Remove hardcoded Metadata Service BLOB url to allow users to override it

Src/Fido2.AspNet/Fido2NetLibBuilderExtensions.cs

@@ -62,7 +62,7 @@ public static IFido2MetadataServiceBuilder AddFileSystemMetadataRepository(this
 
     public static IFido2MetadataServiceBuilder AddConformanceMetadataRepository(
         this IFido2MetadataServiceBuilder builder,
-        HttpClient client = null,
+        HttpClient client = null,
         string origin = "")
     {
         builder.Services.AddTransient<IMetadataRepository>(provider =>
@@ -75,9 +75,12 @@ public static IFido2MetadataServiceBuilder AddConformanceMetadataRepository(
 
     public static IFido2MetadataServiceBuilder AddFidoMetadataRepository(this IFido2MetadataServiceBuilder builder, Action<IHttpClientBuilder> clientBuilder = null)
     {
-        var httpClientBuilder = builder.Services.AddHttpClient(nameof(Fido2MetadataServiceRepository));
+        var httpClientBuilder = builder.Services.AddHttpClient(nameof(Fido2MetadataServiceRepository), client =>
+        {
+            client.BaseAddress = new Uri("https://mds3.fidoalliance.org/");
+        });
 
-        if (clientBuilder != null)
+        if (clientBuilder != null)
             clientBuilder(httpClientBuilder);
 
         builder.Services.AddTransient<IMetadataRepository, Fido2MetadataServiceRepository>();

Src/Fido2/Metadata/Fido2MetadataServiceRepository.cs

@@ -37,7 +37,6 @@ public sealed class Fido2MetadataServiceRepository : IMetadataRepository
         "Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH"u8 +
         "WD9f"u8;
 
-    private readonly string _blobUrl = "https://mds3.fidoalliance.org/";
     private readonly IHttpClientFactory _httpClientFactory;
 
     public Fido2MetadataServiceRepository(IHttpClientFactory httpClientFactory)
@@ -57,23 +56,10 @@ public async Task<MetadataBLOBPayload> GetBLOBAsync(CancellationToken cancellati
     }
 
     private async Task<string> GetRawBlobAsync(CancellationToken cancellationToken)
-    {
-        var url = _blobUrl;
-        return await DownloadStringAsync(url, cancellationToken);
-    }
-
-    private async Task<string> DownloadStringAsync(string url, CancellationToken cancellationToken)
-    {
-        return await _httpClientFactory
-            .CreateClient(nameof(Fido2MetadataServiceRepository))
-            .GetStringAsync(url, cancellationToken);
-    }
-
-    private async Task<byte[]> DownloadDataAsync(string url, CancellationToken cancellationToken)
     {
         return await _httpClientFactory
             .CreateClient(nameof(Fido2MetadataServiceRepository))
-            .GetByteArrayAsync(url, cancellationToken);
+            .GetStringAsync("/", cancellationToken);
     }
 
     private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string rawBLOBJwt, CancellationToken cancellationToken)
@@ -174,7 +160,8 @@ private async Task<MetadataBLOBPayload> DeserializeAndValidateBlobAsync(string r
                 if (element.Certificate.Issuer != element.Certificate.Subject)
                 {
                     var cdp = CryptoUtils.CDPFromCertificateExts(element.Certificate.Extensions);
-                    var crlFile = await DownloadDataAsync(cdp, cancellationToken);
+                    using var client = _httpClientFactory.CreateClient();
+                    var crlFile = await client.GetByteArrayAsync(cdp, cancellationToken);
                     if (CryptoUtils.IsCertInCRL(crlFile, element.Certificate))
                         throw new Fido2VerificationException($"Cert {element.Certificate.Subject} found in CRL {cdp}");
                 }