Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] x5c property is empty in JwtHeader after reading a JWT containing x5c in its header #2447

Closed
1 of 14 tasks
xatzipe opened this issue Jan 15, 2024 · 0 comments · Fixed by #2460
Closed
1 of 14 tasks

[Bug] x5c property is empty in JwtHeader after reading a JWT containing x5c in its header #2447

xatzipe opened this issue Jan 15, 2024 · 0 comments · Fixed by #2460
Assignees
@keegan-caruso
Labels
Bug Product is not functioning as expected Regression
Milestone
7.3.0

Comments

@xatzipe
Copy link

xatzipe commented Jan 15, 2024

Which version of Microsoft.IdentityModel are you using?

System.IdentityModel.Tokens.Jwt 7.2.0

Where is the issue?

  • M.IM.JsonWebTokens
  • M.IM.KeyVaultExtensions
  • M.IM.Logging
  • M.IM.ManagedKeyVaultSecurityKey
  • M.IM.Protocols
  • M.IM.Protocols.OpenIdConnect
  • M.IM.Protocols.SignedHttpRequest
  • M.IM.Protocols.WsFederation
  • M.IM.TestExtensions
  • M.IM.Tokens
  • M.IM.Tokens.Saml
  • M.IM.Validators
  • M.IM.Xml
  • S.IM.Tokens.Jwt
  • Other (please describe)

Is this a new or an existing app?

Repro

        X509Certificate2 cert = CertificateFixture.GetP256Certificate("dummy-cert").Certificate;
        SecurityKey privateSecurityKey = new ECDsaSecurityKey(cert.GetECDsaPrivateKey());
        SigningCredentials signingCredentials = new SigningCredentials(privateSecurityKey, SecurityAlgorithms.EcdsaSha256);
        JwtHeader header = new JwtHeader(signingCredentials);

        X509Chain ch = new X509Chain();
        ch.Build(cert);
        List<string> x5CArray = ch.ChainElements
            .Select(element => Convert.ToBase64String(element.Certificate.Export(X509ContentType.Cert)))
            .ToList();
        header.Add(JwtHeaderParameterNames.X5c, x5CArray);

        var payload = new JwtPayload();

        SecurityToken securityToken = new JwtSecurityToken(header, payload);
        JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
        string jwt = tokenHandler.WriteToken(securityToken);
        
        
        JwtSecurityToken token = tokenHandler.ReadJwtToken(jwt);
        string x5C = token.Header.X5c;
        Assert.False(x5C.IsNullOrEmpty());

Expected behavior
X5c property should return a string which contains a JSON array of the x5c header

Actual behavior
X5c property is null

Possible solution

Until version 6.35.0 x5c property was working property. After that, the internal method GetStandardClaim of the JwtHeader class was modified and stopped working.

In the new version, non string values are not handled and by default string.empty is returned. The value of x5c header at that point is List<string>

Additional context / logs / screenshots / links to code

JwtHeader->GetStandardClaim

Add any other context about the problem here, such as logs and screenshots or links to code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@keegan-caruso keegan-caruso

Labels
Bug Product is not functioning as expected Regression
Projects
None yet
Milestone
7.3.0
Development

Successfully merging a pull request may close this issue.

Fix empty x5c header on JwtHeader AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
2 participants
@xatzipe @keegan-caruso