fix for 3021 but needs another test

Author: jennyf19

src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoader.Logger.cs

@@ -23,8 +23,19 @@ private static class Logger
                         nameof(CredentialLoadingFailure)),
             "Failed to load credential {id} from source {sourceType}. Will it be skipped in the future ? {skip}.");
 
+            private static readonly Action<ILogger, string, string, Exception?> s_credentialLoadingFailureLog =
+                LoggerMessage.Define<string, string>(
+                    LogLevel.Information,
+                    new EventId(
+                        8,
+                        nameof(CredentialLoadingFailureLog)),
+            "Failed to load credential: {id}. Exception message: {message}. ");
+
             public static void CredentialLoadingFailure(ILogger logger, CredentialDescription cd, Exception? ex)
                 => s_credentialLoadingFailure(logger, cd.Id, cd.SourceType.ToString(), cd.Skip, ex);
+
+            public static void CredentialLoadingFailureLog(ILogger logger, CredentialDescription cd, string message, Exception? ex)
+                => s_credentialLoadingFailureLog(logger, cd.Id, message, ex);
         }
     }
 }

src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoader.cs

@@ -97,17 +97,20 @@ public async Task LoadCredentialsIfNeededAsync(CredentialDescription credentialD
         /// <inheritdoc/>
         /// Loads first valid credential which is not marked as Skipped. 
         public async Task<CredentialDescription?> LoadFirstValidCredentialsAsync(
-            IEnumerable<CredentialDescription> credentialDescriptions, 
+            IEnumerable<CredentialDescription> credentialDescriptions,
             CredentialSourceLoaderParameters? parameters = null)
         {
             foreach (var credentialDescription in credentialDescriptions)
             {
-                await LoadCredentialsIfNeededAsync(credentialDescription, parameters);
-
-                if (!credentialDescription.Skip)
+                try
                 {
+                    await LoadCredentialsIfNeededAsync(credentialDescription, parameters);
                     return credentialDescription;
                 }
+                catch (Exception ex)
+                {
+                    Logger.CredentialLoadingFailureLog(_logger, credentialDescription, ex.Message, null);
+                }
             }
             return null;
         }

tests/Microsoft.Identity.Web.Test/Certificates/DefaultCertificateLoaderTests.cs

@@ -1,10 +1,15 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Identity.Abstractions;
 using Microsoft.Identity.Web.Test.Common;
+using Moq;
 using Xunit;
 
 namespace Microsoft.Identity.Web.Test.Certificates
@@ -152,5 +157,80 @@ private IEnumerable<CertificateDescription> CreateCertificateDescriptions(
 
             return certificateDescription;
         }
+
+        [Fact]
+        public async Task LoadFirstValidCredentialsAsync_ReturnsFirstValidCredential()
+        {
+            // Arrange
+            var loggerMock = new Mock<ILogger<DefaultCredentialsLoader>>();
+            var credentialLoader = new DefaultCredentialsLoader(loggerMock.Object);
+
+            var validCredential = new CredentialDescription
+            {
+                SourceType = CredentialSource.Path,
+                ReferenceOrValue = "ValidCredential"
+            };
+            var invalidCredential = new CredentialDescription
+            {
+                SourceType = CredentialSource.Path,
+                ReferenceOrValue = "InvalidCredential"
+            };
+
+            var credentials = new List<CredentialDescription> { invalidCredential, validCredential };
+
+            var credentialSourceLoaderMock = new Mock<ICredentialSourceLoader>();
+            credentialSourceLoaderMock
+                .Setup(loader => loader.LoadIfNeededAsync(
+                    It.Is<CredentialDescription>(c => c.ReferenceOrValue == "InvalidCredential"), null))
+                .ThrowsAsync(new Exception("Loading failed"));
+            credentialSourceLoaderMock
+                .Setup(loader => loader.LoadIfNeededAsync(
+                    It.Is<CredentialDescription>(c => c.ReferenceOrValue == "ValidCredential"), null))
+                .Returns(Task.CompletedTask);
+
+            credentialLoader.CredentialSourceLoaders[CredentialSource.Path] = credentialSourceLoaderMock.Object;
+
+            // Act
+            var result = await credentialLoader.LoadFirstValidCredentialsAsync(credentials);
+
+            // Assert
+            Assert.NotNull(result);
+            Assert.Equal(validCredential, result);
+            credentialSourceLoaderMock.Verify(
+                loader => loader.LoadIfNeededAsync(invalidCredential, null), Times.Once);
+            credentialSourceLoaderMock.Verify(
+                loader => loader.LoadIfNeededAsync(validCredential, null), Times.Once);
+        }
+
+        [Fact]
+        public async Task LoadFirstValidCredentialsAsync_LogsWhenCredentialFailsToLoad()
+        {
+            // Arrange
+            var logger = new LoggerFactory().CreateLogger<DefaultCredentialsLoader>();
+            var credentialLoader = new DefaultCredentialsLoader(logger);
+
+            var invalidCredential = new CredentialDescription
+            {
+                SourceType = CredentialSource.Path,
+                ReferenceOrValue = "InvalidCredential"
+            };
+            var credentials = new List<CredentialDescription> { invalidCredential };
+
+            var credentialSourceLoaderMock = new Mock<ICredentialSourceLoader>();
+            credentialSourceLoaderMock
+                .Setup(loader => loader.LoadIfNeededAsync(
+                    It.Is<CredentialDescription>(c => c.ReferenceOrValue == "InvalidCredential"), null))
+                .ThrowsAsync(new Exception("Loading failed"));
+
+            credentialLoader.CredentialSourceLoaders[CredentialSource.Path] = credentialSourceLoaderMock.Object;
+
+            // Act
+            var result = await credentialLoader.LoadFirstValidCredentialsAsync(credentials);
+
+            // Assert
+            Assert.Null(result);
+            string expectedMessage = $"Failed to load credential: {invalidCredential}. Exception: Loading failed";
+            //Assert.Contains(expectedMessage, logger.LoggedMessages[0], StringComparison.Ordinal);
+        }
     }
 }

tests/Microsoft.Identity.Web.Test/Microsoft.Identity.Web.Test.csproj

@@ -23,6 +23,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
+    <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="System.Text.Json" Version="$(SystemTextJsonVersion)" />
     <PackageReference Include="Microsoft.Identity.Abstractions" Version="$(MicrosoftIdentityAbstractionsVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(MicrosoftNetTestSdkVersion)" />