From e8e3905221c77f0dd9449c54c5c12806528e3ee7 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 12:55:48 +0100 Subject: [PATCH 1/7] Refactored ValidateIssuerSecurityKey to use ValidationParameters over TokenValidationParameters --- .../Validators.IssuerSecurityKey.cs | 94 ++------ .../SigningKeyValidationResultTests.cs | 200 ++---------------- 2 files changed, 33 insertions(+), 261 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs index 9adcde0db3..34ff9a192c 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs @@ -25,7 +25,7 @@ namespace Microsoft.IdentityModel.Tokens internal delegate Task IssuerSecurityKeyValidationDelegate( SecurityKey signingKey, SecurityToken securityToken, - TokenValidationParameters validationParameters, + ValidationParameters validationParameters, CallContext callContext, CancellationToken cancellationToken); @@ -40,28 +40,16 @@ public static partial class Validators /// /// The that signed the . /// The being validated. - /// The to be used for validating the token. - /// - /// if 'securityKey' is null and ValidateIssuerSigningKey is true. - /// if 'securityToken' is null and ValidateIssuerSigningKey is true. - /// if 'validationParameters' is null. - internal static SigningKeyValidationResult ValidateIssuerSecurityKey(SecurityKey securityKey, SecurityToken securityToken, TokenValidationParameters validationParameters, CallContext callContext) - { - return ValidateIssuerSecurityKey(securityKey, securityToken, validationParameters, null, callContext); - } - - /// - /// Validates the that signed a . - /// - /// The that signed the . - /// The being validated. - /// The to be used for validating the token. - /// The required for issuer and signing key validation. + /// The to be used for validating the token. /// /// if 'securityKey' is null and ValidateIssuerSigningKey is true. /// if 'securityToken' is null and ValidateIssuerSigningKey is true. /// if 'validationParameters' is null. - internal static SigningKeyValidationResult ValidateIssuerSecurityKey(SecurityKey securityKey, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration? configuration, CallContext callContext) + internal static SigningKeyValidationResult ValidateIssuerSecurityKey( + SecurityKey securityKey, + SecurityToken securityToken, + ValidationParameters validationParameters, + CallContext callContext) { if (validationParameters == null) return new SigningKeyValidationResult( @@ -74,28 +62,7 @@ internal static SigningKeyValidationResult ValidateIssuerSecurityKey(SecurityKey typeof(ArgumentNullException), new StackFrame(true))); - if (validationParameters.IssuerSigningKeyValidatorUsingConfiguration != null) - { - return ValidateSigningKeyUsingDelegateAndConfiguration(securityKey, securityToken, validationParameters, configuration); - } - - if (validationParameters.IssuerSigningKeyValidator != null) - { - return ValidateSigningKeyUsingDelegateAndConfiguration(securityKey, securityToken, validationParameters, null); - } - - if (!validationParameters.ValidateIssuerSigningKey) - { - LogHelper.LogVerbose(LogMessages.IDX10237); - return new SigningKeyValidationResult(securityKey); - } - - if (!validationParameters.RequireSignedTokens && securityKey == null) - { - LogHelper.LogInformation(LogMessages.IDX10252); - return new SigningKeyValidationResult(securityKey); - } - else if (securityKey == null) + if (securityKey == null) { return new SigningKeyValidationResult( securityKey, @@ -129,7 +96,10 @@ internal static SigningKeyValidationResult ValidateIssuerSecurityKey(SecurityKey /// The to be used for validating the token. /// #pragma warning disable CA1801 // Review unused parameters - internal static SigningKeyValidationResult ValidateIssuerSigningKeyLifeTime(SecurityKey securityKey, TokenValidationParameters validationParameters, CallContext callContext) + internal static SigningKeyValidationResult ValidateIssuerSigningKeyLifeTime( + SecurityKey securityKey, + ValidationParameters validationParameters, + CallContext callContext) #pragma warning restore CA1801 // Review unused parameters { X509SecurityKey? x509SecurityKey = securityKey as X509SecurityKey; @@ -175,45 +145,7 @@ internal static SigningKeyValidationResult ValidateIssuerSigningKeyLifeTime(Secu return new SigningKeyValidationResult(securityKey); } - private static SigningKeyValidationResult ValidateSigningKeyUsingDelegateAndConfiguration(SecurityKey securityKey, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration? configuration) - { - try - { - bool success; - if (configuration != null) - success = validationParameters.IssuerSigningKeyValidatorUsingConfiguration(securityKey, securityToken, validationParameters, configuration); - else - success = validationParameters.IssuerSigningKeyValidator(securityKey, securityToken, validationParameters); - - if (!success) - return new SigningKeyValidationResult( - securityKey, - ValidationFailureType.SigningKeyValidationFailed, - new ExceptionDetail( - new MessageDetail( - LogMessages.IDX10232, - securityKey), - typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true))); - - return new SigningKeyValidationResult(securityKey); - } -#pragma warning disable CA1031 // Do not catch general exception types - catch (Exception exception) -#pragma warning restore CA1031 // Do not catch general exception types - { - return new SigningKeyValidationResult( - securityKey, - ValidationFailureType.SigningKeyValidationFailed, - new ExceptionDetail( - new MessageDetail( - LogMessages.IDX10232, - securityKey), - exception.GetType(), - new StackFrame(true), - exception)); - } - } + } } #nullable restore diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs index 43a6d3e313..d6b4af67f9 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs @@ -22,7 +22,6 @@ public void SecurityKey(SigningKeyValidationTheoryData theoryData) theoryData.SecurityKey, theoryData.SecurityToken, theoryData.ValidationParameters, - theoryData.BaseConfiguration, new CallContext()); if (signingKeyValidationResult.Exception != null) @@ -50,83 +49,11 @@ public static TheoryData SigningKeyValidationTes { new SigningKeyValidationTheoryData { - TestId = "Valid_SecurityTokenIsPresent_ValidateIssuerSigningKeyIsTrue", + TestId = "Valid_SecurityTokenIsPresent", ExpectedException = ExpectedException.NoExceptionExpected, SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true }, - SigningKeyValidationResult = new SigningKeyValidationResult(KeyingMaterial.SymmetricSecurityKey2_256) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_SecurityKeyIsNull_ValidateIssuerSigningKeyIsFalse", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = null, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = false }, - SigningKeyValidationResult = new SigningKeyValidationResult(null) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_SecurityTokenIsNull_ValidateIssuerSigningKeyIsFalse", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = null, - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = false }, - SigningKeyValidationResult = new SigningKeyValidationResult(KeyingMaterial.SymmetricSecurityKey2_256) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_SecurityKeyIsNull_RequireSignedTokensIsFalse", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = null, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, RequireSignedTokens = false }, - SigningKeyValidationResult = new SigningKeyValidationResult(null) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_SecurityKeyIsPresent_RequireSignedTokensIsTrue", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, RequireSignedTokens = true }, - SigningKeyValidationResult = new SigningKeyValidationResult(KeyingMaterial.SymmetricSecurityKey2_256) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_SecurityKeyIsPresent_RequireSignedTokensIsFalse", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, RequireSignedTokens = false }, - SigningKeyValidationResult = new SigningKeyValidationResult(KeyingMaterial.SymmetricSecurityKey2_256) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_DelegateSet_ReturnsTrue", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKeyValidator = (SecurityKey securityKey, SecurityToken token, TokenValidationParameters validationParameters) => true - }, - SigningKeyValidationResult = new SigningKeyValidationResult(KeyingMaterial.SymmetricSecurityKey2_256) - }, - new SigningKeyValidationTheoryData - { - TestId = "Valid_DelegateUsingConfigurationSet_ReturnsTrue", - ExpectedException = ExpectedException.NoExceptionExpected, - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKeyValidatorUsingConfiguration = (SecurityKey securityKey, SecurityToken token, TokenValidationParameters validationParameters, BaseConfiguration configuration) => true - }, - BaseConfiguration = new OpenIdConnectConfiguration(), + ValidationParameters = new ValidationParameters(), SigningKeyValidationResult = new SigningKeyValidationResult(KeyingMaterial.SymmetricSecurityKey2_256) }, new SigningKeyValidationTheoryData @@ -135,7 +62,7 @@ public static TheoryData SigningKeyValidationTes ExpectedException = ExpectedException.ArgumentNullException(substringExpected: "IDX10253:"), SecurityKey = null, SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true }, + ValidationParameters = new ValidationParameters(), SigningKeyValidationResult = new SigningKeyValidationResult( null, // SecurityKey ValidationFailureType.NullArgument, @@ -146,11 +73,11 @@ public static TheoryData SigningKeyValidationTes }, new SigningKeyValidationTheoryData { - TestId = "Invalid_SecurityTokenIsNullAndValidateIssuerSigningKeyTrue", + TestId = "Invalid_SecurityTokenIsNull", ExpectedException = ExpectedException.ArgumentNullException(), SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, SecurityToken = null, - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true }, + ValidationParameters = new ValidationParameters (), SigningKeyValidationResult = new SigningKeyValidationResult( KeyingMaterial.SymmetricSecurityKey2_256, ValidationFailureType.NullArgument, @@ -184,7 +111,7 @@ public static TheoryData SigningKeyValidationTes ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException(substringExpected: "IDX10249:"), SecurityKey = KeyingMaterial.ExpiredX509SecurityKey_Public, SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true }, + ValidationParameters = new ValidationParameters (), SigningKeyValidationResult = new SigningKeyValidationResult( KeyingMaterial.ExpiredX509SecurityKey_Public, ValidationFailureType.SigningKeyValidationFailed, @@ -202,7 +129,7 @@ public static TheoryData SigningKeyValidationTes ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException(substringExpected: "IDX10248:"), SecurityKey = KeyingMaterial.NotYetValidX509SecurityKey_Public, SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true }, + ValidationParameters = new ValidationParameters (), SigningKeyValidationResult = new SigningKeyValidationResult( KeyingMaterial.NotYetValidX509SecurityKey_Public, ValidationFailureType.SigningKeyValidationFailed, @@ -216,11 +143,11 @@ public static TheoryData SigningKeyValidationTes }, new SigningKeyValidationTheoryData { - TestId = "Invalid_SecurityKeyIsNull_RequireSignedTokensIsTrue", + TestId = "Invalid_SecurityKeyIsNull", ExpectedException = ExpectedException.ArgumentNullException(substringExpected: "IDX10253:"), SecurityKey = null, SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, RequireSignedTokens = true }, + ValidationParameters = new ValidationParameters (), SigningKeyValidationResult = new SigningKeyValidationResult( null, ValidationFailureType.NullArgument, @@ -229,105 +156,18 @@ public static TheoryData SigningKeyValidationTes typeof(ArgumentNullException), new StackFrame(true))) }, - new SigningKeyValidationTheoryData - { - TestId = "Invalid_DelegateIsSet_ReturnsFalse", - ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException(substringExpected: "IDX10232:"), - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKeyValidator = (SecurityKey securityKey, SecurityToken token, TokenValidationParameters validationParameters) => false - }, - SigningKeyValidationResult = new SigningKeyValidationResult( - KeyingMaterial.SymmetricSecurityKey2_256, - ValidationFailureType.SigningKeyValidationFailed, - new ExceptionDetail( - new MessageDetail( - LogMessages.IDX10232, - KeyingMaterial.SymmetricSecurityKey2_256), - typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true))) - }, - new SigningKeyValidationTheoryData - { - TestId = "Invalid_DelegateUsingConfigurationSet_ReturnsFalse", - ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException(substringExpected: "IDX10232:"), - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKeyValidatorUsingConfiguration = (SecurityKey securityKey, SecurityToken token, TokenValidationParameters validationParameters, BaseConfiguration configuration) => false - }, - BaseConfiguration = new OpenIdConnectConfiguration(), - SigningKeyValidationResult = new SigningKeyValidationResult( - KeyingMaterial.SymmetricSecurityKey2_256, - ValidationFailureType.SigningKeyValidationFailed, - new ExceptionDetail( - new MessageDetail( - LogMessages.IDX10232, - KeyingMaterial.SymmetricSecurityKey2_256), - typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true))) - }, - new SigningKeyValidationTheoryData - { - TestId = "Invalid_DelegateIsSet_Throws", - ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException(substringExpected: "IDX10232:", innerTypeExpected: typeof(SecurityTokenInvalidSigningKeyException)), - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKeyValidator = (SecurityKey securityKey, SecurityToken token, TokenValidationParameters validationParameters) => throw new SecurityTokenInvalidSigningKeyException() - }, - SigningKeyValidationResult = new SigningKeyValidationResult( - KeyingMaterial.SymmetricSecurityKey2_256, - ValidationFailureType.SigningKeyValidationFailed, - new ExceptionDetail( - new MessageDetail( - LogMessages.IDX10232, - KeyingMaterial.SymmetricSecurityKey2_256), - typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true), - new SecurityTokenInvalidSigningKeyException())) - }, - new SigningKeyValidationTheoryData - { - TestId = "Invalid_DelegateUsingConfigurationSet_Throws", - ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException(substringExpected: "IDX10232:", innerTypeExpected: typeof(SecurityTokenInvalidSigningKeyException)), - SecurityKey = KeyingMaterial.SymmetricSecurityKey2_256, - SecurityToken = new JwtSecurityToken(), - ValidationParameters = new TokenValidationParameters - { - ValidateIssuerSigningKey = true, - IssuerSigningKeyValidatorUsingConfiguration = (SecurityKey securityKey, SecurityToken token, TokenValidationParameters validationParameters, BaseConfiguration configuration) => throw new SecurityTokenInvalidSigningKeyException() - }, - BaseConfiguration = new OpenIdConnectConfiguration(), - SigningKeyValidationResult = new SigningKeyValidationResult( - KeyingMaterial.SymmetricSecurityKey2_256, - ValidationFailureType.SigningKeyValidationFailed, - new ExceptionDetail( - new MessageDetail( - LogMessages.IDX10232, - KeyingMaterial.SymmetricSecurityKey2_256), - typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true), - new SecurityTokenInvalidSigningKeyException())) - }, - }; - } + + }; } } + } - public class SigningKeyValidationTheoryData: TheoryDataBase - { - public SecurityKey SecurityKey { get; set; } - public SecurityToken SecurityToken { get; set; } - public TokenValidationParameters ValidationParameters { get; set; } - public BaseConfiguration BaseConfiguration { get; set; } - internal SigningKeyValidationResult SigningKeyValidationResult { get; set; } - } + public class SigningKeyValidationTheoryData : TheoryDataBase + { + public SecurityKey SecurityKey { get; set; } + public SecurityToken SecurityToken { get; set; } + internal ValidationParameters ValidationParameters { get; set; } + public BaseConfiguration BaseConfiguration { get; set; } + internal SigningKeyValidationResult SigningKeyValidationResult { get; set; } } +} From 7a8a1af72e98cdaf203427e217880ec0fd11bcc0 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 13:16:11 +0100 Subject: [PATCH 2/7] Renamed class, updated delegate in ValidationParameters. Updated tests --- .../Validation/ValidationParameters.cs | 7 ++++++- ...erSecurityKey.cs => Validators.IssuerSigningKey.cs} | 10 ++++------ .../Validation/SigningKeyValidationResultTests.cs | 2 +- .../Validation/ValidationParametersTests.cs | 1 + 4 files changed, 12 insertions(+), 8 deletions(-) rename src/Microsoft.IdentityModel.Tokens/Validation/{Validators.IssuerSecurityKey.cs => Validators.IssuerSigningKey.cs} (96%) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs index c064531798..0ae2048f06 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs @@ -29,6 +29,7 @@ internal class ValidationParameters private LifetimeValidatorDelegate _lifetimeValidator = Validators.ValidateLifetime; private TokenReplayValidatorDelegate _tokenReplayValidator = Validators.ValidateTokenReplay; private TypeValidatorDelegate _typeValidator = Validators.ValidateTokenType; + private IssuerSigningKeyValidatorDelegate _issuerSigningKeyValidator = Validators.ValidateIssuerSigningKey; /// /// This is the default value of when creating a . @@ -269,7 +270,11 @@ public virtual ClaimsIdentity CreateClaimsIdentity(SecurityToken securityToken, /// If both and are set, IssuerSigningKeyResolverUsingConfiguration takes /// priority. /// - public IssuerSigningKeyValidator IssuerSigningKeyValidator { get; set; } + public IssuerSigningKeyValidatorDelegate IssuerSigningKeyValidator + { + get => _issuerSigningKeyValidator; + set => _issuerSigningKeyValidator = value ?? throw new ArgumentNullException(nameof(value), "IssuerSigningKeyValidator cannot be set as null."); + } /// /// Gets a that is unique to this instance. diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs similarity index 96% rename from src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs rename to src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index 34ff9a192c..548c815c2a 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSecurityKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -18,16 +18,14 @@ namespace Microsoft.IdentityModel.Tokens /// The security key to validate. /// The that is being validated. /// The to be used for validating the token. - /// - /// + /// The to be used for logging. /// A that contains the results of validating the issuer. /// This delegate is not expected to throw. - internal delegate Task IssuerSecurityKeyValidationDelegate( + internal delegate SigningKeyValidationResult IssuerSigningKeyValidatorDelegate( SecurityKey signingKey, SecurityToken securityToken, ValidationParameters validationParameters, - CallContext callContext, - CancellationToken cancellationToken); + CallContext callContext); /// /// SigningKeyValidation @@ -45,7 +43,7 @@ public static partial class Validators /// if 'securityKey' is null and ValidateIssuerSigningKey is true. /// if 'securityToken' is null and ValidateIssuerSigningKey is true. /// if 'validationParameters' is null. - internal static SigningKeyValidationResult ValidateIssuerSecurityKey( + internal static SigningKeyValidationResult ValidateIssuerSigningKey( SecurityKey securityKey, SecurityToken securityToken, ValidationParameters validationParameters, diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs index d6b4af67f9..d39d3fa21a 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs @@ -18,7 +18,7 @@ public void SecurityKey(SigningKeyValidationTheoryData theoryData) { CompareContext context = TestUtilities.WriteHeader($"{this}.SigningKeyValidationResultTests", theoryData); - SigningKeyValidationResult signingKeyValidationResult = Validators.ValidateIssuerSecurityKey( + SigningKeyValidationResult signingKeyValidationResult = Validators.ValidateIssuerSigningKey( theoryData.SecurityKey, theoryData.SecurityToken, theoryData.ValidationParameters, diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationParametersTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationParametersTests.cs index 7d1a98de4f..603e7fb896 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationParametersTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationParametersTests.cs @@ -18,6 +18,7 @@ public void SetValidators_NullValue_ThrowsArgumentNullException() Assert.Throws(() => validationParameters.LifetimeValidator = null); Assert.Throws(() => validationParameters.TypeValidator = null); Assert.Throws(() => validationParameters.AudienceValidator = null); + Assert.Throws(() => validationParameters.IssuerSigningKeyValidator = null); } [Fact] From 59baef751e9463c52bacf40df68ef544a6ede673 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 16:42:27 +0100 Subject: [PATCH 3/7] Updated documentation reference --- .../Validation/Validators.IssuerSigningKey.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index 548c815c2a..5dbd68f360 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -17,7 +17,7 @@ namespace Microsoft.IdentityModel.Tokens /// /// The security key to validate. /// The that is being validated. - /// The to be used for validating the token. + /// The to be used for validating the token. /// The to be used for logging. /// A that contains the results of validating the issuer. /// This delegate is not expected to throw. @@ -91,7 +91,7 @@ internal static SigningKeyValidationResult ValidateIssuerSigningKey( /// Given a signing key, when it's derived from a certificate, validates that the certificate is already active and non-expired /// /// The that signed the . - /// The to be used for validating the token. + /// The to be used for validating the token. /// #pragma warning disable CA1801 // Review unused parameters internal static SigningKeyValidationResult ValidateIssuerSigningKeyLifeTime( From 4049ff8696dc1e1f9848ad7e0df876eb93a3d0fd Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 18:23:42 +0100 Subject: [PATCH 4/7] Update src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs Co-authored-by: sruthikeerthi <73967733+sruke@users.noreply.github.com> --- .../Validation/Validators.IssuerSigningKey.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index 5dbd68f360..fca1118fe2 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -18,7 +18,7 @@ namespace Microsoft.IdentityModel.Tokens /// The security key to validate. /// The that is being validated. /// The to be used for validating the token. - /// The to be used for logging. + /// The to be used for logging. /// A that contains the results of validating the issuer. /// This delegate is not expected to throw. internal delegate SigningKeyValidationResult IssuerSigningKeyValidatorDelegate( From a17b6c42ffc0751ee5565f7aca08cfe9ae1406ec Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 19:22:12 +0100 Subject: [PATCH 5/7] Removed extra whitespace --- .../Validation/Validators.IssuerSigningKey.cs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index fca1118fe2..d635e6aa71 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -142,8 +142,6 @@ internal static SigningKeyValidationResult ValidateIssuerSigningKeyLifeTime( return new SigningKeyValidationResult(securityKey); } - - } } #nullable restore From 9fcf0211e2afe3d34256052c2c335fdd46609524 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 19:29:11 +0100 Subject: [PATCH 6/7] Mark CallContext as optional --- .../Validation/Validators.IssuerSigningKey.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index d635e6aa71..5e7072a28d 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -25,7 +25,7 @@ internal delegate SigningKeyValidationResult IssuerSigningKeyValidatorDelegate( SecurityKey signingKey, SecurityToken securityToken, ValidationParameters validationParameters, - CallContext callContext); + CallContext? callContext); /// /// SigningKeyValidation @@ -47,7 +47,7 @@ internal static SigningKeyValidationResult ValidateIssuerSigningKey( SecurityKey securityKey, SecurityToken securityToken, ValidationParameters validationParameters, - CallContext callContext) + CallContext? callContext) { if (validationParameters == null) return new SigningKeyValidationResult( @@ -97,7 +97,7 @@ internal static SigningKeyValidationResult ValidateIssuerSigningKey( internal static SigningKeyValidationResult ValidateIssuerSigningKeyLifeTime( SecurityKey securityKey, ValidationParameters validationParameters, - CallContext callContext) + CallContext? callContext) #pragma warning restore CA1801 // Review unused parameters { X509SecurityKey? x509SecurityKey = securityKey as X509SecurityKey; From eb07cce24d23f960db5dc7132d249259990a1344 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Tue, 6 Aug 2024 20:16:05 +0100 Subject: [PATCH 7/7] Added configuration parameter to ValidateIssuerSigningKey --- .../Validation/Validators.IssuerSigningKey.cs | 8 +++++++- .../Validation/SigningKeyValidationResultTests.cs | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index 5e7072a28d..15d4f615f4 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -18,6 +18,7 @@ namespace Microsoft.IdentityModel.Tokens /// The security key to validate. /// The that is being validated. /// The to be used for validating the token. + /// The to be used for validation. /// The to be used for logging. /// A that contains the results of validating the issuer. /// This delegate is not expected to throw. @@ -25,6 +26,7 @@ internal delegate SigningKeyValidationResult IssuerSigningKeyValidatorDelegate( SecurityKey signingKey, SecurityToken securityToken, ValidationParameters validationParameters, + BaseConfiguration? configuration, CallContext? callContext); /// @@ -39,7 +41,8 @@ public static partial class Validators /// The that signed the . /// The being validated. /// The to be used for validating the token. - /// + /// The to be used for validation. + /// The to be used for logging. /// if 'securityKey' is null and ValidateIssuerSigningKey is true. /// if 'securityToken' is null and ValidateIssuerSigningKey is true. /// if 'validationParameters' is null. @@ -47,6 +50,9 @@ internal static SigningKeyValidationResult ValidateIssuerSigningKey( SecurityKey securityKey, SecurityToken securityToken, ValidationParameters validationParameters, +#pragma warning disable CA1801 // Review unused parameters + BaseConfiguration? configuration, +#pragma warning restore CA1801 // Review unused parameters CallContext? callContext) { if (validationParameters == null) diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs index d39d3fa21a..98e10456d0 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs @@ -22,6 +22,7 @@ public void SecurityKey(SigningKeyValidationTheoryData theoryData) theoryData.SecurityKey, theoryData.SecurityToken, theoryData.ValidationParameters, + theoryData.BaseConfiguration, new CallContext()); if (signingKeyValidationResult.Exception != null)