-
Notifications
You must be signed in to change notification settings - Fork 400
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cloud instance name validation (#2804)
* Added EnableAadSigningKeyValidation extension method to include cloud instance validation * Added tests to validate cloud instance validation * Added tests to check that Issuer valdiation is still used * SecurityTokenInvalidCloudInstanceException extends SecurityTokenInvalidSigningKeyException and used Ordinal string comparison * Removed duplicated tests * Suppress the obsolete warning CS0618 * Rid of cloudInstanceName parameter for extension method * Extracted conditions to improve readability * call ValidateSigningKeyCloudInstanceName before custom delegates * Reverted changes in JsonWebTokenHandler.ValidateSignatureTests.cs * Renamed exception * Added GetJsonWebKeyBySecurityKey that using a loop to find a key * Renamed CloudInstanceName to CloudInstance for public members * Reverted renaming of ValidateIssuerSigningKeyTests to avoid breaking changes * Fix tests by create new instance of TokenValidationParameters in order to avoid a cycling. * Assigned delegates properly to avoid infinite recursion --------- Co-authored-by: Alex Holub <alexholub@microsoft.com>
- Loading branch information
1 parent
a9380ab
commit f0d09d4
Showing
7 changed files
with
525 additions
and
79 deletions.
There are no files selected for viewing
107 changes: 107 additions & 0 deletions
107
src/Microsoft.IdentityModel.Tokens/Exceptions/SecurityTokenInvalidCloudInstanceException.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT License. | ||
|
||
using System; | ||
using System.Runtime.Serialization; | ||
|
||
namespace Microsoft.IdentityModel.Tokens | ||
{ | ||
/// <summary> | ||
/// This exception is thrown when the cloud instance of the signing key was not matched with the cloud instance from configuration. | ||
/// </summary> | ||
[Serializable] | ||
public class SecurityTokenInvalidCloudInstanceException : SecurityTokenInvalidSigningKeyException | ||
{ | ||
[NonSerialized] | ||
const string _Prefix = "Microsoft.IdentityModel." + nameof(SecurityTokenInvalidCloudInstanceException) + "."; | ||
|
||
[NonSerialized] | ||
const string _SigningKeyCloudInstanceNameKey = _Prefix + nameof(SigningKeyCloudInstanceName); | ||
|
||
[NonSerialized] | ||
const string _ConfigurationCloudInstanceNameKey = _Prefix + nameof(ConfigurationCloudInstanceName); | ||
|
||
/// <summary> | ||
/// Gets or sets the cloud instance name of the signing key that created the validation exception. | ||
/// </summary> | ||
public string SigningKeyCloudInstanceName { get; set; } | ||
|
||
/// <summary> | ||
/// Gets or sets the cloud instance name from the configuration that did not match the cloud instance name of the signing key. | ||
/// </summary> | ||
public string ConfigurationCloudInstanceName { get; set; } | ||
|
||
/// <summary> | ||
/// Initializes a new instance of the <see cref="SecurityTokenInvalidCloudInstanceException"/> class. | ||
/// </summary> | ||
public SecurityTokenInvalidCloudInstanceException() | ||
: base() | ||
{ | ||
} | ||
|
||
/// <summary> | ||
/// Initializes a new instance of the <see cref="SecurityTokenInvalidCloudInstanceException"/> class. | ||
/// </summary> | ||
/// <param name="message">Addtional information to be included in the exception and displayed to user.</param> | ||
public SecurityTokenInvalidCloudInstanceException(string message) | ||
: base(message) | ||
{ | ||
} | ||
|
||
/// <summary> | ||
/// Initializes a new instance of the <see cref="SecurityTokenInvalidCloudInstanceException"/> class. | ||
/// </summary> | ||
/// <param name="message">Addtional information to be included in the exception and displayed to user.</param> | ||
/// <param name="innerException">A <see cref="Exception"/> that represents the root cause of the exception.</param> | ||
public SecurityTokenInvalidCloudInstanceException(string message, Exception innerException) | ||
: base(message, innerException) | ||
{ | ||
} | ||
|
||
/// <summary> | ||
/// Initializes a new instance of the <see cref="SecurityTokenInvalidCloudInstanceException"/> class. | ||
/// </summary> | ||
/// <param name="info">the <see cref="SerializationInfo"/> that holds the serialized object data.</param> | ||
/// <param name="context">The contextual information about the source or destination.</param> | ||
#if NET8_0_OR_GREATER | ||
[Obsolete("Formatter-based serialization is obsolete", DiagnosticId = "SYSLIB0051")] | ||
#endif | ||
protected SecurityTokenInvalidCloudInstanceException(SerializationInfo info, StreamingContext context) | ||
: base(info, context) | ||
{ | ||
SerializationInfoEnumerator enumerator = info.GetEnumerator(); | ||
while (enumerator.MoveNext()) | ||
{ | ||
switch (enumerator.Name) | ||
{ | ||
case _SigningKeyCloudInstanceNameKey: | ||
SigningKeyCloudInstanceName = info.GetString(_SigningKeyCloudInstanceNameKey); | ||
break; | ||
|
||
case _ConfigurationCloudInstanceNameKey: | ||
ConfigurationCloudInstanceName = info.GetString(_ConfigurationCloudInstanceNameKey); | ||
break; | ||
|
||
default: | ||
// Ignore other fields. | ||
break; | ||
} | ||
} | ||
} | ||
|
||
/// <inheritdoc/> | ||
#if NET8_0_OR_GREATER | ||
[Obsolete("Formatter-based serialization is obsolete", DiagnosticId = "SYSLIB0051")] | ||
#endif | ||
public override void GetObjectData(SerializationInfo info, StreamingContext context) | ||
{ | ||
base.GetObjectData(info, context); | ||
|
||
if (!string.IsNullOrEmpty(SigningKeyCloudInstanceName)) | ||
info.AddValue(_SigningKeyCloudInstanceNameKey, SigningKeyCloudInstanceName); | ||
|
||
if (!string.IsNullOrEmpty(ConfigurationCloudInstanceName)) | ||
info.AddValue(_ConfigurationCloudInstanceNameKey, ConfigurationCloudInstanceName); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.