Make M.IM.Tokens visible to S2S.Tokens #1807
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TimHannMSFT
approved these changes
Feb 14, 2022
cesarpayan
pushed a commit
that referenced
this pull request
May 3, 2022
This reverts commit 5c51220. Adding immediate retry on network failure + better logging during configuation retrieval (#1784) * Adding immediate retry on network failure to the token validation flow using ConfigurationManager (specifically inside of HttpDocumentRetriever) * Adding better logging during configuration retrieval Adding more information on key location to error messages (#1786) rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) update version to 6.15.2 Adding LKG feature into JwtSecurityTokenHandler Adding tests for SignatureValidatorUsingConfiguration address comment add IsRecoverableConfiguration mark metadata address as non-PII Make M.IM.Tokens visible to S2S.Tokens (#1807) added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810) * added the ValidateTokenAsyc() method to all token handlers * implement the ValidateTokenAsync() for JwtSecurityTokenHandler * added the TokenHandler.ReadToken() method * return async result via .ConfigureAwait(false).GetAwaiter().GetResult(), and don't catch general Exception * added expected exceptions to the TokenHandler.cs() and removed CA1031 from GlobalSuppression as we are now caching specific exceptions * added more comments * updated all token handlers to catch the general exception (like in JsonWebTokenHandler) to be consistent * updated comments * always return the first ClaimsIdentity from the ClaimsPrincipal as TokenValidationResult.ClaimsIdentity * return the first identity from the ClaimsPrincipal in Saml2SecurityTokenHandler.ValidateTokenAsync() so it is consistent with Saml1 update version to 6.16.1 (#1811) update patch version after release of 6.16.0 Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added comments to guide ECDH-ES Adding Jwt header params for epk, apu and apv Adding supported algorithms for symmetric keywrap Adding ECDH-ES logic/cases to JsonWebTokenHandler added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 removing extra letter from rebase Adding NET_CORE defined when using netcore 3.1
brentschmaltz
pushed a commit
that referenced
this pull request
May 19, 2022
author Roja Ennam <roennam@microsoft.com> 1650579606 -0700 committer brentschmaltz <brentschmaltz@hotmail.com> 1652933215 -0700 Creating EcdhKeyExchangeProvider Adding target for net core 3.1 This reverts commit 5c51220. Adding immediate retry on network failure + better logging during configuation retrieval (#1784) * Adding immediate retry on network failure to the token validation flow using ConfigurationManager (specifically inside of HttpDocumentRetriever) * Adding better logging during configuration retrieval Adding more information on key location to error messages (#1786) rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) update version to 6.15.2 Adding LKG feature into JwtSecurityTokenHandler Adding tests for SignatureValidatorUsingConfiguration address comment add IsRecoverableConfiguration mark metadata address as non-PII Make M.IM.Tokens visible to S2S.Tokens (#1807) added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810) * added the ValidateTokenAsyc() method to all token handlers * implement the ValidateTokenAsync() for JwtSecurityTokenHandler * added the TokenHandler.ReadToken() method * return async result via .ConfigureAwait(false).GetAwaiter().GetResult(), and don't catch general Exception * added expected exceptions to the TokenHandler.cs() and removed CA1031 from GlobalSuppression as we are now caching specific exceptions * added more comments * updated all token handlers to catch the general exception (like in JsonWebTokenHandler) to be consistent * updated comments * always return the first ClaimsIdentity from the ClaimsPrincipal as TokenValidationResult.ClaimsIdentity * return the first identity from the ClaimsPrincipal in Saml2SecurityTokenHandler.ValidateTokenAsync() so it is consistent with Saml1 update version to 6.16.1 (#1811) update patch version after release of 6.16.0 Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added comments to guide ECDH-ES Adding Jwt header params for epk, apu and apv Adding supported algorithms for symmetric keywrap Adding ECDH-ES logic/cases to JsonWebTokenHandler added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 removing extra letter from rebase Adding NET_CORE defined when using netcore 3.1 Fixing dupe code from rebase onto
cesarpayan
pushed a commit
that referenced
this pull request
May 26, 2022
Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Added custom logger interface (#1823) log cert thumbprint (#1820) * log cert thumbprint * PR feedback Introduced custom log level enum to remove dependency on System.Diagnostics.Tracing.EventLevel in IIdentityLogger (#1843) update version to 6.18.1 Rebase and squash for EcdhEs Creating EcdhKeyExchangeProvider Adding ECDH-ES logic/cases to JsonWebTokenHandler Adding target for net core 3.1 Rebase and squash for EcdhEs Creating EcdhKeyExchangeProvider Adding ECDH-ES logic/cases to JsonWebTokenHandler Adding target for net core 3.1 Revert "Remove deprecated "language" attribute" This reverts commit 5c51220. Adding immediate retry on network failure + better logging during configuation retrieval (#1784) * Adding immediate retry on network failure to the token validation flow using ConfigurationManager (specifically inside of HttpDocumentRetriever) * Adding better logging during configuration retrieval Adding more information on key location to error messages (#1786) rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) update version to 6.15.2 Adding LKG feature into JwtSecurityTokenHandler Adding tests for SignatureValidatorUsingConfiguration address comment add IsRecoverableConfiguration mark metadata address as non-PII Make M.IM.Tokens visible to S2S.Tokens (#1807) added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810) * added the ValidateTokenAsyc() method to all token handlers * implement the ValidateTokenAsync() for JwtSecurityTokenHandler * added the TokenHandler.ReadToken() method * return async result via .ConfigureAwait(false).GetAwaiter().GetResult(), and don't catch general Exception * added expected exceptions to the TokenHandler.cs() and removed CA1031 from GlobalSuppression as we are now caching specific exceptions * added more comments * updated all token handlers to catch the general exception (like in JsonWebTokenHandler) to be consistent * updated comments * always return the first ClaimsIdentity from the ClaimsPrincipal as TokenValidationResult.ClaimsIdentity * return the first identity from the ClaimsPrincipal in Saml2SecurityTokenHandler.ValidateTokenAsync() so it is consistent with Saml1 update version to 6.16.1 (#1811) update patch version after release of 6.16.0 Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added comments to guide ECDH-ES Adding Jwt header params for epk, apu and apv Adding supported algorithms for symmetric keywrap Adding ECDH-ES logic/cases to JsonWebTokenHandler added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 removing extra letter from rebase Adding NET_CORE defined when using netcore 3.1 Fixing dupe code from rebase onto
brentschmaltz
added a commit
that referenced
this pull request
May 29, 2022
author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653793649 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653793452 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653793041 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653792576 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653791972 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer cesarpayan <cesarpayan@microsoft.com> 1653603790 -0700 ECDH-ES rebase and squash rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) Make M.IM.Tokens visible to S2S.Tokens (#1807) Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Added custom logger interface (#1823) log cert thumbprint (#1820) * log cert thumbprint * PR feedback Introduced custom log level enum to remove dependency on System.Diagnostics.Tracing.EventLevel in IIdentityLogger (#1843) update version to 6.18.1 Rebase and squash for EcdhEs Creating EcdhKeyExchangeProvider Adding ECDH-ES logic/cases to JsonWebTokenHandler Adding target for net core 3.1 Rebase and squash for EcdhEs Creating EcdhKeyExchangeProvider Adding ECDH-ES logic/cases to JsonWebTokenHandler Adding target for net core 3.1 Revert "Remove deprecated "language" attribute" This reverts commit 5c51220. Adding immediate retry on network failure + better logging during configuation retrieval (#1784) * Adding immediate retry on network failure to the token validation flow using ConfigurationManager (specifically inside of HttpDocumentRetriever) * Adding better logging during configuration retrieval Adding more information on key location to error messages (#1786) rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) update version to 6.15.2 Adding LKG feature into JwtSecurityTokenHandler Adding tests for SignatureValidatorUsingConfiguration address comment add IsRecoverableConfiguration mark metadata address as non-PII Make M.IM.Tokens visible to S2S.Tokens (#1807) added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810) * added the ValidateTokenAsyc() method to all token handlers * implement the ValidateTokenAsync() for JwtSecurityTokenHandler * added the TokenHandler.ReadToken() method * return async result via .ConfigureAwait(false).GetAwaiter().GetResult(), and don't catch general Exception * added expected exceptions to the TokenHandler.cs() and removed CA1031 from GlobalSuppression as we are now caching specific exceptions * added more comments * updated all token handlers to catch the general exception (like in JsonWebTokenHandler) to be consistent * updated comments * always return the first ClaimsIdentity from the ClaimsPrincipal as TokenValidationResult.ClaimsIdentity * return the first identity from the ClaimsPrincipal in Saml2SecurityTokenHandler.ValidateTokenAsync() so it is consistent with Saml1 update version to 6.16.1 (#1811) update patch version after release of 6.16.0 Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added comments to guide ECDH-ES Adding Jwt header params for epk, apu and apv Adding supported algorithms for symmetric keywrap Adding ECDH-ES logic/cases to JsonWebTokenHandler added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 removing extra letter from rebase Adding NET_CORE defined when using netcore 3.1 Fixing dupe code from rebase onto update version Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) log cert thumbprint (#1820) * log cert thumbprint * PR feedback Introduced custom log level enum to remove dependency on System.Diagnostics.Tracing.EventLevel in IIdentityLogger (#1843) update version to 6.18.1 Fixing dupe code from rebase onto Fixing leftovers from rebase Clean up
brentschmaltz
added a commit
that referenced
this pull request
May 29, 2022
author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653793649 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653793452 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653793041 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653792576 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer brentschmaltz <brentschmaltz@hotmail.com> 1653791972 -0700 parent 9229015 author brentschmaltz <brentschmaltz@hotmail.com> 1641830046 -0800 committer cesarpayan <cesarpayan@microsoft.com> 1653603790 -0700 ECDH-ES rebase and squash rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) Make M.IM.Tokens visible to S2S.Tokens (#1807) Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Added custom logger interface (#1823) log cert thumbprint (#1820) * log cert thumbprint * PR feedback Introduced custom log level enum to remove dependency on System.Diagnostics.Tracing.EventLevel in IIdentityLogger (#1843) update version to 6.18.1 Rebase and squash for EcdhEs Creating EcdhKeyExchangeProvider Adding ECDH-ES logic/cases to JsonWebTokenHandler Adding target for net core 3.1 Rebase and squash for EcdhEs Creating EcdhKeyExchangeProvider Adding ECDH-ES logic/cases to JsonWebTokenHandler Adding target for net core 3.1 Revert "Remove deprecated "language" attribute" This reverts commit 5c51220. Adding immediate retry on network failure + better logging during configuation retrieval (#1784) * Adding immediate retry on network failure to the token validation flow using ConfigurationManager (specifically inside of HttpDocumentRetriever) * Adding better logging during configuration retrieval Adding more information on key location to error messages (#1786) rename JwtHandler -> JsonWebTokenHandler adjust tests to throw invalid signature Simplify the EventBasedLRUCache and Allows Skipping LRU (#1783) * simplify the EventBasedLRUCache bit and added the _maintainLRU flag to skip the maintenance of LRU * resolved review comments * 1. let the event queue task continue to run for 2 min after the queue is empty 2. stop the task when the InMemoryCryptoProviderCache.Dispose() is called * skip all operations on _doubleLinkedList when _maintainLRU = false * fixed the failed test MaintainLRUOrder (_maintainLRU needs to set to true) Update DisposableObjectPool to dispose on Free() when full When the internal `items` array of DisposableObjectPool is full, calls to Free() (that are trying to return over-allocated instances during a spike in calls to Allocate() "drop" the object by doing nothing. Since the object is not disposed, before it can be garbage collected it has to wait in the finalization queue for finalization to call dispose. This change updates Free() to directly dispose those objects which can't be returned to the pool, allowing them to avoid a potentially long wait in the finalizer queue. param check for null fix check for tenantId (#1801) update version to 6.15.2 Adding LKG feature into JwtSecurityTokenHandler Adding tests for SignatureValidatorUsingConfiguration address comment add IsRecoverableConfiguration mark metadata address as non-PII Make M.IM.Tokens visible to S2S.Tokens (#1807) added the ValidateTokenAsyc() and ReadToken() methods to all token handlers (#1810) * added the ValidateTokenAsyc() method to all token handlers * implement the ValidateTokenAsync() for JwtSecurityTokenHandler * added the TokenHandler.ReadToken() method * return async result via .ConfigureAwait(false).GetAwaiter().GetResult(), and don't catch general Exception * added expected exceptions to the TokenHandler.cs() and removed CA1031 from GlobalSuppression as we are now caching specific exceptions * added more comments * updated all token handlers to catch the general exception (like in JsonWebTokenHandler) to be consistent * updated comments * always return the first ClaimsIdentity from the ClaimsPrincipal as TokenValidationResult.ClaimsIdentity * return the first identity from the ClaimsPrincipal in Saml2SecurityTokenHandler.ValidateTokenAsync() so it is consistent with Saml1 update version to 6.16.1 (#1811) update patch version after release of 6.16.0 Configuration validator (#1825) Introduce an ConfigurationValidator class that can be used to apply validation rules to a retrieved configuration. Simplify strings comparison with Ordinal option update version update version for next release Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added comments to guide ECDH-ES Adding Jwt header params for epk, apu and apv Adding supported algorithms for symmetric keywrap Adding ECDH-ES logic/cases to JsonWebTokenHandler added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 Copying work from broken topic branch EcdsaKeyWrap Provider Constants Ecdh test Creating EcdhKeyExchangeProvider Removed unnecesary code and comments from ReferenceTests Created Ecdh Security Key Removing EcdhSecurityKey since ECDsaSecurityKey is the same thing Modifying ctor for EcdhKeyExchangeProvider Refactoring + overloads for ctrs in KeyExchangeProvider Differentiate in between ECDH-ES and ECDH-ES+A{128|192|256}KW. Setting AlgorithmID accordingly to alg and enc values. Returning CEK as SecurityKey Changes to Reference test to reflect the changes enc is not optional for key exchange provider apu and apv can be null/empty for generate cek added test for creating a JWE Test cases for Jwe using Ecdh-ES Reference test clean up Use of apv and apu included Aes192KW inclusion LogMessages update in EcdhEs Key Exchange Provider Removed unsued ctors Added direct tests for EcdhEsKeyExchangeProvider Cleaned up reference test Refactoring ctors in EcdhEsKeyExchangeProvider, including new LogMessage Removed unused file that was part of an earlier commit Addressing feed back from PR EcdhKeyExchangeProvider's constructor refactoring: Params for keys are both SecurityKeys, new error message to better describe when we were unable to obtain ECParameters, and some refactoring for readbility. Refactoring for JsonWebTokenHandler.ResolveTokenDecryptionKey for string comparison JwtTokenUtulities.GetSecurityKey refactor for readbility, null clauses for apu amd apv being null, and changed the creating of SymmetricSecurityKey to match with what is already in place for difference cases. Test case scenario for the metnioned above. Removed unnecesary code Adding target for net core 3.1 removing extra letter from rebase Adding NET_CORE defined when using netcore 3.1 Fixing dupe code from rebase onto update version Add 'cty' claim to JWE header Address comments Fix tests (#1838) Fix DEF test (#1839) log cert thumbprint (#1820) * log cert thumbprint * PR feedback Introduced custom log level enum to remove dependency on System.Diagnostics.Tracing.EventLevel in IIdentityLogger (#1843) update version to 6.18.1 Fixing dupe code from rebase onto Fixing leftovers from rebase Clean up
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make M.IM,Tokens visible toS2S.Tokens since the LRUCache is internal class and we want to consume it in SAL.