Added specific support for .NET 8.0's time clock replacememt in constructors

Suppressed vuln checking in packages for older sample apps, as they're stuck on those unsupported versions.

Author: blowdart

idunno.Authentication.sln

@@ -87,15 +87,13 @@ Global
 		{1F0D1711-6A93-4428-A404-8F1F13AD5D61}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1F0D1711-6A93-4428-A404-8F1F13AD5D61}.Release|Any CPU.Build.0 = Release|Any CPU
 		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.CodeQL|Any CPU.ActiveCfg = CodeQL|Any CPU
-		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.Debug|Any CPU.ActiveCfg = Release|Any CPU
+		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.Debug|Any CPU.Build.0 = Release|Any CPU
 		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{BB3C0698-1736-491C-B621-A78D00CBF0CA}.Release|Any CPU.Build.0 = Release|Any CPU
 		{E78E32F6-B94F-4ED3-9A33-3CE500C61AE6}.CodeQL|Any CPU.ActiveCfg = CodeQL|Any CPU
 		{E78E32F6-B94F-4ED3-9A33-3CE500C61AE6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{E78E32F6-B94F-4ED3-9A33-3CE500C61AE6}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E78E32F6-B94F-4ED3-9A33-3CE500C61AE6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{E78E32F6-B94F-4ED3-9A33-3CE500C61AE6}.Release|Any CPU.Build.0 = Release|Any CPU
 		{6E25A829-BABC-41EE-80C2-56FACE3AA49B}.CodeQL|Any CPU.ActiveCfg = CodeQL|Any CPU
 		{6E25A829-BABC-41EE-80C2-56FACE3AA49B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{6E25A829-BABC-41EE-80C2-56FACE3AA49B}.Debug|Any CPU.Build.0 = Debug|Any CPU
@@ -107,20 +105,18 @@ Global
 		{83CA0C3E-7B9E-4CFA-A0A6-1258940964CB}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{83CA0C3E-7B9E-4CFA-A0A6-1258940964CB}.Release|Any CPU.Build.0 = Release|Any CPU
 		{116A502B-8196-4005-A067-2F8CA7ABC247}.CodeQL|Any CPU.ActiveCfg = CodeQL|Any CPU
-		{116A502B-8196-4005-A067-2F8CA7ABC247}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{116A502B-8196-4005-A067-2F8CA7ABC247}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{116A502B-8196-4005-A067-2F8CA7ABC247}.Debug|Any CPU.ActiveCfg = Release|Any CPU
+		{116A502B-8196-4005-A067-2F8CA7ABC247}.Debug|Any CPU.Build.0 = Release|Any CPU
 		{116A502B-8196-4005-A067-2F8CA7ABC247}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{116A502B-8196-4005-A067-2F8CA7ABC247}.Release|Any CPU.Build.0 = Release|Any CPU
 		{772C5611-EB06-4878-A758-CEFF519764E0}.CodeQL|Any CPU.ActiveCfg = CodeQL|Any CPU
 		{772C5611-EB06-4878-A758-CEFF519764E0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{772C5611-EB06-4878-A758-CEFF519764E0}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{772C5611-EB06-4878-A758-CEFF519764E0}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{772C5611-EB06-4878-A758-CEFF519764E0}.Release|Any CPU.Build.0 = Release|Any CPU
 		{1D706A97-2F8A-46ED-81FD-2AD17E4710F3}.CodeQL|Any CPU.ActiveCfg = CodeQL|Any CPU
 		{1D706A97-2F8A-46ED-81FD-2AD17E4710F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{1D706A97-2F8A-46ED-81FD-2AD17E4710F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1D706A97-2F8A-46ED-81FD-2AD17E4710F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{1D706A97-2F8A-46ED-81FD-2AD17E4710F3}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

samples/idunno.Authentication.Basic.Sample.net6/Program.cs

@@ -1,4 +1,3 @@
-using System.Reflection.Metadata.Ecma335;
 using System.Security.Claims;
 using idunno.Authentication.Basic;
 using Microsoft.AspNetCore.Authorization;

samples/idunno.Authentication.Basic.Sample/idunno.Authentication.Basic.Sample.csproj

@@ -5,6 +5,11 @@
     <Configurations>Debug;Release;CodeQL</Configurations>
   </PropertyGroup>
 
+	<PropertyGroup>
+    <!-- Supress out of support warnings -->
+    <NoWarn>$(NoWarn);NETSDK1138</NoWarn>
+  </PropertyGroup>
+
   <ItemGroup>
     <None Update="Views\**\*;Areas\**\Views">
       <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>

samples/idunno.Authentication.Certificate.Sample/idunno.Authentication.Certificate.Sample.csproj

@@ -2,12 +2,17 @@
 
   <PropertyGroup>
     <TargetFramework>netcoreapp2.1</TargetFramework>
-	<CheckEolTargetFramework>false</CheckEolTargetFramework>
+    <CheckEolTargetFramework>false</CheckEolTargetFramework>
     <EnableNETAnalyzers>false</EnableNETAnalyzers>
     <Configurations>Debug;Release;CodeQL</Configurations>
   </PropertyGroup>
 
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+  <PropertyGroup>
+    <!-- Disable breaking on nuget warning about packages with vulnerabilties because I know it's EOL -->
+    <NoWarn>$(NoWarn);NU1903;NU1902</NoWarn>
+  </PropertyGroup>
+
+<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
     <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
     <WarningsAsErrors>NU1605</WarningsAsErrors>
   </PropertyGroup>

src/Directory.Build.props

@@ -27,8 +27,8 @@
   </PropertyGroup>
 
   <ItemGroup Condition="'$(Configuration)' != 'CodeQL'">
-    <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.1.1" PrivateAssets="All" />
-    <PackageReference Include="Nerdbank.GitVersioning" Version="3.6.133" PrivateAssets="All" />
+    <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.2.4" PrivateAssets="All" />
+    <PackageReference Include="Nerdbank.GitVersioning" Version="3.6.139" PrivateAssets="All" />
   </ItemGroup>
 
   <ItemGroup>

src/idunno.Authentication.Basic/BasicAuthenticationHandler.cs

@@ -19,10 +19,26 @@ internal class BasicAuthenticationHandler : AuthenticationHandler<BasicAuthentic
     {
         private const string _Scheme = "Basic";
 
+#pragma warning disable IDE0079
+#pragma warning disable IDE0090
+
         private readonly UTF8Encoding _utf8ValidatingEncoding = new UTF8Encoding(false, true);
 
+#pragma warning restore IDE0090
+#pragma warning restore IDE0079
+
         private readonly Encoding _iso88591ValidatingEncoding = Encoding.GetEncoding("ISO-8859-1",new EncoderExceptionFallback(), new DecoderExceptionFallback());
 
+#if NET8_0_OR_GREATER
+        public BasicAuthenticationHandler(
+            IOptionsMonitor<BasicAuthenticationOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder) : base(options, logger, encoder)
+        {
+        }
+
+        [Obsolete("ISystemClock is obsolete, use TimeProvider on AuthenticationSchemeOptions instead.")]
+#endif
         public BasicAuthenticationHandler(
             IOptionsMonitor<BasicAuthenticationOptions> options,
             ILoggerFactory logger,
@@ -45,7 +61,12 @@ public BasicAuthenticationHandler(
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
+#if NET6_0_OR_GREATER
+            string authorizationHeader = Request.Headers.Authorization;
+#else
             string authorizationHeader = Request.Headers["Authorization"];
+#endif
+
             if (string.IsNullOrEmpty(authorizationHeader))
             {
                 return AuthenticateResult.NoResult();
@@ -105,7 +126,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                     }
                     else
                     {
-                        throw new ArgumentOutOfRangeException(nameof(Options), "Unknown EncodingPrefence");
+                        throw new ArgumentOutOfRangeException(nameof(Options), "Unknown EncodingPreference");
                     }
                 }
                 catch (Exception ex)

src/idunno.Authentication.Basic/idunno.Authentication.Basic.csproj

@@ -2,12 +2,17 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support basic authentication.</Description>
-    <TargetFrameworks>netstandard2.0;netcoreapp3.0;netcoreapp3.1;net5.0;net6.0;net7.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;netcoreapp3.0;netcoreapp3.1;net5.0;net6.0;net7.0;net8.0</TargetFrameworks>
     <PackageTags>aspnetcore;authentication;security;basicauth</PackageTags>
     <Configurations>Debug;Release;CodeQL</Configurations>
   </PropertyGroup>
 
   <PropertyGroup>
+    <!-- Supress out of support warnings -->
+    <NoWarn>$(NoWarn);NETSDK1138</NoWarn>
+  </PropertyGroup>
+
+	<PropertyGroup>
     <CheckEolTargetFramework>false</CheckEolTargetFramework>
   </PropertyGroup>
 

src/idunno.Authentication.SharedKey/SharedKeyAuthenticationHandler.cs

@@ -18,7 +18,16 @@ namespace idunno.Authentication.SharedKey
 {
     internal class SharedKeyAuthenticationHandler : AuthenticationHandler<SharedKeyAuthenticationOptions>
     {
+#if NET8_0_OR_GREATER
+        public SharedKeyAuthenticationHandler(
+            IOptionsMonitor<SharedKeyAuthenticationOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder) : base(options, logger, encoder)
+        {
+        }
 
+        [Obsolete("ISystemClock is obsolete, use TimeProvider on AuthenticationSchemeOptions instead.")]
+#endif
         public SharedKeyAuthenticationHandler(
             IOptionsMonitor<SharedKeyAuthenticationOptions> options,
             ILoggerFactory logger,
@@ -41,7 +50,12 @@ public SharedKeyAuthenticationHandler(
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
+#if NET6_0_OR_GREATER
+            string? authorizationHeader = Request.Headers.Authorization;
+#else
             string? authorizationHeader = Request.Headers["Authorization"];
+#endif
+
             if (string.IsNullOrEmpty(authorizationHeader))
             {
                 return AuthenticateResult.NoResult();
@@ -160,8 +174,12 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                         }
                         Request.Body.Position = currentPosition;
 
+#if NET5_0_OR_GREATER
+                        var calculatedContentHash = MD5.HashData(new UTF8Encoding(false).GetBytes(body));
+#else
                         using var md5 = MD5.Create();
                         var calculatedContentHash = md5.ComputeHash(new UTF8Encoding(false).GetBytes(body));
+#endif
 
                         byte[] providedContentHash;
                         try

src/idunno.Authentication.SharedKey/SharedKeyAuthenticationOptions.cs

@@ -20,7 +20,7 @@ public class SharedKeyAuthenticationOptions : AuthenticationSchemeOptions
             set { base.Events = value; }
         }
 
-        public Func<string, byte[]> KeyResolver { get; set; } = (keyId) => Array.Empty<byte>();
+        public Func<string, byte[]> KeyResolver { get; set; } = (keyId) => { return Array.Empty<byte>(); };
 
         public TimeSpan MaximumMessageValidity { get; set; } = new TimeSpan(0, 15, 0);
     }

src/idunno.Authentication.SharedKey/SharedKeyHttpMessageHandler.cs

@@ -12,6 +12,10 @@ namespace idunno.Authentication.SharedKey
 {
     public class SharedKeyHttpMessageHandler : DelegatingHandler
     {
+
+#pragma warning disable IDE0079
+#pragma warning disable IDE0290
+
         public SharedKeyHttpMessageHandler(string keyId, byte[] key)
         {
             KeyId = keyId;
@@ -22,12 +26,20 @@ public SharedKeyHttpMessageHandler(string keyId, string key) : this(keyId, Conve
         {
         }
 
+#pragma warning restore IDE0290
+#pragma warning restore IDE0079
+
+
         protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         {
+#if NET6_0_OR_GREATER            
+            ArgumentNullException.ThrowIfNull(request);
+#else
             if (request == null)
             {
                 throw new ArgumentNullException(nameof(request));
             }
+#endif
 
             // Time stamp the request if it's not already timestamped so we can support expiry.
             if (request.Headers.Date == null)

src/idunno.Authentication.SharedKey/idunno.Authentication.SharedKey.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support a type of shared key authentication.</Description>
-    <TargetFrameworks>netcoreapp3.1;net6.0;net7.0</TargetFrameworks>
+    <TargetFrameworks>netcoreapp3.1;net6.0;net7.0;net8.0</TargetFrameworks>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
     <Nullable>enable</Nullable>
     <Configurations>Debug;Release;CodeQL</Configurations>

test/Directory.Build.props

@@ -5,14 +5,20 @@
     <IsPublishable>False</IsPublishable>
   </PropertyGroup>
 
+  <PropertyGroup>
+  <!-- Disable breaking on nuget warning about packages with vulnerabilties because I need to use the lowest
+       version possible as the baseline for aspnet.all -->
+    <WarningsNotAsErrors>$(WarningsNotAsErrors);NU1903;NU1902</WarningsNotAsErrors>
+  </PropertyGroup>
+
   <!-- These packages must have matching versions. Do not believe Dependabot when it tries to update them individually -->
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
-    <PackageReference Include="Microsoft.CodeCoverage" Version="17.9.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="Microsoft.CodeCoverage" Version="17.10.0" />
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.collector" Version="6.0.1">
+    <PackageReference Include="coverlet.collector" Version="6.0.2">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>