feat(core): #468 pass serviceprovider to UseClientCertificate (#502)

* feat(core): #468 pass serviceprovider to UseClientCertificate

* Added example to documentation about how to use a custom certificate service.

---------

Co-authored-by: Elin Fokine <ElinO@activesolution.se>
Co-authored-by: Elin Fokine <elin.ohlsson@outlook.com>

Author: 3 people

docs/articles/bankid.md

@@ -528,6 +528,18 @@ services.AddBankId(bankId =>
     });
 ```
 
+### Using client certificate from custom certificate service
+
+```csharp
+services.AddBankId(bankId =>
+    {
+        bankId
+            .UseProductionEnvironment()
+            .UseClientCertificate(sp => sp.GetRequiredService<MyCustomCertificateService>().GetCertificate())
+            ...
+    });
+```
+
 ### Adding schemas
 
 * *Same device*: Launches the BankID app on the same device, no need to enter any personal identity number.

src/ActiveLogin.Authentication.BankId.Core/IBankIdBuilderExtensions.cs

@@ -49,7 +49,29 @@ public static IBankIdBuilder UseClientCertificate(this IBankIdBuilder builder, F
         void ConfigureHttpClientHandler(IServiceProvider sp, SocketsHttpHandler httpClientHandler)
         {
             var clientCertificate = configureClientCertificate();
-            httpClientHandler.SslOptions.ClientCertificates = new X509Certificate2Collection { clientCertificate };
+            httpClientHandler.SslOptions.ClientCertificates ??= new X509Certificate2Collection();
+            httpClientHandler.SslOptions.ClientCertificates.Add(clientCertificate);
+        }
+    }
+
+    /// <summary>
+    /// Add client certificate for authenticating against the BankID API to the list of available certificates for the http client handler to choose from.
+    /// </summary>
+    /// <param name="builder"></param>
+    /// <param name="configureClientCertificate">The certificate to add.</param>
+    /// <returns></returns>
+    public static IBankIdBuilder UseClientCertificate(this IBankIdBuilder builder, Func<IServiceProvider, X509Certificate2> configureClientCertificate)
+    {
+        builder.ConfigureAppApiHttpClientHandler(ConfigureHttpClientHandler);
+        builder.ConfigureVerifyApiHttpClientHandler(ConfigureHttpClientHandler);
+
+        return builder;
+
+        void ConfigureHttpClientHandler(IServiceProvider sp, SocketsHttpHandler httpClientHandler)
+        {
+            var clientCertificate = configureClientCertificate(sp);
+            httpClientHandler.SslOptions.ClientCertificates ??= new X509Certificate2Collection();
+            httpClientHandler.SslOptions.ClientCertificates.Add(clientCertificate);
         }
     }
 
@@ -186,7 +208,12 @@ internal static IBankIdBuilder UseEnvironment(this IBankIdBuilder builder, Uri a
     /// <param name="useBankIdClientCertificate">Use the BankID client certificate (for test) from the BankID documentation.</param>
     /// <param name="clientCertificateFormat">If using the BankID client certificate (for test). Select the preferred format p12, pem or pfx.</param>
     /// <returns></returns>
-    public static IBankIdBuilder UseTestEnvironment(this IBankIdBuilder builder, bool useBankIdRootCertificate = true, bool useBankIdClientCertificate = true, TestCertificateFormat clientCertificateFormat = TestCertificateFormat.PFX)
+    public static IBankIdBuilder UseTestEnvironment(
+        this IBankIdBuilder builder,
+        bool useBankIdRootCertificate = true,
+        bool useBankIdClientCertificate = true,
+        TestCertificateFormat clientCertificateFormat = TestCertificateFormat.PFX
+    )
     {
         builder.UseEnvironment(BankIdUrls.AppApiTestBaseUrl, BankIdUrls.VerifyApiTestBaseUrl, BankIdEnvironments.Test);
         builder.Services.AddTransient<IBankIdCertificatePolicyResolver, BankIdCertificatePolicyResolverForTest>();