbitMQ.Client;
 using StackExchange.Redis;
 using Steeltoe.Common;
-using Steeltoe.Common.Configuration;
 using Steeltoe.Common.Discovery;
 using Steeltoe.Common.TestResources;
 using Steeltoe.Configuration;
@@ -227,20 +224,6 @@ public void Tracing_IsAutowired()
         instrumentations.Should().ContainSingle(instance => instance.GetType().Name == "AspNetCoreInstrumentation");
     }
 
-    [Fact]
-    public void CloudFoundryContainerSecurity_IsAutowired()
-    {
-        using WebApplication host = GetWebApplicationForOnly(SteeltoeAssemblyNames.SecurityAuthenticationCloudFoundry);
-        var configuration = host.Services.GetRequiredService<IConfiguration>();
-
-        configuration[$"{CertificateOptions.ConfigurationKeyPrefix}:AppInstanceIdentity:CertificateFilePath"].Should().NotBeNull();
-        configuration[$"{CertificateOptions.ConfigurationKeyPrefix}:AppInstanceIdentity:PrivateKeyFilePath"].Should().NotBeNull();
-
-        host.Services.GetService<IOptionsMonitor<CertificateOptions>>()?.Get("AppInstanceIdentity").Certificate.Should().NotBeNull();
-        host.Services.GetService<IOptionsChangeTokenSource<CertificateOptions>>().Should().NotBeNull();
-        host.Services.GetService<IAuthorizationHandler>().Should().NotBeNull();
-    }
-
     private static WebApplication GetWebApplicationForOnly(string assemblyNameToInclude)
     {
         IReadOnlySet<string> exclusions = SteeltoeAssemblyNames.Only(assemblyNameToInclude);

src/Bootstrap/test/AutoConfiguration.Test/WebHostBuilderExtensionsTest.cs

@@ -5,7 +5,6 @@
 using System.Reflection;
 using FluentAssertions;
 using Microsoft.AspNetCore;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
@@ -15,7 +14,6 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Options;
 using MongoDB.Driver;
 using MySqlConnector;
 using Npgsql;
@@ -24,7 +22,6 @@
 using RabbitMQ.Client;
 using StackExchange.Redis;
 using Steeltoe.Common;
-using Steeltoe.Common.Configuration;
 using Steeltoe.Common.Discovery;
 using Steeltoe.Common.TestResources;
 using Steeltoe.Configuration;
@@ -227,20 +224,6 @@ public void Tracing_IsAutowired()
         instrumentations.Should().ContainSingle(instance => instance.GetType().Name == "AspNetCoreInstrumentation");
     }
 
-    [Fact]
-    public void CloudFoundryContainerSecurity_IsAutowired()
-    {
-        using IWebHost host = GetWebHostForOnly(SteeltoeAssemblyNames.SecurityAuthenticationCloudFoundry);
-        var configuration = host.Services.GetRequiredService<IConfiguration>();
-
-        configuration[$"{CertificateOptions.ConfigurationKeyPrefix}:AppInstanceIdentity:CertificateFilePath"].Should().NotBeNull();
-        configuration[$"{CertificateOptions.ConfigurationKeyPrefix}:AppInstanceIdentity:PrivateKeyFilePath"].Should().NotBeNull();
-
-        host.Services.GetService<IOptionsMonitor<CertificateOptions>>()?.Get("AppInstanceIdentity").Certificate.Should().NotBeNull();
-        host.Services.GetService<IOptionsChangeTokenSource<CertificateOptions>>().Should().NotBeNull();
-        host.Services.GetService<IAuthorizationHandler>().Should().NotBeNull();
-    }
-
     private static IWebHost GetWebHostForOnly(string assemblyNameToInclude)
     {
         IReadOnlySet<string> exclusions = SteeltoeAssemblyNames.Only(assemblyNameToInclude);

src/Common/src/Abstractions/Properties/AssemblyInfo.cs

@@ -6,8 +6,8 @@
 
 [assembly: InternalsVisibleTo("Steeltoe.Bootstrap.AutoConfiguration")]
 [assembly: InternalsVisibleTo("Steeltoe.Bootstrap.AutoConfiguration.Test")]
-[assembly: InternalsVisibleTo("Steeltoe.Common.Security")]
-[assembly: InternalsVisibleTo("Steeltoe.Common.Security.Test")]
+[assembly: InternalsVisibleTo("Steeltoe.Common.Certificates")]
+[assembly: InternalsVisibleTo("Steeltoe.Common.Certificates.Test")]
 [assembly: InternalsVisibleTo("Steeltoe.Configuration.ConfigServer")]
 [assembly: InternalsVisibleTo("Steeltoe.Connectors")]
 [assembly: InternalsVisibleTo("Steeltoe.Connectors.EntityFrameworkCore")]

src/Common/src/Abstractions/Util/SnakeCaseAllCapsEnumMemberJsonConverter.cs

@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the Apache 2.0 License.
 // See the LICENSE file in the project root for more information.