Skip to content

Commit

Permalink
Handle the case where the issuer signing key validator throws an exce…
Browse files Browse the repository at this point in the history 
…ption
  • Loading branch information
@iNinja
iNinja committed Nov 20, 2024
1 parent ad1e0bd commit f7b0db7
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 23 deletions.
24 changes: 19 additions & 5 deletions src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,13 +353,27 @@ await ValidateJWSAsync(actorToken, actorParameters, configuration, callContext,
return signatureValidationResult.UnwrapError().AddStackFrame(signatureValidationFailureStackFrame);
}

ValidationResult<ValidatedSigningKeyLifetime> issuerSigningKeyValidationResult =
validationParameters.IssuerSigningKeyValidator(
ValidationResult<ValidatedSigningKeyLifetime> issuerSigningKeyValidationResult;

try
{
issuerSigningKeyValidationResult = validationParameters.IssuerSigningKeyValidator(
jsonWebToken.SigningKey, jsonWebToken, validationParameters, configuration, callContext);
if (!issuerSigningKeyValidationResult.IsValid)

if (!issuerSigningKeyValidationResult.IsValid)
return issuerSigningKeyValidationResult.UnwrapError().AddCurrentStackFrame();
}
#pragma warning disable CA1031 // Do not catch general exception types
catch (Exception ex)
#pragma warning restore CA1031 // Do not catch general exception types
{
StackFrame issuerSigningKeyValidationFailureStackFrame = StackFrames.IssuerSigningKeyValidationFailed ??= new StackFrame(true);
return issuerSigningKeyValidationResult.UnwrapError().AddStackFrame(issuerSigningKeyValidationFailureStackFrame);
return new IssuerSigningKeyValidationError(
new MessageDetail(TokenLogMessages.IDX10274),
typeof(SecurityTokenInvalidSigningKeyException),
ValidationError.GetCurrentStackFrame(),
jsonWebToken.SigningKey,
ValidationFailureType.IssuerSigningKeyValidatorThrew,
ex);
}

return new ValidatedToken(jsonWebToken, this, validationParameters)
Expand Down
33 changes: 24 additions & 9 deletions ...crosoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.ValidateToken.Internal.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

using System;
using System.Diagnostics;
using System.Linq;
using System.Threading;
Expand Down Expand Up @@ -86,17 +87,31 @@ internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
return signatureValidationResult.UnwrapError().AddStackFrame(StackFrames.SignatureValidationFailed);
}

ValidationResult<ValidatedSigningKeyLifetime> issuerSigningKeyValidationResult = validationParameters.IssuerSigningKeyValidator(
samlToken.SigningKey,
samlToken,
validationParameters,
null,
callContext);
ValidationResult<ValidatedSigningKeyLifetime> issuerSigningKeyValidationResult;

if (!issuerSigningKeyValidationResult.IsValid)
try
{
issuerSigningKeyValidationResult = validationParameters.IssuerSigningKeyValidator(
samlToken.SigningKey,
samlToken,
validationParameters,
null,
callContext);

if (!issuerSigningKeyValidationResult.IsValid)
return issuerSigningKeyValidationResult.UnwrapError().AddCurrentStackFrame();
}
#pragma warning disable CA1031 // Do not catch general exception types
catch (Exception ex)
#pragma warning restore CA1031 // Do not catch general exception types
{
StackFrames.IssuerSigningKeyValidationFailed ??= new StackFrame(true);
return issuerSigningKeyValidationResult.UnwrapError().AddStackFrame(StackFrames.IssuerSigningKeyValidationFailed);
return new IssuerSigningKeyValidationError(
new MessageDetail(Tokens.LogMessages.IDX10274),
typeof(SecurityTokenInvalidSigningKeyException),
ValidationError.GetCurrentStackFrame(),
samlToken.SigningKey,
ValidationFailureType.IssuerSigningKeyValidatorThrew,
ex);
}

return new ValidatedToken(samlToken, this, validationParameters);
Expand Down
33 changes: 24 additions & 9 deletions ...osoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.ValidateToken.Internal.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Threading;
Expand Down Expand Up @@ -89,17 +90,31 @@ internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
return signatureValidationResult.UnwrapError().AddStackFrame(StackFrames.SignatureValidationFailed);
}

var issuerSigningKeyValidationResult = validationParameters.IssuerSigningKeyValidator(
samlToken.SigningKey,
samlToken,
validationParameters,
null,
callContext);
ValidationResult<ValidatedSigningKeyLifetime> issuerSigningKeyValidationResult;

if (!issuerSigningKeyValidationResult.IsValid)
try
{
issuerSigningKeyValidationResult = validationParameters.IssuerSigningKeyValidator(
samlToken.SigningKey,
samlToken,
validationParameters,
null,
callContext);

if (!issuerSigningKeyValidationResult.IsValid)
return issuerSigningKeyValidationResult.UnwrapError().AddCurrentStackFrame();
}
#pragma warning disable CA1031 // Do not catch general exception types
catch (Exception ex)
#pragma warning restore CA1031 // Do not catch general exception types
{
StackFrames.IssuerSigningKeyValidationFailed ??= new StackFrame(true);
return issuerSigningKeyValidationResult.UnwrapError().AddStackFrame(StackFrames.IssuerSigningKeyValidationFailed);
return new IssuerSigningKeyValidationError(
new MessageDetail(Tokens.LogMessages.IDX10274),
typeof(SecurityTokenInvalidSigningKeyException),
ValidationError.GetCurrentStackFrame(),
samlToken.SigningKey,
ValidationFailureType.IssuerSigningKeyValidatorThrew,
ex);
}

return new ValidatedToken(samlToken, this, validationParameters);
Expand Down

0 comments on commit f7b0db7

Please sign in to comment.