Skip to content

Commit 582ad50

Browse files
JoshLozenskyJoshLozensky
authored
Merge branch 'dev' into fix-validation-parameters
2 parents dab701f + 9d007d8 commit 582ad50

File tree

18 files changed

+190
-102
lines changed

18 files changed

+190
-102
lines changed

CodeQL.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
# CodeQL configuration file
22
#
33
# Check the following link for more information:
4-
# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/configuring-codeql3000-ado-pipelines#excluding-external-libraries-test-files-generated-files-docs
4+
# https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/troubleshooting/bugs/generated-library-code#configuring-exclusion-file
55

66
path_classifiers:
77
test:
8-
- "test/**"
9-
- "perf/**"
8+
# All sub-directories are automatically matched. For example: test matches anything in the directory and all its subdirectories.
9+
# Do not add /** wildcard at the end of a directory path.
10+
- "test"
11+
- "benchmark"
1012
docs:
11-
- "docs/**"
12-
- "samples/**"
13+
- "docs"

build/version.props

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
<Project>
33
<!-- MicrosoftIdentityModelVersion -->
44
<PropertyGroup>
5-
<MicrosoftIdentityModelCurrentVersion>8.6.1</MicrosoftIdentityModelCurrentVersion>
5+
<MicrosoftIdentityModelCurrentVersion>8.6.2</MicrosoftIdentityModelCurrentVersion>
66

77
<PreviewVersionSuffix Condition="'$(PreviewVersionSuffix)' == '' and '$(BuildingInsideVisualStudio)' != 'true'">preview-$([System.DateTime]::Now.AddYears(-2019).Year)$([System.DateTime]::Now.ToString("MMddHHmmss"))</PreviewVersionSuffix>
88
<!--VS re-evaluates the variables, so having seconds or minutes creates an infinite loop of package updates-->

src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Unshipped.txt

Whitespace-only changes.

src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@
1212
using Microsoft.IdentityModel.Tokens;
1313
using Microsoft.IdentityModel.Tokens.Json;
1414

15+
#if NET9_0_OR_GREATER
16+
using System.Threading;
17+
#endif
18+
1519
namespace Microsoft.IdentityModel.JsonWebTokens
1620
{
1721
/// <summary>
@@ -21,8 +25,11 @@ namespace Microsoft.IdentityModel.JsonWebTokens
2125
internal class JsonClaimSet
2226
{
2327
internal const string ClassName = "Microsoft.IdentityModel.JsonWebTokens.JsonClaimSet";
24-
28+
#if NET9_0_OR_GREATER
29+
internal Lock _claimsLock = new();
30+
#else
2531
internal object _claimsLock = new();
32+
#endif
2633
internal readonly Dictionary<string, object> _jsonClaims;
2734
private List<Claim> _claims;
2835

src/Microsoft.IdentityModel.JsonWebTokens/PublicAPI/net9.0/InternalAPI.Unshipped.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Microsoft.IdentityModel.JsonWebTokens.JsonClaimSet._claimsLock -> System.Threading.Lock

src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectProtocolValidator.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -278,7 +278,7 @@ public virtual void ValidateTokenResponse(OpenIdConnectProtocolValidationContext
278278
}
279279

280280
/// <summary>
281-
/// Validates that an OpenIdConnect response from "useinfo_endpoint" is valid as per <see href="https://openid.net/specs/openid-connect-core-1_0.html"/>.
281+
/// Validates that an OpenIdConnect response from "userinfo_endpoint" is valid as per <see href="https://openid.net/specs/openid-connect-core-1_0.html"/>.
282282
/// </summary>
283283
/// <param name="validationContext">the <see cref="OpenIdConnectProtocolValidationContext"/> that contains expected values.</param>
284284
/// <exception cref="ArgumentNullException">Thrown if <paramref name="validationContext"/> is null.</exception>

src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/SignedHttpRequestUtilities.cs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,8 +93,11 @@ internal static async Task<JsonWebKey> DecryptSymmetricPopKeyAsync(JsonWebTokenH
9393
{
9494
TokenDecryptionKeys = decryptionKeys,
9595
RequireSignedTokens = false,
96+
// CodeQL [SM03926] intentional: Validation disabled as it is not applicable during pop key decryption.
9697
ValidateIssuer = false,
98+
// CodeQL [SM03926] intentional: Validation disabled as it is not applicable during pop key decryption.
9799
ValidateAudience = false,
100+
// CodeQL [SM03926] intentional: Validation disabled as it is not applicable during pop key decryption.
98101
ValidateLifetime = false,
99102
ValidateIssuerSigningKey = false,
100103
};

src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Shipped.txt

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -245,13 +245,20 @@ Microsoft.IdentityModel.Tokens.Saml2.Saml2Subject.Saml2Subject() -> void
245245
Microsoft.IdentityModel.Tokens.Saml2.Saml2SubjectLocality.Saml2SubjectLocality() -> void
246246
Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError
247247
Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException = null) -> void
248+
override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
249+
override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
250+
override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
248251
override Microsoft.IdentityModel.Tokens.Saml.SamlSubjectEqualityComparer.Equals(Microsoft.IdentityModel.Tokens.Saml.SamlSubject subject1, Microsoft.IdentityModel.Tokens.Saml.SamlSubject subject2) -> bool
249252
override Microsoft.IdentityModel.Tokens.Saml.SamlSubjectEqualityComparer.GetHashCode(Microsoft.IdentityModel.Tokens.Saml.SamlSubject subject) -> int
253+
override Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.CreateException() -> System.Exception
250254
override Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.GetException() -> System.Exception
251255
override Microsoft.IdentityModel.Tokens.Saml2.AbsoluteUriCollection.InsertItem(int index, System.Uri item) -> void
252256
override Microsoft.IdentityModel.Tokens.Saml2.AbsoluteUriCollection.SetItem(int index, System.Uri item) -> void
253257
override Microsoft.IdentityModel.Tokens.Saml2.Saml2AttributeKeyComparer.AttributeKey.Equals(object obj) -> bool
254258
override Microsoft.IdentityModel.Tokens.Saml2.Saml2AttributeKeyComparer.AttributeKey.GetHashCode() -> int
259+
override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
260+
override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
261+
override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
255262
override Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.CreateException() -> System.Exception
256263
static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.StackFrames.SignatureValidationFailed -> System.Diagnostics.StackFrame
257264
static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateSignature(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.SecurityKey>
@@ -292,10 +299,3 @@ virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2
292299
virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidatedConditions>
293300
virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateOneTimeUseCondition(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError
294301
virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateProxyRestriction(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext) -> Microsoft.IdentityModel.Tokens.ValidationError
295-
override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
296-
override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
297-
override Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
298-
override Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.CreateException() -> System.Exception
299-
override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.CreateClaimsIdentityInternal(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, string issuer) -> System.Security.Claims.ClaimsIdentity
300-
override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.SecurityToken securityToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
301-
override Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>

src/Microsoft.IdentityModel.Tokens/Encryption/SymmetricKeyWrapProvider.cs

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@
55
using System.Security.Cryptography;
66
using Microsoft.IdentityModel.Logging;
77

8+
#if NET9_0_OR_GREATER
9+
using System.Threading;
10+
#endif
11+
812
namespace Microsoft.IdentityModel.Tokens
913
{
1014
/// <summary>
@@ -15,9 +19,13 @@ public class SymmetricKeyWrapProvider : KeyWrapProvider
1519
private static readonly byte[] _defaultIV = new byte[] { 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6 };
1620
private const int _blockSizeInBits = 64;
1721
private const int _blockSizeInBytes = _blockSizeInBits >> 3;
18-
private static readonly object _encryptorLock = new object();
19-
private static readonly object _decryptorLock = new object();
20-
22+
#if NET9_0_OR_GREATER
23+
private static readonly Lock s_encryptorLock = new();
24+
private static readonly Lock s_decryptorLock = new();
25+
#else
26+
private static readonly object s_encryptorLock = new();
27+
private static readonly object s_decryptorLock = new();
28+
#endif
2129
private Lazy<SymmetricAlgorithm> _symmetricAlgorithm;
2230
private ICryptoTransform _symmetricAlgorithmEncryptor;
2331
private ICryptoTransform _symmetricAlgorithmDecryptor;
@@ -259,7 +267,7 @@ Return an error
259267

260268
if (_symmetricAlgorithmDecryptor == null)
261269
{
262-
lock (_decryptorLock)
270+
lock (s_decryptorLock)
263271
{
264272
if (_symmetricAlgorithmDecryptor == null)
265273
_symmetricAlgorithmDecryptor = _symmetricAlgorithm.Value.CreateDecryptor();
@@ -409,7 +417,7 @@ private byte[] WrapKeyPrivate(byte[] inputBuffer, int inputOffset, int inputCoun
409417

410418
if (_symmetricAlgorithmEncryptor == null)
411419
{
412-
lock (_encryptorLock)
420+
lock (s_encryptorLock)
413421
{
414422
if (_symmetricAlgorithmEncryptor == null)
415423
_symmetricAlgorithmEncryptor = _symmetricAlgorithm.Value.CreateEncryptor();

0 commit comments

Comments
 (0)