Ticket #771 : Check errors during explicit registration

src/IdServer/SimpleIdServer.IdServer.Federation/Apis/FederationRegistration/FederationRegistrationController.cs

@@ -47,7 +47,7 @@ public async Task<IActionResult> Post([FromRoute] string prefix, CancellationTok
         {
             var entityStatement = await reader.ReadToEndAsync();
             prefix = prefix ?? Constants.DefaultRealm;
-            if (!Request.Headers.ContentType.Contains(OpenidFederationConstants.EntityStatementContentType))
+            if (!Request.Headers.ContentType.Any(c => c.StartsWith(OpenidFederationConstants.EntityStatementContentType)))
                 return Error(HttpStatusCode.BadRequest, ErrorCodes.INVALID_REQUEST, Resources.Global.OnlyEntityStatementIsSupported);
             try
             {
@@ -78,7 +78,8 @@ public async Task<IActionResult> Post([FromRoute] string prefix, CancellationTok
             catch (OAuthException ex)
             {
                 _logger.LogError(ex.ToString());
-                return Error(ex.StatusCode.Value, ex.Code, ex.Message);
+                var statusCode = ex.StatusCode == null ? HttpStatusCode.BadRequest : ex.StatusCode.Value;
+                return Error(statusCode, ex.Code, ex.Message);
             }
         }
     }

src/IdServer/SimpleIdServer.IdServer.Federation/ClientRegistrationService.cs

@@ -121,7 +121,7 @@ public async Task<Client> AutomaticRegisterClient(
             {
                 var message = ex.ToString();
                 _logger.LogError(message);
-                throw new OAuthException(ErrorCodes.INVALID_REQUEST, message);
+                throw new OAuthException(ErrorCodes.INVALID_REQUEST, ex.Message);
             }
 
             var allAuthorities = await _federationEntityStore.GetAllAuthorities(realm, cancellationToken);
@@ -130,7 +130,6 @@ public async Task<Client> AutomaticRegisterClient(
             if (filteredTrustChain == null)
                 throw new OAuthException(ErrorCodes.MISSING_TRUST_ANCHOR, Resources.Global.NoTrustAnchorCanBeResolved);
 
-
             var federationResult = filteredTrustChain.EntityStatements.First().FederationResult;
             if (federationResult.Metadata == null ||
                 federationResult.Metadata.OtherParameters == null ||
@@ -147,7 +146,7 @@ public async Task<Client> AutomaticRegisterClient(
             if (!metadata.ContainsKey(OAuthClientParameters.ClientRegistrationTypesSupported))
                 throw new OAuthException(ErrorCodes.INVALID_REQUEST, Resources.Global.ClientRegistrationTypesMustBeSpecified);
 
-            var clientRegistrationTypes = metadata[OAuthClientParameters.ClientRegistrationTypesSupported] as JsonArray;
+            var clientRegistrationTypes = (metadata[OAuthClientParameters.ClientRegistrationTypesSupported] as JsonArray).Select(c => c.ToString());
             if(!clientRegistrationTypes.Contains(type))
                 throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Resources.Global.ClientRegistrationTypeNotSupported, type));
 

src/IdServer/SimpleIdServer.IdServer.Federation/WebApplicationExtensions.cs

@@ -22,7 +22,7 @@ public static WebApplication UseOpenidFederation(this WebApplication webApplicat
                 defaults: new { controller = "OpenidFederation", action = "Get" });
             webApplication.SidMapControllerRoute("federationRegistration",
                 pattern: (usePrefix ? "{prefix}/" : string.Empty) + OpenidFederationConstants.EndPoints.FederationRegistration,
-                defaults: new { controller = "FederationRegistration", action = "Get" });
+                defaults: new { controller = "FederationRegistration", action = "Post" });
             if (federationOpts.IsFederationEnabled)
             {
                 webApplication.SidMapControllerRoute("federationFetch",

src/IdServer/SimpleIdServer.OpenidFederation/Clients/TrustChainResolver.cs

@@ -87,6 +87,7 @@ public void Dispose() =>
 
     private async Task<bool> ExtractTrustChainFromRp(EntityStatement entityStatement, ConcurrentDictionary<string, EntityStatement> federationLst, string entityId, CancellationToken cancellationToken)
     {
+        if (string.IsNullOrWhiteSpace(entityId)) throw new InvalidOperationException(Global.SubjectIsRequiredInEntityStatement);
         federationLst.TryAdd(entityId, entityStatement);
         if (entityStatement.FederationResult.AuthorityHints != null && entityStatement.FederationResult.AuthorityHints.Any())
         {
@@ -151,6 +152,8 @@ private async Task<bool> ExtractTrustChainFromTaOrIntermediate(
     private EntityStatement DeserializeEntityStatement(string content)
     {
         var handler = new JsonWebTokenHandler();
+        if (string.IsNullOrWhiteSpace(content)) throw new InvalidOperationException(Resources.Global.EntityStatementIsRequired);
+        if (!handler.CanReadToken(content)) throw new InvalidOperationException(Resources.Global.EntityStatementIsNotWellFormatted);
         var jwt = handler.ReadJsonWebToken(content);
         var json = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(jwt.EncodedPayload));
         return new EntityStatement(content, JsonSerializer.Deserialize<OpenidFederationResult>(json));
@@ -167,6 +170,7 @@ private EntityStatement DeserializeEntityStatement(string content)
         if (!httpResult.IsSuccessStatusCode) return null;
         var content = await httpResult.Content.ReadAsStringAsync(cancellationToken);
         var handler = new JsonWebTokenHandler();
+        if (!handler.CanReadToken(content)) return null;
         var jwt = handler.ReadJsonWebToken(content);
         var json = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(jwt.EncodedPayload));
         return new EntityStatement(content, JsonSerializer.Deserialize<OpenidFederationResult>(json));

src/IdServer/SimpleIdServer.OpenidFederation/Resources/Global.resx

@@ -123,11 +123,17 @@
   <data name="EntityStatementIsExpired" xml:space="preserve">
     <value>the entity statement {0} is expired</value>
   </data>
+  <data name="EntityStatementIsNotWellFormatted" xml:space="preserve">
+    <value>the entity statement is not correctly formatted</value>
+  </data>
+  <data name="EntityStatementIsRequired" xml:space="preserve">
+    <value>the entity statement is required</value>
+  </data>
   <data name="EntityStatementSignatureIsInvalid" xml:space="preserve">
     <value>the entity statement {0} signature is invalid</value>
   </data>
   <data name="FederationIsNotEnabled" xml:space="preserve">
-    <value />
+    <value>the federation is not enabled</value>
   </data>
   <data name="ImpossibleToExtractOpenidFederation" xml:space="preserve">
     <value>cannot extract the openid federation</value>
@@ -150,6 +156,9 @@
   <data name="SubDifferentToPreviousIssuer" xml:space="preserve">
     <value>the subject is different from the previous issuer</value>
   </data>
+  <data name="SubjectIsRequiredInEntityStatement" xml:space="preserve">
+    <value>subject is required in the entity statement</value>
+  </data>
   <data name="UnknownEntityStatement" xml:space="preserve">
     <value>the entity statement {0} doesn't exist</value>
   </data>

tests/SimpleIdServer.IdServer.Host.Acceptance.Tests/Features/Federations/ExplicitRegistration.feature

@@ -0,0 +1,4 @@
+Feature: ExplicitRegistration
+	Check explicit registration
+
+Scenario: Check access token can be returned when using explicit client registration