From 97229b8cdfa99b9e593d864dd0e6752cde2ac439 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Fri, 15 Nov 2024 13:50:23 +0000 Subject: [PATCH 01/10] Refactored ValidationError and subclasses to align optional parameters and ensure GetException sets the ValidationError parameter required to provide a stack trace --- .../InternalAPI.Unshipped.txt | 6 +- .../Saml/Exceptions/SamlValidationError.cs | 10 +- .../Saml2/Exceptions/Saml2ValidationError.cs | 10 +- .../InternalAPI.Unshipped.txt | 20 ++-- .../Details/AlgorithmValidationError.cs | 6 +- .../Details/AudienceValidationError.cs | 31 +++--- .../Results/Details/IssuerValidationError.cs | 16 +--- .../Details/LifetimeValidationError.cs | 62 ++++++------ .../Details/TokenTypeValidationError.cs | 6 +- .../Results/Details/ValidationError.cs | 95 ++++++++----------- .../Exceptions/XmlValidationError.cs | 9 +- .../InternalAPI.Unshipped.txt | 2 +- 12 files changed, 132 insertions(+), 141 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt index 1fc631663c..7504d240a1 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt @@ -11,14 +11,12 @@ Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml.SamlValidationError -Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail MessageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame) -> void -Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException) -> void +Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.StackFrames Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError -Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail MessageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame) -> void -Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException) -> void +Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void override Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.GetException() -> System.Exception override Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.GetException() -> System.Exception static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.StackFrames.IssuerSigningKeyValidationFailed -> System.Diagnostics.StackFrame diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs index 48aff2a17d..5bee47a23a 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs @@ -4,11 +4,18 @@ using System; using System.Diagnostics; +#nullable enable namespace Microsoft.IdentityModel.Tokens.Saml { internal class SamlValidationError : ValidationError { - internal SamlValidationError(MessageDetail messageDetail, ValidationFailureType failureType, Type exceptionType, StackFrame stackFrame, Exception innerException) : base(messageDetail, failureType, exceptionType, stackFrame, innerException) + internal SamlValidationError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + ValidationFailureType failureType, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, failureType, innerException) { } @@ -24,3 +31,4 @@ internal override Exception GetException() } } } +#nullable restore diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs index b8f5803e23..7e834b5ccd 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs @@ -4,11 +4,18 @@ using System; using System.Diagnostics; +#nullable enable namespace Microsoft.IdentityModel.Tokens.Saml2 { internal class Saml2ValidationError : ValidationError { - internal Saml2ValidationError(MessageDetail messageDetail, ValidationFailureType failureType, Type exceptionType, StackFrame stackFrame, Exception innerException) : base(messageDetail, failureType, exceptionType, stackFrame, innerException) + internal Saml2ValidationError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + ValidationFailureType failureType, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, failureType, innerException) { } @@ -24,3 +31,4 @@ internal override Exception GetException() } } } +#nullable restore diff --git a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt index fa2f518ab7..03e642a883 100644 --- a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt @@ -2,25 +2,31 @@ const Microsoft.IdentityModel.Tokens.LogMessages.IDX10002 = "IDX10002: Unknown e const Microsoft.IdentityModel.Tokens.LogMessages.IDX10268 = "IDX10268: Unable to validate audience, validationParameters.ValidAudiences.Count == 0." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10269 = "IDX10269: IssuerValidationDelegate threw an exception, see inner exception." -> string Microsoft.IdentityModel.Tokens.AlgorithmValidationError -Microsoft.IdentityModel.Tokens.AlgorithmValidationError.AlgorithmValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidAlgorithm) -> void +Microsoft.IdentityModel.Tokens.AlgorithmValidationError.AlgorithmValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidAlgorithm, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.AlgorithmValidationError.InvalidAlgorithm.get -> string Microsoft.IdentityModel.Tokens.AlgorithmValidationError._invalidAlgorithm -> string -Microsoft.IdentityModel.Tokens.AudienceValidationError.AudienceValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Collections.Generic.IList tokenAudiences, System.Collections.Generic.IList validAudiences) -> void +Microsoft.IdentityModel.Tokens.AudienceValidationError.AudienceValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Collections.Generic.IList tokenAudiences, System.Collections.Generic.IList validAudiences, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType = null, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.AudienceValidationError.TokenAudiences.get -> System.Collections.Generic.IList +Microsoft.IdentityModel.Tokens.AudienceValidationError.TokenAudiences.set -> void +Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidAudiences.get -> System.Collections.Generic.IList +Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidAudiences.set -> void Microsoft.IdentityModel.Tokens.IssuerValidationError.InvalidIssuer.get -> string -Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer, System.Exception innerException) -> void -Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer, System.Exception innerException) -> void +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.IssuerValidationSource.IssuerMatchedConfiguration = 1 -> Microsoft.IdentityModel.Tokens.IssuerValidationSource Microsoft.IdentityModel.Tokens.IssuerValidationSource.IssuerMatchedValidationParameters = 2 -> Microsoft.IdentityModel.Tokens.IssuerValidationSource -Microsoft.IdentityModel.Tokens.LifetimeValidationError._expires -> System.DateTime -Microsoft.IdentityModel.Tokens.LifetimeValidationError._notBefore -> System.DateTime +Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.get -> System.DateTime +Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.set -> void +Microsoft.IdentityModel.Tokens.LifetimeValidationError.LifetimeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.DateTime? notBefore, System.DateTime? expires, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.get -> System.DateTime +Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.set -> void Microsoft.IdentityModel.Tokens.TokenTypeValidationError -Microsoft.IdentityModel.Tokens.TokenTypeValidationError.TokenTypeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidTokenType) -> void +Microsoft.IdentityModel.Tokens.TokenTypeValidationError.TokenTypeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidTokenType, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.TokenTypeValidationError._invalidTokenType -> string Microsoft.IdentityModel.Tokens.TokenValidationParameters.TimeProvider.get -> System.TimeProvider Microsoft.IdentityModel.Tokens.TokenValidationParameters.TimeProvider.set -> void Microsoft.IdentityModel.Tokens.ValidationError.AddCurrentStackFrame(string filePath = "", int lineNumber = 0, int skipFrames = 1) -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Tokens.ValidationError.GetException(System.Type exceptionType, System.Exception innerException) -> System.Exception +Microsoft.IdentityModel.Tokens.ValidationError.ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.ValidationParameters.TokenTypeValidator.get -> Microsoft.IdentityModel.Tokens.TokenTypeValidationDelegate Microsoft.IdentityModel.Tokens.ValidationParameters.TokenTypeValidator.set -> void Microsoft.IdentityModel.Tokens.ValidationResult.Error.get -> Microsoft.IdentityModel.Tokens.ValidationError diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs index c867fdb193..e80461f850 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs @@ -15,8 +15,10 @@ public AlgorithmValidationError( MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame, - string? invalidAlgorithm) : - base(messageDetail, ValidationFailureType.AlgorithmValidationFailed, exceptionType, stackFrame) + string? invalidAlgorithm, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) : + base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.AlgorithmValidationFailed, innerException) { _invalidAlgorithm = invalidAlgorithm; } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs index c38b3a7bb2..156e85536b 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs @@ -10,27 +10,18 @@ namespace Microsoft.IdentityModel.Tokens { internal class AudienceValidationError : ValidationError { - private IList? _tokenAudiences; - private IList? _validAudiences; - - // stack frames associated with AudienceValidationErrors - internal static StackFrame? ValidationParametersNull; - internal static StackFrame? AudiencesNull; - internal static StackFrame? AudiencesCountZero; - internal static StackFrame? ValidationParametersAudiencesCountZero; - internal static StackFrame? ValidateAudienceFailed; - public AudienceValidationError( MessageDetail messageDetail, - ValidationFailureType failureType, Type exceptionType, StackFrame stackFrame, IList? tokenAudiences, - IList? validAudiences) - : base(messageDetail, failureType, exceptionType, stackFrame) + IList? validAudiences, + ValidationFailureType? failureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, failureType ?? ValidationFailureType.AudienceValidationFailed, innerException) { - _tokenAudiences = tokenAudiences; - _validAudiences = validAudiences; + TokenAudiences = tokenAudiences; + ValidAudiences = validAudiences; } /// @@ -40,12 +31,18 @@ public AudienceValidationError( internal override Exception GetException() { if (ExceptionType == typeof(SecurityTokenInvalidAudienceException)) - return new SecurityTokenInvalidAudienceException(MessageDetail.Message) { InvalidAudience = Utility.SerializeAsSingleCommaDelimitedString(_tokenAudiences) }; + { + var exception = new SecurityTokenInvalidAudienceException(MessageDetail.Message, InnerException) { InvalidAudience = Utility.SerializeAsSingleCommaDelimitedString(TokenAudiences) }; + exception.SetValidationError(this); + + return exception; + } return base.GetException(ExceptionType, null); } - internal IList? TokenAudiences => _tokenAudiences; + protected IList? TokenAudiences { get; set; } + protected IList? ValidAudiences { get; set; } } } #nullable restore diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs index cc26ebda9a..fa33ac0974 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs @@ -13,19 +13,10 @@ internal IssuerValidationError( MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame, - string? invalidIssuer) - : this(messageDetail, ValidationFailureType.IssuerValidationFailed, exceptionType, stackFrame, invalidIssuer, null) - { - } - - internal IssuerValidationError( - MessageDetail messageDetail, - ValidationFailureType validationFailureType, - Type exceptionType, - StackFrame stackFrame, string? invalidIssuer, - Exception? innerException) - : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.IssuerValidationFailed, innerException) { InvalidIssuer = invalidIssuer; } @@ -40,6 +31,7 @@ internal override Exception GetException() { InvalidIssuer = InvalidIssuer }; + exception.SetValidationError(this); return exception; } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs index 215296439f..c355ef63e8 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs @@ -9,37 +9,21 @@ namespace Microsoft.IdentityModel.Tokens { internal class LifetimeValidationError : ValidationError { - protected DateTime _notBefore; - protected DateTime _expires; - - public LifetimeValidationError( - MessageDetail messageDetail, - Type exceptionType, - StackFrame stackFrame) - : base(messageDetail, ValidationFailureType.LifetimeValidationFailed, exceptionType, stackFrame) - { - } - public LifetimeValidationError( MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame, - DateTime notBefore, - DateTime expires) - : base(messageDetail, ValidationFailureType.LifetimeValidationFailed, exceptionType, stackFrame) - { - _notBefore = notBefore; - _expires = expires; - } + DateTime? notBefore, + DateTime? expires, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) - public LifetimeValidationError( - MessageDetail messageDetail, - Type exceptionType, - StackFrame stackFrame, - DateTime expires) - : base(messageDetail, ValidationFailureType.LifetimeValidationFailed, exceptionType, stackFrame) + : base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.LifetimeValidationFailed, innerException) { - _expires = expires; + if (notBefore.HasValue) + NotBefore = notBefore.Value; + if (expires.HasValue) + Expires = expires.Value; } /// @@ -50,33 +34,45 @@ internal override Exception GetException() { if (ExceptionType == typeof(SecurityTokenNoExpirationException)) { - return new SecurityTokenNoExpirationException(MessageDetail.Message); + var exception = new SecurityTokenNoExpirationException(MessageDetail.Message, InnerException); + exception.SetValidationError(this); + return exception; } else if (ExceptionType == typeof(SecurityTokenInvalidLifetimeException)) { - return new SecurityTokenInvalidLifetimeException(MessageDetail.Message) + var exception = new SecurityTokenInvalidLifetimeException(MessageDetail.Message, InnerException) { - NotBefore = _notBefore, - Expires = _expires + NotBefore = NotBefore, + Expires = Expires }; + exception.SetValidationError(this); + return exception; } else if (ExceptionType == typeof(SecurityTokenNotYetValidException)) { - return new SecurityTokenNotYetValidException(MessageDetail.Message) + var exception = new SecurityTokenNotYetValidException(MessageDetail.Message, InnerException) { - NotBefore = _notBefore + NotBefore = NotBefore }; + exception.SetValidationError(this); + return exception; } else if (ExceptionType == typeof(SecurityTokenExpiredException)) { - return new SecurityTokenExpiredException(MessageDetail.Message) + var exception = new SecurityTokenExpiredException(MessageDetail.Message, InnerException) { - Expires = _expires + Expires = Expires }; + exception.SetValidationError(this); + return exception; } else return base.GetException(ExceptionType, null); } + + protected DateTime NotBefore { get; set; } + + protected DateTime Expires { get; set; } } } #nullable restore diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs index 030d510485..9f633ed741 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs @@ -15,8 +15,10 @@ internal TokenTypeValidationError( MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame, - string? invalidTokenType) - : base(messageDetail, ValidationFailureType.TokenTypeValidationFailed, exceptionType, stackFrame) + string? invalidTokenType, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.TokenTypeValidationFailed, innerException) { _invalidTokenType = invalidTokenType; } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs index 37bb29c092..4c2e3ccdd5 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs @@ -8,6 +8,7 @@ using System.Runtime.CompilerServices; using Microsoft.IdentityModel.Logging; +#nullable enable namespace Microsoft.IdentityModel.Tokens { /// @@ -17,37 +18,20 @@ internal class ValidationError { private Type _exceptionType; - /// - /// Creates an instance of - /// - /// contains information about the exception that is used to generate the exception message. - /// is the type of exception that occurred. - /// is the type of validation failure that occurred. - /// is the stack frame where the exception occurred. - internal ValidationError( - MessageDetail MessageDetail, - ValidationFailureType failureType, - Type exceptionType, - StackFrame stackFrame) - : this(MessageDetail, failureType, exceptionType, stackFrame, null) - { - // TODO: need to include CallContext. - } - /// /// Creates an instance of /// /// contains information about the exception that is used to generate the exception message. /// is the type of exception that occurred. - /// is the type of validation failure that occurred. /// is the stack frame where the exception occurred. + /// is the type of validation failure that occurred. /// is the inner exception that occurred. internal ValidationError( MessageDetail messageDetail, - ValidationFailureType failureType, Type exceptionType, StackFrame stackFrame, - Exception innerException) + ValidationFailureType failureType, + Exception? innerException = null) { InnerException = innerException; MessageDetail = messageDetail; @@ -68,11 +52,11 @@ internal virtual Exception GetException() return GetException(ExceptionType, InnerException); } - internal Exception GetException(Type exceptionType, Exception innerException) + internal Exception GetException(Type exceptionType, Exception? innerException) { - Exception exception = null; + Exception? exception = null; - if (innerException == null && InnerValidationError == null) + if (innerException is null) { if (exceptionType == typeof(SecurityTokenArgumentNullException)) exception = new SecurityTokenArgumentNullException(MessageDetail.Message); @@ -131,61 +115,59 @@ internal Exception GetException(Type exceptionType, Exception innerException) } else { - Exception actualException = innerException ?? InnerValidationError.GetException(); - if (exceptionType == typeof(SecurityTokenArgumentNullException)) - return new SecurityTokenArgumentNullException(MessageDetail.Message, innerException); + exception = new SecurityTokenArgumentNullException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidAudienceException)) - exception = new SecurityTokenInvalidAudienceException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidAudienceException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidIssuerException)) - exception = new SecurityTokenInvalidIssuerException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidIssuerException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidLifetimeException)) - exception = new SecurityTokenInvalidLifetimeException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidLifetimeException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenReplayDetectedException)) - exception = new SecurityTokenReplayDetectedException(MessageDetail.Message, actualException); + exception = new SecurityTokenReplayDetectedException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenReplayAddFailedException)) - exception = new SecurityTokenReplayAddFailedException(MessageDetail.Message, actualException); + exception = new SecurityTokenReplayAddFailedException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidSigningKeyException)) - exception = new SecurityTokenInvalidSigningKeyException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidSigningKeyException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidTypeException)) - exception = new SecurityTokenInvalidTypeException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidTypeException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenReplayDetectedException)) - exception = new SecurityTokenReplayDetectedException(MessageDetail.Message, actualException); + exception = new SecurityTokenReplayDetectedException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenExpiredException)) - exception = new SecurityTokenExpiredException(MessageDetail.Message, actualException); + exception = new SecurityTokenExpiredException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenNotYetValidException)) - exception = new SecurityTokenNotYetValidException(MessageDetail.Message, actualException); + exception = new SecurityTokenNotYetValidException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidLifetimeException)) - exception = new SecurityTokenInvalidLifetimeException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidLifetimeException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenNoExpirationException)) - exception = new SecurityTokenNoExpirationException(MessageDetail.Message, actualException); + exception = new SecurityTokenNoExpirationException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidIssuerException)) - exception = new SecurityTokenInvalidIssuerException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidIssuerException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenSignatureKeyNotFoundException)) - exception = new SecurityTokenSignatureKeyNotFoundException(MessageDetail.Message, actualException); + exception = new SecurityTokenSignatureKeyNotFoundException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenDecryptionFailedException)) - exception = new SecurityTokenDecryptionFailedException(MessageDetail.Message, actualException); + exception = new SecurityTokenDecryptionFailedException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenMalformedException)) - exception = new SecurityTokenMalformedException(MessageDetail.Message, actualException); + exception = new SecurityTokenMalformedException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidSignatureException)) - exception = new SecurityTokenInvalidSignatureException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidSignatureException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenArgumentNullException)) - exception = new SecurityTokenArgumentNullException(MessageDetail.Message, actualException); + exception = new SecurityTokenArgumentNullException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidAlgorithmException)) - exception = new SecurityTokenInvalidAlgorithmException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidAlgorithmException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenInvalidAlgorithmException)) - exception = new SecurityTokenInvalidAlgorithmException(MessageDetail.Message, actualException); + exception = new SecurityTokenInvalidAlgorithmException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenException)) - exception = new SecurityTokenException(MessageDetail.Message, actualException); + exception = new SecurityTokenException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenKeyWrapException)) - exception = new SecurityTokenKeyWrapException(MessageDetail.Message, actualException); + exception = new SecurityTokenKeyWrapException(MessageDetail.Message, innerException); else if (exceptionType == typeof(SecurityTokenValidationException)) - exception = new SecurityTokenValidationException(MessageDetail.Message, actualException); + exception = new SecurityTokenValidationException(MessageDetail.Message, innerException); else { // Exception type is unknown var message = LogHelper.FormatInvariant(LogMessages.IDX10002, exceptionType, MessageDetail.Message); - exception = new SecurityTokenException(message, actualException); + exception = new SecurityTokenException(message, innerException); } } @@ -199,9 +181,10 @@ internal Exception GetException(Type exceptionType, Exception innerException) internal static ValidationError NullParameter(string parameterName, StackFrame stackFrame) => new( MessageDetail.NullParameter(parameterName), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - stackFrame); + stackFrame, + ValidationFailureType.NullArgument, + null); /// /// Gets the type of validation failure that occurred. @@ -216,12 +199,7 @@ internal Exception GetException(Type exceptionType, Exception innerException) /// /// Gets the inner exception that occurred. /// - public Exception InnerException { get; } - - /// - /// Gets the details for the inner exception that occurred. - /// - public ValidationError InnerValidationError { get; } + public Exception? InnerException { get; } /// /// Gets the message details that are used to generate the exception message. @@ -281,3 +259,4 @@ internal static StackFrame GetCurrentStackFrame( private static ConcurrentDictionary CachedStackFrames { get; } = new(); } } +#nullable restore diff --git a/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs b/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs index 6374d3edb8..90625c6e9b 100644 --- a/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs +++ b/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs @@ -5,16 +5,18 @@ using System.Diagnostics; using Microsoft.IdentityModel.Tokens; +#nullable enable namespace Microsoft.IdentityModel.Xml { internal class XmlValidationError : ValidationError { public XmlValidationError( MessageDetail messageDetail, - ValidationFailureType validationFailureType, Type exceptionType, - StackFrame stackFrame) : - base(messageDetail, validationFailureType, exceptionType, stackFrame) + StackFrame stackFrame, + ValidationFailureType validationFailureType, + Exception? innerException = null) : + base(messageDetail, exceptionType, stackFrame, validationFailureType, innerException) { } @@ -32,3 +34,4 @@ internal override Exception GetException() } } } +#nullable restore diff --git a/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt index fb30836a8b..0a88428846 100644 --- a/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt @@ -2,6 +2,6 @@ Microsoft.IdentityModel.Xml.Reference.Verify(Microsoft.IdentityModel.Tokens.Cryp Microsoft.IdentityModel.Xml.Signature.Verify(Microsoft.IdentityModel.Tokens.SecurityKey key, Microsoft.IdentityModel.Tokens.CryptoProviderFactory cryptoProviderFactory, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Xml.SignedInfo.Verify(Microsoft.IdentityModel.Tokens.CryptoProviderFactory cryptoProviderFactory, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Xml.XmlValidationError -Microsoft.IdentityModel.Xml.XmlValidationError.XmlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame) -> void +Microsoft.IdentityModel.Xml.XmlValidationError.XmlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Exception innerException = null) -> void Microsoft.IdentityModel.Xml.XmlValidationException.SetValidationError(Microsoft.IdentityModel.Tokens.ValidationError validationError) -> void override Microsoft.IdentityModel.Xml.XmlValidationError.GetException() -> System.Exception \ No newline at end of file From 4b558f9f82298a1093aef69b3f9594f02146eff5 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Sat, 16 Nov 2024 19:20:26 +0000 Subject: [PATCH 02/10] Adjusted existing delegates to use the updated ValidationError parameters --- .../Validation/Validators.Audience.cs | 41 ++++++------------- .../Validation/Validators.IssuerSigningKey.cs | 12 +++--- .../Validation/Validators.Lifetime.cs | 24 ++++++----- .../Validation/Validators.TokenReplay.cs | 12 +++--- 4 files changed, 38 insertions(+), 51 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs index ff97e1b405..78276e79ce 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs @@ -3,7 +3,6 @@ using System; using System.Collections.Generic; -using System.Diagnostics; using Microsoft.IdentityModel.Abstractions; using Microsoft.IdentityModel.Logging; @@ -48,50 +47,38 @@ internal static ValidationResult ValidateAudience(IList tokenAud { if (validationParameters == null) { - AudienceValidationError.ValidationParametersNull ??= new StackFrame(true); - return new AudienceValidationError( - MessageDetail.NullParameter(nameof(validationParameters)), - ValidationFailureType.NullArgument, - typeof(SecurityTokenArgumentNullException), - AudienceValidationError.ValidationParametersNull, - tokenAudiences, - null); + return AudienceValidationError.NullParameter( + nameof(validationParameters), + ValidationError.GetCurrentStackFrame()); } if (tokenAudiences == null) { - AudienceValidationError.AudiencesNull ??= new StackFrame(true); - return new AudienceValidationError( - MessageDetail.NullParameter(nameof(tokenAudiences)), - ValidationFailureType.NullArgument, - typeof(SecurityTokenArgumentNullException), - AudienceValidationError.AudiencesNull, - tokenAudiences, - validationParameters.ValidAudiences); + return AudienceValidationError.NullParameter( + nameof(tokenAudiences), + ValidationError.GetCurrentStackFrame()); } if (tokenAudiences.Count == 0) { - AudienceValidationError.AudiencesCountZero ??= new StackFrame(true); return new AudienceValidationError( new MessageDetail(LogMessages.IDX10206), - ValidationFailureType.NoTokenAudiencesProvided, typeof(SecurityTokenInvalidAudienceException), - AudienceValidationError.AudiencesCountZero, + ValidationError.GetCurrentStackFrame(), tokenAudiences, - validationParameters.ValidAudiences); + validationParameters.ValidAudiences, + ValidationFailureType.NoTokenAudiencesProvided); } if (validationParameters.ValidAudiences.Count == 0) { - AudienceValidationError.ValidationParametersAudiencesCountZero ??= new StackFrame(true); return new AudienceValidationError( new MessageDetail(LogMessages.IDX10268), - ValidationFailureType.NoValidationParameterAudiencesProvided, typeof(SecurityTokenInvalidAudienceException), - AudienceValidationError.ValidationParametersAudiencesCountZero, + ValidationError.GetCurrentStackFrame(), tokenAudiences, - validationParameters.ValidAudiences); + validationParameters.ValidAudiences, + ValidationFailureType.NoValidationParameterAudiencesProvided); } string? validAudience = ValidTokenAudience(tokenAudiences, validationParameters.ValidAudiences, validationParameters.IgnoreTrailingSlashWhenValidatingAudience); @@ -99,15 +86,13 @@ internal static ValidationResult ValidateAudience(IList tokenAud return validAudience; // TODO we shouldn't be serializing here. - AudienceValidationError.ValidateAudienceFailed ??= new StackFrame(true); return new AudienceValidationError( new MessageDetail( LogMessages.IDX10215, LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(tokenAudiences)), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validationParameters.ValidAudiences))), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - AudienceValidationError.ValidateAudienceFailed, + ValidationError.GetCurrentStackFrame(), tokenAudiences, validationParameters.ValidAudiences); } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index 3e27f653e4..733cbf72f7 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -62,9 +62,9 @@ internal static ValidationResult ValidateIssuerSign if (securityKey == null) return new ValidationError( new MessageDetail(LogMessages.IDX10253, nameof(securityKey)), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenArgumentNullException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SigningKeyValidationFailed); if (securityToken == null) return ValidationError.NullParameter( @@ -103,9 +103,9 @@ internal static ValidationResult ValidateIssuerSign LogMessages.IDX10248, LogHelper.MarkAsNonPII(notBeforeUtc), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SigningKeyValidationFailed); //TODO: Move to CallContext //if (LogHelper.IsEnabled(EventLogLevel.Informational)) @@ -117,9 +117,9 @@ internal static ValidationResult ValidateIssuerSign LogMessages.IDX10249, LogHelper.MarkAsNonPII(notAfterUtc), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SigningKeyValidationFailed); // TODO: Move to CallContext //if (LogHelper.IsEnabled(EventLogLevel.Informational)) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs index a1d7c24153..02ce0bc85b 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs @@ -2,7 +2,6 @@ // Licensed under the MIT License. using System; -using System.Diagnostics; using Microsoft.IdentityModel.Logging; #nullable enable @@ -59,7 +58,7 @@ internal static ValidationResult ValidateLifetime( if (validationParameters == null) return ValidationError.NullParameter( nameof(validationParameters), - new StackFrame(true)); + ValidationError.GetCurrentStackFrame()); if (!expires.HasValue) return new LifetimeValidationError( @@ -67,7 +66,9 @@ internal static ValidationResult ValidateLifetime( LogMessages.IDX10225, LogHelper.MarkAsNonPII(securityToken == null ? "null" : securityToken.GetType().ToString())), typeof(SecurityTokenNoExpirationException), - new StackFrame(true)); + ValidationError.GetCurrentStackFrame(), + notBefore, + expires); if (notBefore.HasValue && expires.HasValue && (notBefore.Value > expires.Value)) return new LifetimeValidationError( @@ -76,9 +77,9 @@ internal static ValidationResult ValidateLifetime( LogHelper.MarkAsNonPII(notBefore.Value), LogHelper.MarkAsNonPII(expires.Value)), typeof(SecurityTokenInvalidLifetimeException), - new StackFrame(true), - notBefore.Value, - expires.Value); + ValidationError.GetCurrentStackFrame(), + notBefore, + expires); DateTime utcNow = validationParameters.TimeProvider.GetUtcNow().UtcDateTime; if (notBefore.HasValue && (notBefore.Value > DateTimeUtil.Add(utcNow, validationParameters.ClockSkew))) @@ -88,9 +89,9 @@ internal static ValidationResult ValidateLifetime( LogHelper.MarkAsNonPII(notBefore.Value), LogHelper.MarkAsNonPII(utcNow)), typeof(SecurityTokenNotYetValidException), - new StackFrame(true), - notBefore.Value, - expires.Value); + ValidationError.GetCurrentStackFrame(), + notBefore, + expires); if (expires.HasValue && (expires.Value < DateTimeUtil.Add(utcNow, validationParameters.ClockSkew.Negate()))) return new LifetimeValidationError( @@ -99,8 +100,9 @@ internal static ValidationResult ValidateLifetime( LogHelper.MarkAsNonPII(expires.Value), LogHelper.MarkAsNonPII(utcNow)), typeof(SecurityTokenExpiredException), - new StackFrame(true), - expires.Value); + ValidationError.GetCurrentStackFrame(), + notBefore, + expires); // if it reaches here, that means lifetime of the token is valid return new ValidatedLifetime(notBefore, expires); diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs index 064a6cc491..24ca6a042c 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs @@ -60,27 +60,27 @@ public static partial class Validators new MessageDetail( LogMessages.IDX10227, securityToken), - ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenNoExpirationException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.TokenReplayValidationFailed); if (validationParameters.TokenReplayCache.TryFind(securityToken)) return new ValidationError( new MessageDetail( LogMessages.IDX10228, securityToken), - ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.TokenReplayValidationFailed); if (!validationParameters.TokenReplayCache.TryAdd(securityToken, expirationTime.Value)) return new ValidationError( new MessageDetail( LogMessages.IDX10229, securityToken), - ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayAddFailedException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.TokenReplayValidationFailed); } // if it reaches here, that means no token replay is detected. From 2756053030e8c94541269df956c429e911d416f8 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Sat, 16 Nov 2024 19:52:24 +0000 Subject: [PATCH 03/10] Updated identity comparer to check for the exception's stack trace when comparing validation errors --- .../Microsoft.IdentityModel.TestUtils/IdentityComparer.cs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/test/Microsoft.IdentityModel.TestUtils/IdentityComparer.cs b/test/Microsoft.IdentityModel.TestUtils/IdentityComparer.cs index 1ce815b2ea..f3152b4d34 100644 --- a/test/Microsoft.IdentityModel.TestUtils/IdentityComparer.cs +++ b/test/Microsoft.IdentityModel.TestUtils/IdentityComparer.cs @@ -1429,7 +1429,7 @@ internal static bool AreValidationErrorsEqual(ValidationError validationError1, localContext.Diffs.Add($"(validationError1.StackFrames[0].GetFileName(): " + $"'{validationError1.StackFrames[0].GetFileName()}', " + $"does not contain validationError2.StackFrames[0].GetFileName():" + - $"'{validationError1.StackFrames[0].GetFileName()}'."); + $"'{validationError2.StackFrames[0].GetFileName()}'."); } } @@ -1468,6 +1468,12 @@ internal static bool AreValidationErrorsEqual(ValidationError validationError1, validationError2.MessageDetail, localContext); + // compare the actual exception's stack trace against the expected stack trace. + if (exception1.StackTrace == null) + { + localContext.Diffs.Add($"exception1.StackTrace is null. Exception type: {exception1.GetType().Name}"); + } + return context.Merge(localContext); } From 33e6a57c20fc74273313728ced4617d386c02cb2 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Sat, 16 Nov 2024 19:54:02 +0000 Subject: [PATCH 04/10] Moved custom exceptions and validation errors to a specific folder for extensibility testing. Renamed custom issuer validation delegates file to split the other validation aspects --- .../CustomExceptions.cs | 26 --- .../CustomValidationErrors.cs | 59 ------- .../CustomExceptions.cs | 90 ++++++++++ .../CustomIssuerValidationDelegates.cs} | 4 +- .../CustomValidationErrors.cs | 162 ++++++++++++++++++ 5 files changed, 254 insertions(+), 87 deletions(-) delete mode 100644 test/Microsoft.IdentityModel.TestUtils/CustomExceptions.cs delete mode 100644 test/Microsoft.IdentityModel.TestUtils/CustomValidationErrors.cs create mode 100644 test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomExceptions.cs rename test/Microsoft.IdentityModel.TestUtils/{CustomValidationDelegates.cs => TokenValidationExtensibility/CustomIssuerValidationDelegates.cs} (98%) create mode 100644 test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs diff --git a/test/Microsoft.IdentityModel.TestUtils/CustomExceptions.cs b/test/Microsoft.IdentityModel.TestUtils/CustomExceptions.cs deleted file mode 100644 index d1bfc42e68..0000000000 --- a/test/Microsoft.IdentityModel.TestUtils/CustomExceptions.cs +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -using System; -using Microsoft.IdentityModel.Tokens; - -#nullable enable -namespace Microsoft.IdentityModel.TestUtils -{ - internal class CustomSecurityTokenInvalidIssuerException : SecurityTokenInvalidIssuerException - { - public CustomSecurityTokenInvalidIssuerException(string message) - : base(message) - { - } - } - - internal class CustomSecurityTokenException : SystemException - { - public CustomSecurityTokenException(string message) - : base(message) - { - } - } -} -#nullable restore diff --git a/test/Microsoft.IdentityModel.TestUtils/CustomValidationErrors.cs b/test/Microsoft.IdentityModel.TestUtils/CustomValidationErrors.cs deleted file mode 100644 index b8ecee5438..0000000000 --- a/test/Microsoft.IdentityModel.TestUtils/CustomValidationErrors.cs +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -using System; -using System.Diagnostics; -using Microsoft.IdentityModel.Tokens; - -#nullable enable -namespace Microsoft.IdentityModel.TestUtils -{ - internal class CustomIssuerValidationError : IssuerValidationError - { - /// - /// A custom validation failure type. - /// - public static readonly ValidationFailureType CustomIssuerValidationFailureType = new IssuerValidatorFailure("CustomIssuerValidationFailureType"); - private class IssuerValidatorFailure : ValidationFailureType { internal IssuerValidatorFailure(string name) : base(name) { } } - - public CustomIssuerValidationError( - MessageDetail messageDetail, - Type exceptionType, - StackFrame stackFrame, - string? invalidIssuer) - : base(messageDetail, exceptionType, stackFrame, invalidIssuer) - { - } - - public CustomIssuerValidationError( - MessageDetail messageDetail, - ValidationFailureType validationFailureType, - Type exceptionType, - StackFrame stackFrame, - string? invalidIssuer, - Exception? innerException) - : base(messageDetail, validationFailureType, exceptionType, stackFrame, invalidIssuer, innerException) - { - } - - internal override Exception GetException() - { - if (ExceptionType == typeof(CustomSecurityTokenInvalidIssuerException)) - return new CustomSecurityTokenInvalidIssuerException(MessageDetail.Message) { InvalidIssuer = InvalidIssuer }; - - return base.GetException(); - } - } - - internal class CustomIssuerWithoutGetExceptionValidationOverrideError : IssuerValidationError - { - public CustomIssuerWithoutGetExceptionValidationOverrideError(MessageDetail messageDetail, - Type exceptionType, - StackFrame stackFrame, - string? invalidIssuer) : - base(messageDetail, exceptionType, stackFrame, invalidIssuer) - { - } - } -} -#nullable restore diff --git a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomExceptions.cs b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomExceptions.cs new file mode 100644 index 0000000000..30a751e075 --- /dev/null +++ b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomExceptions.cs @@ -0,0 +1,90 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using System; +using Microsoft.IdentityModel.Tokens; + +#nullable enable +namespace Microsoft.IdentityModel.TestUtils +{ + internal class CustomSecurityTokenException : SecurityTokenException + { + public CustomSecurityTokenException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidIssuerException : SecurityTokenInvalidIssuerException + { + public CustomSecurityTokenInvalidIssuerException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidAudienceException : SecurityTokenInvalidAudienceException + { + public CustomSecurityTokenInvalidAudienceException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidLifetimeException : SecurityTokenInvalidLifetimeException + { + public CustomSecurityTokenInvalidLifetimeException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidSignatureException : SecurityTokenInvalidSignatureException + { + public CustomSecurityTokenInvalidSignatureException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidAlgorithmException : SecurityTokenInvalidAlgorithmException + { + public CustomSecurityTokenInvalidAlgorithmException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidTypeException : SecurityTokenInvalidTypeException + { + public CustomSecurityTokenInvalidTypeException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenInvalidSigningKeyException : SecurityTokenInvalidSigningKeyException + { + public CustomSecurityTokenInvalidSigningKeyException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenReplayDetectedException : SecurityTokenReplayDetectedException + { + public CustomSecurityTokenReplayDetectedException(string message, Exception? innerException) + : base(message, innerException) + { + } + } + + internal class CustomSecurityTokenDecryptionFailedException : SecurityTokenDecryptionFailedException + { + public CustomSecurityTokenDecryptionFailedException(string message, Exception? innerException) + : base(message, innerException) + { + } + } +} +#nullable restore diff --git a/test/Microsoft.IdentityModel.TestUtils/CustomValidationDelegates.cs b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs similarity index 98% rename from test/Microsoft.IdentityModel.TestUtils/CustomValidationDelegates.cs rename to test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs index 70f2082265..2ecc4d8aea 100644 --- a/test/Microsoft.IdentityModel.TestUtils/CustomValidationDelegates.cs +++ b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs @@ -9,7 +9,7 @@ #nullable enable namespace Microsoft.IdentityModel.TestUtils { - internal class CustomIssuerValidatorDelegates + internal class CustomIssuerValidationDelegates { internal async static Task> CustomIssuerValidatorDelegateAsync( string issuer, @@ -111,7 +111,7 @@ internal static Task> IssuerValidatorThrows( CallContext callContext, CancellationToken cancellationToken) { - throw new CustomSecurityTokenInvalidIssuerException(nameof(IssuerValidatorThrows)); + throw new CustomSecurityTokenInvalidIssuerException(nameof(IssuerValidatorThrows), null); } internal async static Task> IssuerValidatorCustomIssuerExceptionTypeDelegateAsync( diff --git a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs new file mode 100644 index 0000000000..e5274bd2f8 --- /dev/null +++ b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs @@ -0,0 +1,162 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +using System; +using System.Collections.Generic; +using System.Diagnostics; +using Microsoft.IdentityModel.Tokens; + +#nullable enable +namespace Microsoft.IdentityModel.TestUtils +{ + #region IssuerValidationErrors + internal class CustomIssuerValidationError : IssuerValidationError + { + /// + /// A custom validation failure type. + /// + public static readonly ValidationFailureType CustomIssuerValidationFailureType = new IssuerValidatorFailure("CustomIssuerValidationFailureType"); + private class IssuerValidatorFailure : ValidationFailureType { internal IssuerValidatorFailure(string name) : base(name) { } } + + public CustomIssuerValidationError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + string? invalidIssuer, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, invalidIssuer, validationFailureType, innerException) + { + } + + internal override Exception GetException() + { + if (ExceptionType == typeof(CustomSecurityTokenInvalidIssuerException)) + { + var exception = new CustomSecurityTokenInvalidIssuerException(MessageDetail.Message, InnerException) { InvalidIssuer = InvalidIssuer }; + exception.SetValidationError(this); + + return exception; + } + + return base.GetException(); + } + } + + internal class CustomIssuerWithoutGetExceptionValidationOverrideError : IssuerValidationError + { + public CustomIssuerWithoutGetExceptionValidationOverrideError(MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + string? invalidIssuer) : + base(messageDetail, exceptionType, stackFrame, invalidIssuer) + { + } + } + #endregion + + #region AudienceValidationErrors + internal class CustomAudienceValidationError : AudienceValidationError + { + /// + /// A custom validation failure type. + /// + public static readonly ValidationFailureType CustomAudienceValidationFailureType = new AudienceValidatorFailure("CustomAudienceValidationFailureType"); + private class AudienceValidatorFailure : ValidationFailureType { internal AudienceValidatorFailure(string name) : base(name) { } } + + public CustomAudienceValidationError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + IList? tokenAudiences, + IList? validAudiences, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, tokenAudiences, validAudiences, validationFailureType, innerException) + { + } + + internal override Exception GetException() + { + if (ExceptionType == typeof(CustomSecurityTokenInvalidAudienceException)) + { + var exception = new CustomSecurityTokenInvalidAudienceException(MessageDetail.Message, InnerException) { InvalidAudience = Utility.SerializeAsSingleCommaDelimitedString(TokenAudiences) }; + exception.SetValidationError(this); + + return exception; + } + + return base.GetException(); + } + } + + internal class CustomAudienceWithoutGetExceptionValidationOverrideError : AudienceValidationError + { + public CustomAudienceWithoutGetExceptionValidationOverrideError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + IList? tokenAudiences, + IList? validAudiences, + ValidationFailureType? failureType = null, + Exception? innerException = null) : + base(messageDetail, exceptionType, stackFrame, tokenAudiences, validAudiences, failureType, innerException) + { + } + } + #endregion + + #region LifetimeValidationErrors + internal class CustomLifetimeValidationError : LifetimeValidationError + { + /// + /// A custom validation failure type. + /// + public static readonly ValidationFailureType CustomLifetimeValidationFailureType = new LifetimeValidationFailure("CustomLifetimeValidationFailureType"); + private class LifetimeValidationFailure : ValidationFailureType { internal LifetimeValidationFailure(string name) : base(name) { } } + + public CustomLifetimeValidationError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + DateTime? notBefore, + DateTime? expires, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, notBefore, expires, validationFailureType, innerException) + { + } + + internal override Exception GetException() + { + if (ExceptionType == typeof(CustomSecurityTokenInvalidLifetimeException)) + { + var exception = new CustomSecurityTokenInvalidLifetimeException(MessageDetail.Message, InnerException) { NotBefore = NotBefore, Expires = Expires }; + exception.SetValidationError(this); + + return exception; + } + + return base.GetException(); + } + } + + internal class CustomLifetimeWithoutGetExceptionValidationOverrideError : LifetimeValidationError + { + public CustomLifetimeWithoutGetExceptionValidationOverrideError( + MessageDetail messageDetail, + Type exceptionType, + StackFrame stackFrame, + DateTime? notBefore, + DateTime? expires, + ValidationFailureType? validationFailureType = null, + Exception? innerException = null) + : base(messageDetail, exceptionType, stackFrame, notBefore, expires, validationFailureType, innerException) + { + } + } + #endregion + + // Other custom validation errors to be added here for signature validation, issuer signing key, etc. +} +#nullable restore From 558a00b20ca953704d043c01a7b57b9d83399d90 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Sat, 16 Nov 2024 20:04:46 +0000 Subject: [PATCH 05/10] Adjusted ValidationError parameters' position --- .../JsonWebTokenHandler.DecryptToken.cs | 12 ++-- .../JsonWebTokenHandler.ReadToken.cs | 2 +- .../JsonWebTokenHandler.ValidateSignature.cs | 46 ++++++------ ...nWebTokenHandler.ValidateToken.Internal.cs | 10 +-- .../JwtTokenUtilities.DecryptTokenResult.cs | 2 +- .../JwtTokenUtilities.cs | 12 ++-- .../SamlSecurityTokenHandler.ReadToken.cs | 6 +- ...lSecurityTokenHandler.ValidateSignature.cs | 16 ++--- .../Saml2SecurityTokenHandler.ReadToken.cs | 6 +- ...2SecurityTokenHandler.ValidateSignature.cs | 16 ++--- src/Microsoft.IdentityModel.Xml/Reference.cs | 4 +- src/Microsoft.IdentityModel.Xml/Signature.cs | 16 ++--- .../JsonWebTokenHandler.DecryptTokenTests.cs | 20 +++--- ...sonWebTokenHandler.Issuer.Extensibility.cs | 50 ++++++------- .../JsonWebTokenHandler.ReadTokenTests.cs | 10 +-- ...nWebTokenHandler.ValidateSignatureTests.cs | 24 +++---- .../CustomIssuerValidationDelegates.cs | 2 +- ...aml2SecurityTokenHandlerTests.ReadToken.cs | 12 ++-- ...SamlSecurityTokenHandlerTests.ReadToken.cs | 12 ++-- .../AlgorithmValidationResultTests.cs | 8 +-- .../AudienceValidationResultTests.cs | 72 +++++++++---------- .../Validation/IssuerValidationResultTests.cs | 16 ++--- .../LifetimeValidationResultTests.cs | 28 ++++---- .../Validation/ReplayValidationResultTests.cs | 24 +++---- .../SigningKeyValidationResultTests.cs | 24 +++---- .../TokenTypeValidationResultTests.cs | 20 +++--- .../Validation/ValidationErrorTests.cs | 4 +- 27 files changed, 237 insertions(+), 237 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs index 7b7a641cb2..c5ff65f475 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs @@ -50,9 +50,9 @@ internal ValidationResult DecryptToken( StackFrame headerMissingStackFrame = StackFrames.DecryptionHeaderMissing ??= new StackFrame(true); return new ValidationError( new MessageDetail(TokenLogMessages.IDX10612), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenException), - headerMissingStackFrame); + headerMissingStackFrame, + ValidationFailureType.TokenDecryptionFailed); } (IList? contentEncryptionKeys, ValidationError? validationError) result = @@ -71,9 +71,9 @@ internal ValidationResult DecryptToken( new MessageDetail( TokenLogMessages.IDX10609, LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - noKeysTriedStackFrame); + noKeysTriedStackFrame, + ValidationFailureType.TokenDecryptionFailed); } return JwtTokenUtilities.DecryptJwtToken( @@ -218,9 +218,9 @@ internal ValidationResult DecryptToken( keysAttempted?.ToString() ?? "", exceptionStrings?.ToString() ?? "", LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenKeyWrapException), - decryptionKeyUnwrapFailedStackFrame); + decryptionKeyUnwrapFailedStackFrame, + ValidationFailureType.TokenDecryptionFailed); return (null, validationError); } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs index 44929e628b..ca6b8a561e 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs @@ -46,9 +46,9 @@ internal static ValidationResult ReadToken( StackFrame malformedTokenStackFrame = StackFrames.ReadTokenMalformed ?? new StackFrame(true); return new ValidationError( new MessageDetail(LogMessages.IDX14107), - ValidationFailureType.TokenReadingFailed, typeof(SecurityTokenMalformedException), malformedTokenStackFrame, + ValidationFailureType.TokenReadingFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs index 1340c61781..d6f5290c97 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs @@ -55,9 +55,9 @@ internal static ValidationResult ValidateSignature( LogHelper.MarkAsSecurityArtifact( jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); SecurityKey? key = null; if (validationParameters.IssuerSigningKeyResolver is not null) @@ -101,17 +101,17 @@ internal static ValidationResult ValidateSignature( LogHelper.MarkAsNonPII(validationParameters.IssuerSigningKeys.Count), LogHelper.MarkAsNonPII(configuration?.SigningKeys.Count ?? 0), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - kidNotMatchedNoTryAllStackFrame); + kidNotMatchedNoTryAllStackFrame, + ValidationFailureType.SignatureValidationFailed); } StackFrame noKeysProvidedStackFrame = StackFrames.NoKeysProvided ??= new StackFrame(true); return new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - noKeysProvidedStackFrame); + noKeysProvidedStackFrame, + ValidationFailureType.SignatureValidationFailed); } } @@ -146,9 +146,9 @@ private static ValidationResult ValidateSignatureUsingAllKeys( if (vpFailedResult is null && configFailedResult is null) // No keys were attempted return new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); StringBuilder exceptionStrings = new(); StringBuilder keysAttempted = new(); @@ -228,9 +228,9 @@ private static ValidationResult ValidateSignatureWithKey( TokenLogMessages.IDX10400, LogHelper.MarkAsNonPII(jsonWebToken.Alg), key), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); } ValidationResult result = validationParameters.AlgorithmValidator( @@ -259,9 +259,9 @@ private static ValidationResult ValidateSignatureWithKey( new MessageDetail( TokenLogMessages.IDX10518, result.UnwrapError().MessageDetail.Message), - ValidationFailureType.SignatureAlgorithmValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureAlgorithmValidationFailed); } } @@ -274,9 +274,9 @@ private static ValidationResult ValidateSignatureWithKey( TokenLogMessages.IDX10636, key?.ToString() ?? "Null", LogHelper.MarkAsNonPII(jsonWebToken.Alg)), - ValidationFailureType.SignatureValidationFailed, typeof(InvalidOperationException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); bool valid = EncodingUtils.PerformEncodingDependentOperation( jsonWebToken.EncodedToken, @@ -297,9 +297,9 @@ private static ValidationResult ValidateSignatureWithKey( LogHelper.MarkAsSecurityArtifact( jsonWebToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); } #pragma warning disable CA1031 // Do not catch general exception types catch (Exception ex) @@ -311,9 +311,9 @@ private static ValidationResult ValidateSignatureWithKey( LogHelper.MarkAsSecurityArtifact( jsonWebToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), new StackFrame(true), + ValidationFailureType.SignatureValidationFailed, ex); } finally @@ -352,9 +352,9 @@ private static ValidationError GetSignatureValidationError( LogHelper.MarkAsNonPII(jwtToken.Kid), exceptionStrings.ToString(), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); } if (kidExists) @@ -367,9 +367,9 @@ private static ValidationError GetSignatureValidationError( LogHelper.MarkAsNonPII(numKeysInConfiguration), exceptionStrings.ToString(), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); return new ValidationError( new MessageDetail( @@ -379,9 +379,9 @@ private static ValidationError GetSignatureValidationError( LogHelper.MarkAsNonPII(numKeysInConfiguration), exceptionStrings.ToString(), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.SignatureValidationFailed); } private static void PopulateFailedResults( diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs index 18fa21fcf9..c2ec88ac19 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs @@ -64,9 +64,9 @@ internal async Task> ValidateTokenAsync( TokenLogMessages.IDX10209, LogHelper.MarkAsNonPII(token.Length), LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)), - ValidationFailureType.InvalidSecurityToken, typeof(ArgumentException), - invalidTokenLengthStackFrame); + invalidTokenLengthStackFrame, + ValidationFailureType.InvalidSecurityToken); } ValidationResult readResult = ReadToken(token, callContext); @@ -118,9 +118,9 @@ internal async Task> ValidateTokenAsync( StackFrame notJwtStackFrame = StackFrames.TokenNotJWT ??= new StackFrame(true); return new ValidationError( new MessageDetail(TokenLogMessages.IDX10001, nameof(token), nameof(JsonWebToken)), - ValidationFailureType.InvalidSecurityToken, typeof(ArgumentException), - notJwtStackFrame); + notJwtStackFrame, + ValidationFailureType.InvalidSecurityToken); } BaseConfiguration? currentConfiguration = @@ -294,10 +294,10 @@ private async ValueTask> ValidateJWSAsync( { return new IssuerValidationError( new MessageDetail(TokenLogMessages.IDX10269), - ValidationFailureType.IssuerValidatorThrew, typeof(SecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), jsonWebToken.Issuer, + ValidationFailureType.IssuerValidatorThrew, ex); } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs index a4a242cd90..3ad014819c 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs @@ -122,9 +122,9 @@ internal static ValidationResult DecryptJwtToken( { return new ValidationError( new MessageDetail(TokenLogMessages.IDX10679, zipAlgorithm), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecompressionFailedException), new StackFrame(true), + ValidationFailureType.TokenDecryptionFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs index 2794ff2d8d..bc23e0e369 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs @@ -371,26 +371,26 @@ private static ValidationError GetDecryptionError( keysAttempted.ToString(), exceptionStrings?.ToString() ?? string.Empty, LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.TokenDecryptionFailed); else if (algorithmNotSupportedByCryptoProvider) return new ValidationError( new MessageDetail( TokenLogMessages.IDX10619, LogHelper.MarkAsNonPII(decryptionParameters.Alg), LogHelper.MarkAsNonPII(decryptionParameters.Enc)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.TokenDecryptionFailed); else return new ValidationError( new MessageDetail( TokenLogMessages.IDX10609, LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - new StackFrame(true)); + new StackFrame(true), + ValidationFailureType.TokenDecryptionFailed); } private static byte[] DecryptToken(CryptoProviderFactory cryptoProviderFactory, SecurityKey key, string encAlg, byte[] ciphertext, byte[] headerAscii, byte[] initializationVector, byte[] authenticationTag) diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs index f9c658aaf1..9d4a5d3cb2 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs @@ -30,9 +30,9 @@ internal virtual ValidationResult ReadSamlToken(string token, TokenLogMessages.IDX10209, LogHelper.MarkAsNonPII(token.Length), LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)), - ValidationFailureType.TokenExceedsMaximumSize, typeof(ArgumentOutOfRangeException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.TokenExceedsMaximumSize); try { @@ -47,9 +47,9 @@ internal virtual ValidationResult ReadSamlToken(string token, { return new SamlValidationError( new MessageDetail(LogMessages.IDX11402, ex.Message), - ValidationFailureType.TokenReadingFailed, typeof(SamlSecurityTokenReadException), ValidationError.GetCurrentStackFrame(), + ValidationFailureType.TokenReadingFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs index 3691a62159..82784ab5eb 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs @@ -42,9 +42,9 @@ internal static ValidationResult ValidateSignature( new MessageDetail( TokenLogMessages.IDX10504, samlToken.Assertion.CanonicalString), - ValidationFailureType.TokenIsNotSigned, typeof(SecurityTokenValidationException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.TokenIsNotSigned); SecurityKey? resolvedKey = null; bool keyMatched = false; @@ -110,9 +110,9 @@ internal static ValidationResult ValidateSignature( samlToken.Assertion.Signature.KeyInfo, GetErrorString(error, errors), samlToken), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.SignatureValidationFailed); string? keysAttemptedString = null; if (resolvedKey is not null) @@ -127,15 +127,15 @@ internal static ValidationResult ValidateSignature( keysAttemptedString, GetErrorString(error, errors), samlToken), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.SignatureValidationFailed); return new XmlValidationError( new MessageDetail(TokenLogMessages.IDX10500), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.SignatureValidationFailed); } private static ValidationResult ValidateSignatureUsingKey(SecurityKey key, SamlSecurityToken samlToken, ValidationParameters validationParameters, CallContext callContext) diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs index cf74c5fc0b..841708fe16 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs @@ -32,9 +32,9 @@ internal virtual ValidationResult ReadSaml2Token(string toke TokenLogMessages.IDX10209, LogHelper.MarkAsNonPII(token.Length), LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)), - ValidationFailureType.TokenReadingFailed, typeof(ArgumentException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.TokenReadingFailed); try { @@ -49,9 +49,9 @@ internal virtual ValidationResult ReadSaml2Token(string toke { return new Saml2ValidationError( new MessageDetail(LogMessages.IDX13003, ex.Message), - ValidationFailureType.TokenReadingFailed, typeof(Saml2SecurityTokenReadException), ValidationError.GetCurrentStackFrame(), + ValidationFailureType.TokenReadingFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs index 74d2884b26..dc60d0d466 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs @@ -41,9 +41,9 @@ internal static ValidationResult ValidateSignature( new MessageDetail( TokenLogMessages.IDX10504, samlToken.Assertion.CanonicalString), - ValidationFailureType.TokenIsNotSigned, typeof(SecurityTokenValidationException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.TokenIsNotSigned); SecurityKey? resolvedKey = null; bool keyMatched = false; @@ -109,9 +109,9 @@ internal static ValidationResult ValidateSignature( samlToken.Assertion.Signature.KeyInfo, GetErrorStrings(error, errors), samlToken), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.SignatureValidationFailed); string? keysAttemptedString = null; if (resolvedKey is not null) @@ -126,15 +126,15 @@ internal static ValidationResult ValidateSignature( keysAttemptedString, GetErrorStrings(error, errors), samlToken), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.SignatureValidationFailed); return new XmlValidationError( new MessageDetail(TokenLogMessages.IDX10500), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.SignatureValidationFailed); } private static ValidationResult ValidateSignatureUsingKey(SecurityKey key, Saml2SecurityToken samlToken, ValidationParameters validationParameters, CallContext callContext) diff --git a/src/Microsoft.IdentityModel.Xml/Reference.cs b/src/Microsoft.IdentityModel.Xml/Reference.cs index 2a1f6870af..0a4eb83fbd 100644 --- a/src/Microsoft.IdentityModel.Xml/Reference.cs +++ b/src/Microsoft.IdentityModel.Xml/Reference.cs @@ -148,9 +148,9 @@ public void Verify(CryptoProviderFactory cryptoProviderFactory) new MessageDetail( LogMessages.IDX30201, Uri ?? Id), - ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - new System.Diagnostics.StackFrame()); + new System.Diagnostics.StackFrame(), + ValidationFailureType.XmlValidationFailed); return null; } diff --git a/src/Microsoft.IdentityModel.Xml/Signature.cs b/src/Microsoft.IdentityModel.Xml/Signature.cs index b7bf6219fa..d925695927 100644 --- a/src/Microsoft.IdentityModel.Xml/Signature.cs +++ b/src/Microsoft.IdentityModel.Xml/Signature.cs @@ -142,24 +142,24 @@ public void Verify(SecurityKey key, CryptoProviderFactory cryptoProviderFactory) if (SignedInfo is null) return new XmlValidationError( new MessageDetail(LogMessages.IDX30212), - ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.XmlValidationFailed); if (!cryptoProviderFactory.IsSupportedAlgorithm(SignedInfo.SignatureMethod, key)) return new XmlValidationError( new MessageDetail(LogMessages.IDX30207, SignedInfo.SignatureMethod, cryptoProviderFactory.GetType()), - ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.XmlValidationFailed); var signatureProvider = cryptoProviderFactory.CreateForVerifying(key, SignedInfo.SignatureMethod); if (signatureProvider is null) return new XmlValidationError( new MessageDetail(LogMessages.IDX30203, cryptoProviderFactory, key, SignedInfo.SignatureMethod), - ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.XmlValidationFailed); ValidationError? validationError = null; @@ -172,9 +172,9 @@ public void Verify(SecurityKey key, CryptoProviderFactory cryptoProviderFactory) { validationError = new XmlValidationError( new MessageDetail(LogMessages.IDX30200, cryptoProviderFactory, key), - ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.XmlValidationFailed); } } diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs index 05c138ea9d..a6e14db769 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs @@ -133,9 +133,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu ExpectedException = ExpectedException.SecurityTokenException("IDX10612:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10612), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenException), - null), + null, + ValidationFailureType.TokenDecryptionFailed), }, new TokenDecryptingTheoryData { @@ -145,9 +145,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu ExpectedException = ExpectedException.SecurityTokenArgumentNullException("IDX10000:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10000, "jwtToken"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new TokenDecryptingTheoryData { @@ -157,9 +157,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu ExpectedException = ExpectedException.SecurityTokenArgumentNullException("IDX10000:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10000, "validationParameters"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new TokenDecryptingTheoryData { @@ -213,9 +213,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu LogHelper.MarkAsSecurityArtifact( new JsonWebToken(ReferenceTokens.JWEDirectEncryptionUnsignedInnerJWTWithAdditionalHeaderClaims), JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - null), + null, + ValidationFailureType.TokenDecryptionFailed), }, new TokenDecryptingTheoryData { @@ -250,9 +250,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu LogHelper.MarkAsSecurityArtifact( new JsonWebToken(ReferenceTokens.JWEDirectEncryptionUnsignedInnerJWTWithAdditionalHeaderClaims), JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - null), + null, + ValidationFailureType.TokenDecryptionFailed), }, }; } diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs index b66d40b0f6..b610d1fe76 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs @@ -68,7 +68,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "CustomIssuerValidatorDelegate", issuerGuid, - CustomIssuerValidatorDelegates.CustomIssuerValidatorDelegateAsync, + CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 88), new StackFrame(false), @@ -77,10 +77,10 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(SecurityTokenInvalidIssuerException), - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorDelegateAsync)), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync)), IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorDelegateAsync), null), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync), null), typeof(SecurityTokenInvalidIssuerException), new StackFrame("CustomValidationDelegates.cs", 88), issuerGuid) @@ -90,7 +90,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "CustomIssuerValidatorCustomExceptionDelegate", issuerGuid, - CustomIssuerValidatorDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync, + CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 107), new StackFrame(false), @@ -99,10 +99,10 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(CustomSecurityTokenInvalidIssuerException), - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync)), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync)), IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync), null), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync), null), typeof(CustomSecurityTokenInvalidIssuerException), new StackFrame("CustomValidationDelegates.cs", 107), issuerGuid), @@ -112,7 +112,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "CustomIssuerValidatorUnknownExceptionDelegate", issuerGuid, - CustomIssuerValidatorDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync, + CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 139), new StackFrame(false), @@ -121,10 +121,10 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(SecurityTokenException), - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync)), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync)), IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync), null), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync), null), typeof(NotSupportedException), new StackFrame("CustomValidationDelegates.cs", 139), issuerGuid), @@ -134,7 +134,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegate", issuerGuid, - CustomIssuerValidatorDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync, + CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 123), new StackFrame(false), @@ -143,14 +143,14 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(CustomSecurityTokenInvalidIssuerException), - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync)), + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync)), IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null), - CustomIssuerValidationError.CustomIssuerValidationFailureType, + nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null), typeof(CustomSecurityTokenInvalidIssuerException), new StackFrame("CustomValidationDelegates.cs", 123), issuerGuid, + CustomIssuerValidationError.CustomIssuerValidationFailureType, null), }); #endregion @@ -161,7 +161,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "IssuerValidatorDelegate", issuerGuid, - CustomIssuerValidatorDelegates.IssuerValidatorDelegateAsync, + CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 169), new StackFrame(false), @@ -170,10 +170,10 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(SecurityTokenInvalidIssuerException), - nameof(CustomIssuerValidatorDelegates.IssuerValidatorDelegateAsync)), + nameof(CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync)), IssuerValidationError = new IssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.IssuerValidatorDelegateAsync), null), + nameof(CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync), null), typeof(SecurityTokenInvalidIssuerException), new StackFrame("CustomValidationDelegates.cs", 169), issuerGuid) @@ -183,7 +183,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "IssuerValidatorCustomIssuerExceptionTypeDelegate", issuerGuid, - CustomIssuerValidatorDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync, + CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 196), new StackFrame(false), @@ -192,10 +192,10 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(SecurityTokenException), - nameof(CustomIssuerValidatorDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync)), + nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync)), IssuerValidationError = new IssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync), null), + nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync), null), typeof(CustomSecurityTokenInvalidIssuerException), new StackFrame("CustomValidationDelegates.cs", 196), issuerGuid) @@ -205,7 +205,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "IssuerValidatorCustomExceptionTypeDelegate", issuerGuid, - CustomIssuerValidatorDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync, + CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync, [ new StackFrame("CustomValidationDelegates.cs", 210), new StackFrame(false), @@ -214,10 +214,10 @@ public static TheoryData Issuer_ExtensibilityTest { ExpectedException = new ExpectedException( typeof(SecurityTokenException), - nameof(CustomIssuerValidatorDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync)), + nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync)), IssuerValidationError = new IssuerValidationError( new MessageDetail( - nameof(CustomIssuerValidatorDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync), null), + nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync), null), typeof(CustomSecurityTokenException), new StackFrame("CustomValidationDelegates.cs", 210), issuerGuid) @@ -227,7 +227,7 @@ public static TheoryData Issuer_ExtensibilityTest theoryData.Add(new IssuerExtensibilityTheoryData( "IssuerValidatorThrows", issuerGuid, - CustomIssuerValidatorDelegates.IssuerValidatorThrows, + CustomIssuerValidationDelegates.IssuerValidatorThrows, [ new StackFrame("JsonWebTokenHandler.ValidateToken.Internal.cs", 300), new StackFrame(false) @@ -240,11 +240,11 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new IssuerValidationError( new MessageDetail( string.Format(Tokens.LogMessages.IDX10269), null), - ValidationFailureType.IssuerValidatorThrew, typeof(SecurityTokenInvalidIssuerException), new StackFrame("JsonWebTokenHandler.ValidateToken.Internal.cs", 300), issuerGuid, - new SecurityTokenInvalidIssuerException(nameof(CustomIssuerValidatorDelegates.IssuerValidatorThrows)) + ValidationFailureType.IssuerValidatorThrew, + new SecurityTokenInvalidIssuerException(nameof(CustomIssuerValidationDelegates.IssuerValidatorThrows)) ) }); #endregion diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs index 823a522cc4..b5dd33e9e8 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs @@ -76,9 +76,9 @@ public static TheoryData JsonWebTokenHandlerReadTokenTes new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new TokenReadingTheoryData { @@ -89,9 +89,9 @@ public static TheoryData JsonWebTokenHandlerReadTokenTes new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new TokenReadingTheoryData { @@ -104,9 +104,9 @@ public static TheoryData JsonWebTokenHandlerReadTokenTes new MessageDetail( LogMessages.IDX14107, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.TokenReadingFailed, typeof(SecurityTokenMalformedException), null, + ValidationFailureType.TokenReadingFailed, new SecurityTokenMalformedException()), } }; diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs index c49124cd17..72e370f039 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs @@ -86,9 +86,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10000, "jwtToken"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new JsonWebTokenHandlerValidateSignatureTheoryData { TestId = "Invalid_Null_ValidationParameters", @@ -99,9 +99,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10000, "validationParameters"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new JsonWebTokenHandlerValidateSignatureTheoryData { TestId = "Invalid_DelegateReturnsFailure", @@ -115,9 +115,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10000, "fakeParameter"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new JsonWebTokenHandlerValidateSignatureTheoryData { @@ -129,9 +129,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10504, LogHelper.MarkAsSecurityArtifact(unsignedToken, JwtTokenUtilities.SafeLogJwtToken)), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - null) + null, + ValidationFailureType.SignatureValidationFailed) }, new JsonWebTokenHandlerValidateSignatureTheoryData { @@ -198,9 +198,9 @@ public static TheoryData JsonWeb ExpectedException = ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10500:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - null) + null, + ValidationFailureType.SignatureValidationFailed) }, new JsonWebTokenHandlerValidateSignatureTheoryData { @@ -210,9 +210,9 @@ public static TheoryData JsonWeb ExpectedException = ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10502:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), - ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - null) + null, + ValidationFailureType.SignatureValidationFailed) } }; } diff --git a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs index 2ecc4d8aea..9d3f601b95 100644 --- a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs +++ b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs @@ -52,10 +52,10 @@ internal async static Task> CustomIssuerValida return await Task.FromResult(new ValidationResult( new CustomIssuerValidationError( new MessageDetail(nameof(CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null), - CustomIssuerValidationError.CustomIssuerValidationFailureType, typeof(CustomSecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), issuer, + CustomIssuerValidationError.CustomIssuerValidationFailureType, null))); } diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs index d51f1f0c3b..92e63a4d0b 100644 --- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs @@ -63,9 +63,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }); theoryData.Add(new TokenReadingTheoryData("Invalid_EmptyToken") @@ -76,9 +76,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }); theoryData.Add(new TokenReadingTheoryData("Invalid_MalformedToken") @@ -87,9 +87,9 @@ public static TheoryData ReadTokenTestCases ExpectedException = ExpectedException.Saml2SecurityTokenReadException("IDX13003:", inner: typeof(Saml2SecurityTokenReadException)), Result = new ValidationError( new MessageDetail(LogMessages.IDX13003, "exception message"), - ValidationFailureType.TokenReadingFailed, typeof(Saml2SecurityTokenReadException), - null), + null, + ValidationFailureType.TokenReadingFailed), }); return theoryData; diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs index a62c5c4938..e4ac401b0a 100644 --- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs @@ -63,9 +63,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }); theoryData.Add(new TokenReadingTheoryData("Invalid_EmptyToken") @@ -76,9 +76,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }); theoryData.Add(new TokenReadingTheoryData("Invalid_MalformedToken") @@ -87,9 +87,9 @@ public static TheoryData ReadTokenTestCases ExpectedException = ExpectedException.SamlSecurityTokenReadException("IDX11402:", inner: typeof(SamlSecurityTokenReadException)), Result = new ValidationError( new MessageDetail(LogMessages.IDX11402, "exception message"), - ValidationFailureType.TokenReadingFailed, typeof(SamlSecurityTokenReadException), - null), + null, + ValidationFailureType.TokenReadingFailed), }); return theoryData; diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs index 8b55c64778..d64678ed44 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs @@ -66,9 +66,9 @@ public static TheoryData AlgorithmValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) // StackFrame + null, // StackFrame + ValidationFailureType.NullArgument), }, new AlgorithmTheoryData { @@ -85,9 +85,9 @@ public static TheoryData AlgorithmValidationTestCases new MessageDetail( LogMessages.IDX10696, LogHelper.MarkAsNonPII(SecurityAlgorithms.Sha256)), - ValidationFailureType.AlgorithmValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), - null),// StackFrame + null,// StackFrame + ValidationFailureType.AlgorithmValidationFailed), }, new AlgorithmTheoryData { diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs index b2e0eecfbe..2576f8908c 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs @@ -72,9 +72,9 @@ public static TheoryData ValidateAudienceParameter ValidationParameters = null, Result = new ValidationError( MessageDetail.NullParameter("validationParameters"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new AudienceValidationTheoryData("AudiencesNull") { @@ -82,9 +82,9 @@ public static TheoryData ValidateAudienceParameter ExpectedException = ExpectedException.SecurityTokenArgumentNullException("IDX10000:"), Result = new ValidationError( MessageDetail.NullParameter("tokenAudiences"), - ValidationFailureType.NullArgument, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.NullArgument) }, new AudienceValidationTheoryData("AudiencesEmptyList") { @@ -95,9 +95,9 @@ public static TheoryData ValidateAudienceParameter new MessageDetail( LogMessages.IDX10206, null), - ValidationFailureType.NoTokenAudiencesProvided, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.NoTokenAudiencesProvided) }, new AudienceValidationTheoryData("AudiencesEmptyString") { @@ -110,9 +110,9 @@ public static TheoryData ValidateAudienceParameter LogMessages.IDX10215, LogHelper.MarkAsNonPII(string.Empty), LogHelper.MarkAsNonPII("audience1")), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("AudiencesWhiteSpace") { @@ -125,9 +125,9 @@ public static TheoryData ValidateAudienceParameter LogMessages.IDX10215, LogHelper.MarkAsNonPII(" "), LogHelper.MarkAsNonPII("audience1")), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, }; @@ -216,9 +216,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience2)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_AudiencesValidAudienceWithSlashNotMatched") { @@ -232,9 +232,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience2Slash)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_AudiencesWithSlashValidAudienceSameLengthNotMatched") { @@ -247,9 +247,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience2Slash), LogHelper.MarkAsNonPII(audience1)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_ValidAudienceWithSlash_IgnoreTrailingSlashFalse") { @@ -262,9 +262,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience1Slash)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Valid_ValidAudienceWithSlash_IgnoreTrailingSlashTrue") { @@ -284,9 +284,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(commaAudience1Slash)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Valid_ValidAudiencesWithSlash_IgnoreTrailingSlashTrue") { @@ -306,9 +306,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience1 + "A")), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_ValidAudienceWithDoubleSlash_IgnoreTrailingSlashTrue") { @@ -321,9 +321,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience1 + "//")), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_ValidAudiencesWithDoubleSlash_IgnoreTrailingSlashTrue") { @@ -336,9 +336,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(commaAudience1 + "//")), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_TokenAudienceWithSlash_IgnoreTrailingSlashFalse") { @@ -351,9 +351,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1Slash), LogHelper.MarkAsNonPII(audience1)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Valid_TokenAudienceWithSlash_IgnoreTrailingSlashTrue") { @@ -373,9 +373,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience2Slash), LogHelper.MarkAsNonPII(audience1)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Invalid_TokenAudiencesWithSlash_IgnoreTrailingSlashFalse") { @@ -388,9 +388,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1Slash), LogHelper.MarkAsNonPII(audience1)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("Valid_TokenAudiencesWithSlash_IgnoreTrailingSlashTrue") { @@ -410,9 +410,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1Slash), LogHelper.MarkAsNonPII(commaAudience2)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) }, new AudienceValidationTheoryData("TokenAudienceWithTwoSlashesVPTrue") { @@ -425,9 +425,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1 + "//"), LogHelper.MarkAsNonPII(audience1)), - ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null) + null, + ValidationFailureType.AudienceValidationFailed) } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs index e16148631e..e437f53384 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs @@ -75,9 +75,9 @@ public static TheoryData IssuerValdationResul LogHelper.MarkAsNonPII(validIssuer), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(null)), LogHelper.MarkAsNonPII(null)), - ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - null), + null, + ValidationFailureType.IssuerValidationFailed), SecurityToken = JsonUtilities.CreateUnsignedJsonWebToken(JwtRegisteredClaimNames.Iss, issClaim), ValidationParameters = new ValidationParameters() }); @@ -90,9 +90,9 @@ public static TheoryData IssuerValdationResul new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), SecurityToken = JsonUtilities.CreateUnsignedJsonWebToken(JwtRegisteredClaimNames.Iss, issClaim), ValidationParameters = null }); @@ -105,9 +105,9 @@ public static TheoryData IssuerValdationResul new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), SecurityToken = null, ValidationParameters = new ValidationParameters() }); @@ -142,9 +142,9 @@ public static TheoryData IssuerValdationResul LogHelper.MarkAsNonPII(issClaim), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validIssuers)), LogHelper.MarkAsNonPII(null)), - ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - null), + null, + ValidationFailureType.IssuerValidationFailed), SecurityToken = JsonUtilities.CreateUnsignedJsonWebToken(JwtRegisteredClaimNames.Iss, issClaim), ValidationParameters = new ValidationParameters(), ValidIssuerToAdd = validIssuer diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs index 76eacd288d..846c3d3edd 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs @@ -106,9 +106,9 @@ public static TheoryData ValidateLifetimeTestCases ValidationParameters = null, Result = new ValidationError( new MessageDetail(LogMessages.IDX10000, "validationParameters"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new ValidateLifetimeTheoryData("Invalid_ExpiresIsNull") { @@ -117,9 +117,9 @@ public static TheoryData ValidateLifetimeTestCases ValidationParameters = new ValidationParameters() { TimeProvider = timeProvider }, Result = new ValidationError( new MessageDetail(LogMessages.IDX10225, "null"), - ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNoExpirationException), - null), + null, + ValidationFailureType.LifetimeValidationFailed), }, new ValidateLifetimeTheoryData("Invalid_NotBeforeIsAfterExpires") { @@ -132,9 +132,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10224, LogHelper.MarkAsNonPII(oneHourFromNow), LogHelper.MarkAsNonPII(oneHourAgo)), - ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenInvalidLifetimeException), - null), + null, + ValidationFailureType.LifetimeValidationFailed), }, new ValidateLifetimeTheoryData("Invalid_NotYetValid") { @@ -147,9 +147,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10222, LogHelper.MarkAsNonPII(oneHourFromNow), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNotYetValidException), - null), + null, + ValidationFailureType.LifetimeValidationFailed), }, new ValidateLifetimeTheoryData("Invalid_Expired") { @@ -162,9 +162,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10223, LogHelper.MarkAsNonPII(oneHourAgo), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenExpiredException), - null), + null, + ValidationFailureType.LifetimeValidationFailed), }, new ValidateLifetimeTheoryData("Invalid_NotYetValid_SkewForward") { @@ -180,9 +180,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10222, LogHelper.MarkAsNonPII(sixMinutesFromNow), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNotYetValidException), - null), + null, + ValidationFailureType.LifetimeValidationFailed), }, new ValidateLifetimeTheoryData("Invalid_Expired_SkewBackward") { @@ -198,9 +198,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10223, LogHelper.MarkAsNonPII(sixMinutesAgo), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenExpiredException), - null), + null, + ValidationFailureType.LifetimeValidationFailed), } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs index 5759e055eb..7900b4f43f 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs @@ -89,9 +89,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new TokenReplayTheoryData { @@ -104,9 +104,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new TokenReplayTheoryData { @@ -119,9 +119,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new TokenReplayTheoryData { @@ -141,9 +141,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10227, LogHelper.MarkAsUnsafeSecurityArtifact("token", t => t.ToString())), - ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - null), + null, + ValidationFailureType.TokenReplayValidationFailed), }, new TokenReplayTheoryData { @@ -163,9 +163,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10228, LogHelper.MarkAsUnsafeSecurityArtifact("token", t => t.ToString())), - ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - null), + null, + ValidationFailureType.TokenReplayValidationFailed), }, new TokenReplayTheoryData { @@ -185,9 +185,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10229, LogHelper.MarkAsUnsafeSecurityArtifact("token", t => t.ToString())), - ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - null), + null, + ValidationFailureType.TokenReplayValidationFailed), } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs index 932d521595..49ac465950 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs @@ -75,9 +75,9 @@ public static TheoryData SigningKeyValidationTes ValidationParameters = new ValidationParameters(){ TimeProvider = timeProvider }, Result = new ValidationError( new MessageDetail(LogMessages.IDX10253), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.SigningKeyValidationFailed), }, new SigningKeyValidationTheoryData { @@ -90,9 +90,9 @@ public static TheoryData SigningKeyValidationTes new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new SigningKeyValidationTheoryData { @@ -105,9 +105,9 @@ public static TheoryData SigningKeyValidationTes new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.NullArgument), }, new SigningKeyValidationTheoryData { @@ -121,9 +121,9 @@ public static TheoryData SigningKeyValidationTes LogMessages.IDX10249, LogHelper.MarkAsNonPII(utcExpired), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - null), + null, + ValidationFailureType.SigningKeyValidationFailed), }, new SigningKeyValidationTheoryData { @@ -137,9 +137,9 @@ public static TheoryData SigningKeyValidationTes LogMessages.IDX10248, LogHelper.MarkAsNonPII(utcNotYetValid), LogHelper.MarkAsNonPII(utcNow)), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - null), + null, + ValidationFailureType.SigningKeyValidationFailed), }, new SigningKeyValidationTheoryData { @@ -150,9 +150,9 @@ public static TheoryData SigningKeyValidationTes ValidationParameters = new ValidationParameters() { TimeProvider = timeProvider }, Result = new ValidationError( new MessageDetail(LogMessages.IDX10253), - ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenArgumentNullException), - null), + null, + ValidationFailureType.SigningKeyValidationFailed), }, }; diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs index ca77e6ca35..d5070555de 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs @@ -84,9 +84,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new TokenTypeTheoryData { @@ -99,9 +99,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null) + null, + ValidationFailureType.NullArgument) }, new TokenTypeTheoryData { @@ -115,9 +115,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10256, LogHelper.MarkAsNonPII("type")), - ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), - null) + null, + ValidationFailureType.TokenTypeValidationFailed) }, new TokenTypeTheoryData { @@ -131,9 +131,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10256, LogHelper.MarkAsNonPII("type")), - ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), - null) + null, + ValidationFailureType.TokenTypeValidationFailed) }, new TokenTypeTheoryData { @@ -148,9 +148,9 @@ public static TheoryData TokenTypeValidationTestCases LogMessages.IDX10257, LogHelper.MarkAsNonPII("type"), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validTypesNoJwt))), - ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), - null) + null, + ValidationFailureType.TokenTypeValidationFailed) } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs index 03915c766c..0dc49f6326 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs @@ -41,9 +41,9 @@ public ValidationError ThirdMethod() { return new ValidationError( new MessageDetail("This is a test error"), - ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - ValidationError.GetCurrentStackFrame()); + ValidationError.GetCurrentStackFrame(), + ValidationFailureType.NullArgument); } } } From b7f8f0f12c2369921053ea5ca1c73ceff0eb04fb Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Sat, 16 Nov 2024 20:28:52 +0000 Subject: [PATCH 06/10] Removed old audience and lifetime extensibility tests in favour of unifying the approach using the issuer extensibility tests as template --- ...eTokenAsyncTests.Audience.Extensibility.cs | 245 -------------- ...eTokenAsyncTests.Lifetime.Extensibility.cs | 305 ------------------ 2 files changed, 550 deletions(-) delete mode 100644 test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.Extensibility.cs delete mode 100644 test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.Extensibility.cs diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.Extensibility.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.Extensibility.cs deleted file mode 100644 index 9b2321e348..0000000000 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Audience.Extensibility.cs +++ /dev/null @@ -1,245 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -#nullable enable -using System; -using System.Collections.Generic; -using System.Diagnostics; -using System.Threading; -using System.Threading.Tasks; -using Microsoft.IdentityModel.TestUtils; -using Microsoft.IdentityModel.Tokens; -using Xunit; - -namespace Microsoft.IdentityModel.JsonWebTokens.Tests -{ - public partial class JsonWebTokenHandlerValidateTokenAsyncTests - { - [Theory, MemberData(nameof(ValidateTokenAsync_Audience_ExtensibilityTestCases), DisableDiscoveryEnumeration = true)] - public async Task ValidateTokenAsync_Audience_Extensibility(ValidateTokenAsyncAudienceExtensibilityTheoryData theoryData) - { - var context = TestUtilities.WriteHeader($"{this}.{nameof(ValidateTokenAsync_Audience_Extensibility)}", theoryData); - - string jwtString = CreateTokenWithAudience(theoryData.Audience); - var handler = new JsonWebTokenHandler(); - - ValidationResult validationResult; - - if (theoryData.ThrownException is null) - { - validationResult = await handler.ValidateTokenAsync( - jwtString, theoryData.ValidationParameters!, theoryData.CallContext, CancellationToken.None); - } - else - { - // The exception is thrown by the delegate, so we catch it here. - // Outside of testing, this could be a catch block in the calling code. - var exception = await Assert.ThrowsAsync(async () => - { - validationResult = await handler.ValidateTokenAsync( - jwtString, theoryData.ValidationParameters!, theoryData.CallContext, CancellationToken.None); - }); - - theoryData.ThrownException.ProcessException(exception, context); - return; - } - - if (validationResult.IsValid != theoryData.ExpectedIsValid) - context.AddDiff($"validationResult.IsValid != theoryData.ExpectedIsValid"); - - if (validationResult.IsValid) - { - theoryData.ExpectedException.ProcessNoException(context); - - IdentityComparer.AreStringsEqual(validationResult.UnwrapResult().ValidatedAudience, theoryData.Audience, context); - } - else - { - theoryData.ExpectedException.ProcessException(validationResult.UnwrapError().GetException(), context); - - if (validationResult.UnwrapError().GetException() is SecurityTokenInvalidAudienceException audienceException) - { - if (theoryData.ExpectedInvalidAudience is not null) - IdentityComparer.AreStringsEqual(audienceException.InvalidAudience, theoryData.ExpectedInvalidAudience, context); - } - - TestUtilities.AssertFailIfErrors(context); - } - } - - public static TheoryData ValidateTokenAsync_Audience_ExtensibilityTestCases - { - get - { - var theoryData = new TheoryData(); - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData("DefaultDelegate_Valid_AudiencesMatch") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: null), - }); - - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData("DefaultDelegate_Invalid_AudiencesDontMatch") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: null), - Audience = "CustomAudience", - ExpectedIsValid = false, - ExpectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10215:"), - }); - - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData("CustomDelegate_Valid_DelegateReturnsAudience") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: delegate - (IList audiences, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return "CustomAudience"; - }), - }); - - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData( - "CustomDelegate_Invalid_DelegateReturnsValidationErrorWithDefaultExceptionType") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: delegate - (IList audiences, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new AudienceValidationError( - new MessageDetail("Custom message from the delegate."), - ValidationFailureType.AudienceValidationFailed, - typeof(SecurityTokenInvalidAudienceException), - new StackFrame(true), - [Default.Audience], - null); - }), - ExpectedIsValid = false, - ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidAudienceException), "Custom message from the delegate."), - ExpectedInvalidAudience = Default.Audience, - }); - - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData( - "CustomDelegate_Invalid_DelegateReturnsValidationErrorWithCustomExceptionType_NoCustomValidationError") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: delegate - (IList audiences, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new AudienceValidationError( - new MessageDetail("Custom message from the delegate."), - ValidationFailureType.AudienceValidationFailed, - typeof(CustomInvalidAudienceException), - new StackFrame(true), - [Default.Audience], - null); - }), - ExpectedIsValid = false, - // The delegate returns a custom exception but does not implement a custom ValidationError. - ExpectedException = ExpectedException.SecurityTokenException("IDX10002:"), - ExpectedInvalidAudience = Default.Audience, - }); - - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData( - "CustomDelegate_Invalid_DelegateReturnsValidationErrorWithCustomExceptionType_CustomValidationErrorUsed") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: delegate - (IList audiences, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new CustomAudienceValidationError( - new MessageDetail("Custom message from the delegate."), - typeof(CustomInvalidAudienceException), - new StackFrame(true), - [Default.Audience]); - }), - ExpectedIsValid = false, - // The delegate uses a custom validation error that implements GetException to return the custom exception. - ExpectedException = new ExpectedException(typeof(CustomInvalidAudienceException), "Custom message from the delegate."), - ExpectedInvalidAudience = Default.Audience, - }); - - theoryData.Add(new ValidateTokenAsyncAudienceExtensibilityTheoryData("CustomDelegate_Invalid_DelegateThrows") - { - ValidationParameters = CreateValidationParameters(audienceValidationDelegate: delegate - (IList audiences, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - throw new CustomInvalidAudienceException("Custom exception from the delegate."); - }), - ExpectedIsValid = false, - ThrownException = new ExpectedException(typeof(CustomInvalidAudienceException), "Custom exception from the delegate."), - }); - - return theoryData; - - static ValidationParameters CreateValidationParameters( - AudienceValidationDelegate? audienceValidationDelegate) - { - ValidationParameters validationParameters = new ValidationParameters(); - validationParameters.ValidAudiences.Add(Default.Audience); - - if (audienceValidationDelegate is not null) - validationParameters.AudienceValidator = audienceValidationDelegate; - - // Skip all validations except audience - validationParameters.AlgorithmValidator = SkipValidationDelegates.SkipAlgorithmValidation; - validationParameters.IssuerValidatorAsync = SkipValidationDelegates.SkipIssuerValidation; - validationParameters.IssuerSigningKeyValidator = SkipValidationDelegates.SkipIssuerSigningKeyValidation; - validationParameters.LifetimeValidator = SkipValidationDelegates.SkipLifetimeValidation; - validationParameters.SignatureValidator = SkipValidationDelegates.SkipSignatureValidation; - validationParameters.TokenTypeValidator = SkipValidationDelegates.SkipTokenTypeValidation; - - return validationParameters; - } - } - } - - public class ValidateTokenAsyncAudienceExtensibilityTheoryData : ValidateTokenAsyncBaseTheoryData - { - public ValidateTokenAsyncAudienceExtensibilityTheoryData(string testId) : base(testId) { } - - public string? Audience { get; internal set; } = Default.Audience; - - public string? ExpectedInvalidAudience { get; internal set; } = null; - - internal AudienceValidationDelegate? AudienceValidationDelegate { get; set; } - - public ExpectedException? ThrownException { get; internal set; } = null; - } - - private class CustomInvalidAudienceException : SecurityTokenInvalidAudienceException - { - public CustomInvalidAudienceException(string message) - : base(message) - { - } - } - - private class CustomAudienceValidationError : AudienceValidationError - { - public CustomAudienceValidationError(MessageDetail messageDetail, - Type exceptionType, - StackFrame stackFrame, - IList? tokenAudiences) : - base(messageDetail, ValidationFailureType.AudienceValidationFailed, exceptionType, stackFrame, tokenAudiences, null) - { - } - - internal override Exception GetException() - { - if (ExceptionType == typeof(CustomInvalidAudienceException)) - return new CustomInvalidAudienceException(MessageDetail.Message) { InvalidAudience = Utility.SerializeAsSingleCommaDelimitedString(TokenAudiences) }; - - return base.GetException(); - } - } - } -} -#nullable restore diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.Extensibility.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.Extensibility.cs deleted file mode 100644 index b7c09dab2f..0000000000 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateTokenAsyncTests.Lifetime.Extensibility.cs +++ /dev/null @@ -1,305 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -#nullable enable -using System; -using System.Diagnostics; -using System.Threading; -using System.Threading.Tasks; -using Microsoft.IdentityModel.TestUtils; -using Microsoft.IdentityModel.Tokens; -using Xunit; - -namespace Microsoft.IdentityModel.JsonWebTokens.Tests -{ - public partial class JsonWebTokenHandlerValidateTokenAsyncTests - { - [Theory, MemberData(nameof(ValidateTokenAsync_Lifetime_ExtensibilityTestCases), DisableDiscoveryEnumeration = true)] - public async Task ValidateTokenAsync_Lifetime_Extensibility(ValidateTokenAsyncLifetimeExtensibilityTheoryData theoryData) - { - var context = TestUtilities.WriteHeader($"{this}.{nameof(ValidateTokenAsync_Lifetime_Extensibility)}", theoryData); - - string jwtString = CreateTokenWithLifetime(theoryData.IssuedAt, theoryData.NotBefore, theoryData.Expires); - var handler = new JsonWebTokenHandler(); - - ValidationResult validationResult; - - if (theoryData.ThrownException is null) - { - validationResult = await handler.ValidateTokenAsync( - jwtString, theoryData.ValidationParameters!, theoryData.CallContext, CancellationToken.None); - } - else - { - // The exception is thrown by the delegate, so we catch it here. - // Outside of testing, this could be a catch block in the calling code. - var exception = await Assert.ThrowsAsync(async () => - { - validationResult = await handler.ValidateTokenAsync( - jwtString, theoryData.ValidationParameters!, theoryData.CallContext, CancellationToken.None); - }); - - theoryData.ThrownException.ProcessException(exception, context); - return; - } - - if (validationResult.IsValid != theoryData.ExpectedIsValid) - context.AddDiff($"validationResult.IsValid != theoryData.ExpectedIsValid"); - - if (validationResult.IsValid) - { - theoryData.ExpectedException.ProcessNoException(context); - - ValidatedLifetime? validatedLifetime = validationResult.UnwrapResult().ValidatedLifetime; - - if (validatedLifetime is not null) - { - IdentityComparer.AreDateTimesEqualWithEpsilon(validatedLifetime.Value.NotBefore, theoryData.ValidatedLifetime.NotBefore, 3, context); - IdentityComparer.AreDateTimesEqualWithEpsilon(validatedLifetime.Value.Expires, theoryData.ValidatedLifetime.Expires, 3, context); - } - } - else - { - theoryData.ExpectedException.ProcessException(validationResult.UnwrapError().GetException(), context); - - if (validationResult.UnwrapError().GetException() is SecurityTokenInvalidLifetimeException lifetimeException) - { - if (theoryData.ExpectedInvalidNotBefore is not null) - IdentityComparer.AreDateTimesEqualWithEpsilon(lifetimeException.NotBefore, theoryData.ExpectedInvalidNotBefore, 3, context); - - if (theoryData.ExpectedInvalidExpires is not null) - IdentityComparer.AreDateTimesEqualWithEpsilon(lifetimeException.Expires, theoryData.ExpectedInvalidExpires, 3, context); - } - - TestUtilities.AssertFailIfErrors(context); - } - } - - public static TheoryData ValidateTokenAsync_Lifetime_ExtensibilityTestCases - { - get - { - DateTime now = DateTime.UtcNow; - DateTime nowPlus1Hour = now.AddHours(1); - DateTime nowMinus1Hour = now.AddHours(-1); - - var theoryData = new TheoryData(); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData("DefaultDelegate_Valid_LifetimeIsValid") - { - IssuedAt = now, - NotBefore = nowMinus1Hour, - Expires = nowPlus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: null), - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData("DefaultDelegate_Invalid_TokenHasExpired") - { - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: null), - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ExpectedIsValid = false, - ExpectedException = ExpectedException.SecurityTokenExpiredException("IDX10223:"), - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData("CustomDelegate_Valid_DelegateReturnsValidatedLifetime") - { - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: delegate - (DateTime? notBefore, - DateTime? expires, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new ValidatedLifetime(notBefore, expires); - }), - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData("CustomDelegate_Valid_DelegateReturnsEmptyValidatedLifetime") - { - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: delegate - (DateTime? notBefore, - DateTime? expires, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new ValidatedLifetime(); - }), - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData( - "CustomDelegate_Invalid_DelegateReturnsValidationErrorWithDefaultExceptionType") - { - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: delegate - (DateTime? notBefore, - DateTime? expires, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new LifetimeValidationError(new MessageDetail("Custom message from the delegate."), - typeof(SecurityTokenInvalidLifetimeException), - new System.Diagnostics.StackFrame(true), - (DateTime)notBefore!, - (DateTime)expires!); - }), - ExpectedIsValid = false, - ExpectedException = new ExpectedException(typeof(SecurityTokenInvalidLifetimeException), "Custom message from the delegate."), - ExpectedInvalidNotBefore = nowMinus1Hour, - ExpectedInvalidExpires = nowMinus1Hour, - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData( - "CustomDelegate_Invalid_DelegateReturnsValidationErrorWithCustomExceptionType_NoCustomValidationError") - { - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: delegate - (DateTime? notBefore, - DateTime? expires, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new LifetimeValidationError( - new MessageDetail("Custom message from the delegate."), - typeof(CustomInvalidLifetimeException), - new System.Diagnostics.StackFrame(true), - (DateTime)notBefore!, - (DateTime)expires!); - }), - ExpectedIsValid = false, - // The delegate returns a custom exception but does not implement a custom ValidationError. - ExpectedException = ExpectedException.SecurityTokenException("IDX10002:"), - ExpectedInvalidNotBefore = nowMinus1Hour, - ExpectedInvalidExpires = nowMinus1Hour, - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData( - "CustomDelegate_Invalid_DelegateReturnsValidationErrorWithCustomExceptionType_CustomValidationErrorUsed") - { - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: delegate - (DateTime? notBefore, - DateTime? expires, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - return new CustomLifetimeValidationError( - new MessageDetail("Custom message from the delegate."), - typeof(CustomInvalidLifetimeException), - new System.Diagnostics.StackFrame(true), - (DateTime)notBefore!, - (DateTime)expires!); - }), - ExpectedIsValid = false, - // The delegate uses a custom validation error that implements GetException to return the custom exception. - ExpectedException = new ExpectedException(typeof(CustomInvalidLifetimeException), "Custom message from the delegate."), - ExpectedInvalidNotBefore = nowMinus1Hour, - ExpectedInvalidExpires = nowMinus1Hour, - }); - - theoryData.Add(new ValidateTokenAsyncLifetimeExtensibilityTheoryData("CustomDelegate_Invalid_DelegateThrows") - { - IssuedAt = nowMinus1Hour, - NotBefore = nowMinus1Hour, - Expires = nowMinus1Hour, - ValidationParameters = CreateValidationParameters(lifetimeValidationDelegate: delegate - (DateTime? notBefore, - DateTime? expires, - SecurityToken? securityToken, - ValidationParameters validationParameters, - CallContext callContext) - { - throw new CustomInvalidLifetimeException("Custom exception from the delegate."); - }), - ExpectedIsValid = false, - ThrownException = new ExpectedException(typeof(CustomInvalidLifetimeException), "Custom exception from the delegate."), - }); - - return theoryData; - - static ValidationParameters CreateValidationParameters(LifetimeValidationDelegate? lifetimeValidationDelegate) - { - ValidationParameters validationParameters = new ValidationParameters(); - - if (lifetimeValidationDelegate is not null) - validationParameters.LifetimeValidator = lifetimeValidationDelegate; - - // Skip all validations except lifetime - validationParameters.AlgorithmValidator = SkipValidationDelegates.SkipAlgorithmValidation; - validationParameters.AudienceValidator = SkipValidationDelegates.SkipAudienceValidation; - validationParameters.IssuerValidatorAsync = SkipValidationDelegates.SkipIssuerValidation; - validationParameters.IssuerSigningKeyValidator = SkipValidationDelegates.SkipIssuerSigningKeyValidation; - validationParameters.SignatureValidator = SkipValidationDelegates.SkipSignatureValidation; - validationParameters.TokenTypeValidator = SkipValidationDelegates.SkipTokenTypeValidation; - - return validationParameters; - } - } - } - - public class ValidateTokenAsyncLifetimeExtensibilityTheoryData : ValidateTokenAsyncBaseTheoryData - { - public ValidateTokenAsyncLifetimeExtensibilityTheoryData(string testId) : base(testId) { } - - public DateTime? IssuedAt { get; internal set; } = null; - - public DateTime? NotBefore { get; internal set; } = null; - - public DateTime? Expires { get; internal set; } = null; - - internal ValidatedLifetime ValidatedLifetime { get; set; } = default; - - public DateTime? ExpectedInvalidNotBefore { get; internal set; } = null; - - public DateTime? ExpectedInvalidExpires { get; internal set; } = null; - - public ExpectedException? ThrownException { get; internal set; } = null; - } - - private class CustomInvalidLifetimeException : SecurityTokenInvalidLifetimeException - { - public CustomInvalidLifetimeException(string message) - : base(message) - { - } - } - - private class CustomLifetimeValidationError : LifetimeValidationError - { - public CustomLifetimeValidationError(MessageDetail messageDetail, - Type exceptionType, - StackFrame stackFrame, - DateTime notBefore, - DateTime expires) : - base(messageDetail, exceptionType, stackFrame, notBefore, expires) - { - } - - internal override Exception GetException() - { - if (ExceptionType == typeof(CustomInvalidLifetimeException)) - return new CustomInvalidLifetimeException(MessageDetail.Message) { NotBefore = _notBefore, Expires = _expires }; - - return base.GetException(); - } - } - } -} -#nullable restore From 2609624f419975a40503f06f415477b8f586d456 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Sat, 16 Nov 2024 20:37:16 +0000 Subject: [PATCH 07/10] Updated file name in JWT issuer extensibility tests --- ...sonWebTokenHandler.Issuer.Extensibility.cs | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs index b610d1fe76..c26f0a1249 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs @@ -70,7 +70,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 88), + new StackFrame("CustomIssuerValidationDelegates", 88), new StackFrame(false), new StackFrame(false) ]) @@ -82,7 +82,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync), null), typeof(SecurityTokenInvalidIssuerException), - new StackFrame("CustomValidationDelegates.cs", 88), + new StackFrame("CustomIssuerValidationDelegates", 88), issuerGuid) }); @@ -92,7 +92,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 107), + new StackFrame("CustomIssuerValidationDelegates", 107), new StackFrame(false), new StackFrame(false) ]) @@ -104,7 +104,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync), null), typeof(CustomSecurityTokenInvalidIssuerException), - new StackFrame("CustomValidationDelegates.cs", 107), + new StackFrame("CustomIssuerValidationDelegates", 107), issuerGuid), }); @@ -114,7 +114,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 139), + new StackFrame("CustomIssuerValidationDelegates", 139), new StackFrame(false), new StackFrame(false) ]) @@ -126,7 +126,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync), null), typeof(NotSupportedException), - new StackFrame("CustomValidationDelegates.cs", 139), + new StackFrame("CustomIssuerValidationDelegates", 139), issuerGuid), }); @@ -136,7 +136,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 123), + new StackFrame("CustomIssuerValidationDelegates", 123), new StackFrame(false), new StackFrame(false) ]) @@ -148,7 +148,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null), typeof(CustomSecurityTokenInvalidIssuerException), - new StackFrame("CustomValidationDelegates.cs", 123), + new StackFrame("CustomIssuerValidationDelegates", 123), issuerGuid, CustomIssuerValidationError.CustomIssuerValidationFailureType, null), @@ -163,7 +163,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 169), + new StackFrame("CustomIssuerValidationDelegates", 169), new StackFrame(false), new StackFrame(false) ]) @@ -175,7 +175,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync), null), typeof(SecurityTokenInvalidIssuerException), - new StackFrame("CustomValidationDelegates.cs", 169), + new StackFrame("CustomIssuerValidationDelegates", 169), issuerGuid) }); @@ -185,7 +185,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 196), + new StackFrame("CustomIssuerValidationDelegates", 196), new StackFrame(false), new StackFrame(false) ]) @@ -197,7 +197,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync), null), typeof(CustomSecurityTokenInvalidIssuerException), - new StackFrame("CustomValidationDelegates.cs", 196), + new StackFrame("CustomIssuerValidationDelegates", 196), issuerGuid) }); @@ -207,7 +207,7 @@ public static TheoryData Issuer_ExtensibilityTest issuerGuid, CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync, [ - new StackFrame("CustomValidationDelegates.cs", 210), + new StackFrame("CustomIssuerValidationDelegates", 210), new StackFrame(false), new StackFrame(false) ]) @@ -219,7 +219,7 @@ public static TheoryData Issuer_ExtensibilityTest new MessageDetail( nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync), null), typeof(CustomSecurityTokenException), - new StackFrame("CustomValidationDelegates.cs", 210), + new StackFrame("CustomIssuerValidationDelegates", 210), issuerGuid) }); From 8dd39beacdd34fa41eaef29ca1bc4945d75636c4 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Thu, 21 Nov 2024 12:20:50 +0000 Subject: [PATCH 08/10] Removed optionality of ValidationFailureType and moved it back to the required fields --- .../JsonWebTokenHandler.DecryptToken.cs | 12 ++-- .../JsonWebTokenHandler.ReadToken.cs | 2 +- .../JsonWebTokenHandler.ValidateSignature.cs | 47 ++++++------ ...nWebTokenHandler.ValidateToken.Internal.cs | 10 +-- .../JwtTokenUtilities.DecryptTokenResult.cs | 2 +- .../JwtTokenUtilities.cs | 12 ++-- .../InternalAPI.Unshipped.txt | 4 +- .../Saml/Exceptions/SamlValidationError.cs | 4 +- .../SamlSecurityTokenHandler.ReadToken.cs | 6 +- ...lSecurityTokenHandler.ValidateSignature.cs | 16 ++--- .../Saml2/Exceptions/Saml2ValidationError.cs | 4 +- .../Saml2SecurityTokenHandler.ReadToken.cs | 6 +- ...2SecurityTokenHandler.ValidateSignature.cs | 16 ++--- .../InternalAPI.Unshipped.txt | 27 ++++--- .../Details/AlgorithmValidationError.cs | 4 +- .../Details/AudienceValidationError.cs | 4 +- .../Results/Details/IssuerValidationError.cs | 4 +- .../Details/LifetimeValidationError.cs | 4 +- .../Details/TokenTypeValidationError.cs | 4 +- .../Results/Details/ValidationError.cs | 6 +- .../Validation/Validators.Algorithm.cs | 1 + .../Validation/Validators.Audience.cs | 9 +-- .../Validation/Validators.Issuer.cs | 3 + .../Validation/Validators.IssuerSigningKey.cs | 12 ++-- .../Validation/Validators.Lifetime.cs | 4 ++ .../Validation/Validators.TokenReplay.cs | 12 ++-- .../Validation/Validators.TokenType.cs | 2 + .../Exceptions/XmlValidationError.cs | 4 +- .../InternalAPI.Unshipped.txt | 2 +- src/Microsoft.IdentityModel.Xml/Reference.cs | 4 +- src/Microsoft.IdentityModel.Xml/Signature.cs | 16 ++--- .../JsonWebTokenHandler.DecryptTokenTests.cs | 20 +++--- ...sonWebTokenHandler.Issuer.Extensibility.cs | 10 ++- .../JsonWebTokenHandler.ReadTokenTests.cs | 10 +-- ...nWebTokenHandler.ValidateSignatureTests.cs | 24 +++---- .../CustomIssuerValidationDelegates.cs | 8 ++- .../CustomValidationErrors.cs | 21 +++--- .../AlgorithmValidationResultTests.cs | 8 +-- .../AudienceValidationResultTests.cs | 72 +++++++++---------- .../Validation/IssuerValidationResultTests.cs | 16 ++--- .../LifetimeValidationResultTests.cs | 28 ++++---- .../Validation/ReplayValidationResultTests.cs | 24 +++---- .../SigningKeyValidationResultTests.cs | 24 +++---- .../TokenTypeValidationResultTests.cs | 20 +++--- .../Validation/ValidationErrorTests.cs | 4 +- 45 files changed, 290 insertions(+), 262 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs index c5ff65f475..7b7a641cb2 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs @@ -50,9 +50,9 @@ internal ValidationResult DecryptToken( StackFrame headerMissingStackFrame = StackFrames.DecryptionHeaderMissing ??= new StackFrame(true); return new ValidationError( new MessageDetail(TokenLogMessages.IDX10612), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenException), - headerMissingStackFrame, - ValidationFailureType.TokenDecryptionFailed); + headerMissingStackFrame); } (IList? contentEncryptionKeys, ValidationError? validationError) result = @@ -71,9 +71,9 @@ internal ValidationResult DecryptToken( new MessageDetail( TokenLogMessages.IDX10609, LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - noKeysTriedStackFrame, - ValidationFailureType.TokenDecryptionFailed); + noKeysTriedStackFrame); } return JwtTokenUtilities.DecryptJwtToken( @@ -218,9 +218,9 @@ internal ValidationResult DecryptToken( keysAttempted?.ToString() ?? "", exceptionStrings?.ToString() ?? "", LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenKeyWrapException), - decryptionKeyUnwrapFailedStackFrame, - ValidationFailureType.TokenDecryptionFailed); + decryptionKeyUnwrapFailedStackFrame); return (null, validationError); } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs index ca6b8a561e..44929e628b 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs @@ -46,9 +46,9 @@ internal static ValidationResult ReadToken( StackFrame malformedTokenStackFrame = StackFrames.ReadTokenMalformed ?? new StackFrame(true); return new ValidationError( new MessageDetail(LogMessages.IDX14107), + ValidationFailureType.TokenReadingFailed, typeof(SecurityTokenMalformedException), malformedTokenStackFrame, - ValidationFailureType.TokenReadingFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs index d6f5290c97..ff0a9637a3 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs @@ -55,9 +55,9 @@ internal static ValidationResult ValidateSignature( LogHelper.MarkAsSecurityArtifact( jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); SecurityKey? key = null; if (validationParameters.IssuerSigningKeyResolver is not null) @@ -101,17 +101,17 @@ internal static ValidationResult ValidateSignature( LogHelper.MarkAsNonPII(validationParameters.IssuerSigningKeys.Count), LogHelper.MarkAsNonPII(configuration?.SigningKeys.Count ?? 0), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - kidNotMatchedNoTryAllStackFrame, - ValidationFailureType.SignatureValidationFailed); + kidNotMatchedNoTryAllStackFrame); } StackFrame noKeysProvidedStackFrame = StackFrames.NoKeysProvided ??= new StackFrame(true); return new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - noKeysProvidedStackFrame, - ValidationFailureType.SignatureValidationFailed); + noKeysProvidedStackFrame); } } @@ -146,9 +146,9 @@ private static ValidationResult ValidateSignatureUsingAllKeys( if (vpFailedResult is null && configFailedResult is null) // No keys were attempted return new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); StringBuilder exceptionStrings = new(); StringBuilder keysAttempted = new(); @@ -228,9 +228,9 @@ private static ValidationResult ValidateSignatureWithKey( TokenLogMessages.IDX10400, LogHelper.MarkAsNonPII(jsonWebToken.Alg), key), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); } ValidationResult result = validationParameters.AlgorithmValidator( @@ -248,6 +248,7 @@ private static ValidationResult ValidateSignatureWithKey( new MessageDetail( TokenLogMessages.IDX10518, algorithmValidationError.MessageDetail.Message), + ValidationFailureType.AlgorithmValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), new StackFrame(true), algorithmValidationError.InvalidAlgorithm); @@ -259,9 +260,9 @@ private static ValidationResult ValidateSignatureWithKey( new MessageDetail( TokenLogMessages.IDX10518, result.UnwrapError().MessageDetail.Message), + ValidationFailureType.SignatureAlgorithmValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), - new StackFrame(true), - ValidationFailureType.SignatureAlgorithmValidationFailed); + new StackFrame(true)); } } @@ -274,9 +275,9 @@ private static ValidationResult ValidateSignatureWithKey( TokenLogMessages.IDX10636, key?.ToString() ?? "Null", LogHelper.MarkAsNonPII(jsonWebToken.Alg)), + ValidationFailureType.SignatureValidationFailed, typeof(InvalidOperationException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); bool valid = EncodingUtils.PerformEncodingDependentOperation( jsonWebToken.EncodedToken, @@ -297,9 +298,9 @@ private static ValidationResult ValidateSignatureWithKey( LogHelper.MarkAsSecurityArtifact( jsonWebToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); } #pragma warning disable CA1031 // Do not catch general exception types catch (Exception ex) @@ -311,9 +312,9 @@ private static ValidationResult ValidateSignatureWithKey( LogHelper.MarkAsSecurityArtifact( jsonWebToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), new StackFrame(true), - ValidationFailureType.SignatureValidationFailed, ex); } finally @@ -352,9 +353,9 @@ private static ValidationError GetSignatureValidationError( LogHelper.MarkAsNonPII(jwtToken.Kid), exceptionStrings.ToString(), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); } if (kidExists) @@ -367,9 +368,9 @@ private static ValidationError GetSignatureValidationError( LogHelper.MarkAsNonPII(numKeysInConfiguration), exceptionStrings.ToString(), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); return new ValidationError( new MessageDetail( @@ -379,9 +380,9 @@ private static ValidationError GetSignatureValidationError( LogHelper.MarkAsNonPII(numKeysInConfiguration), exceptionStrings.ToString(), LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - new StackFrame(true), - ValidationFailureType.SignatureValidationFailed); + new StackFrame(true)); } private static void PopulateFailedResults( diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs index c2ec88ac19..18fa21fcf9 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs @@ -64,9 +64,9 @@ internal async Task> ValidateTokenAsync( TokenLogMessages.IDX10209, LogHelper.MarkAsNonPII(token.Length), LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)), + ValidationFailureType.InvalidSecurityToken, typeof(ArgumentException), - invalidTokenLengthStackFrame, - ValidationFailureType.InvalidSecurityToken); + invalidTokenLengthStackFrame); } ValidationResult readResult = ReadToken(token, callContext); @@ -118,9 +118,9 @@ internal async Task> ValidateTokenAsync( StackFrame notJwtStackFrame = StackFrames.TokenNotJWT ??= new StackFrame(true); return new ValidationError( new MessageDetail(TokenLogMessages.IDX10001, nameof(token), nameof(JsonWebToken)), + ValidationFailureType.InvalidSecurityToken, typeof(ArgumentException), - notJwtStackFrame, - ValidationFailureType.InvalidSecurityToken); + notJwtStackFrame); } BaseConfiguration? currentConfiguration = @@ -294,10 +294,10 @@ private async ValueTask> ValidateJWSAsync( { return new IssuerValidationError( new MessageDetail(TokenLogMessages.IDX10269), + ValidationFailureType.IssuerValidatorThrew, typeof(SecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), jsonWebToken.Issuer, - ValidationFailureType.IssuerValidatorThrew, ex); } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs index 3ad014819c..a4a242cd90 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs @@ -122,9 +122,9 @@ internal static ValidationResult DecryptJwtToken( { return new ValidationError( new MessageDetail(TokenLogMessages.IDX10679, zipAlgorithm), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecompressionFailedException), new StackFrame(true), - ValidationFailureType.TokenDecryptionFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs index bc23e0e369..2794ff2d8d 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs @@ -371,26 +371,26 @@ private static ValidationError GetDecryptionError( keysAttempted.ToString(), exceptionStrings?.ToString() ?? string.Empty, LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - new StackFrame(true), - ValidationFailureType.TokenDecryptionFailed); + new StackFrame(true)); else if (algorithmNotSupportedByCryptoProvider) return new ValidationError( new MessageDetail( TokenLogMessages.IDX10619, LogHelper.MarkAsNonPII(decryptionParameters.Alg), LogHelper.MarkAsNonPII(decryptionParameters.Enc)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - new StackFrame(true), - ValidationFailureType.TokenDecryptionFailed); + new StackFrame(true)); else return new ValidationError( new MessageDetail( TokenLogMessages.IDX10609, LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - new StackFrame(true), - ValidationFailureType.TokenDecryptionFailed); + new StackFrame(true)); } private static byte[] DecryptToken(CryptoProviderFactory cryptoProviderFactory, SecurityKey key, string encAlg, byte[] ciphertext, byte[] headerAscii, byte[] initializationVector, byte[] authenticationTag) diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt index 7504d240a1..40f6b57bad 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt @@ -11,12 +11,12 @@ Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml.SamlValidationError -Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.StackFrames Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task> Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError -Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException = null) -> void override Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.GetException() -> System.Exception override Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.GetException() -> System.Exception static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.StackFrames.IssuerSigningKeyValidationFailed -> System.Diagnostics.StackFrame diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs index 5bee47a23a..d7f39f8cc4 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs @@ -11,11 +11,11 @@ internal class SamlValidationError : ValidationError { internal SamlValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, - ValidationFailureType failureType, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, failureType, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs index 9d4a5d3cb2..f9c658aaf1 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ReadToken.cs @@ -30,9 +30,9 @@ internal virtual ValidationResult ReadSamlToken(string token, TokenLogMessages.IDX10209, LogHelper.MarkAsNonPII(token.Length), LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)), + ValidationFailureType.TokenExceedsMaximumSize, typeof(ArgumentOutOfRangeException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.TokenExceedsMaximumSize); + ValidationError.GetCurrentStackFrame()); try { @@ -47,9 +47,9 @@ internal virtual ValidationResult ReadSamlToken(string token, { return new SamlValidationError( new MessageDetail(LogMessages.IDX11402, ex.Message), + ValidationFailureType.TokenReadingFailed, typeof(SamlSecurityTokenReadException), ValidationError.GetCurrentStackFrame(), - ValidationFailureType.TokenReadingFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs index 82784ab5eb..3691a62159 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateSignature.cs @@ -42,9 +42,9 @@ internal static ValidationResult ValidateSignature( new MessageDetail( TokenLogMessages.IDX10504, samlToken.Assertion.CanonicalString), + ValidationFailureType.TokenIsNotSigned, typeof(SecurityTokenValidationException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.TokenIsNotSigned); + ValidationError.GetCurrentStackFrame()); SecurityKey? resolvedKey = null; bool keyMatched = false; @@ -110,9 +110,9 @@ internal static ValidationResult ValidateSignature( samlToken.Assertion.Signature.KeyInfo, GetErrorString(error, errors), samlToken), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.SignatureValidationFailed); + ValidationError.GetCurrentStackFrame()); string? keysAttemptedString = null; if (resolvedKey is not null) @@ -127,15 +127,15 @@ internal static ValidationResult ValidateSignature( keysAttemptedString, GetErrorString(error, errors), samlToken), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.SignatureValidationFailed); + ValidationError.GetCurrentStackFrame()); return new XmlValidationError( new MessageDetail(TokenLogMessages.IDX10500), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.SignatureValidationFailed); + ValidationError.GetCurrentStackFrame()); } private static ValidationResult ValidateSignatureUsingKey(SecurityKey key, SamlSecurityToken samlToken, ValidationParameters validationParameters, CallContext callContext) diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs index 7e834b5ccd..7425f50679 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2ValidationError.cs @@ -11,11 +11,11 @@ internal class Saml2ValidationError : ValidationError { internal Saml2ValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, - ValidationFailureType failureType, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, failureType, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs index 841708fe16..cf74c5fc0b 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ReadToken.cs @@ -32,9 +32,9 @@ internal virtual ValidationResult ReadSaml2Token(string toke TokenLogMessages.IDX10209, LogHelper.MarkAsNonPII(token.Length), LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)), + ValidationFailureType.TokenReadingFailed, typeof(ArgumentException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.TokenReadingFailed); + ValidationError.GetCurrentStackFrame()); try { @@ -49,9 +49,9 @@ internal virtual ValidationResult ReadSaml2Token(string toke { return new Saml2ValidationError( new MessageDetail(LogMessages.IDX13003, ex.Message), + ValidationFailureType.TokenReadingFailed, typeof(Saml2SecurityTokenReadException), ValidationError.GetCurrentStackFrame(), - ValidationFailureType.TokenReadingFailed, ex); } } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs index dc60d0d466..74d2884b26 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateSignature.cs @@ -41,9 +41,9 @@ internal static ValidationResult ValidateSignature( new MessageDetail( TokenLogMessages.IDX10504, samlToken.Assertion.CanonicalString), + ValidationFailureType.TokenIsNotSigned, typeof(SecurityTokenValidationException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.TokenIsNotSigned); + ValidationError.GetCurrentStackFrame()); SecurityKey? resolvedKey = null; bool keyMatched = false; @@ -109,9 +109,9 @@ internal static ValidationResult ValidateSignature( samlToken.Assertion.Signature.KeyInfo, GetErrorStrings(error, errors), samlToken), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.SignatureValidationFailed); + ValidationError.GetCurrentStackFrame()); string? keysAttemptedString = null; if (resolvedKey is not null) @@ -126,15 +126,15 @@ internal static ValidationResult ValidateSignature( keysAttemptedString, GetErrorStrings(error, errors), samlToken), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.SignatureValidationFailed); + ValidationError.GetCurrentStackFrame()); return new XmlValidationError( new MessageDetail(TokenLogMessages.IDX10500), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.SignatureValidationFailed); + ValidationError.GetCurrentStackFrame()); } private static ValidationResult ValidateSignatureUsingKey(SecurityKey key, Saml2SecurityToken samlToken, ValidationParameters validationParameters, CallContext callContext) diff --git a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt index 03e642a883..c66d945594 100644 --- a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt @@ -1,50 +1,55 @@ const Microsoft.IdentityModel.Tokens.LogMessages.IDX10002 = "IDX10002: Unknown exception type returned. Type: '{0}'. Message: '{1}'." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10268 = "IDX10268: Unable to validate audience, validationParameters.ValidAudiences.Count == 0." -> string const Microsoft.IdentityModel.Tokens.LogMessages.IDX10269 = "IDX10269: IssuerValidationDelegate threw an exception, see inner exception." -> string +const Microsoft.IdentityModel.Tokens.LogMessages.IDX10271 = "IDX10271: LifetimeValidationDelegate threw an exception, see inner exception." -> string +const Microsoft.IdentityModel.Tokens.LogMessages.IDX10275 = "IDX10275: TokenTypeValidationDelegate threw an exception, see inner exception." -> string Microsoft.IdentityModel.Tokens.AlgorithmValidationError -Microsoft.IdentityModel.Tokens.AlgorithmValidationError.AlgorithmValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidAlgorithm, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.AlgorithmValidationError.AlgorithmValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidAlgorithm, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.AlgorithmValidationError.InvalidAlgorithm.get -> string Microsoft.IdentityModel.Tokens.AlgorithmValidationError._invalidAlgorithm -> string -Microsoft.IdentityModel.Tokens.AudienceValidationError.AudienceValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Collections.Generic.IList tokenAudiences, System.Collections.Generic.IList validAudiences, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType = null, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.AudienceValidationError.AudienceValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Collections.Generic.IList tokenAudiences, System.Collections.Generic.IList validAudiences, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.AudienceValidationError.TokenAudiences.get -> System.Collections.Generic.IList Microsoft.IdentityModel.Tokens.AudienceValidationError.TokenAudiences.set -> void Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidAudiences.get -> System.Collections.Generic.IList Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidAudiences.set -> void +Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError +Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.InvalidSigningKey.get -> Microsoft.IdentityModel.Tokens.SecurityKey +Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.InvalidSigningKey.set -> void +Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.IssuerSigningKeyValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.SecurityKey invalidSigningKey, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType = null, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.IssuerValidationError.InvalidIssuer.get -> string -Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.IssuerValidationSource.IssuerMatchedConfiguration = 1 -> Microsoft.IdentityModel.Tokens.IssuerValidationSource Microsoft.IdentityModel.Tokens.IssuerValidationSource.IssuerMatchedValidationParameters = 2 -> Microsoft.IdentityModel.Tokens.IssuerValidationSource Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.get -> System.DateTime Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.set -> void -Microsoft.IdentityModel.Tokens.LifetimeValidationError.LifetimeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.DateTime? notBefore, System.DateTime? expires, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.LifetimeValidationError.LifetimeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.DateTime? notBefore, System.DateTime? expires, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.get -> System.DateTime Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.set -> void Microsoft.IdentityModel.Tokens.TokenTypeValidationError -Microsoft.IdentityModel.Tokens.TokenTypeValidationError.TokenTypeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidTokenType, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType = null, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.TokenTypeValidationError.TokenTypeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidTokenType, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.TokenTypeValidationError._invalidTokenType -> string Microsoft.IdentityModel.Tokens.TokenValidationParameters.TimeProvider.get -> System.TimeProvider Microsoft.IdentityModel.Tokens.TokenValidationParameters.TimeProvider.set -> void Microsoft.IdentityModel.Tokens.ValidationError.AddCurrentStackFrame(string filePath = "", int lineNumber = 0, int skipFrames = 1) -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Tokens.ValidationError.GetException(System.Type exceptionType, System.Exception innerException) -> System.Exception -Microsoft.IdentityModel.Tokens.ValidationError.ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Tokens.ValidationError.ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.ValidationParameters.TokenTypeValidator.get -> Microsoft.IdentityModel.Tokens.TokenTypeValidationDelegate Microsoft.IdentityModel.Tokens.ValidationParameters.TokenTypeValidator.set -> void Microsoft.IdentityModel.Tokens.ValidationResult.Error.get -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Tokens.ValidationResult.IsValid.get -> bool Microsoft.IdentityModel.Tokens.ValidationResult.Result.get -> TResult override Microsoft.IdentityModel.Tokens.AlgorithmValidationError.GetException() -> System.Exception +override Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.GetException() -> System.Exception override Microsoft.IdentityModel.Tokens.TokenTypeValidationError.GetException() -> System.Exception -static Microsoft.IdentityModel.Tokens.AudienceValidationError.AudiencesCountZero -> System.Diagnostics.StackFrame -static Microsoft.IdentityModel.Tokens.AudienceValidationError.AudiencesNull -> System.Diagnostics.StackFrame -static Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidateAudienceFailed -> System.Diagnostics.StackFrame -static Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidationParametersAudiencesCountZero -> System.Diagnostics.StackFrame -static Microsoft.IdentityModel.Tokens.AudienceValidationError.ValidationParametersNull -> System.Diagnostics.StackFrame +static Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.NullParameter(string parameterName, System.Diagnostics.StackFrame stackFrame) -> Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError static Microsoft.IdentityModel.Tokens.Utility.SerializeAsSingleCommaDelimitedString(System.Collections.Generic.IList strings) -> string static Microsoft.IdentityModel.Tokens.ValidationError.GetCurrentStackFrame(string filePath = "", int lineNumber = 0, int skipFrames = 1) -> System.Diagnostics.StackFrame static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.IssuerValidatorThrew -> Microsoft.IdentityModel.Tokens.ValidationFailureType +static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.LifetimeValidatorThrew -> Microsoft.IdentityModel.Tokens.ValidationFailureType static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.NoTokenAudiencesProvided -> Microsoft.IdentityModel.Tokens.ValidationFailureType static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.NoValidationParameterAudiencesProvided -> Microsoft.IdentityModel.Tokens.ValidationFailureType static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.SignatureAlgorithmValidationFailed -> Microsoft.IdentityModel.Tokens.ValidationFailureType static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.TokenExceedsMaximumSize -> Microsoft.IdentityModel.Tokens.ValidationFailureType static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.TokenIsNotSigned -> Microsoft.IdentityModel.Tokens.ValidationFailureType +static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.TokenTypeValidatorThrew -> Microsoft.IdentityModel.Tokens.ValidationFailureType static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.XmlValidationFailed -> Microsoft.IdentityModel.Tokens.ValidationFailureType diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs index e80461f850..940d099f32 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AlgorithmValidationError.cs @@ -13,12 +13,12 @@ internal class AlgorithmValidationError : ValidationError public AlgorithmValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, string? invalidAlgorithm, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) : - base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.AlgorithmValidationFailed, innerException) + base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { _invalidAlgorithm = invalidAlgorithm; } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs index 156e85536b..af7ce4708e 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs @@ -12,13 +12,13 @@ internal class AudienceValidationError : ValidationError { public AudienceValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, IList? tokenAudiences, IList? validAudiences, - ValidationFailureType? failureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, failureType ?? ValidationFailureType.AudienceValidationFailed, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { TokenAudiences = tokenAudiences; ValidAudiences = validAudiences; diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs index fa33ac0974..438681b973 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/IssuerValidationError.cs @@ -11,12 +11,12 @@ internal class IssuerValidationError : ValidationError { internal IssuerValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, string? invalidIssuer, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.IssuerValidationFailed, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { InvalidIssuer = invalidIssuer; } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs index c355ef63e8..26e1676b3e 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs @@ -11,14 +11,14 @@ internal class LifetimeValidationError : ValidationError { public LifetimeValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, DateTime? notBefore, DateTime? expires, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.LifetimeValidationFailed, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { if (notBefore.HasValue) NotBefore = notBefore.Value; diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs index 9f633ed741..b97697e248 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/TokenTypeValidationError.cs @@ -13,12 +13,12 @@ internal class TokenTypeValidationError : ValidationError internal TokenTypeValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, string? invalidTokenType, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, validationFailureType ?? ValidationFailureType.TokenTypeValidationFailed, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { _invalidTokenType = invalidTokenType; } diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs index 4c2e3ccdd5..8f40ffdadb 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/ValidationError.cs @@ -22,15 +22,15 @@ internal class ValidationError /// Creates an instance of /// /// contains information about the exception that is used to generate the exception message. + /// is the type of validation failure that occurred. /// is the type of exception that occurred. /// is the stack frame where the exception occurred. - /// is the type of validation failure that occurred. /// is the inner exception that occurred. internal ValidationError( MessageDetail messageDetail, + ValidationFailureType failureType, Type exceptionType, StackFrame stackFrame, - ValidationFailureType failureType, Exception? innerException = null) { InnerException = innerException; @@ -181,9 +181,9 @@ internal Exception GetException(Type exceptionType, Exception? innerException) internal static ValidationError NullParameter(string parameterName, StackFrame stackFrame) => new( MessageDetail.NullParameter(parameterName), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), stackFrame, - ValidationFailureType.NullArgument, null); /// diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs index 1651cd960b..4950042e26 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs @@ -57,6 +57,7 @@ internal static ValidationResult ValidateAlgorithm( new MessageDetail( LogMessages.IDX10696, LogHelper.MarkAsNonPII(algorithm)), + ValidationFailureType.AlgorithmValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), new StackFrame(true), algorithm); diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs index 78276e79ce..8b0903d3dc 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Audience.cs @@ -63,22 +63,22 @@ internal static ValidationResult ValidateAudience(IList tokenAud { return new AudienceValidationError( new MessageDetail(LogMessages.IDX10206), + ValidationFailureType.NoTokenAudiencesProvided, typeof(SecurityTokenInvalidAudienceException), ValidationError.GetCurrentStackFrame(), tokenAudiences, - validationParameters.ValidAudiences, - ValidationFailureType.NoTokenAudiencesProvided); + validationParameters.ValidAudiences); } if (validationParameters.ValidAudiences.Count == 0) { return new AudienceValidationError( new MessageDetail(LogMessages.IDX10268), + ValidationFailureType.NoValidationParameterAudiencesProvided, typeof(SecurityTokenInvalidAudienceException), ValidationError.GetCurrentStackFrame(), tokenAudiences, - validationParameters.ValidAudiences, - ValidationFailureType.NoValidationParameterAudiencesProvided); + validationParameters.ValidAudiences); } string? validAudience = ValidTokenAudience(tokenAudiences, validationParameters.ValidAudiences, validationParameters.IgnoreTrailingSlashWhenValidatingAudience); @@ -91,6 +91,7 @@ internal static ValidationResult ValidateAudience(IList tokenAud LogMessages.IDX10215, LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(tokenAudiences)), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validationParameters.ValidAudiences))), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), ValidationError.GetCurrentStackFrame(), tokenAudiences, diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs index 8a2cd297b1..3bae752f35 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Issuer.cs @@ -64,6 +64,7 @@ internal static async Task> ValidateIssuerAsyn { return new IssuerValidationError( new MessageDetail(LogMessages.IDX10211), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), new StackFrame(true), issuer); @@ -87,6 +88,7 @@ internal static async Task> ValidateIssuerAsyn if (validationParameters.ValidIssuers.Count == 0 && string.IsNullOrWhiteSpace(configuration?.Issuer)) return new IssuerValidationError( new MessageDetail(LogMessages.IDX10211), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), new StackFrame(true), issuer); @@ -137,6 +139,7 @@ internal static async Task> ValidateIssuerAsyn LogHelper.MarkAsNonPII(issuer), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validationParameters.ValidIssuers)), LogHelper.MarkAsNonPII(configuration?.Issuer)), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), new StackFrame(true), issuer); diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs index 733cbf72f7..3e27f653e4 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.IssuerSigningKey.cs @@ -62,9 +62,9 @@ internal static ValidationResult ValidateIssuerSign if (securityKey == null) return new ValidationError( new MessageDetail(LogMessages.IDX10253, nameof(securityKey)), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenArgumentNullException), - new StackFrame(true), - ValidationFailureType.SigningKeyValidationFailed); + new StackFrame(true)); if (securityToken == null) return ValidationError.NullParameter( @@ -103,9 +103,9 @@ internal static ValidationResult ValidateIssuerSign LogMessages.IDX10248, LogHelper.MarkAsNonPII(notBeforeUtc), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true), - ValidationFailureType.SigningKeyValidationFailed); + new StackFrame(true)); //TODO: Move to CallContext //if (LogHelper.IsEnabled(EventLogLevel.Informational)) @@ -117,9 +117,9 @@ internal static ValidationResult ValidateIssuerSign LogMessages.IDX10249, LogHelper.MarkAsNonPII(notAfterUtc), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - new StackFrame(true), - ValidationFailureType.SigningKeyValidationFailed); + new StackFrame(true)); // TODO: Move to CallContext //if (LogHelper.IsEnabled(EventLogLevel.Informational)) diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs index 02ce0bc85b..6f7262e40f 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Lifetime.cs @@ -65,6 +65,7 @@ internal static ValidationResult ValidateLifetime( new MessageDetail( LogMessages.IDX10225, LogHelper.MarkAsNonPII(securityToken == null ? "null" : securityToken.GetType().ToString())), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNoExpirationException), ValidationError.GetCurrentStackFrame(), notBefore, @@ -76,6 +77,7 @@ internal static ValidationResult ValidateLifetime( LogMessages.IDX10224, LogHelper.MarkAsNonPII(notBefore.Value), LogHelper.MarkAsNonPII(expires.Value)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenInvalidLifetimeException), ValidationError.GetCurrentStackFrame(), notBefore, @@ -88,6 +90,7 @@ internal static ValidationResult ValidateLifetime( LogMessages.IDX10222, LogHelper.MarkAsNonPII(notBefore.Value), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNotYetValidException), ValidationError.GetCurrentStackFrame(), notBefore, @@ -99,6 +102,7 @@ internal static ValidationResult ValidateLifetime( LogMessages.IDX10223, LogHelper.MarkAsNonPII(expires.Value), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenExpiredException), ValidationError.GetCurrentStackFrame(), notBefore, diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs index 24ca6a042c..064a6cc491 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenReplay.cs @@ -60,27 +60,27 @@ public static partial class Validators new MessageDetail( LogMessages.IDX10227, securityToken), + ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenNoExpirationException), - new StackFrame(true), - ValidationFailureType.TokenReplayValidationFailed); + new StackFrame(true)); if (validationParameters.TokenReplayCache.TryFind(securityToken)) return new ValidationError( new MessageDetail( LogMessages.IDX10228, securityToken), + ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - new StackFrame(true), - ValidationFailureType.TokenReplayValidationFailed); + new StackFrame(true)); if (!validationParameters.TokenReplayCache.TryAdd(securityToken, expirationTime.Value)) return new ValidationError( new MessageDetail( LogMessages.IDX10229, securityToken), + ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayAddFailedException), - new StackFrame(true), - ValidationFailureType.TokenReplayValidationFailed); + new StackFrame(true)); } // if it reaches here, that means no token replay is detected. diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenType.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenType.cs index 175cc190f7..fc685240d5 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenType.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.TokenType.cs @@ -64,6 +64,7 @@ internal static ValidationResult ValidateTokenType( if (string.IsNullOrEmpty(type)) return new TokenTypeValidationError( new MessageDetail(LogMessages.IDX10256), + ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), new StackFrame(true), null); // even if it is empty, we report null to match the original behaviour. @@ -75,6 +76,7 @@ internal static ValidationResult ValidateTokenType( LogMessages.IDX10257, LogHelper.MarkAsNonPII(type), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validationParameters.ValidTypes))), + ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), new StackFrame(true), type); diff --git a/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs b/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs index 90625c6e9b..a339d58da7 100644 --- a/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs +++ b/src/Microsoft.IdentityModel.Xml/Exceptions/XmlValidationError.cs @@ -12,11 +12,11 @@ internal class XmlValidationError : ValidationError { public XmlValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, - ValidationFailureType validationFailureType, Exception? innerException = null) : - base(messageDetail, exceptionType, stackFrame, validationFailureType, innerException) + base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { } diff --git a/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt index 0a88428846..59024a50b0 100644 --- a/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Xml/InternalAPI.Unshipped.txt @@ -2,6 +2,6 @@ Microsoft.IdentityModel.Xml.Reference.Verify(Microsoft.IdentityModel.Tokens.Cryp Microsoft.IdentityModel.Xml.Signature.Verify(Microsoft.IdentityModel.Tokens.SecurityKey key, Microsoft.IdentityModel.Tokens.CryptoProviderFactory cryptoProviderFactory, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Xml.SignedInfo.Verify(Microsoft.IdentityModel.Tokens.CryptoProviderFactory cryptoProviderFactory, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError Microsoft.IdentityModel.Xml.XmlValidationError -Microsoft.IdentityModel.Xml.XmlValidationError.XmlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Exception innerException = null) -> void +Microsoft.IdentityModel.Xml.XmlValidationError.XmlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException = null) -> void Microsoft.IdentityModel.Xml.XmlValidationException.SetValidationError(Microsoft.IdentityModel.Tokens.ValidationError validationError) -> void override Microsoft.IdentityModel.Xml.XmlValidationError.GetException() -> System.Exception \ No newline at end of file diff --git a/src/Microsoft.IdentityModel.Xml/Reference.cs b/src/Microsoft.IdentityModel.Xml/Reference.cs index 0a4eb83fbd..2a1f6870af 100644 --- a/src/Microsoft.IdentityModel.Xml/Reference.cs +++ b/src/Microsoft.IdentityModel.Xml/Reference.cs @@ -148,9 +148,9 @@ public void Verify(CryptoProviderFactory cryptoProviderFactory) new MessageDetail( LogMessages.IDX30201, Uri ?? Id), + ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - new System.Diagnostics.StackFrame(), - ValidationFailureType.XmlValidationFailed); + new System.Diagnostics.StackFrame()); return null; } diff --git a/src/Microsoft.IdentityModel.Xml/Signature.cs b/src/Microsoft.IdentityModel.Xml/Signature.cs index d925695927..b7bf6219fa 100644 --- a/src/Microsoft.IdentityModel.Xml/Signature.cs +++ b/src/Microsoft.IdentityModel.Xml/Signature.cs @@ -142,24 +142,24 @@ public void Verify(SecurityKey key, CryptoProviderFactory cryptoProviderFactory) if (SignedInfo is null) return new XmlValidationError( new MessageDetail(LogMessages.IDX30212), + ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.XmlValidationFailed); + ValidationError.GetCurrentStackFrame()); if (!cryptoProviderFactory.IsSupportedAlgorithm(SignedInfo.SignatureMethod, key)) return new XmlValidationError( new MessageDetail(LogMessages.IDX30207, SignedInfo.SignatureMethod, cryptoProviderFactory.GetType()), + ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.XmlValidationFailed); + ValidationError.GetCurrentStackFrame()); var signatureProvider = cryptoProviderFactory.CreateForVerifying(key, SignedInfo.SignatureMethod); if (signatureProvider is null) return new XmlValidationError( new MessageDetail(LogMessages.IDX30203, cryptoProviderFactory, key, SignedInfo.SignatureMethod), + ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.XmlValidationFailed); + ValidationError.GetCurrentStackFrame()); ValidationError? validationError = null; @@ -172,9 +172,9 @@ public void Verify(SecurityKey key, CryptoProviderFactory cryptoProviderFactory) { validationError = new XmlValidationError( new MessageDetail(LogMessages.IDX30200, cryptoProviderFactory, key), + ValidationFailureType.XmlValidationFailed, typeof(XmlValidationException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.XmlValidationFailed); + ValidationError.GetCurrentStackFrame()); } } diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs index a6e14db769..05c138ea9d 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.DecryptTokenTests.cs @@ -133,9 +133,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu ExpectedException = ExpectedException.SecurityTokenException("IDX10612:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10612), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenException), - null, - ValidationFailureType.TokenDecryptionFailed), + null), }, new TokenDecryptingTheoryData { @@ -145,9 +145,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu ExpectedException = ExpectedException.SecurityTokenArgumentNullException("IDX10000:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10000, "jwtToken"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new TokenDecryptingTheoryData { @@ -157,9 +157,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu ExpectedException = ExpectedException.SecurityTokenArgumentNullException("IDX10000:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10000, "validationParameters"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new TokenDecryptingTheoryData { @@ -213,9 +213,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu LogHelper.MarkAsSecurityArtifact( new JsonWebToken(ReferenceTokens.JWEDirectEncryptionUnsignedInnerJWTWithAdditionalHeaderClaims), JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - null, - ValidationFailureType.TokenDecryptionFailed), + null), }, new TokenDecryptingTheoryData { @@ -250,9 +250,9 @@ static Dictionary AdditionalEcdhEsHeaderParameters(JsonWebKey pu LogHelper.MarkAsSecurityArtifact( new JsonWebToken(ReferenceTokens.JWEDirectEncryptionUnsignedInnerJWTWithAdditionalHeaderClaims), JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.TokenDecryptionFailed, typeof(SecurityTokenDecryptionFailedException), - null, - ValidationFailureType.TokenDecryptionFailed), + null), }, }; } diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs index c26f0a1249..bb14541c7d 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.Issuer.Extensibility.cs @@ -81,6 +81,7 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), new StackFrame("CustomIssuerValidationDelegates", 88), issuerGuid) @@ -103,6 +104,7 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(CustomSecurityTokenInvalidIssuerException), new StackFrame("CustomIssuerValidationDelegates", 107), issuerGuid), @@ -125,6 +127,7 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorUnknownExceptionDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(NotSupportedException), new StackFrame("CustomIssuerValidationDelegates", 139), issuerGuid), @@ -147,10 +150,10 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new CustomIssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null), + CustomIssuerValidationError.CustomIssuerValidationFailureType, typeof(CustomSecurityTokenInvalidIssuerException), new StackFrame("CustomIssuerValidationDelegates", 123), issuerGuid, - CustomIssuerValidationError.CustomIssuerValidationFailureType, null), }); #endregion @@ -174,6 +177,7 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new IssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.IssuerValidatorDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), new StackFrame("CustomIssuerValidationDelegates", 169), issuerGuid) @@ -196,6 +200,7 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new IssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomIssuerExceptionTypeDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(CustomSecurityTokenInvalidIssuerException), new StackFrame("CustomIssuerValidationDelegates", 196), issuerGuid) @@ -218,6 +223,7 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new IssuerValidationError( new MessageDetail( nameof(CustomIssuerValidationDelegates.IssuerValidatorCustomExceptionTypeDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(CustomSecurityTokenException), new StackFrame("CustomIssuerValidationDelegates", 210), issuerGuid) @@ -240,10 +246,10 @@ public static TheoryData Issuer_ExtensibilityTest IssuerValidationError = new IssuerValidationError( new MessageDetail( string.Format(Tokens.LogMessages.IDX10269), null), + ValidationFailureType.IssuerValidatorThrew, typeof(SecurityTokenInvalidIssuerException), new StackFrame("JsonWebTokenHandler.ValidateToken.Internal.cs", 300), issuerGuid, - ValidationFailureType.IssuerValidatorThrew, new SecurityTokenInvalidIssuerException(nameof(CustomIssuerValidationDelegates.IssuerValidatorThrows)) ) }); diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs index b5dd33e9e8..823a522cc4 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ReadTokenTests.cs @@ -76,9 +76,9 @@ public static TheoryData JsonWebTokenHandlerReadTokenTes new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new TokenReadingTheoryData { @@ -89,9 +89,9 @@ public static TheoryData JsonWebTokenHandlerReadTokenTes new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new TokenReadingTheoryData { @@ -104,9 +104,9 @@ public static TheoryData JsonWebTokenHandlerReadTokenTes new MessageDetail( LogMessages.IDX14107, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.TokenReadingFailed, typeof(SecurityTokenMalformedException), null, - ValidationFailureType.TokenReadingFailed, new SecurityTokenMalformedException()), } }; diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs index 72e370f039..c49124cd17 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandler.ValidateSignatureTests.cs @@ -86,9 +86,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10000, "jwtToken"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new JsonWebTokenHandlerValidateSignatureTheoryData { TestId = "Invalid_Null_ValidationParameters", @@ -99,9 +99,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10000, "validationParameters"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new JsonWebTokenHandlerValidateSignatureTheoryData { TestId = "Invalid_DelegateReturnsFailure", @@ -115,9 +115,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10000, "fakeParameter"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new JsonWebTokenHandlerValidateSignatureTheoryData { @@ -129,9 +129,9 @@ public static TheoryData JsonWeb new MessageDetail( TokenLogMessages.IDX10504, LogHelper.MarkAsSecurityArtifact(unsignedToken, JwtTokenUtilities.SafeLogJwtToken)), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenInvalidSignatureException), - null, - ValidationFailureType.SignatureValidationFailed) + null) }, new JsonWebTokenHandlerValidateSignatureTheoryData { @@ -198,9 +198,9 @@ public static TheoryData JsonWeb ExpectedException = ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10500:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - null, - ValidationFailureType.SignatureValidationFailed) + null) }, new JsonWebTokenHandlerValidateSignatureTheoryData { @@ -210,9 +210,9 @@ public static TheoryData JsonWeb ExpectedException = ExpectedException.SecurityTokenSignatureKeyNotFoundException("IDX10502:"), Result = new ValidationError( new MessageDetail(TokenLogMessages.IDX10500), + ValidationFailureType.SignatureValidationFailed, typeof(SecurityTokenSignatureKeyNotFoundException), - null, - ValidationFailureType.SignatureValidationFailed) + null) } }; } diff --git a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs index 9d3f601b95..f5f1e73537 100644 --- a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs +++ b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomIssuerValidationDelegates.cs @@ -22,6 +22,7 @@ internal async static Task> CustomIssuerValida return await Task.FromResult(new ValidationResult( new CustomIssuerValidationError( new MessageDetail(nameof(CustomIssuerValidatorDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), issuer))); @@ -37,6 +38,7 @@ internal async static Task> CustomIssuerValida return await Task.FromResult(new ValidationResult( new CustomIssuerValidationError( new MessageDetail(nameof(CustomIssuerValidatorCustomExceptionDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(CustomSecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), issuer))); @@ -52,10 +54,10 @@ internal async static Task> CustomIssuerValida return await Task.FromResult(new ValidationResult( new CustomIssuerValidationError( new MessageDetail(nameof(CustomIssuerValidatorCustomExceptionCustomFailureTypeDelegateAsync), null), + CustomIssuerValidationError.CustomIssuerValidationFailureType, typeof(CustomSecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), issuer, - CustomIssuerValidationError.CustomIssuerValidationFailureType, null))); } @@ -69,6 +71,7 @@ internal async static Task> CustomIssuerValida return await Task.FromResult(new ValidationResult( new CustomIssuerValidationError( new MessageDetail(nameof(CustomIssuerValidatorUnknownExceptionDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(NotSupportedException), ValidationError.GetCurrentStackFrame(), issuer))); @@ -99,6 +102,7 @@ internal async static Task> IssuerValidatorDel return await Task.FromResult(new ValidationResult( new IssuerValidationError( new MessageDetail(nameof(IssuerValidatorDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), issuer))); @@ -124,6 +128,7 @@ internal async static Task> IssuerValidatorCus return await Task.FromResult(new ValidationResult( new IssuerValidationError( new MessageDetail(nameof(IssuerValidatorCustomIssuerExceptionTypeDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(CustomSecurityTokenInvalidIssuerException), ValidationError.GetCurrentStackFrame(), issuer))); @@ -138,6 +143,7 @@ internal async static Task> IssuerValidatorCus return await Task.FromResult(new ValidationResult( new IssuerValidationError( new MessageDetail(nameof(IssuerValidatorCustomExceptionTypeDelegateAsync), null), + ValidationFailureType.IssuerValidationFailed, typeof(CustomSecurityTokenException), ValidationError.GetCurrentStackFrame(), issuer))); diff --git a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs index e5274bd2f8..382a57a634 100644 --- a/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs +++ b/test/Microsoft.IdentityModel.TestUtils/TokenValidationExtensibility/CustomValidationErrors.cs @@ -20,12 +20,12 @@ private class IssuerValidatorFailure : ValidationFailureType { internal IssuerVa public CustomIssuerValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, string? invalidIssuer, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, invalidIssuer, validationFailureType, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, invalidIssuer, innerException) { } @@ -49,7 +49,7 @@ public CustomIssuerWithoutGetExceptionValidationOverrideError(MessageDetail mess Type exceptionType, StackFrame stackFrame, string? invalidIssuer) : - base(messageDetail, exceptionType, stackFrame, invalidIssuer) + base(messageDetail, ValidationFailureType.IssuerValidationFailed, exceptionType, stackFrame, invalidIssuer) { } } @@ -66,13 +66,13 @@ private class AudienceValidatorFailure : ValidationFailureType { internal Audien public CustomAudienceValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, IList? tokenAudiences, IList? validAudiences, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, tokenAudiences, validAudiences, validationFailureType, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, tokenAudiences, validAudiences, innerException) { } @@ -98,9 +98,8 @@ public CustomAudienceWithoutGetExceptionValidationOverrideError( StackFrame stackFrame, IList? tokenAudiences, IList? validAudiences, - ValidationFailureType? failureType = null, Exception? innerException = null) : - base(messageDetail, exceptionType, stackFrame, tokenAudiences, validAudiences, failureType, innerException) + base(messageDetail, ValidationFailureType.AudienceValidationFailed, exceptionType, stackFrame, tokenAudiences, validAudiences, innerException) { } } @@ -117,13 +116,13 @@ private class LifetimeValidationFailure : ValidationFailureType { internal Lifet public CustomLifetimeValidationError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, DateTime? notBefore, DateTime? expires, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, notBefore, expires, validationFailureType, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, notBefore, expires) { } @@ -145,13 +144,13 @@ internal class CustomLifetimeWithoutGetExceptionValidationOverrideError : Lifeti { public CustomLifetimeWithoutGetExceptionValidationOverrideError( MessageDetail messageDetail, + ValidationFailureType validationFailureType, Type exceptionType, StackFrame stackFrame, DateTime? notBefore, DateTime? expires, - ValidationFailureType? validationFailureType = null, Exception? innerException = null) - : base(messageDetail, exceptionType, stackFrame, notBefore, expires, validationFailureType, innerException) + : base(messageDetail, validationFailureType, exceptionType, stackFrame, notBefore, expires, innerException) { } } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs index d64678ed44..3c55debd4b 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AlgorithmValidationResultTests.cs @@ -66,9 +66,9 @@ public static TheoryData AlgorithmValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, // StackFrame - ValidationFailureType.NullArgument), + null), // StackFrame }, new AlgorithmTheoryData { @@ -85,9 +85,9 @@ public static TheoryData AlgorithmValidationTestCases new MessageDetail( LogMessages.IDX10696, LogHelper.MarkAsNonPII(SecurityAlgorithms.Sha256)), + ValidationFailureType.AlgorithmValidationFailed, typeof(SecurityTokenInvalidAlgorithmException), - null,// StackFrame - ValidationFailureType.AlgorithmValidationFailed), + null), // StackFrame }, new AlgorithmTheoryData { diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs index 2576f8908c..b2e0eecfbe 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/AudienceValidationResultTests.cs @@ -72,9 +72,9 @@ public static TheoryData ValidateAudienceParameter ValidationParameters = null, Result = new ValidationError( MessageDetail.NullParameter("validationParameters"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new AudienceValidationTheoryData("AudiencesNull") { @@ -82,9 +82,9 @@ public static TheoryData ValidateAudienceParameter ExpectedException = ExpectedException.SecurityTokenArgumentNullException("IDX10000:"), Result = new ValidationError( MessageDetail.NullParameter("tokenAudiences"), + ValidationFailureType.NullArgument, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.NullArgument) + null) }, new AudienceValidationTheoryData("AudiencesEmptyList") { @@ -95,9 +95,9 @@ public static TheoryData ValidateAudienceParameter new MessageDetail( LogMessages.IDX10206, null), + ValidationFailureType.NoTokenAudiencesProvided, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.NoTokenAudiencesProvided) + null) }, new AudienceValidationTheoryData("AudiencesEmptyString") { @@ -110,9 +110,9 @@ public static TheoryData ValidateAudienceParameter LogMessages.IDX10215, LogHelper.MarkAsNonPII(string.Empty), LogHelper.MarkAsNonPII("audience1")), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("AudiencesWhiteSpace") { @@ -125,9 +125,9 @@ public static TheoryData ValidateAudienceParameter LogMessages.IDX10215, LogHelper.MarkAsNonPII(" "), LogHelper.MarkAsNonPII("audience1")), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, }; @@ -216,9 +216,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience2)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_AudiencesValidAudienceWithSlashNotMatched") { @@ -232,9 +232,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience2Slash)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_AudiencesWithSlashValidAudienceSameLengthNotMatched") { @@ -247,9 +247,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience2Slash), LogHelper.MarkAsNonPII(audience1)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_ValidAudienceWithSlash_IgnoreTrailingSlashFalse") { @@ -262,9 +262,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience1Slash)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Valid_ValidAudienceWithSlash_IgnoreTrailingSlashTrue") { @@ -284,9 +284,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(commaAudience1Slash)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Valid_ValidAudiencesWithSlash_IgnoreTrailingSlashTrue") { @@ -306,9 +306,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience1 + "A")), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_ValidAudienceWithDoubleSlash_IgnoreTrailingSlashTrue") { @@ -321,9 +321,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(audience1 + "//")), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_ValidAudiencesWithDoubleSlash_IgnoreTrailingSlashTrue") { @@ -336,9 +336,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1), LogHelper.MarkAsNonPII(commaAudience1 + "//")), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_TokenAudienceWithSlash_IgnoreTrailingSlashFalse") { @@ -351,9 +351,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1Slash), LogHelper.MarkAsNonPII(audience1)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Valid_TokenAudienceWithSlash_IgnoreTrailingSlashTrue") { @@ -373,9 +373,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience2Slash), LogHelper.MarkAsNonPII(audience1)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Invalid_TokenAudiencesWithSlash_IgnoreTrailingSlashFalse") { @@ -388,9 +388,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1Slash), LogHelper.MarkAsNonPII(audience1)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("Valid_TokenAudiencesWithSlash_IgnoreTrailingSlashTrue") { @@ -410,9 +410,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1Slash), LogHelper.MarkAsNonPII(commaAudience2)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) }, new AudienceValidationTheoryData("TokenAudienceWithTwoSlashesVPTrue") { @@ -425,9 +425,9 @@ public static TheoryData ValidateAudienceTestCases LogMessages.IDX10215, LogHelper.MarkAsNonPII(commaAudience1 + "//"), LogHelper.MarkAsNonPII(audience1)), + ValidationFailureType.AudienceValidationFailed, typeof(SecurityTokenInvalidAudienceException), - null, - ValidationFailureType.AudienceValidationFailed) + null) } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs index e437f53384..e16148631e 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/IssuerValidationResultTests.cs @@ -75,9 +75,9 @@ public static TheoryData IssuerValdationResul LogHelper.MarkAsNonPII(validIssuer), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(null)), LogHelper.MarkAsNonPII(null)), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - null, - ValidationFailureType.IssuerValidationFailed), + null), SecurityToken = JsonUtilities.CreateUnsignedJsonWebToken(JwtRegisteredClaimNames.Iss, issClaim), ValidationParameters = new ValidationParameters() }); @@ -90,9 +90,9 @@ public static TheoryData IssuerValdationResul new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), SecurityToken = JsonUtilities.CreateUnsignedJsonWebToken(JwtRegisteredClaimNames.Iss, issClaim), ValidationParameters = null }); @@ -105,9 +105,9 @@ public static TheoryData IssuerValdationResul new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), SecurityToken = null, ValidationParameters = new ValidationParameters() }); @@ -142,9 +142,9 @@ public static TheoryData IssuerValdationResul LogHelper.MarkAsNonPII(issClaim), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validIssuers)), LogHelper.MarkAsNonPII(null)), + ValidationFailureType.IssuerValidationFailed, typeof(SecurityTokenInvalidIssuerException), - null, - ValidationFailureType.IssuerValidationFailed), + null), SecurityToken = JsonUtilities.CreateUnsignedJsonWebToken(JwtRegisteredClaimNames.Iss, issClaim), ValidationParameters = new ValidationParameters(), ValidIssuerToAdd = validIssuer diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs index 846c3d3edd..76eacd288d 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/LifetimeValidationResultTests.cs @@ -106,9 +106,9 @@ public static TheoryData ValidateLifetimeTestCases ValidationParameters = null, Result = new ValidationError( new MessageDetail(LogMessages.IDX10000, "validationParameters"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new ValidateLifetimeTheoryData("Invalid_ExpiresIsNull") { @@ -117,9 +117,9 @@ public static TheoryData ValidateLifetimeTestCases ValidationParameters = new ValidationParameters() { TimeProvider = timeProvider }, Result = new ValidationError( new MessageDetail(LogMessages.IDX10225, "null"), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNoExpirationException), - null, - ValidationFailureType.LifetimeValidationFailed), + null), }, new ValidateLifetimeTheoryData("Invalid_NotBeforeIsAfterExpires") { @@ -132,9 +132,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10224, LogHelper.MarkAsNonPII(oneHourFromNow), LogHelper.MarkAsNonPII(oneHourAgo)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenInvalidLifetimeException), - null, - ValidationFailureType.LifetimeValidationFailed), + null), }, new ValidateLifetimeTheoryData("Invalid_NotYetValid") { @@ -147,9 +147,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10222, LogHelper.MarkAsNonPII(oneHourFromNow), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNotYetValidException), - null, - ValidationFailureType.LifetimeValidationFailed), + null), }, new ValidateLifetimeTheoryData("Invalid_Expired") { @@ -162,9 +162,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10223, LogHelper.MarkAsNonPII(oneHourAgo), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenExpiredException), - null, - ValidationFailureType.LifetimeValidationFailed), + null), }, new ValidateLifetimeTheoryData("Invalid_NotYetValid_SkewForward") { @@ -180,9 +180,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10222, LogHelper.MarkAsNonPII(sixMinutesFromNow), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenNotYetValidException), - null, - ValidationFailureType.LifetimeValidationFailed), + null), }, new ValidateLifetimeTheoryData("Invalid_Expired_SkewBackward") { @@ -198,9 +198,9 @@ public static TheoryData ValidateLifetimeTestCases LogMessages.IDX10223, LogHelper.MarkAsNonPII(sixMinutesAgo), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.LifetimeValidationFailed, typeof(SecurityTokenExpiredException), - null, - ValidationFailureType.LifetimeValidationFailed), + null), } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs index 7900b4f43f..5759e055eb 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ReplayValidationResultTests.cs @@ -89,9 +89,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new TokenReplayTheoryData { @@ -104,9 +104,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new TokenReplayTheoryData { @@ -119,9 +119,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new TokenReplayTheoryData { @@ -141,9 +141,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10227, LogHelper.MarkAsUnsafeSecurityArtifact("token", t => t.ToString())), + ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - null, - ValidationFailureType.TokenReplayValidationFailed), + null), }, new TokenReplayTheoryData { @@ -163,9 +163,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10228, LogHelper.MarkAsUnsafeSecurityArtifact("token", t => t.ToString())), + ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - null, - ValidationFailureType.TokenReplayValidationFailed), + null), }, new TokenReplayTheoryData { @@ -185,9 +185,9 @@ public static TheoryData TokenReplayValidationTestCases new MessageDetail( LogMessages.IDX10229, LogHelper.MarkAsUnsafeSecurityArtifact("token", t => t.ToString())), + ValidationFailureType.TokenReplayValidationFailed, typeof(SecurityTokenReplayDetectedException), - null, - ValidationFailureType.TokenReplayValidationFailed), + null), } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs index 49ac465950..932d521595 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/SigningKeyValidationResultTests.cs @@ -75,9 +75,9 @@ public static TheoryData SigningKeyValidationTes ValidationParameters = new ValidationParameters(){ TimeProvider = timeProvider }, Result = new ValidationError( new MessageDetail(LogMessages.IDX10253), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.SigningKeyValidationFailed), + null), }, new SigningKeyValidationTheoryData { @@ -90,9 +90,9 @@ public static TheoryData SigningKeyValidationTes new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new SigningKeyValidationTheoryData { @@ -105,9 +105,9 @@ public static TheoryData SigningKeyValidationTes new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument), + null), }, new SigningKeyValidationTheoryData { @@ -121,9 +121,9 @@ public static TheoryData SigningKeyValidationTes LogMessages.IDX10249, LogHelper.MarkAsNonPII(utcExpired), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - null, - ValidationFailureType.SigningKeyValidationFailed), + null), }, new SigningKeyValidationTheoryData { @@ -137,9 +137,9 @@ public static TheoryData SigningKeyValidationTes LogMessages.IDX10248, LogHelper.MarkAsNonPII(utcNotYetValid), LogHelper.MarkAsNonPII(utcNow)), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenInvalidSigningKeyException), - null, - ValidationFailureType.SigningKeyValidationFailed), + null), }, new SigningKeyValidationTheoryData { @@ -150,9 +150,9 @@ public static TheoryData SigningKeyValidationTes ValidationParameters = new ValidationParameters() { TimeProvider = timeProvider }, Result = new ValidationError( new MessageDetail(LogMessages.IDX10253), + ValidationFailureType.SigningKeyValidationFailed, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.SigningKeyValidationFailed), + null), }, }; diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs index d5070555de..ca77e6ca35 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/TokenTypeValidationResultTests.cs @@ -84,9 +84,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("securityToken")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new TokenTypeTheoryData { @@ -99,9 +99,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10000, LogHelper.MarkAsNonPII("validationParameters")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }, new TokenTypeTheoryData { @@ -115,9 +115,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10256, LogHelper.MarkAsNonPII("type")), + ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), - null, - ValidationFailureType.TokenTypeValidationFailed) + null) }, new TokenTypeTheoryData { @@ -131,9 +131,9 @@ public static TheoryData TokenTypeValidationTestCases new MessageDetail( LogMessages.IDX10256, LogHelper.MarkAsNonPII("type")), + ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), - null, - ValidationFailureType.TokenTypeValidationFailed) + null) }, new TokenTypeTheoryData { @@ -148,9 +148,9 @@ public static TheoryData TokenTypeValidationTestCases LogMessages.IDX10257, LogHelper.MarkAsNonPII("type"), LogHelper.MarkAsNonPII(Utility.SerializeAsSingleCommaDelimitedString(validTypesNoJwt))), + ValidationFailureType.TokenTypeValidationFailed, typeof(SecurityTokenInvalidTypeException), - null, - ValidationFailureType.TokenTypeValidationFailed) + null) } }; } diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs index 0dc49f6326..03915c766c 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/Validation/ValidationErrorTests.cs @@ -41,9 +41,9 @@ public ValidationError ThirdMethod() { return new ValidationError( new MessageDetail("This is a test error"), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - ValidationError.GetCurrentStackFrame(), - ValidationFailureType.NullArgument); + ValidationError.GetCurrentStackFrame()); } } } From 358dfa3504c1cf7d3625d605bfa28f49977f9073 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Thu, 21 Nov 2024 12:21:13 +0000 Subject: [PATCH 09/10] Removed optionality of ValidationFailureType and moved it back to the required fields --- .../Saml2SecurityTokenHandlerTests.ReadToken.cs | 12 ++++++------ .../SamlSecurityTokenHandlerTests.ReadToken.cs | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs index 92e63a4d0b..d51f1f0c3b 100644 --- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.ReadToken.cs @@ -63,9 +63,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }); theoryData.Add(new TokenReadingTheoryData("Invalid_EmptyToken") @@ -76,9 +76,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }); theoryData.Add(new TokenReadingTheoryData("Invalid_MalformedToken") @@ -87,9 +87,9 @@ public static TheoryData ReadTokenTestCases ExpectedException = ExpectedException.Saml2SecurityTokenReadException("IDX13003:", inner: typeof(Saml2SecurityTokenReadException)), Result = new ValidationError( new MessageDetail(LogMessages.IDX13003, "exception message"), + ValidationFailureType.TokenReadingFailed, typeof(Saml2SecurityTokenReadException), - null, - ValidationFailureType.TokenReadingFailed), + null), }); return theoryData; diff --git a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs index e4ac401b0a..a62c5c4938 100644 --- a/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs +++ b/test/Microsoft.IdentityModel.Tokens.Saml.Tests/SamlSecurityTokenHandlerTests.ReadToken.cs @@ -63,9 +63,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }); theoryData.Add(new TokenReadingTheoryData("Invalid_EmptyToken") @@ -76,9 +76,9 @@ public static TheoryData ReadTokenTestCases new MessageDetail( TokenLogMessages.IDX10000, LogHelper.MarkAsNonPII("token")), + ValidationFailureType.NullArgument, typeof(SecurityTokenArgumentNullException), - null, - ValidationFailureType.NullArgument) + null) }); theoryData.Add(new TokenReadingTheoryData("Invalid_MalformedToken") @@ -87,9 +87,9 @@ public static TheoryData ReadTokenTestCases ExpectedException = ExpectedException.SamlSecurityTokenReadException("IDX11402:", inner: typeof(SamlSecurityTokenReadException)), Result = new ValidationError( new MessageDetail(LogMessages.IDX11402, "exception message"), + ValidationFailureType.TokenReadingFailed, typeof(SamlSecurityTokenReadException), - null, - ValidationFailureType.TokenReadingFailed), + null), }); return theoryData; From d6519d0569a806e279d9b10808d91bd43a0b3946 Mon Sep 17 00:00:00 2001 From: Ignacio Inglese Date: Thu, 21 Nov 2024 12:38:26 +0000 Subject: [PATCH 10/10] Addressed PR feedback. --- .../InternalAPI.Unshipped.txt | 6 ++---- .../Results/Details/AudienceValidationError.cs | 4 ++-- .../Results/Details/LifetimeValidationError.cs | 14 ++++++-------- 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt index c66d945594..23c18b30a7 100644 --- a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt +++ b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt @@ -20,11 +20,9 @@ Microsoft.IdentityModel.Tokens.IssuerValidationError.InvalidIssuer.get -> string Microsoft.IdentityModel.Tokens.IssuerValidationError.IssuerValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidIssuer, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.IssuerValidationSource.IssuerMatchedConfiguration = 1 -> Microsoft.IdentityModel.Tokens.IssuerValidationSource Microsoft.IdentityModel.Tokens.IssuerValidationSource.IssuerMatchedValidationParameters = 2 -> Microsoft.IdentityModel.Tokens.IssuerValidationSource -Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.get -> System.DateTime -Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.set -> void +Microsoft.IdentityModel.Tokens.LifetimeValidationError.Expires.get -> System.DateTime? Microsoft.IdentityModel.Tokens.LifetimeValidationError.LifetimeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.DateTime? notBefore, System.DateTime? expires, System.Exception innerException = null) -> void -Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.get -> System.DateTime -Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.set -> void +Microsoft.IdentityModel.Tokens.LifetimeValidationError.NotBefore.get -> System.DateTime? Microsoft.IdentityModel.Tokens.TokenTypeValidationError Microsoft.IdentityModel.Tokens.TokenTypeValidationError.TokenTypeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidTokenType, System.Exception innerException = null) -> void Microsoft.IdentityModel.Tokens.TokenTypeValidationError._invalidTokenType -> string diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs index af7ce4708e..4c6dbd42c3 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/AudienceValidationError.cs @@ -41,8 +41,8 @@ internal override Exception GetException() return base.GetException(ExceptionType, null); } - protected IList? TokenAudiences { get; set; } - protected IList? ValidAudiences { get; set; } + protected IList? TokenAudiences { get; } + protected IList? ValidAudiences { get; } } } #nullable restore diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs index 26e1676b3e..f193985d81 100644 --- a/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs +++ b/src/Microsoft.IdentityModel.Tokens/Validation/Results/Details/LifetimeValidationError.cs @@ -20,10 +20,8 @@ public LifetimeValidationError( : base(messageDetail, validationFailureType, exceptionType, stackFrame, innerException) { - if (notBefore.HasValue) - NotBefore = notBefore.Value; - if (expires.HasValue) - Expires = expires.Value; + NotBefore = notBefore; + Expires = expires; } /// @@ -52,7 +50,7 @@ internal override Exception GetException() { var exception = new SecurityTokenNotYetValidException(MessageDetail.Message, InnerException) { - NotBefore = NotBefore + NotBefore = (DateTime)NotBefore! }; exception.SetValidationError(this); return exception; @@ -61,7 +59,7 @@ internal override Exception GetException() { var exception = new SecurityTokenExpiredException(MessageDetail.Message, InnerException) { - Expires = Expires + Expires = (DateTime)Expires! }; exception.SetValidationError(this); return exception; @@ -70,9 +68,9 @@ internal override Exception GetException() return base.GetException(ExceptionType, null); } - protected DateTime NotBefore { get; set; } + protected DateTime? NotBefore { get; } - protected DateTime Expires { get; set; } + protected DateTime? Expires { get; } } } #nullable restore