From e20bc67f165e8b344ab647c2599bd27e73f7245e Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Thu, 3 Oct 2024 15:55:13 +0100 Subject: [PATCH 1/7] Renamed CreateToken methods in audience and lifetime regression tests --- .../JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.cs | 4 ++-- .../JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.cs index ca309dbd0c..be14c04424 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.cs @@ -17,7 +17,7 @@ public async Task ValidateTokenAsync_Audience(ValidateTokenAsyncAudienceTheoryDa { var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Audience", theoryData); - string jwtString = CreateToken(theoryData.Audience); + string jwtString = CreateTokenWithAudience(theoryData.Audience); await ValidateAndCompareResults(jwtString, theoryData, context); @@ -155,7 +155,7 @@ public ValidateTokenAsyncAudienceTheoryData(string testId) : base(testId) { } public string? Audience { get; internal set; } = Default.Audience; } - private static string CreateToken(string? audience) + private static string CreateTokenWithAudience(string? audience) { JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler(); diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs index acd5104844..89268e8b71 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.cs @@ -17,7 +17,7 @@ public async Task ValidateTokenAsync_Lifetime(ValidateTokenAsyncLifetimeTheoryDa { var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Lifetime", theoryData); - string jwtString = CreateToken(theoryData.IssuedAt, theoryData.NotBefore, theoryData.Expires); + string jwtString = CreateTokenWithLifetime(theoryData.IssuedAt, theoryData.NotBefore, theoryData.Expires); await ValidateAndCompareResults(jwtString, theoryData, context); @@ -155,7 +155,7 @@ public ValidateTokenAsyncLifetimeTheoryData(string testId) : base(testId) { } public DateTime? Expires { get; set; } } - private static string CreateToken(DateTime? issuedAt, DateTime? notBefore, DateTime? expires) + private static string CreateTokenWithLifetime(DateTime? issuedAt, DateTime? notBefore, DateTime? expires) { JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler(); jsonWebTokenHandler.SetDefaultTimesOnTokenCreation = false; // Allow for null values to be passed in to validate. From 0c4f23618c3e808bf0d88904f641c767edd01a71 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Thu, 3 Oct 2024 15:55:45 +0100 Subject: [PATCH 2/7] Added custom ValidationError class for issuer errors. Updated IssuerValidationDelegateAsync to use it. --- .../Results/Details/IssuerValidationError.cs | 31 +++++++++++++++++++ .../Validation/Validators.Issuer.cs | 18 +++++------ 2 files changed, 40 insertions(+), 9 deletions(-) create mode 100644 src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs new file mode 100644 index 0000000000..c65021039d --- /dev/null +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs @@ -0,0 +1,31 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using System; +using System.Diagnostics; + +#nullable enable +namespace Microsoft.IdentityModel.Tokens +{ + internal class IssuerValidationError : ValidationError + { + private string? _invalidIssuer; + + public IssuerValidationError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + string? invalidIssuer) + : base(messageDetail, ValidationFailureType.IssuerValidationFailed, exceptionType, stackFrame) + { + _invalidIssuer = invalidIssuer; + } + + internal override void AddAdditionalInformation(ISecurityTokenException exception) + { + if (exception is SecurityTokenInvalidIssuerException invalidIssuerException) + invalidIssuerException.InvalidIssuer = _invalidIssuer; + } + } +} +#nullable restore diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs index 8ea1aa26b1..c7782d5e2a 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs @@ -61,11 +61,11 @@ internal static async Task> ValidateIssuerAsyn { if (string.IsNullOrWhiteSpace(issuer)) { - return new ValidationError( + return new IssuerValidationError( new MessageDetail(LogMessages.IDX10211), - ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - new StackFrame(true)); + new StackFrame(true), + issuer); } if (validationParameters == null) @@ -84,11 +84,11 @@ internal static async Task> ValidateIssuerAsyn // Return failed IssuerValidationResult if all possible places to validate against are null or empty. if (validationParameters.ValidIssuers.Count == 0 && string.IsNullOrWhiteSpace(configuration?.Issuer)) - return new ValidationError( + return new IssuerValidationError( new MessageDetail(LogMessages.IDX10211), - ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - new StackFrame(true)); + new StackFrame(true), + issuer); if (configuration != null) { @@ -130,15 +130,15 @@ internal static async Task> ValidateIssuerAsyn } } - return new ValidationError( + return new IssuerValidationError( new MessageDetail( LogMessages.IDX10212, LogHelper.MarkAsNonPII(issuer), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validationParameters.ValidIssuers)), LogHelper.MarkAsNonPII(configuration?.Issuer)), - ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - new StackFrame(true)); + new StackFrame(true), + issuer); } } } From 15fc33c2fdae88ff75b4102fe5369d228ffe6d49 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Thu, 3 Oct 2024 15:56:06 +0100 Subject: [PATCH 3/7] Added JWT issuer regression tests --- ...nHandler.ValidateTokenAsyncTests.Issuer.cs | 149 ++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs new file mode 100644 index 0000000000..7cb834c036 --- /dev/null +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs @@ -0,0 +1,149 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +#nullable enable +using System.Threading.Tasks; +using Microsoft.IdentityModel.Protocols.OpenIdConnect; +using Microsoft.IdentityModel.TestUtils; +using Microsoft.IdentityModel.Tokens; +using Xunit; + +namespace Microsoft.IdentityModel.JsonWebTokens.Tests +{ + public partial class JsonWebTokenHandlerValidateTokenAsyncTests + { + [Theory, MemberData(nameof(ValidateTokenAsync_IssuerTestCases))] + public async Task ValidateTokenAsync_Issuer(ValidateTokenAsyncIssuerTheoryData theoryData) + { + var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Issuer", theoryData); + + string jwtString = CreateTokenWithIssuer(theoryData.TokenIssuer); + + await ValidateAndCompareResults(jwtString, theoryData, context); + + TestUtilities.AssertFailIfErrors(context); + } + + public static TheoryData ValidateTokenAsync_IssuerTestCases + { + get + { + return new TheoryData + { + new ValidateTokenAsyncIssuerTheoryData("Valid_IssuerIsValidIssuer") + { + TokenIssuer = Default.Issuer, + TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer), + ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer), + }, + new ValidateTokenAsyncIssuerTheoryData("Valid_IssuerIsConfigurationIssuer") + { + TokenIssuer = Default.Issuer, + TokenValidationParameters = CreateTokenValidationParameters(configurationIssuer: Default.Issuer), + ValidationParameters = CreateValidationParameters(configurationIssuer: Default.Issuer), + }, + new ValidateTokenAsyncIssuerTheoryData("Invalid_IssuerIsNotValid") + { + TokenIssuer = "InvalidIssuer", + TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer), + ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer), + ExpectedIsValid = false, + ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10205:"), + ExpectedExceptionValidationParameters = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10212:"), + }, + new ValidateTokenAsyncIssuerTheoryData("Invalid_IssuerIsNull") + { + TokenIssuer = null, + TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer), + ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer), + ExpectedIsValid = false, + ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10211:"), + }, + new ValidateTokenAsyncIssuerTheoryData("Invalid_IssuerIsEmpty") + { + TokenIssuer = string.Empty, + TokenValidationParameters = CreateTokenValidationParameters(validIssuer: Default.Issuer), + ValidationParameters = CreateValidationParameters(validIssuer: Default.Issuer), + ExpectedIsValid = false, + ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10211:"), + }, + new ValidateTokenAsyncIssuerTheoryData("Invalid_NoValidIssuersProvided") + { + TokenIssuer = Default.Issuer, + TokenValidationParameters = CreateTokenValidationParameters(), + ValidationParameters = CreateValidationParameters(), + ExpectedIsValid = false, + ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10204:"), + ExpectedExceptionValidationParameters = new ExpectedException(typeof(SecurityTokenInvalidIssuerException), "IDX10211:"), + }, + }; + + static TokenValidationParameters CreateTokenValidationParameters( + string? validIssuer = null, string? configurationIssuer = null) + { + var tokenValidationParameters = new TokenValidationParameters + { + ValidateAudience = true, + ValidateIssuer = true, + ValidateLifetime = true, + ValidateTokenReplay = true, + ValidateIssuerSigningKey = true, + IssuerSigningKey = Default.AsymmetricSigningKey, + ValidAudiences = [Default.Audience], + ValidIssuer = validIssuer + }; + + if (configurationIssuer is not null) + { + var validConfig = new OpenIdConnectConfiguration() { Issuer = configurationIssuer }; + tokenValidationParameters.ConfigurationManager = new MockConfigurationManager(validConfig); + } + + return tokenValidationParameters; + } + + static ValidationParameters CreateValidationParameters( + string? validIssuer = null, string? configurationIssuer = null) + { + ValidationParameters validationParameters = new ValidationParameters(); + validationParameters.ValidAudiences.Add(Default.Audience); + validationParameters.IssuerSigningKeys.Add(Default.AsymmetricSigningKey); + + if (configurationIssuer is not null) + { + var validConfig = new OpenIdConnectConfiguration() { Issuer = configurationIssuer }; + validationParameters.ConfigurationManager = new MockConfigurationManager(validConfig); + } + + if (validIssuer is not null) + validationParameters.ValidIssuers.Add(validIssuer); + + return validationParameters; + } + } + } + + public class ValidateTokenAsyncIssuerTheoryData : ValidateTokenAsyncBaseTheoryData + { + public ValidateTokenAsyncIssuerTheoryData(string testId) : base(testId) { } + + public string? TokenIssuer { get; set; } + } + + private static string CreateTokenWithIssuer(string? issuer) + { + JsonWebTokenHandler jsonWebTokenHandler = new JsonWebTokenHandler(); + + SecurityTokenDescriptor securityTokenDescriptor = new SecurityTokenDescriptor + { + Subject = Default.ClaimsIdentity, + SigningCredentials = Default.AsymmetricSigningCredentials, + Audience = Default.Audience, + Issuer = issuer, + }; + + return jsonWebTokenHandler.CreateToken(securityTokenDescriptor); + } + } +} +#nullable restore From 2ce7d30713813d339e4667873458ab0ff2c29d24 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Fri, 11 Oct 2024 10:24:15 +0100 Subject: [PATCH 4/7] Update test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs Co-authored-by: kellyyangsong <69649063+kellyyangsong@users.noreply.github.com> --- .../JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs index 7cb834c036..a7fccd28dc 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Issuer.cs @@ -12,7 +12,7 @@ namespace Microsoft.IdentityModel.JsonWebTokens.Tests { public partial class JsonWebTokenHandlerValidateTokenAsyncTests { - [Theory, MemberData(nameof(ValidateTokenAsync_IssuerTestCases))] + [Theory, MemberData(nameof(ValidateTokenAsync_IssuerTestCases), DisableDiscoveryEnumeration = true)] public async Task ValidateTokenAsync_Issuer(ValidateTokenAsyncIssuerTheoryData theoryData) { var context = TestUtilities.WriteHeader($"{this}.ValidateTokenAsync_Issuer", theoryData); From e6adf5aee49b4551dd21d9ce4667f75c193eecff Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Fri, 11 Oct 2024 16:34:12 +0100 Subject: [PATCH 5/7] Added IssuerValidationError to InternalAPI.Unshipped. Made constructor internal for the time being --- src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net462/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net472/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net6.0/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net8.0/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net9.0/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt | 3 ++- .../Validation/Results/Details/IssuerValidationError.cs | 2 +- 8 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt index edb5c02a17..a9ee584268 100644 --- a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -const Microsoft.IdentityModel.Tokens.LogMessages.IDX10001 = "IDX10001: Invalid argument '{0}'. Argument must be of type '{1}'." -> string +Microsoft.IdentityModel.Tokens.IssuerValidationError +const Microsoft.IdentityModel.Tokens.LogMessages.IDX10001 = "IDX10001: Invalid argument '{0}'. Argument must be of type '{1}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10502 = "IDX10502: Signature validation failed. The token's kid is: '{0}', but did not match any keys in ValidationParameters or Configuration and TryAllIssuerSigningKeys is false. Number of keys in ValidationParameters: '{1}'. \nNumber of keys in Configuration: '{2}'.\ntoken: '{3}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10518 = "IDX10518: Signature validation failed. Algorithm validation failed with error: '{0}'." -> string Microsoft.IdentityModel.Tokens.AlgorithmValidationDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt index 596d061717..32b682a393 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -Microsoft.IdentityModel.Tokens.AsymmetricAdapter.DecryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] +Microsoft.IdentityModel.Tokens.IssuerValidationError +Microsoft.IdentityModel.Tokens.AsymmetricAdapter.DecryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] Microsoft.IdentityModel.Tokens.AsymmetricAdapter.EncryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] Microsoft.IdentityModel.Tokens.AsymmetricAdapter.SignWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] Microsoft.IdentityModel.Tokens.AsymmetricAdapter.SignWithRsaCryptoServiceProviderProxyUsingOffset(byte[] bytes, int offset, int length) -> byte[] diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt index 2278599c9e..0ebf75b7f4 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -const Microsoft.IdentityModel.Tokens.LogMessages.IDX10001 = "IDX10001: Invalid argument '{0}'. Argument must be of type '{1}'." -> string +Microsoft.IdentityModel.Tokens.IssuerValidationError +const Microsoft.IdentityModel.Tokens.LogMessages.IDX10001 = "IDX10001: Invalid argument '{0}'. Argument must be of type '{1}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10502 = "IDX10502: Signature validation failed. The token's kid is: '{0}', but did not match any keys in ValidationParameters or Configuration and TryAllIssuerSigningKeys is false. Number of keys in ValidationParameters: '{1}'. \nNumber of keys in Configuration: '{2}'.\ntoken: '{3}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10518 = "IDX10518: Signature validation failed. Algorithm validation failed with error: '{0}'." -> string Microsoft.IdentityModel.Tokens.AsymmetricAdapter.DecryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt index 34ab1b57d5..25ee02807e 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt @@ -1,3 +1,4 @@ -static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Generic.HashSet +Microsoft.IdentityModel.Tokens.IssuerValidationError +static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Generic.HashSet Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider.GetEncryptionAlgorithm() -> string Microsoft.IdentityModel.Tokens.SignUsingSpanDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt index 2a395cc172..31a253d6da 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt @@ -1,3 +1,4 @@ -static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Frozen.FrozenSet +Microsoft.IdentityModel.Tokens.IssuerValidationError +static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Frozen.FrozenSet Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider.GetEncryptionAlgorithm() -> string Microsoft.IdentityModel.Tokens.SignUsingSpanDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt index 2a395cc172..31a253d6da 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt @@ -1,3 +1,4 @@ -static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Frozen.FrozenSet +Microsoft.IdentityModel.Tokens.IssuerValidationError +static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Frozen.FrozenSet Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider.GetEncryptionAlgorithm() -> string Microsoft.IdentityModel.Tokens.SignUsingSpanDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt index cdc130fb32..f08cad3c6e 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt @@ -1 +1,2 @@ -static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Generic.HashSet +Microsoft.IdentityModel.Tokens.IssuerValidationError +static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Generic.HashSet diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs index c65021039d..bec6a703e6 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs @@ -11,7 +11,7 @@ internal class IssuerValidationError : ValidationError { private string? _invalidIssuer; - public IssuerValidationError( + internal IssuerValidationError( MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame, From 7531d9e57b35473a4703dbc4785b2c8192fa35af Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Fri, 11 Oct 2024 16:35:22 +0100 Subject: [PATCH 6/7] Updated exception creation in IssuerValidationError --- .../Results/Details/IssuerValidationError.cs | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs index bec6a703e6..8b4ff174b9 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs @@ -21,10 +21,19 @@ internal IssuerValidationError( _invalidIssuer = invalidIssuer; } - internal override void AddAdditionalInformation(ISecurityTokenException exception) + public override Exception GetException() { - if (exception is SecurityTokenInvalidIssuerException invalidIssuerException) - invalidIssuerException.InvalidIssuer = _invalidIssuer; + if (ExceptionType == typeof(SecurityTokenInvalidIssuerException)) + { + SecurityTokenInvalidIssuerException exception = new(MessageDetail.Message, InnerException) + { + InvalidIssuer = _invalidIssuer + }; + + return exception; + } + + return base.GetException(); } } } From 276b7daa40622165cc4baeb3ca34e5403c0228f5 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 15 Oct 2024 15:30:03 +0100 Subject: [PATCH 7/7] Adjusted unshipped API contents with the IDE suggestions --- .../PublicAPI/net462/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net472/InternalAPI.Unshipped.txt | 3 +-- .../PublicAPI/net6.0/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net8.0/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/net9.0/InternalAPI.Unshipped.txt | 3 ++- .../PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt | 3 ++- 6 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt index 32b682a393..ceda8de7ed 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net462/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -Microsoft.IdentityModel.Tokens.IssuerValidationError +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer) -> void +override Microsoft.IdentityModel.Tokens.IssuerValidationError.GetException() -> System.Exception Microsoft.IdentityModel.Tokens.AsymmetricAdapter.DecryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] Microsoft.IdentityModel.Tokens.AsymmetricAdapter.EncryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] Microsoft.IdentityModel.Tokens.AsymmetricAdapter.SignWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt index 0ebf75b7f4..2278599c9e 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net472/InternalAPI.Unshipped.txt @@ -1,5 +1,4 @@ -Microsoft.IdentityModel.Tokens.IssuerValidationError -const Microsoft.IdentityModel.Tokens.LogMessages.IDX10001 = "IDX10001: Invalid argument '{0}'. Argument must be of type '{1}'." -> string +const Microsoft.IdentityModel.Tokens.LogMessages.IDX10001 = "IDX10001: Invalid argument '{0}'. Argument must be of type '{1}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10502 = "IDX10502: Signature validation failed. The token's kid is: '{0}', but did not match any keys in ValidationParameters or Configuration and TryAllIssuerSigningKeys is false. Number of keys in ValidationParameters: '{1}'. \nNumber of keys in Configuration: '{2}'.\ntoken: '{3}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10518 = "IDX10518: Signature validation failed. Algorithm validation failed with error: '{0}'." -> string Microsoft.IdentityModel.Tokens.AsymmetricAdapter.DecryptWithRsaCryptoServiceProviderProxy(byte[] bytes) -> byte[] diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt index 25ee02807e..1182c74dc9 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net6.0/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -Microsoft.IdentityModel.Tokens.IssuerValidationError +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer) -> void +override Microsoft.IdentityModel.Tokens.IssuerValidationError.GetException() -> System.Exception static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Generic.HashSet Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider.GetEncryptionAlgorithm() -> string Microsoft.IdentityModel.Tokens.SignUsingSpanDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt index 31a253d6da..0d34dedab5 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net8.0/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -Microsoft.IdentityModel.Tokens.IssuerValidationError +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer) -> void +override Microsoft.IdentityModel.Tokens.IssuerValidationError.GetException() -> System.Exception static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Frozen.FrozenSet Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider.GetEncryptionAlgorithm() -> string Microsoft.IdentityModel.Tokens.SignUsingSpanDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt index 31a253d6da..0d34dedab5 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt @@ -1,4 +1,5 @@ -Microsoft.IdentityModel.Tokens.IssuerValidationError +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer) -> void +override Microsoft.IdentityModel.Tokens.IssuerValidationError.GetException() -> System.Exception static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Frozen.FrozenSet Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider.GetEncryptionAlgorithm() -> string Microsoft.IdentityModel.Tokens.SignUsingSpanDelegate diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt index f08cad3c6e..805ac7633a 100644 --- a/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI/netstandard2.0/InternalAPI.Unshipped.txt @@ -1,2 +1,3 @@ -Microsoft.IdentityModel.Tokens.IssuerValidationError +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer) -> void +override Microsoft.IdentityModel.Tokens.IssuerValidationError.GetException() -> System.Exception static readonly Microsoft.IdentityModel.Tokens.Json.JsonWebKeySerializer.JsonWebKeyParameterNamesUpperCase -> System.Collections.Generic.HashSet