Added some ReadMe files to explain how to create ECC 256 keys and Cert files

Added ReadMe to explain how to upload the Nuget package.
Added and moved all testcases to use PEM files to load the certificate, no no longer rely on having the cert installed in the windows certificate manager for development, use PEM file imbedded as resources in the Test project.
Added a Covid result of Not Detected to test project
Added support methods to load X509Certificate2 from PEM files
Added more validation to the JWKS de-serializer

Author: angusmillar

ReadMeOpenSSLCreateECCkeys.txt

@@ -0,0 +1,93 @@
+Taken from : https://www.scottbrady91.com/OpenSSL/Creating-Elliptical-Curve-Keys-using-OpenSSL
+
+Recently, I have been using OpenSSL to generate private keys and X509 certificates 
+for Elliptical Curve Cryptography (ECC) and then using them in ASP.NET Core for token signing.
+
+In this article, I�m going to show you how to use OpenSSL to generate private and public 
+keys on the curve of your choice. Check out my other article for how to do the same for RSA 
+keys.
+
+OpenSSL ECDSA Cheat Sheet
+-------------------------------------------------------------------
+# find your curve
+openssl ecparam -list_curves
+
+# generate a private key for a curve
+openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
+
+# generate corresponding public key
+openssl ec -in private-key.pem -pubout -out public-key.pem
+
+# optional: create a self-signed certificate
+openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
+
+# optional: convert pem to pfx
+openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx
+Generating an Elliptical Curve Private Key Using OpenSSL
+To start, you will need to choose the curve you will be working with. You can use the 
+following command to see a list of 
+supported curve names and descriptions.
+
+openssl ecparam -list_curves
+In this example, I am using prime256v1 (secp256r1), which is suitable for JWT signing; 
+this is the curve used for JOSE�s ES256.
+-------------------------------------------------------------------
+
+You can now generate a private key:
+
+openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
+This should give you a PEM file containing your EC private key, which looks something 
+like the following:
+
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKEubpBiHkZQYlORbCy8gGTz8tzrWsjBJA6GfFCrQ98coAoGCCqGSM49
+AwEHoUQDQgAEOr6rMmRRNKuZuwws/hWwFTM6ECEEaJGGARCJUO4UfoURl8b4JThG
+t8VDFKeR2i+ZxE+xh/wTBaJ/zvtSqZiNnQ==
+-----END EC PRIVATE KEY-----
+
+Creating an EC Public Key from a Private Key Using OpenSSL
+Now that you have your private key, you can use it to generate another PEM, containing 
+only your public key.
+
+openssl ec -in private-key.pem -pubout -out public-key.pem
+This should give you another PEM file, containing the public key:
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOr6rMmRRNKuZuwws/hWwFTM6ECEE
+aJGGARCJUO4UfoURl8b4JThGt8VDFKeR2i+ZxE+xh/wTBaJ/zvtSqZiNnQ==
+-----END PUBLIC KEY-----
+
+Creating an EC Self-Signed Certificate Using OpenSSL
+Now that you have a private key, you could use it to generate a self-signed certificate. 
+This is not required, but it allows you to use the key 
+for server/client authentication, or gain X509 specific functionality in technologies 
+such as JWT and SAML.
+
+openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
+This will again generate another PEM file, this time containing the certificate created 
+by your private key:
+
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAYWgAwIBAgIUH53ssiPt4JEGx+VJyntCpHL+TdAwCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA3MTgxMTE4NDNaFw0yMTA3MTMx
+MTE4NDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
+VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQ6vqsyZFE0q5m7DCz+FbAVMzoQIQRokYYBEIlQ7hR+hRGXxvglOEa3
+xUMUp5HaL5nET7GH/BMFon/O+1KpmI2do1MwUTAdBgNVHQ4EFgQU9yjFBqAZOMv+
+cD6a3KHTWuYrcFEwHwYDVR0jBBgwFoAU9yjFBqAZOMv+cD6a3KHTWuYrcFEwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAwCpA5Nx083qqUqU6LUd0
+vzZLK4etuInxNvXohXH5LiACIQDSI63J4DiN3dq2sPPLw5iQi9MMefcV1iAySbKT
+B9BaAw==
+-----END CERTIFICATE-----
+
+You could leave things there, but if you are working on Windows, you may prefer a PFX 
+file that contains both the certificate and the private key for you to export and use.
+
+You can do this using OpenSSL�s pkcs12 command:
+
+openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx
+OpenSSL will ask you to create a password for the PFX file. Feel free to leave this blank.
+
+This should leave you with a certificate that Windows can both install and export the 
+EC private key from.

NugetPublishReadme.txt ReadmeNugetPublish.txtNugetPublishReadme.txt renamed to ReadmeNugetPublish.txt

@@ -1,4 +1,4 @@
-How to pubish to Nuget:
+How to publish to Nuget:
 
 1. Rev the version in the project package dialog and save
 2. Right click the project and select Pack

SmartHealthCard.Test/Model/FhirDataSupport.cs

@@ -10,10 +10,10 @@ namespace SmartHealthCard.Test.Model
 {
   static class FhirDataSupport
   {
-    public static Bundle GetCovid19FhirBundleExample1()
+    public static Bundle GetCovid19DetectedFhirBundleExample()
     {
-      Patient PatientResource = GetPatientResource("TestFamilyName", "TestGivenName", new DateTime(1973, 09, 30), "61481059995");
-      
+      Patient PatientResource = GetPatientResource("Coyote", "Wile E", new DateTime(1973, 09, 30), "61481059995");
+
       Coding Code = new Coding(system: "http://loinc.org", code: "94558-4"); //SARS-CoV-2 (COVID-19) Ag [Presence] in Respiratory specimen by Rapid immunoassay
       Coding Value = new Coding(system: "http://snomed.info/sct", code: "260373001"); //Detected
       Observation CovidResultObservationResource = GetObservationResource(
@@ -36,6 +36,32 @@ public static Bundle GetCovid19FhirBundleExample1()
       return Bundle;
     }
 
+    public static Bundle GetCovid19NotDetectedFhirBundleExample()
+    {
+      Patient PatientResource = GetPatientResource("Coyote", "Wile E", new DateTime(1973, 09, 30), "61481059995");
+
+      Coding Code = new Coding(system: "http://loinc.org", code: "94558-4"); //SARS-CoV-2 (COVID-19) Ag [Presence] in Respiratory specimen by Rapid immunoassay
+      Coding Value = new Coding(system: "http://snomed.info/sct", code: "260415000"); //Not Detected
+      Observation CovidResultObservationResource = GetObservationResource(
+        ObsCode: Code,
+        ObsValue: Value,
+        EffectiveDate: new DateTime(2021, 05, 24),
+        PerformerOrganisationName: "ACME Healthcare",
+        IdentityAssuranceLevelCode: "IAL1.4");
+
+      List<Resource> BundleResourceList = new List<Resource>()
+      {
+        PatientResource,
+        CovidResultObservationResource
+      };
+
+      Bundle Bundle = new Bundle();
+      Bundle.Type = Bundle.BundleType.Collection;
+      Bundle.Entry = GetBundleResourceEntryList(BundleResourceList);
+
+      return Bundle;
+    }
+
     private static Patient GetPatientResource(string FamilyName, string GivenName, DateTime DateOfBirth, string PhoneNumber)
     {
       Patient Patient = new Patient();
@@ -77,7 +103,7 @@ private static Observation GetObservationResource(Coding ObsCode, Coding ObsValu
       {
         Coding = new List<Coding>()
          {
-           new Coding(system: "http://loinc.org", code: "94558-4")
+           ObsCode
          }
       };
 
@@ -86,7 +112,7 @@ private static Observation GetObservationResource(Coding ObsCode, Coding ObsValu
       {
           Coding = new List<Coding>()
           {
-            new Coding(system: "http://snomed.info/sct", code: "260373001")
+            ObsValue
           }
       };
       Observation.Performer = new List<ResourceReference>()

SmartHealthCard.Test/ResourceData.Designer.cs

@@ -118,7 +118,16 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
+  <data name="InvalidJwks" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Resources\InvalidJwks.json;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
   <data name="SmartHealthCardCovidExample" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>Resources\SmartHealthCardCovidExample.json;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </data>
+  <data name="TestECC256Cert" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Resources\TestECC256Cert.pem;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
+  <data name="TestECC256Private_key" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Resources\TestECC256Private-key.pem;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
 </root>

SmartHealthCard.Test/ResourceData.resx

@@ -0,0 +1,12 @@
+{
+  "keys": [
+    {
+      "kty": "EC",
+      "kid": "__q7Q4cf6G69ExQSrfW5A_2c3mJrtrRPBhtoRTyZlQM",
+      "use": "sig",
+      "alg": "ES256",
+      "crv": "P-256",      
+      "y": "OPR0AnWPAmhFC6y1RAXFvsAGS0ptfUwuoTKkWXpP4bE"
+    }   
+  ]
+}

SmartHealthCard.Test/Resources/InvalidJwks.json

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnTCCAkOgAwIBAgIUVNNmHJZG+2m2bE2NjuYXs5UholswCgYIKoZIzj0EAwIw
+gaMxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxETAPBgNVBAcMCEJyaXNiYW5l
+MRcwFQYDVQQKDA5Tb25pY0hlYWxoY2FyZTEQMA4GA1UECwwHU29uaWNJVDEUMBIG
+A1UEAwwLQW5ndXNNSWxsYXIxMjAwBgkqhkiG9w0BCQEWI2FuZ3VzLm1pbGxhckBz
+b25pY2hlYWx0aGNhcmUuY29tLmF1MB4XDTIxMDUxMDA0NTg0MFoXDTIyMDUwNTA0
+NTg0MFowgaMxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxETAPBgNVBAcMCEJy
+aXNiYW5lMRcwFQYDVQQKDA5Tb25pY0hlYWxoY2FyZTEQMA4GA1UECwwHU29uaWNJ
+VDEUMBIGA1UEAwwLQW5ndXNNSWxsYXIxMjAwBgkqhkiG9w0BCQEWI2FuZ3VzLm1p
+bGxhckBzb25pY2hlYWx0aGNhcmUuY29tLmF1MFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEj2oyU1JyNT1x66i+PFsdsU1qL+y/Nxq7RjwKkd5kNyc49HQCdY8CaEUL
+rLVEBcW+wAZLSm19TC6hMqRZek/hsaNTMFEwHQYDVR0OBBYEFFGC+JzgmozVIEv8
+59nMkGR/LIFYMB8GA1UdIwQYMBaAFFGC+JzgmozVIEv859nMkGR/LIFYMA8GA1Ud
+EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKwGX0gIrQ1MmKKhf4cKUAI7
+PpSgKU3S+wiaNWuQ5aeRAiAF2lYQ+O2TEMVjT5+rm8gQEcmO2FEAvLs3N4hs1Guf
+JQ==
+-----END CERTIFICATE-----

SmartHealthCard.Test/Resources/TestECC256Cert.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHrua8isWUVjVBzQBt+s2QUzyGnh2uO20Siq+ha0pTZaoAoGCCqGSM49
+AwEHoUQDQgAEj2oyU1JyNT1x66i+PFsdsU1qL+y/Nxq7RjwKkd5kNyc49HQCdY8C
+aEULrLVEBcW+wAZLSm19TC6hMqRZek/hsQ==
+-----END EC PRIVATE KEY-----

SmartHealthCard.Test/Resources/TestECC256Private-key.pem

@@ -18,8 +18,10 @@ public class SmartHealthCardDecoderTest
     public async void Decode_Token_Verify_with_JWKS()
     {
       //### Prepare ######################################################
-      //Get the ECC certificate from the Windows Certificate Store by Thumb-print      
-      X509Certificate2 Certificate = CertificateSupport.GetCertificate(Thumbprint: CertificateSupport.TestingThumbprint);
+      
+      //Get the ECC certificate from the Cert and Private key PEM files
+      X509Certificate2 Certificate = CertificateSupport.GetCertificateFromPemFiles();
+
       List<X509Certificate2> CertificateList = new List<X509Certificate2>() { Certificate };
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
@@ -46,8 +48,8 @@ public async void Decode_Token_Verify_with_JWKS()
     public async void Decode_Token_Verify_with_Certificate()
     {
       //### Prepare ######################################################
-      //Get the ECC certificate from the Windows Certificate Store by Thumb-print      
-      X509Certificate2 Certificate = CertificateSupport.GetCertificate(Thumbprint: "72c78a3460fb27b9ef2ccfae2538675b75363fee");
+      //Get the ECC certificate from the Cert and Private key PEM files
+      X509Certificate2 Certificate = CertificateSupport.GetCertificateFromPemFiles();
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json) 
       Uri Issuer = new Uri("https://sonichealthcare.com/something");

SmartHealthCard.Test/SmartHealthCardDecoderTest.cs

@@ -4,12 +4,14 @@
 using SmartHealthCard.Test.Serializers;
 using SmartHealthCard.Test.Support;
 using SmartHealthCard.Token;
+using SmartHealthCard.Token.Encoders;
 using SmartHealthCard.Token.Exceptions;
 using SmartHealthCard.Token.Model.Jwks;
 using SmartHealthCard.Token.Model.Shc;
 using SmartHealthCard.Token.Providers;
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Security.Cryptography.X509Certificates;
 using Xunit;
 
@@ -22,14 +24,14 @@ public async void Create_Token_Decode_Token()
     {
       //### Prepare ######################################################
 
-      //Get the ECC certificate from the Windows Certificate Store by Thumb-print      
-      X509Certificate2 Certificate = CertificateSupport.GetCertificate(Thumbprint: CertificateSupport.TestingThumbprint);
-
+      //Get the ECC certificate from the Cert and Private key PEM files
+      X509Certificate2 Certificate = CertificateSupport.GetCertificateFromPemFiles();
+      
       //The Version of FHIR in use
       string FhirVersion = "4.0.1";
 
       //Get FHIR bundle
-      Bundle FhirBundleResource = FhirDataSupport.GetCovid19FhirBundleExample1();
+      Bundle FhirBundleResource = FhirDataSupport.GetCovid19DetectedFhirBundleExample();
       string FhirBundleJson = FhirSerializer.SerializeToJson(FhirBundleResource);
 
       //The base of the URL where a validator will retrieve the public keys from (e.g : [Issuer]/.well-known/jwks.json)