fixes errors due to dotnet 8 upgrade

Author: gislikonrad

src/AspNetCore.IdpSample/AspNetCore.IdpSample.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel>
   </PropertyGroup>
 

src/AspNetCore.IdpSample/Startup.cs

@@ -66,7 +66,7 @@ public void ConfigureServices(IServiceCollection services)
                     {
                         sp.BaseUrl = new Uri("https://localhost:5003");
                         sp.MaxClockSkew = TimeSpan.FromMinutes(2);
-                        sp.AssertionConsumerServiceEndpoint = "/finish";
+                        sp.AssertionConsumerServiceEndpoint = "/saml2p/finish";
                         sp.AssertionSigningKey = new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(SigningCertificateBase64)));
 
                         sp.SupportedBindings.Clear();

src/AspNetCore.SpSample/AspNetCore.SpSample.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel>
   </PropertyGroup>
 

src/AspNetCore.SpSample/Startup.cs

@@ -62,9 +62,6 @@ public void ConfigureServices(IServiceCollection services)
                         idp.CanInitiateSso = true;
                         idp.RequestedAuthnContextClassRef = Saml2pConstants.Classes.Kerberos;
                         idp.AssertionSigningKeys.Add(new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(SigningCertificateBase64))));
-                        //idp.Events.OnGeneratingRelayState = (provider, context) => new ValueTask();
-                        //idp.Events.OnValidatingToken = ValidatingToken;
-                        //idp.Events.OnValidatingToken += (provider, context) => new ValueTask();
                     });
                 })
             ;

src/Solid.Identity.Protocols.Sam2p.Tests/Solid.Identity.Protocols.Sam2p.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net6.0;net7.0</TargetFrameworks>
+    <TargetFrameworks>net6.0;net8.0</TargetFrameworks>
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 

src/Solid.Identity.Protocols.Saml2p/Abstractions/ISecurityTokenDescriptorFactory.cs

@@ -6,6 +6,7 @@
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 
 namespace Solid.Identity.Protocols.Saml2p.Abstractions
 {

src/Solid.Identity.Protocols.Saml2p/Authentication/Saml2pAuthenticationHandler.cs

@@ -18,20 +18,32 @@
 using System.Security.Claims;
 using Solid.Identity.Protocols.Saml2p.Options;
 using Solid.Identity.Protocols.Saml2p.Exceptions;
+// ReSharper disable InconsistentNaming
 
 namespace Solid.Identity.Protocols.Saml2p.Authentication
 {
     internal class Saml2pAuthenticationHandler : RemoteAuthenticationHandler<Saml2pAuthenticationOptions>, IDisposable
     {
         private Saml2pOptions _saml2p;
-        private IDisposable _optionsChangeToken;
+        private readonly IDisposable _optionsChangeToken;
 
+#if NET6_0
         public Saml2pAuthenticationHandler(IOptionsMonitor<Saml2pOptions> saml2pOptionsMonitor, IOptionsMonitor<Saml2pAuthenticationOptions> monitor, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) 
             : base(monitor, logger, encoder, clock)
         {
             _saml2p = saml2pOptionsMonitor.CurrentValue;
             _optionsChangeToken = saml2pOptionsMonitor.OnChange((options, _) => _saml2p = options);
         }
+#else
+        public Saml2pAuthenticationHandler(IOptionsMonitor<Saml2pOptions> saml2pOptionsMonitor, IOptionsMonitor<Saml2pAuthenticationOptions> monitor, ILoggerFactory logger, UrlEncoder encoder) 
+            : base(monitor, logger, encoder)
+        {
+            _saml2p = saml2pOptionsMonitor.CurrentValue;
+            _optionsChangeToken = saml2pOptionsMonitor.OnChange((options, _) => _saml2p = options);
+        }
+#endif
+        
+        
 
         protected override Task InitializeHandlerAsync()
         {

src/Solid.Identity.Protocols.Saml2p/Extensions/ClaimsIdentityExtensions.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Collections.Generic;
+using System.Runtime.InteropServices;
 using System.Text;
+using Solid.IdentityModel.Xml;
 
 namespace System.Security.Claims
 {
@@ -11,5 +13,17 @@ public static bool TryFindFirst(this ClaimsIdentity identity, string type, out C
             claim = identity.FindFirst(type);
             return claim != null;
         }
+
+        public static bool TryParseAuthenticationInstant(this ClaimsIdentity identity, out DateTime? instant)
+        {
+            var value = identity.FindFirst(ClaimTypes.AuthenticationInstant)?.Value;
+            if (string.IsNullOrWhiteSpace(value))
+                return Out.False(out instant);
+            if (!DateTime.TryParse(value, out var parsed))
+                return Out.False(out instant);
+
+            instant = parsed;
+            return instant.HasValue;
+        }
     }
 }

src/Solid.Identity.Protocols.Saml2p/Factories/AuthnRequestFactory.cs

@@ -18,9 +18,9 @@ namespace Solid.Identity.Protocols.Saml2p.Factories
     /// </summary>
     public class AuthnRequestFactory
     {
-        private ISystemClock _systemClock;
-        private Saml2pOptions _options;
-
+        private readonly Saml2pOptions _options;
+#if NET6_0
+        private readonly ISystemClock _systemClock;
         /// <summary>
         /// Creates an instance of <see cref="AuthnRequestFactory"/>.
         /// </summary>
@@ -31,6 +31,19 @@ public AuthnRequestFactory(ISystemClock systemClock, IOptions<Saml2pOptions> opt
             _systemClock = systemClock;
             _options = options.Value;
         }
+#else
+        private readonly TimeProvider _time;
+        /// <summary>
+        /// Creates an instance of <see cref="AuthnRequestFactory"/>.
+        /// </summary>
+        /// <param name="time">The provider of the current time.</param>
+        /// <param name="options">The current <see cref="Saml2pOptions" />.</param>
+        public AuthnRequestFactory(TimeProvider time, IOptions<Saml2pOptions> options)
+        {
+            _time = time;
+            _options = options.Value;
+        }
+#endif
 
         /// <summary>
         /// Creates an instance of <see cref="AuthnRequest"/>.
@@ -46,7 +59,7 @@ public async Task<AuthnRequest> CreateAuthnRequestAsync(HttpContext context, ISa
                 // TODO: have some sort of providername default
                 ProviderName = idp.ExpectedIssuer ?? _options.DefaultIssuer,
                 AssertionConsumerServiceUrl = GetAcsUrl(context.Request),
-                IssueInstant = _systemClock.UtcNow.UtcDateTime,
+                IssueInstant = GetUtcNow(),
                 Issuer = idp.ExpectedIssuer ?? _options.DefaultIssuer,
                 Destination = new Uri(idp.BaseUrl, idp.AcceptSsoEndpoint),
                 NameIdPolicy = new NameIdPolicy
@@ -82,5 +95,14 @@ private Uri GetAcsUrl(HttpRequest request)
             var path = request.PathBase.Add(_options.FinishPath);
             return new Uri(baseUrl, path);
         }
+
+        private DateTime GetUtcNow()
+        {
+#if NET6_0
+            return _systemClock.UtcNow.UtcDateTime;
+#else
+            return _time.GetUtcNow().UtcDateTime;
+#endif
+        }
     }
 }

src/Solid.Identity.Protocols.Saml2p/Factories/SecurityTokenDescriptorFactory.cs

@@ -21,9 +21,11 @@ namespace Solid.Identity.Protocols.Saml2p.Factories
 {
     internal class SecurityTokenDescriptorFactory : ISecurityTokenDescriptorFactory
     {
-        private Saml2pOptions _options;
-        private IEnumerable<IServiceProviderClaimsProvider> _claimsProviders;
-        private ILogger<SecurityTokenDescriptorFactory> _logger;
+        private readonly Saml2pOptions _options;
+        private readonly IEnumerable<IServiceProviderClaimsProvider> _claimsProviders;
+        private readonly ILogger<SecurityTokenDescriptorFactory> _logger;
+
+#if NET6_0
         private ISystemClock _systemClock;
 
         public SecurityTokenDescriptorFactory(
@@ -37,18 +39,36 @@ public SecurityTokenDescriptorFactory(
             _logger = logger;
             _systemClock = systemClock;
         }
+#else
+        private readonly TimeProvider _time;
 
-        public async ValueTask<SecurityTokenDescriptor> CreateSecurityTokenDescriptorAsync(ClaimsIdentity identity, ISaml2pServiceProvider partner)
+        public SecurityTokenDescriptorFactory(
+            IOptions<Saml2pOptions> options,
+            IEnumerable<IServiceProviderClaimsProvider> claimsProviders,
+            ILogger<SecurityTokenDescriptorFactory> logger,
+            TimeProvider time)
         {
-            var instant = identity.FindFirst(ClaimTypes.AuthenticationInstant)?.Value;
-            var issuedAt = _systemClock.UtcNow.DateTime;
-            if (instant != null && DateTime.TryParse(instant, out var parsed))
-                issuedAt = parsed;
+            _options = options.Value;
+            _claimsProviders = claimsProviders;
+            _logger = logger;
+            _time = time;
+        }
+#endif
 
-            var issuer = partner.ExpectedIssuer ?? _options.DefaultIssuer;
+        public async ValueTask<SecurityTokenDescriptor> CreateSecurityTokenDescriptorAsync(ClaimsIdentity identity, ISaml2pServiceProvider partner)
+        {
+            var issuedAt = GetUtcNow();
+            var instant = issuedAt;
+            if (identity.TryParseAuthenticationInstant(out var parsed))
+                instant = parsed!.Value;
 
             var lifetime = partner.TokenLifeTime ?? _options.DefaultTokenLifetime;
-            var tolerence = partner.MaxClockSkew ?? _options.DefaultMaxClockSkew ?? TimeSpan.Zero;
+            var tolerance = partner.MaxClockSkew ?? _options.DefaultMaxClockSkew ?? TimeSpan.Zero;
+            var expires = issuedAt
+                .Add(lifetime)
+                .Add(tolerance)
+            ;
+            var issuer = partner.ExpectedIssuer ?? _options.DefaultIssuer;
             var claims = new List<Claim>();
             foreach (var provider in _claimsProviders)
             {
@@ -74,7 +94,7 @@ public async ValueTask<SecurityTokenDescriptor> CreateSecurityTokenDescriptorAsy
             claims = claims.Where(c => supported.Contains(c.Type)).ToList();
             Trace($"Filtered claims.", claims);
 
-            AddRequiredClaims(identity, claims, issuedAt, issuer);
+            AddRequiredClaims(identity, claims, instant, issuer);
 
             var attributes = claims
                 .Where(c => c.Type != ClaimTypes.NameIdentifier)
@@ -91,18 +111,13 @@ public async ValueTask<SecurityTokenDescriptor> CreateSecurityTokenDescriptorAsy
                 attribute.Properties.Add(ClaimProperties.SamlAttributeNameFormat, "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
             }
 
-            var expires = issuedAt
-                .Add(lifetime)
-                .Add(tolerence)
-            ;
-
             var descriptor = new SecurityTokenDescriptor
             {
                 Audience = partner.Id,
                 Subject = new ClaimsIdentity(claims, "SSO"),
                 Issuer = issuer,
                 IssuedAt = issuedAt,
-                NotBefore = issuedAt.Subtract(tolerence),
+                NotBefore = issuedAt.Subtract(tolerance),
                 Expires = expires,
                 SigningCredentials = GetSigningCredentials(partner),
                 EncryptingCredentials = GetEncryptingCredentials(partner)
@@ -171,5 +186,14 @@ private void Trace(string prefix, object obj)
             if (!_logger.IsEnabled(LogLevel.Trace)) return;
             _logger.LogTrace(prefix + Environment.NewLine + "{state}", new WrappedLogMessageState(obj));
         }
+
+        private DateTime GetUtcNow()
+        {
+#if NET6_0
+            return _systemClock.UtcNow.UtcDateTime;
+#else
+            return _time.GetUtcNow().UtcDateTime;
+#endif
+        }
     }
 }