From c2fc34e028150b200ba958637edea1640f2ccd93 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Mon, 1 Sep 2025 09:26:54 +0300 Subject: [PATCH] Github Analyze fixes WE2-965 Signed-off-by: Sven Mitt --- .../AuthTokenValidationConfigurationTests.cs | 2 +- .../AuthTokenValidatorBuilderTest.cs | 2 +- .../AuthTokenValidationConfiguration.cs | 23 +++++++++---------- .../Validator/Ocsp/Service/AiaOcspService.cs | 4 ++-- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/WebEid.Security.Tests/Validator/AuthTokenValidationConfigurationTests.cs b/src/WebEid.Security.Tests/Validator/AuthTokenValidationConfigurationTests.cs index ce4ff3d..e44842b 100644 --- a/src/WebEid.Security.Tests/Validator/AuthTokenValidationConfigurationTests.cs +++ b/src/WebEid.Security.Tests/Validator/AuthTokenValidationConfigurationTests.cs @@ -39,7 +39,7 @@ public void AuthTokenValidationConfigurationWithoutSiteOriginThrowsArgumentExcep { var configuration = new AuthTokenValidationConfiguration(); Assert.Throws(() => configuration.Validate()) - .WithMessage("Value cannot be null. (Parameter 'SiteOrigin')"); + .WithMessage("Value cannot be null. (Parameter 'siteOrigin')"); } [Test] diff --git a/src/WebEid.Security.Tests/Validator/AuthTokenValidatorBuilderTest.cs b/src/WebEid.Security.Tests/Validator/AuthTokenValidatorBuilderTest.cs index 58e9467..73c3478 100644 --- a/src/WebEid.Security.Tests/Validator/AuthTokenValidatorBuilderTest.cs +++ b/src/WebEid.Security.Tests/Validator/AuthTokenValidatorBuilderTest.cs @@ -36,7 +36,7 @@ public class AuthTokenValidatorBuilderTest [Test] public void WhenOriginMissingThenBuildingFails() => Assert.Throws(() => this.builder.Build()) - .WithMessage("Value cannot be null. (Parameter 'SiteOrigin')"); + .WithMessage("Value cannot be null. (Parameter 'siteOrigin')"); [Test] public void WhenRootCertificateAuthorityMissingThenBuildingFails() diff --git a/src/WebEid.Security/Validator/AuthTokenValidationConfiguration.cs b/src/WebEid.Security/Validator/AuthTokenValidationConfiguration.cs index c5498b0..8decf17 100644 --- a/src/WebEid.Security/Validator/AuthTokenValidationConfiguration.cs +++ b/src/WebEid.Security/Validator/AuthTokenValidationConfiguration.cs @@ -107,11 +107,6 @@ private AuthTokenValidationConfiguration(AuthTokenValidationConfiguration other) private static void RequirePositiveTimeSpan(TimeSpan timeSpan, string fieldName) { - if (timeSpan == null) - { - throw new ArgumentNullException($"{fieldName} must not be null"); - } - if (timeSpan.IsNegativeOrZero()) { throw new ArgumentOutOfRangeException(nameof(timeSpan), $"{fieldName} must be greater than zero"); @@ -125,9 +120,7 @@ private static void RequirePositiveTimeSpan(TimeSpan timeSpan, string fieldName) /// When required parameters are null public void Validate() { - if (this.SiteOrigin == null) - { throw new ArgumentNullException(nameof(this.SiteOrigin)); } - ValidateIsOriginURL(this.SiteOrigin); + ValidateSiteOriginURL(this.SiteOrigin); if (!this.TrustedCaCertificates.Any()) { throw new ArgumentException("At least one trusted certificate authority must be provided"); } @@ -142,17 +135,23 @@ public void Validate() /// Validates that the given URI is an origin URL as defined in MDN, /// in the form of "://" [ ":" ]]]>. /// - /// URI with origin URL + /// URI with origin URL + /// When siteOrigin parameter is null /// When the URI is not in the form of origin URL - private static void ValidateIsOriginURL(Uri uri) + private static void ValidateSiteOriginURL(Uri siteOrigin) { + if (siteOrigin == null) + { + throw new ArgumentNullException(nameof(siteOrigin)); + } + try { // 1. Verify that the URI can be converted to absolute URL. - if (!uri.IsAbsoluteUri) + if (!siteOrigin.IsAbsoluteUri) { throw new ArgumentException("Provided URI is not a valid URL"); } // 2. Verify that the URI contains only HTTPS scheme, host and optional port components. - if (!new Uri($"https://{uri.Host}:{uri.Port}").Equals(uri)) + if (!new Uri($"https://{siteOrigin.Host}:{siteOrigin.Port}").Equals(siteOrigin)) { throw new ArgumentException("Origin URI must only contain the HTTPS scheme, host and optional port component"); } } catch (InvalidOperationException e) diff --git a/src/WebEid.Security/Validator/Ocsp/Service/AiaOcspService.cs b/src/WebEid.Security/Validator/Ocsp/Service/AiaOcspService.cs index 2799183..bff9f2d 100644 --- a/src/WebEid.Security/Validator/Ocsp/Service/AiaOcspService.cs +++ b/src/WebEid.Security/Validator/Ocsp/Service/AiaOcspService.cs @@ -42,7 +42,7 @@ public AiaOcspService(AiaOcspServiceConfiguration configuration, { throw new ArgumentNullException(nameof(configuration)); } - this.AccessLocation = this.GetOcspAiaUrlFromCertificate(certificate); + this.AccessLocation = GetOcspAiaUrlFromCertificate(certificate); this.trustedCaCertificates = configuration.TrustedCaCertificates; this.DoesSupportNonce = !configuration.NonceDisabledOcspUrls.Contains(this.AccessLocation); } @@ -50,7 +50,7 @@ public AiaOcspService(AiaOcspServiceConfiguration configuration, public bool DoesSupportNonce { get; } public Uri AccessLocation { get; } - private Uri GetOcspAiaUrlFromCertificate(Org.BouncyCastle.X509.X509Certificate certificate) + private static Uri GetOcspAiaUrlFromCertificate(Org.BouncyCastle.X509.X509Certificate certificate) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); }