From 25b4aa0d03860c6f9ff43116fc3f9ef886da486c Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Mon, 24 Jun 2024 11:29:05 -0400
Subject: [PATCH] Dispose KeyWrapProvider in JwtTokenUtilities

It's an IDisposable, so we should probably dispose it when done using
it? This was flagged by a static analysis tool.
---
 .../JwtTokenUtilities.cs                                     | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
index 52b84a7b37..2da4e70580 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
@@ -401,7 +401,6 @@ internal static SecurityKey GetSecurityKey(
             out byte[] wrappedKey)
         {
             SecurityKey securityKey = null;
-            KeyWrapProvider kwProvider = null;
             wrappedKey = null;
 
             // if direct algorithm, look for support
@@ -428,7 +427,7 @@ internal static SecurityKey GetSecurityKey(
 
                 EcdhKeyExchangeProvider ecdhKeyExchangeProvider = new EcdhKeyExchangeProvider(encryptingCredentials.Key as ECDsaSecurityKey, encryptingCredentials.KeyExchangePublicKey, encryptingCredentials.Alg, encryptingCredentials.Enc);
                 SecurityKey kdf = ecdhKeyExchangeProvider.GenerateKdf(apu, apv);
-                kwProvider = cryptoProviderFactory.CreateKeyWrapProvider(kdf, ecdhKeyExchangeProvider.GetEncryptionAlgorithm());
+                using KeyWrapProvider kwProvider = cryptoProviderFactory.CreateKeyWrapProvider(kdf, ecdhKeyExchangeProvider.GetEncryptionAlgorithm());
 
                 // only 128, 384 and 512 AesKeyWrap for CEK algorithm
                 if (SecurityAlgorithms.Aes128KW.Equals(kwProvider.Algorithm, StringComparison.Ordinal))
@@ -460,7 +459,7 @@ internal static SecurityKey GetSecurityKey(
                     throw LogHelper.LogExceptionMessage(
                         new SecurityTokenEncryptionFailedException(LogHelper.FormatInvariant(TokenLogMessages.IDX10617, LogHelper.MarkAsNonPII(SecurityAlgorithms.Aes128CbcHmacSha256), LogHelper.MarkAsNonPII(SecurityAlgorithms.Aes192CbcHmacSha384), LogHelper.MarkAsNonPII(SecurityAlgorithms.Aes256CbcHmacSha512), LogHelper.MarkAsNonPII(encryptingCredentials.Enc))));
 
-                kwProvider = cryptoProviderFactory.CreateKeyWrapProvider(encryptingCredentials.Key, encryptingCredentials.Alg);
+                using KeyWrapProvider kwProvider = cryptoProviderFactory.CreateKeyWrapProvider(encryptingCredentials.Key, encryptingCredentials.Alg);
                 wrappedKey = kwProvider.WrapKey(((SymmetricSecurityKey)securityKey).Key);
             }