Possible fixes to address perf issue in 6.31 (#2131)

* move bool check sooner * Fixing one bug in JSonWebToken , and a potential exception. The bug: - the constructor of JSonWebToken taking header and payload supposes that these are json, not encoded. They should not be assigned directly to the encoded members. This is likely to provoke plenty of exception. - the potential exception: in ToString(), we don't verify that there is at least one dot. Again could provoke an exception on malformed tokens. * Removing the ".signature" per PR feedback * address PR feedback and take Keegan's work in 7x branch * fix logic * move logic back to previous --------- Co-authored-by: Jean-Marc Prieur <[email protected]>
AzureAD · Jul 11, 2023 · f7edc77 · f7edc77
1 parent 23808d5
commit f7edc77
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
@@ -120,8 +120,9 @@ public JsonWebToken(string header, string payload)
                 throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14302, payload), ex));
             }
 
-            _encodedHeader = header;
-            _encodedPayload = payload;
+            _encodedHeader = Base64UrlEncoder.Encode(header);
+            _encodedPayload = Base64UrlEncoder.Encode(payload);
+            EncodedToken = _encodedHeader + "." + _encodedPayload + ".";
         }
 
         internal string ActualIssuer { get; set; }
@@ -904,7 +905,12 @@ public string Subject
         /// <returns>Encoded token string without signature or authentication tag.</returns>
         public override string ToString()
         {
-            return EncodedToken.Substring(0, EncodedToken.LastIndexOf("."));
+            int lastDot = EncodedToken.LastIndexOf('.');
+
+            if (lastDot >= 0)
+                return EncodedToken.Substring(0, lastDot);
+            else
+                return EncodedToken;
         }
 
         /// <summary>

diff --git a/src/Microsoft.IdentityModel.Logging/LogHelper.cs b/src/Microsoft.IdentityModel.Logging/LogHelper.cs
@@ -365,15 +365,15 @@ public static string FormatInvariant(string format, params object[] args)
                 return string.Format(CultureInfo.InvariantCulture, format, args.Select(SanitizeSecurityArtifact).ToArray());
         }
 
-        private static string SanitizeSecurityArtifact(object arg)
+        private static object SanitizeSecurityArtifact(object arg)
         {
             if (arg == null)
                 return "null";
 
-            if (arg is ISafeLogSecurityArtifact && IdentityModelEventSource.LogCompleteSecurityArtifact)
+            if (IdentityModelEventSource.LogCompleteSecurityArtifact && arg is ISafeLogSecurityArtifact)
                 return (arg as ISafeLogSecurityArtifact).UnsafeToString();
 
-            return arg.ToString();
+            return arg;
         }
 
         private static string RemovePII(object arg)