Model for async StackFrames.

Author: HP712

src/Microsoft.IdentityModel.JsonWebTokens/Experimental/JsonWebTokenHandler.ReadToken.cs

@@ -39,6 +39,7 @@ internal static OperationResult<SecurityToken, ValidationError> ReadToken(
             catch (Exception ex)
 #pragma warning restore CA1031 // Do not catch general exception types
             {
+                // TODO: coordinate with other handlers to ensure consistent error messages.
                 return new ValidationError(
                     new MessageDetail(LogMessages.IDX14107),
                     ValidationFailureType.TokenReadingFailed,

src/Microsoft.IdentityModel.JsonWebTokens/Experimental/JsonWebTokenHandler.ValidateToken.Internal.cs

@@ -17,6 +17,10 @@
     <DebugSymbols>true</DebugSymbols>
   </PropertyGroup>
 
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net462' or '$(TargetFramework)' == 'net472' ">
+    <NoWarn>$(NoWarn);nullable</NoWarn>
+  </PropertyGroup>
+
   <ItemGroup>
     <None Include="..\..\README.md">
       <Pack>True</Pack>

src/Microsoft.IdentityModel.JsonWebTokens/Microsoft.IdentityModel.JsonWebTokens.csproj

@@ -1,4 +1,6 @@
+const Microsoft.IdentityModel.Tokens.Saml.LogMessages.IDX11138 = "IDX11138: SamlSerializer: '{0}' was unable to read a SAML Token" -> string
 const Microsoft.IdentityModel.Tokens.Saml.LogMessages.IDX11315 = "IDX11315: Unable to validate token. SamlSecurityToken.Assertion is null or empty." -> string
+const Microsoft.IdentityModel.Tokens.Saml2.LogMessages.IDX13315 = "IDX13315: Saml2Serializer: '{0}' was unable to read a SAML2 Token" -> string
 Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.CreateClaimsIdentity(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.CreateClaimsIdentity(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
 override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
@@ -7,11 +9,11 @@ override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTo
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.Experimental.ValidatedToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>>
+static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ReadToken(string token, Microsoft.IdentityModel.Tokens.Saml.SamlSerializer serializer, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.SecurityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>
 static Microsoft.IdentityModel.Tokens.Saml.SamlTokenUtilities.ResolveTokenSigningKey(Microsoft.IdentityModel.Xml.KeyInfo keyInfo, System.Collections.Generic.IEnumerable<Microsoft.IdentityModel.Tokens.SecurityKey> signingKeys) -> Microsoft.IdentityModel.Tokens.SecurityKey
 static Microsoft.IdentityModel.Tokens.Saml.SamlTokenUtilities.SafeLogSamlToken(object obj) -> string
 static Microsoft.IdentityModel.Tokens.Saml.SamlTokenUtilities.ValidateSignature(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Xml.Signature signature, string canonicalString, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.BaseConfiguration configuration, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.SecurityKey, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>
+static Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadToken(string token, Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer serializer, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.SecurityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>
 virtual Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ProcessStatements(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, string issuer, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters) -> System.Collections.Generic.IEnumerable<System.Security.Claims.ClaimsIdentity>
-virtual Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ReadSamlToken(string token, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.SecurityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>
-virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2Token(string token, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.Identity.Abstractions.OperationResult<Microsoft.IdentityModel.Tokens.SecurityToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationError>
 virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateOneTimeUseCondition(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.Experimental.ValidationError
 virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateProxyRestriction(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.Experimental.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.Experimental.ValidationError

src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt

@@ -7,7 +7,6 @@
 using Microsoft.Identity.Abstractions;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens.Experimental;
-using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages;
 
 namespace Microsoft.IdentityModel.Tokens.Saml
 {
@@ -17,29 +16,33 @@ public partial class SamlSecurityTokenHandler : SecurityTokenHandler
         /// Converts a string into an instance of <see cref="SamlSecurityToken"/>, returned inside of a <see cref="OperationResult{SecurityToken, ValidationError}"/>.
         /// </summary>
         /// <param name="token">A Saml token as a string.</param>
+        /// <param name="serializer"></param>
         /// <param name="callContext"></param>
         /// <returns>A <see cref="OperationResult{SecurityToken, ValidationError}"/> with the <see cref="SamlSecurityToken"/> or a <see cref="ValidationError"/>.</returns>
-        internal virtual OperationResult<SecurityToken, ValidationError> ReadSamlToken(string token, CallContext callContext)
+        internal static OperationResult<SecurityToken, ValidationError> ReadToken(
+            string token,
+            SamlSerializer serializer,
+#pragma warning disable CA1801 // Remove unused parameter
+            CallContext callContext)
+#pragma warning restore CA1801 // Remove unused parameter
         {
             if (string.IsNullOrEmpty(token))
                 return ValidationError.NullParameter(
                     nameof(token),
                     ValidationError.GetCurrentStackFrame());
 
-            if (token.Length > MaximumTokenSizeInBytes)
-                return new ValidationError(
-                    new MessageDetail(
-                        TokenLogMessages.IDX10209,
-                        LogHelper.MarkAsNonPII(token.Length),
-                        LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)),
-                    ValidationFailureType.TokenExceedsMaximumSize,
-                    ValidationError.GetCurrentStackFrame());
-
             try
             {
                 using (var reader = XmlDictionaryReader.CreateTextReader(Encoding.UTF8.GetBytes(token), XmlDictionaryReaderQuotas.Max))
                 {
-                    return ReadSamlToken(reader);
+                    var assertion = serializer.ReadAssertion(reader);
+                    if (assertion == null)
+                        return new ValidationError(
+                            new MessageDetail(LogMessages.IDX11138, LogHelper.MarkAsNonPII(serializer.GetType())),
+                            ValidationFailureType.TokenReadingFailed,
+                            ValidationError.GetCurrentStackFrame());
+
+                    return new SamlSecurityToken(assertion);
                 }
             }
 #pragma warning disable CA1031 // Do not catch general exception types