Move CNF from SHR to M.IM.Tokens (#3168)

keegan-caruso · Keegan Caruso · web-flow · commit 306b2104d827 · 2025-03-18T16:02:33.000-07:00
* Move CNF from SHR to Tokens, move to public
---------

Co-authored-by: Keegan Caruso &lt;keegancaruso@microsoft.com&gt;
diff --git a/src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/Cnf.cs b/src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/Cnf.cs
@@ -1,88 +1,19 @@
 ﻿// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using System;
-using System.Text;
-using System.Text.Json;
-using System.Text.Json.Serialization;
-using Microsoft.IdentityModel.Logging;
-using Microsoft.IdentityModel.Tokens;
-using Microsoft.IdentityModel.Tokens.Json;
-
 namespace Microsoft.IdentityModel.Protocols.SignedHttpRequest
 {
     /// <summary>
     /// Represents the Cnf Claim
     /// </summary>
-    internal class Cnf
+    internal class Cnf : Tokens.Cnf
     {
-        internal const string ClassName = "Microsoft.IdentityModel.Protocols.SignedHttpRequest.Cnf";
-
-        public Cnf() { }
-
-        public Cnf(string json)
+        public Cnf() : base()
         {
-            if (string.IsNullOrEmpty(json))
-                throw LogHelper.LogArgumentNullException(nameof(json));
-
-            Utf8JsonReader reader = new(Encoding.UTF8.GetBytes(json).AsSpan());
-            if (!JsonSerializerPrimitives.IsReaderAtTokenType(ref reader, JsonTokenType.StartObject, true))
-                throw LogHelper.LogExceptionMessage(
-                    new JsonException(
-                        LogHelper.FormatInvariant(
-                        Tokens.LogMessages.IDX11023,
-                        LogHelper.MarkAsNonPII("JsonTokenType.StartObject"),
-                        LogHelper.MarkAsNonPII(reader.TokenType),
-                        LogHelper.MarkAsNonPII(ClassName),
-                        LogHelper.MarkAsNonPII(reader.TokenStartIndex),
-                        LogHelper.MarkAsNonPII(reader.CurrentDepth),
-                        LogHelper.MarkAsNonPII(reader.BytesConsumed))));
-
-            while (true)
-            {
-                if (reader.TokenType == JsonTokenType.PropertyName)
-                {
-                    if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Jwk))
-                    {
-                        reader.Read();
-                        JsonWebKey = JsonWebKeySerializer.Read(ref reader, new JsonWebKey());
-                    }
-                    else if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Kid))
-                    {
-                        Kid = JsonSerializerPrimitives.ReadString(ref reader, ConfirmationClaimTypes.Kid, ClassName, true);
-                    }
-                    else if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Jku))
-                    {
-                        Jku = JsonSerializerPrimitives.ReadString(ref reader, ConfirmationClaimTypes.Kid, ClassName, true);
-                    }
-                    else if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Jwe))
-                    {
-                        Jwe = JsonSerializerPrimitives.ReadString(ref reader, ConfirmationClaimTypes.Jwe, ClassName, true);
-                    }
-                    else
-                    {
-                        // this is not a property we recognize, skip it.
-                        reader.Skip();
-                    }
-                }
-                // We read a JsonTokenType.StartObject above, exiting and positioning reader at next token.
-                else if (JsonSerializerPrimitives.IsReaderAtTokenType(ref reader, JsonTokenType.EndObject, true))
-                    break;
-                else if (!reader.Read())
-                    break;
-            }
         }
 
-        [JsonPropertyName("kid")]
-        public string Kid { get; set; }
-
-        [JsonPropertyName("jwe")]
-        public string Jwe { get; set; }
-
-        [JsonPropertyName("jku")]
-        public string Jku { get; set; }
-
-        [JsonPropertyName("jwk")]
-        public JsonWebKey JsonWebKey { get; set; }
+        public Cnf(string json) : base(json)
+        {
+        }
     }
 }
diff --git a/src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/ConfirmationClaimTypes.cs b/src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/ConfirmationClaimTypes.cs
@@ -14,27 +14,27 @@ public static class ConfirmationClaimTypes
         /// <summary>
         /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.1.1
         /// </summary>
-        public const string Cnf = "cnf";
+        public const string Cnf = Tokens.ConfirmationClaimTypes.Cnf;
 
         /// <summary>
         /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
         /// </summary>
-        public const string Jwk = "jwk";
+        public const string Jwk = Tokens.ConfirmationClaimTypes.Jwk;
 
         /// <summary>
         /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
         /// </summary>
-        public const string Jwe = "jwe";
+        public const string Jwe = Tokens.ConfirmationClaimTypes.Jwe;
 
         /// <summary>
         /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
         /// </summary>
-        public const string Jku = "jku";
+        public const string Jku = Tokens.ConfirmationClaimTypes.Jku;
 
         /// <summary>
         /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
         /// </summary>
-        public const string Kid = "kid";
+        public const string Kid = Tokens.ConfirmationClaimTypes.Kid;
     }
 
     internal static class ConfirmationClaimTypesUtf8Bytes
diff --git a/src/Microsoft.IdentityModel.Tokens/Cnf.cs b/src/Microsoft.IdentityModel.Tokens/Cnf.cs
@@ -0,0 +1,116 @@
+﻿// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Tokens.Json;
+
+namespace Microsoft.IdentityModel.Tokens
+{
+    /// <summary>
+    /// Represents the Cnf Claim
+    /// </summary>
+    public class Cnf
+    {
+        /// <summary>
+        /// The class name used for logging and exception messages.
+        /// </summary>
+        internal string ClassName { get; }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="Cnf"/> class.
+        /// </summary>
+        public Cnf()
+        {
+            // GetType returns the runtime type, e.g. if derived,
+            // it will return the derived type.
+            ClassName = GetType().FullName;
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="Cnf"/> class.
+        /// </summary>
+        /// <param name="json">
+        /// JSON representation of the Cnf Claim.
+        /// </param>
+        public Cnf(string json) : this()
+        {
+            if (string.IsNullOrEmpty(json))
+                throw LogHelper.LogArgumentNullException(nameof(json));
+
+            Utf8JsonReader reader = new(Encoding.UTF8.GetBytes(json).AsSpan());
+            if (!JsonSerializerPrimitives.IsReaderAtTokenType(ref reader, JsonTokenType.StartObject, true))
+                throw LogHelper.LogExceptionMessage(
+                    new JsonException(
+                        LogHelper.FormatInvariant(
+                        LogMessages.IDX11023,
+                        LogHelper.MarkAsNonPII("JsonTokenType.StartObject"),
+                        LogHelper.MarkAsNonPII(reader.TokenType),
+                        LogHelper.MarkAsNonPII(ClassName),
+                        LogHelper.MarkAsNonPII(reader.TokenStartIndex),
+                        LogHelper.MarkAsNonPII(reader.CurrentDepth),
+                        LogHelper.MarkAsNonPII(reader.BytesConsumed))));
+
+            while (true)
+            {
+                if (reader.TokenType == JsonTokenType.PropertyName)
+                {
+                    if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Jwk))
+                    {
+                        reader.Read();
+                        JsonWebKey = JsonWebKeySerializer.Read(ref reader, new JsonWebKey());
+                    }
+                    else if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Kid))
+                    {
+                        Kid = JsonSerializerPrimitives.ReadString(ref reader, ConfirmationClaimTypes.Kid, ClassName, true);
+                    }
+                    else if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Jku))
+                    {
+                        Jku = JsonSerializerPrimitives.ReadString(ref reader, ConfirmationClaimTypes.Kid, ClassName, true);
+                    }
+                    else if (reader.ValueTextEquals(ConfirmationClaimTypesUtf8Bytes.Jwe))
+                    {
+                        Jwe = JsonSerializerPrimitives.ReadString(ref reader, ConfirmationClaimTypes.Jwe, ClassName, true);
+                    }
+                    else
+                    {
+                        // this is not a property we recognize, skip it.
+                        reader.Skip();
+                    }
+                }
+                // We read a JsonTokenType.StartObject above, exiting and positioning reader at next token.
+                else if (JsonSerializerPrimitives.IsReaderAtTokenType(ref reader, JsonTokenType.EndObject, true))
+                    break;
+                else if (!reader.Read())
+                    break;
+            }
+        }
+
+        /// <summary>
+        /// The Kid property is used to specify the key ID of the public key used to verify the signature of the JWT.
+        /// </summary>
+        [JsonPropertyName("kid")]
+        public string Kid { get; internal set; }
+
+        /// <summary>
+        /// The Jwe property is used to specify an encrypted JSON web key.
+        /// </summary>
+        [JsonPropertyName("jwe")]
+        public string Jwe { get; internal set; }
+
+        /// <summary>
+        /// The Jku property is used to specify the location of the public key used to verify the signature of the JWT.
+        /// </summary>
+        [JsonPropertyName("jku")]
+        public string Jku { get; internal set; }
+
+        /// <summary>
+        /// The Jwk property is used to specify the public key used to verify the signature of the JWT.
+        /// </summary>
+        [JsonPropertyName("jwk")]
+        public JsonWebKey JsonWebKey { get; internal set; }
+    }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens/ConfirmationClaimTypes.cs b/src/Microsoft.IdentityModel.Tokens/ConfirmationClaimTypes.cs
@@ -0,0 +1,48 @@
+﻿// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+
+namespace Microsoft.IdentityModel.Tokens
+{
+    /// <summary>
+    /// Confirmation Claim ("cnf") related constants
+    /// https://datatracker.ietf.org/doc/html/rfc7800
+    /// </summary>
+    public static class ConfirmationClaimTypes
+    {
+        /// <summary>
+        /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.1.1
+        /// </summary>
+        public const string Cnf = "cnf";
+
+        /// <summary>
+        /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
+        /// </summary>
+        public const string Jwk = "jwk";
+
+        /// <summary>
+        /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
+        /// </summary>
+        public const string Jwe = "jwe";
+
+        /// <summary>
+        /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
+        /// </summary>
+        public const string Jku = "jku";
+
+        /// <summary>
+        /// https://datatracker.ietf.org/doc/html/rfc7800#section-6.2.2
+        /// </summary>
+        public const string Kid = "kid";
+    }
+
+    internal static class ConfirmationClaimTypesUtf8Bytes
+    {
+        public static ReadOnlySpan<byte> Cnf => "cnf"u8;
+        public static ReadOnlySpan<byte> Jwk => "jwk"u8;
+        public static ReadOnlySpan<byte> Jwe => "jwe"u8;
+        public static ReadOnlySpan<byte> Jku => "jku"u8;
+        public static ReadOnlySpan<byte> Kid => "kid"u8;
+    }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt
@@ -0,0 +1,9 @@
+Microsoft.IdentityModel.Tokens.Cnf.Jku.set -> void
+Microsoft.IdentityModel.Tokens.Cnf.JsonWebKey.set -> void
+Microsoft.IdentityModel.Tokens.Cnf.Jwe.set -> void
+Microsoft.IdentityModel.Tokens.Cnf.Kid.set -> void
+Microsoft.IdentityModel.Protocols.SignedHttpRequest.ConfirmationClaimTypesUtf8Bytes
+Microsoft.IdentityModel.Tokens.Cnf.Jku.set -> void
+Microsoft.IdentityModel.Tokens.Cnf.JsonWebKey.set -> void
+Microsoft.IdentityModel.Tokens.Cnf.Jwe.set -> void
+Microsoft.IdentityModel.Tokens.Cnf.Kid.set -> void
diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
@@ -0,0 +1,13 @@
+Microsoft.IdentityModel.Tokens.Cnf
+Microsoft.IdentityModel.Tokens.Cnf.Cnf() -> void
+Microsoft.IdentityModel.Tokens.Cnf.Cnf(string json) -> void
+Microsoft.IdentityModel.Tokens.Cnf.Jku.get -> string
+Microsoft.IdentityModel.Tokens.Cnf.JsonWebKey.get -> Microsoft.IdentityModel.Tokens.JsonWebKey
+Microsoft.IdentityModel.Tokens.Cnf.Jwe.get -> string
+Microsoft.IdentityModel.Tokens.Cnf.Kid.get -> string
+const Microsoft.IdentityModel.Tokens.ConfirmationClaimTypes.Cnf = "cnf" -> string
+const Microsoft.IdentityModel.Tokens.ConfirmationClaimTypes.Jku = "jku" -> string
+const Microsoft.IdentityModel.Tokens.ConfirmationClaimTypes.Jwe = "jwe" -> string
+const Microsoft.IdentityModel.Tokens.ConfirmationClaimTypes.Jwk = "jwk" -> string
+const Microsoft.IdentityModel.Tokens.ConfirmationClaimTypes.Kid = "kid" -> string
+Microsoft.IdentityModel.Tokens.ConfirmationClaimTypes
diff --git a/test/Microsoft.IdentityModel.Protocols.SignedHttpRequest.Tests/CnfTests.cs b/test/Microsoft.IdentityModel.Protocols.SignedHttpRequest.Tests/CnfTests.cs
@@ -0,0 +1,25 @@
+﻿// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using Xunit;
+
+namespace Microsoft.IdentityModel.Protocols.SignedHttpRequest.Tests
+{
+    public class CnfTests
+    {
+        [Fact]
+        public void CtorWithJson_ExpectedClassName()
+        {
+            var json = "{\"jwk\":{\"kty\":\"oct\",\"k\":\"AQIDBAUGBwgJCgsMDQ4PEC==\"}}";
+            var cnf = new Cnf(json);
+            Assert.Equal("Microsoft.IdentityModel.Protocols.SignedHttpRequest.Cnf", cnf.ClassName);
+        }
+
+        [Fact]
+        public void Ctor_ExpectedClassName()
+        {
+            var cnf = new Cnf();
+            Assert.Equal("Microsoft.IdentityModel.Protocols.SignedHttpRequest.Cnf", cnf.ClassName);
+        }
+    }
+}
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/CnfTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/CnfTests.cs
@@ -0,0 +1,25 @@
+﻿// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using Xunit;
+
+namespace Microsoft.IdentityModel.Tokens.Tests
+{
+    public class CnfTests
+    {
+        [Fact]
+        public void CtorWithJson_ExpectedClassName()
+        {
+            var json = "{\"jwk\":{\"kty\":\"oct\",\"k\":\"AQIDBAUGBwgJCgsMDQ4PEC==\"}}";
+            var cnf = new Cnf(json);
+            Assert.Equal("Microsoft.IdentityModel.Tokens.Cnf", cnf.ClassName);
+        }
+
+        [Fact]
+        public void Ctor_ExpectedClassName()
+        {
+            var cnf = new Cnf();
+            Assert.Equal("Microsoft.IdentityModel.Tokens.Cnf", cnf.ClassName);
+        }
+    }
+}
