Merge pull request #12 from PascalBayard/develop/#11-Rename_MobileIdC…

…lient_Configuration_Parameters

Develop/#11 rename mobile id client configuration parameters

Admin/register_midadfs.ps1

@@ -8,7 +8,7 @@ $global:WarningPreference = "Continue"
 $global:ErrorActionPreference = "Continue"
 
 $shortVersion = "13"
-$fullVersion = "1.3.2.0"
+$fullVersion = "1.3.3.0"
 
 if ($Args[0] -ne $null) {
   $logFile = $Args[0];

AuthnAdapter/Properties/AssemblyInfo.cs

@@ -33,6 +33,6 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.3.2.0")]
-[assembly: AssemblyFileVersion("1.3.2.0")]
+[assembly: AssemblyVersion("1.3.3.0")]
+[assembly: AssemblyFileVersion("1.3.3.0")]
 [assembly: NeutralResourcesLanguageAttribute("en")]

AuthnAdapterTest/AdfsMidAuthConfig01.xml

@@ -4,10 +4,9 @@
   <!-- Config for a test environment -->
   <mobileIdClient
     AP_ID="mid://dev.swisscom.ch"
-    SslKeystore = "LocalMachine"
-    SslCertThumbprint ="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
+    SslMidClientKeystore = "LocalMachine"
+    SslMidClientCertThumbprint ="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
     ServiceUrlPrefix ="https://foo.net:8888/soap/services/"
-    SslRootCaCertDN ="CN=Swisscom TEST Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch"
     PollResponseDelaySeconds = "3"
     RequestTimeOutSeconds = "80"
     DtbsPrefix = "Test "

AuthnAdapterTest/AdfsMidAuthConfig02.xml

@@ -4,10 +4,9 @@
   <!-- Config for a test environment -->
   <mobileIdClient
     AP_ID="mid://dev.swisscom.ch"
-    SslKeystore = "LocalMachine"
-    SslCertThumbprint ="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
+    SslMidClientKeystore = "LocalMachine"
+    SslMidClientCertThumbprint ="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
     ServiceUrlPrefix ="https://foo.net:8888/soap/services/"
-    SslRootCaCertDN ="CN=Swisscom TEST Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch"
     PollResponseDelaySeconds = "3"
     RequestTimeOutSeconds = "80"
     DtbsPrefix = "Test "

Package/midadfs.iss

@@ -3,7 +3,7 @@
 #define MyAppShortName "Mobile ID for ADFS"
 #define MyAppAbb "MobileIdAdfs"
 #define MyAppVersion "1.3"
-#define MyAppFullVersion "1.3.2.0"
+#define MyAppFullVersion "1.3.3.0"
 
 [Setup]
 AppId={{609C382B-1D2D-40F5-B2ED-742C603AD024}

Package/params.txt

@@ -1,6 +1,6 @@
 # hash-ref used to build $TOPDIR/README.md
 {
-  VersionLong  => '1.3.2.0',
+  VersionLong  => '1.3.3.0',
   VersionShort => '1.3',
   VersionAbb   => '13',
 }

README.md

@@ -87,8 +87,8 @@ The folder [samples](samples) contain several examples. The content of the confi
 <appConfig>
   <mobileIdClient
     AP_ID="mid://dev.swisscom.ch"
-    SslKeystore="LocalMachine"
-    SslCertThumbprint="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
+    SslMidClientKeystore="LocalMachine"
+    SslMidClientCertThumbprint="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
     DtbsPrefix="Test: "
   />
   <mobileIdAdfs/>
@@ -102,10 +102,9 @@ while the element `mobileIdAdfs` specifies the integration of Mobile ID with ADF
   + `AP_ID`: Your Application Provider ID, as assigned by Mobile ID Service Provider. Mandatory.
   + `DtbsPrefix`: This string will be prepended to the language-specific login prompt sent to a mobile device. Default: ""
   + `ServiceUrlPrefix`: URL for Mobile ID service, must end with `/`. Default: `https://mobileid.swisscom.com/soap/services/`
-  + `SslKeystore`: Store location of certificate/key used for Mobile ID connectivity. For ADFS, the value should be usually `LocalMachine`. Default: `CurrentUser`
-  + `SslCertThumbprint`: The SHA1 Thumbprint of certificate used for Mobile ID connectivity. The thumbprint can be read out of the `Certificate` GUI (i.e. double-click the certificate file), or with a PowerShell cmdlet like `Get-ChildItem -Path cert:\\LocalMachine\My`. Mandatory.
-  + `SslRootCaCertDN`: Distinguished Name of the Root Certificate in the certificate chain of Mobile ID servers. Default: "CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch"
-  + `SslRootCaCertFiles`: Additional certificate files
+  + `SslMidClientKeystore`: Store location of certificate/key used for Mobile ID connectivity. For ADFS, the value should be usually `LocalMachine`. Default: `CurrentUser`
+  + `SslMidClientCertThumbprint`: The SHA1 Thumbprint of certificate used for Mobile ID connectivity. The thumbprint can be read out of the `Certificate` GUI (i.e. double-click the certificate file), or with a PowerShell cmdlet like `Get-ChildItem -Path cert:\\LocalMachine\My`. Mandatory.
+  + `SignRespCertFiles`: Additional certificate files
   + `UserSerialNumberPolicy`: Flags that determine how the serial number in user’s certificate is used in the authentication.
      Supported flags are warnMismatch(1), allowAbsence(2), allowMismatch (4). Default: "6"
   + `SanitizePhoneNumber`: If this parameter is `true`, phone numbers read from the attribute store are transformed before use in Mobile ID calls. The transformation is specified by `SanitizePhoneNumberPattern` and `SanitizePhoneNumberReplacement`. Default: remove all non-digits

README.md.src

@@ -93,8 +93,8 @@ The folder [samples](samples) contain several examples. The content of the confi
 <appConfig>
   <mobileIdClient
     AP_ID="mid://dev.swisscom.ch"
-    SslKeystore="LocalMachine"
-    SslCertThumbprint="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
+    SslMidClientKeystore="LocalMachine"
+    SslMidClientCertThumbprint="452409b86fb9541eb9dd8e3312b80a2fe2d6daac"
     DtbsPrefix="Test: "
   />
   <mobileIdAdfs/>
@@ -108,9 +108,8 @@ while the element `mobileIdAdfs` specifies the integration of Mobile ID with ADF
   + `AP_ID`: Your Application Provider ID, as assigned by Mobile ID Service Provider. Mandatory.
   + `DtbsPrefix`: This string will be prepended to the language-specific login prompt sent to a mobile device. Default: ""
   + `ServiceUrlPrefix`: URL for Mobile ID service, must end with `/`. Default: `https://mobileid.swisscom.com/soap/services/`
-  + `SslKeystore`: Store location of certificate/key used for Mobile ID connectivity. For ADFS, the value should be usually `LocalMachine`. Default: `CurrentUser`
-  + `SslCertThumbprint`: The SHA1 Thumbprint of certificate used for Mobile ID connectivity. The thumbprint can be read out of the `Certificate` GUI (i.e. double-click the certificate file), or with a PowerShell cmdlet like `Get-ChildItem -Path cert:\\LocalMachine\My`. Mandatory.
-  + `SslRootCaCertDN`: Distinguished Name of the Root Certificate in the certificate chain of Mobile ID servers. Default: "CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch"
+  + `SslMidClientKeystore`: Store location of certificate/key used for Mobile ID connectivity. For ADFS, the value should be usually `LocalMachine`. Default: `CurrentUser`
+  + `SslMidClientCertThumbprint`: The SHA1 Thumbprint of certificate used for Mobile ID connectivity. The thumbprint can be read out of the `Certificate` GUI (i.e. double-click the certificate file), or with a PowerShell cmdlet like `Get-ChildItem -Path cert:\\LocalMachine\My`. Mandatory.
   + `UserSerialNumberPolicy`: Flags that determine how the serial number in user’s certificate is used in the authentication.
      Supported flags are warnMismatch(1), allowAbsence(2), allowMismatch (4). Default: "6"
   + `SanitizePhoneNumber`: If this parameter is `true`, phone numbers read from the attribute store are transformed before use in Mobile ID calls. The transformation is specified by `SanitizePhoneNumberPattern` and `SanitizePhoneNumberReplacement`. Default: remove all non-digits

Service/Properties/AssemblyInfo.cs

@@ -33,6 +33,6 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.3.2.0")]
-[assembly: AssemblyFileVersion("1.3.2.0")]
+[assembly: AssemblyVersion("1.3.3.0")]
+[assembly: AssemblyFileVersion("1.3.3.0")]
 [assembly: NeutralResourcesLanguageAttribute("en")]

Service/WebClientConfig.cs

@@ -18,12 +18,11 @@ public class WebClientConfig
     {
         // mandatory input from caller
         string _apId = null;
-        string _sslCertThumbprint = null;
+        string _sslMidClientCertThumbprint = null;
 
         // optional input from caller
-        string _sslCaCertDN = "CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch";
-        string _sslCaCertFiles = string.Empty;
-        StoreLocation _sslKeyStore = StoreLocation.CurrentUser;
+        string _signRespCertFiles = string.Empty;
+        StoreLocation _sslMidClientKeystore = StoreLocation.CurrentUser;
         UserLanguage _userLanguageDefault = UserLanguage.en;
         string _serviceUrlPrefix = "https://mobileid.swisscom.com/soap/services/";
         string _dtbsPrefix = "";
@@ -37,8 +36,8 @@ public class WebClientConfig
         int _pollResponseDelaySeconds = 3;
         int _pollResponseIntervalSeconds = 1;
         UserSerialNumberPolicy _userSericalNumberPolicy = UserSerialNumberPolicy.allowAbsence | UserSerialNumberPolicy.allowMismatch;
-        bool _disableSignatureValidation = false;
-        bool _disableSignatureCertValidation = false;
+        bool _disableSignRespValidation = false;
+        bool _disableSignRespCertValidation = false;
         bool _sanitizePhoneNumber = false;
         Regex _sanitizePhoneNumberRegex = new Regex("\\D", RegexOptions.Compiled, TimeSpan.FromSeconds(1.0));
         string _sanitizePhoneNumberReplacement = "";
@@ -95,13 +94,11 @@ public static WebClientConfig CreateConfig(TextReader cfgStream)
                         cfg.SignatureProfile = xml["SignatureProfile"];
                         if (!string.IsNullOrEmpty(s = xml["SrvSideValidation"]))
                             cfg.SrvSideValidation = bool.Parse(s);
-                        cfg.SslCertThumbprint = xml["SslCertThumbprint"];
-                        if (!string.IsNullOrEmpty(s = xml["SslKeystore"]))
-                            cfg.SslKeystore = Util.ParseKeyStoreLocation(s);
-                        if (!string.IsNullOrEmpty(s = xml["SslRootCaCertDN"]))
-                            cfg.SslRootCaCertDN = s;
-                        if (!string.IsNullOrWhiteSpace(s = xml["SslRootCaCertFiles"]))
-                            cfg.SslRootCaCertFiles = s;
+                        cfg.SslMidClientCertThumbprint = xml["SslMidClientCertThumbprint"];
+                        if (!string.IsNullOrEmpty(s = xml["SslMidClientKeystore"]))
+                            cfg.SslMidClientKeystore = Util.ParseKeyStoreLocation(s);
+                        if (!string.IsNullOrWhiteSpace(s = xml["SignRespCertFiles"]))
+                            cfg.SignRespCertFiles = s;
                         if (!string.IsNullOrEmpty(s = xml["EnableSubscriberInfo"]))
                             cfg.EnableSubscriberInfo = Boolean.Parse(s);
                         cfg.SeedApTransId = xml["SeedApTransId"];
@@ -112,10 +109,10 @@ public static WebClientConfig CreateConfig(TextReader cfgStream)
                             cfg.PollResponseIntervalSeconds = int.Parse(s);
                         if (!string.IsNullOrWhiteSpace(s = xml["UserSerialNumberPolicy"]))
                             cfg.UserSerialNumberPolicy = (UserSerialNumberPolicy)Enum.Parse(typeof(UserSerialNumberPolicy), s, true);
-                        if (!string.IsNullOrWhiteSpace(s = xml["DisableSignatureValidation"]))
-                            cfg.DisableSignatureValidation = Boolean.Parse(s);
-                        if (!string.IsNullOrWhiteSpace(s = xml["DisableSignatureCertValidation"]))
-                            cfg.DisableSignatureCertValidation = Boolean.Parse(s);
+                        if (!string.IsNullOrWhiteSpace(s = xml["DisableSignRespValidation"]))
+                            cfg.DisableSignRespValidation = Boolean.Parse(s);
+                        if (!string.IsNullOrWhiteSpace(s = xml["DisableSignRespCertValidation"]))
+                            cfg.DisableSignRespCertValidation = Boolean.Parse(s);
                         if ((s = xml["SanitizePhoneNumber"]) != null)
                             cfg.SanitizePhoneNumber = bool.Parse(s);
                         if (cfg.SanitizePhoneNumber)
@@ -162,16 +159,16 @@ public UserLanguage UserLanguageDefault
             set { _userLanguageDefault = value; } 
         }
 
-        [ConfigurationProperty("SslKeystore", IsRequired = false, DefaultValue = "CurrentUser")]
-        public StoreLocation SslKeystore
+        [ConfigurationProperty("SslMidClientKeystore", IsRequired = false, DefaultValue = "CurrentUser")]
+        public StoreLocation SslMidClientKeystore
         { 
-            get {return _sslKeyStore;}
+            get {return _sslMidClientKeystore;}
             set {
                 switch (value.ToString())
                 {
-                    case "CurrentUser" : _sslKeyStore = StoreLocation.CurrentUser; break;
-                    case "LocalMachine" : _sslKeyStore = StoreLocation.LocalMachine; break;
-                    default: throw new ArgumentOutOfRangeException("SslKeystore is neither 'CurrentUser' nor 'LocalMachine'");
+                    case "CurrentUser" : _sslMidClientKeystore = StoreLocation.CurrentUser; break;
+                    case "LocalMachine" : _sslMidClientKeystore = StoreLocation.LocalMachine; break;
+                    default: throw new ArgumentOutOfRangeException("SslMidClientKeystore is neither 'CurrentUser' nor 'LocalMachine'");
                 }
             }
         }
@@ -183,30 +180,21 @@ public string SignatureProfile {
         }
 
 
-        [ConfigurationProperty("SslCertThumbprint", IsRequired = true, DefaultValue = "CurrentUser")]
-        public string SslCertThumbprint {
-            get { return _sslCertThumbprint; }
+        [ConfigurationProperty("SslMidClientCertThumbprint", IsRequired = true)]
+        public string SslMidClientCertThumbprint {
+            get { return _sslMidClientCertThumbprint; }
             set { if (value != null)
-                _sslCertThumbprint = System.Text.RegularExpressions.Regex.Replace(value, @"\s+", ""); 
+                _sslMidClientCertThumbprint = System.Text.RegularExpressions.Regex.Replace(value, @"\s+", ""); 
             }
         }
 
-        /// <summary>
-        /// Distinguished Name of Root CA Certificate in the CA Chain of the SSL Server Certificate for Mobile ID Service
-        /// </summary>
-        [ConfigurationProperty("SslRootCaCertDN", IsRequired = true)]
-        public string SslRootCaCertDN {
-            get { return _sslCaCertDN; }
-            set { if (! string.IsNullOrEmpty(value)) _sslCaCertDN = value;  }
-        }
-
         /// <summary>
         /// Filename of Root CA Certificate in the CA Chain of the SSL Server Certificate for Mobile ID Service. If the Certificate is not loaded from the 
         /// </summary>
-        [ConfigurationProperty("SslRootCaCertFiles", IsRequired = false, DefaultValue = "")]
-        public string SslRootCaCertFiles{
-            get { return _sslCaCertFiles; }
-            set { if (! string.IsNullOrEmpty(value)) _sslCaCertFiles = value; }
+        [ConfigurationProperty("SignRespCertFiles", IsRequired = false, DefaultValue = "")]
+        public string SignRespCertFiles{
+            get { return _signRespCertFiles; }
+            set { if (! string.IsNullOrEmpty(value)) _signRespCertFiles = value; }
         }
 
         public string ServiceUrlPrefix {
@@ -276,14 +264,14 @@ public UserSerialNumberPolicy UserSerialNumberPolicy {
             set { _userSericalNumberPolicy = value; }
         }
 
-        public bool DisableSignatureValidation {
-            get { return _disableSignatureValidation; }
-            set { _disableSignatureValidation = value; }
+        public bool DisableSignRespValidation {
+            get { return _disableSignRespValidation; }
+            set { _disableSignRespValidation = value; }
         }
 
-        public bool DisableSignatureCertValidation {
-            get { return _disableSignatureCertValidation;}
-            set { _disableSignatureCertValidation = value; }
+        public bool DisableSignRespCertValidation {
+            get { return _disableSignRespCertValidation; }
+            set { _disableSignRespCertValidation = value; }
         }
 
         /// <summary>
@@ -344,8 +332,8 @@ public override string ToString()
             // sorted alphabetically in name
             sb.Append("{ApId:\"").Append(_apId);
             sb.Append("\", DtbsPrefix:\"").Append(_dtbsPrefix);
-            sb.Append("\"; DisableSignatureValidation:").Append(_disableSignatureValidation);
-            sb.Append("; DisableSignatureCertValidation:").Append(_disableSignatureCertValidation);
+            sb.Append("\"; DisableSignRespValidation:").Append(_disableSignRespValidation);
+            sb.Append("; DisableSignRespCertValidation:").Append(_disableSignRespCertValidation);
             sb.Append("; EnableSubscriberInfo:").Append(_enableSubscriberInfo);
             sb.Append("; IgnoreUserSn:").Append(_ignoreUserSn);
             sb.Append("; IgnoreUserSnChange:").Append(_ignoreUserSnChange);
@@ -359,10 +347,9 @@ public override string ToString()
             sb.Append("\"; ServiceUrlPrefix=\"").Append(_serviceUrlPrefix);
             sb.Append("\"; SignatureProfile=\"").Append(_signatureProfile);
             sb.Append("\"; SrvSideValidation:").Append(_srvSideValidation);
-            sb.Append("; SslKeystore:").Append(_sslKeyStore);
-            sb.Append("; SslCertThumbprint:\"").Append(_sslCertThumbprint);
-            sb.Append("\"; SslRootCaCertDN:\"").Append(_sslCaCertDN);
-            sb.Append("\"; SslRootCaCertFiles:\"").Append(_sslCaCertFiles);
+            sb.Append("; SslMidClientKeystore:").Append(_sslMidClientKeystore);
+            sb.Append("; SslMidClientCertThumbprint:\"").Append(_sslMidClientCertThumbprint);
+            sb.Append("\"; SignRespCertFiles:\"").Append(_signRespCertFiles);
             sb.Append("\"; UserLanguageDefault:\"").Append(_userLanguageDefault);
             sb.Append("\"; UserSerialNumberPolicy:").Append(_userSericalNumberPolicy);
             sb.Append("; SecurityProtocolType:").Append(_securityProtocolType);