Support trimming in OidcClient.DPoP

josephdecock · josephdecock · commit ad33a1e4577c · 2024-02-23T19:40:52.000-06:00
diff --git a/src/DPoP/DPoP.csproj b/src/DPoP/DPoP.csproj
@@ -26,6 +26,9 @@
         <!-- Recommended: Embed symbols containing Source Link in the main file (exe/dll) -->
         <DebugType>embedded</DebugType>
 
+        <!-- Enable Trimming Warnings to allow consumers to publish as trimmed -->
+        <IsTrimmable Condition="'$(TargetFramework)' == 'net6.0'">true</IsTrimmable>
+
         <ContinuousIntegrationBuild Condition="'$(GITHUB_ACTIONS)' == 'true'">True</ContinuousIntegrationBuild>
 
         <AssemblyOriginatorKeyFile>../../key.snk</AssemblyOriginatorKeyFile>
diff --git a/src/DPoP/DPoPProof.cs b/src/DPoP/DPoPProof.cs
@@ -1,7 +1,6 @@
 ﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
-
 namespace IdentityModel.OidcClient.DPoP;
 
 /// <summary>
diff --git a/src/DPoP/DPoPProofPayload.cs b/src/DPoP/DPoPProofPayload.cs
@@ -0,0 +1,28 @@
+// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+
+using System.Text.Json.Serialization;
+
+namespace IdentityModel.OidcClient.DPoP;
+
+/// <summary>
+///  Internal class to aid serialization of DPoP proof token payloads. Giving
+///  each claim a property allows us to add this type to the source generated
+///  serialization
+/// </summary>
+internal class DPoPProofPayload
+{
+    [JsonPropertyName(JwtClaimTypes.JwtId)]
+    internal string JwtId { get; set; } = default!;
+    [JsonPropertyName(JwtClaimTypes.DPoPHttpMethod)]
+    internal string DPoPHttpMethod { get; set; } = default!;
+    [JsonPropertyName(JwtClaimTypes.DPoPHttpUrl)]
+    internal string DPoPHttpUrl { get; set; } = default!;
+    [JsonPropertyName(JwtClaimTypes.IssuedAt)]
+    internal long IssuedAt { get; set; }
+    [JsonPropertyName(JwtClaimTypes. DPoPAccessTokenHash)]
+    internal string? DPoPAccessTokenHash { get; set; }
+    [JsonPropertyName(JwtClaimTypes. Nonce)]
+    internal string? Nonce { get; set; }
+}
diff --git a/src/DPoP/DPoPProofTokenFactory.cs b/src/DPoP/DPoPProofTokenFactory.cs
@@ -40,7 +40,7 @@ public DPoPProof CreateProofToken(DPoPProofRequest request)
 
         // jwk: representing the public key chosen by the client, in JSON Web Key (JWK) [RFC7517] format,
         // as defined in Section 4.1.3 of [RFC7515]. MUST NOT contain a private key.
-        object jwk;
+        Dictionary<string, object> jwk;
         if (string.Equals(jsonWebKey.Kty, JsonWebAlgorithmsKeyTypes.EllipticCurve))
         {
             jwk = new Dictionary<string, object>
@@ -71,12 +71,12 @@ public DPoPProof CreateProofToken(DPoPProofRequest request)
             { JwtClaimTypes.JsonWebKey, jwk },
         };
 
-        var payload = new Dictionary<string, object>
+        var payload = new DPoPProofPayload
         {
-            { JwtClaimTypes.JwtId, CryptoRandom.CreateUniqueId() },
-            { JwtClaimTypes.DPoPHttpMethod, request.Method },
-            { JwtClaimTypes.DPoPHttpUrl, request.Url },
-            { JwtClaimTypes.IssuedAt, DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
+            JwtId = CryptoRandom.CreateUniqueId(),
+            DPoPHttpMethod = request.Method,
+            DPoPHttpUrl = request.Url,
+            IssuedAt = DateTimeOffset.UtcNow.ToUnixTimeSeconds()
         };
 
         if (!string.IsNullOrWhiteSpace(request.AccessToken))
@@ -87,17 +87,17 @@ public DPoPProof CreateProofToken(DPoPProofRequest request)
             var hash = sha256.ComputeHash(Encoding.ASCII.GetBytes(request.AccessToken));
             var ath = Base64Url.Encode(hash);
 
-            payload.Add(JwtClaimTypes.DPoPAccessTokenHash, ath);
+            payload.DPoPAccessTokenHash = ath;
         }
 
         if (!string.IsNullOrEmpty(request.DPoPNonce))
         {
-            payload.Add(JwtClaimTypes.Nonce, request.DPoPNonce!);
+            payload.Nonce = request.DPoPNonce!;
         }
 
         var handler = new JsonWebTokenHandler() { SetDefaultTimesOnTokenCreation = false };
         var key = new SigningCredentials(jsonWebKey, jsonWebKey.Alg);
-        var proofToken = handler.CreateToken(JsonSerializer.Serialize(payload), key, header);
+        var proofToken = handler.CreateToken(JsonSerializer.Serialize(payload, SourceGenerationContext.Default.DPoPProofPayload), key, header);
 
         return new DPoPProof { ProofToken = proofToken! };
     }
diff --git a/src/DPoP/JsonWebKeys.cs b/src/DPoP/JsonWebKeys.cs
@@ -31,7 +31,7 @@ public static JsonWebKey CreateRsa(string algorithm = OidcConstants.Algorithms.A
     /// </summary>
     public static string CreateRsaJson(string algorithm = OidcConstants.Algorithms.Asymmetric.PS256)
     {
-        return JsonSerializer.Serialize(CreateRsa(algorithm));
+        return JsonSerializer.Serialize(CreateRsa(algorithm), SourceGenerationContext.Default.JsonWebKey);
     }
     
     /// <summary>
@@ -53,7 +53,7 @@ public static JsonWebKey CreateECDsa(string algorithm = OidcConstants.Algorithms
     /// </summary>
     public static string CreateECDsaJson(string algorithm = OidcConstants.Algorithms.Asymmetric.ES256)
     {
-        return JsonSerializer.Serialize(CreateECDsa(algorithm));
+        return JsonSerializer.Serialize(CreateECDsa(algorithm), SourceGenerationContext.Default.JsonWebKey);
     }
     
     internal static string GetCurveNameFromSigningAlgorithm(string alg)
diff --git a/src/DPoP/SourceGenerationContext.cs b/src/DPoP/SourceGenerationContext.cs
@@ -0,0 +1,16 @@
+using System.Text.Json.Serialization;
+using Microsoft.IdentityModel.Tokens;
+
+namespace IdentityModel.OidcClient.DPoP
+{
+    [JsonSourceGenerationOptions(
+        WriteIndented = false,
+        PropertyNamingPolicy = JsonKnownNamingPolicy.CamelCase,
+        GenerationMode = JsonSourceGenerationMode.Metadata,
+	    DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull)]
+    [JsonSerializable(typeof(JsonWebKey))]
+    [JsonSerializable(typeof(DPoPProofPayload))]
+    internal partial class SourceGenerationContext : JsonSerializerContext
+    {
+    }
+}
diff --git a/test/TrimmableAnalysis/TrimmableAnalysis.csproj b/test/TrimmableAnalysis/TrimmableAnalysis.csproj
@@ -15,6 +15,12 @@
 
     <TrimmerRootAssembly Include="IdentityModel.OidcClient.IdentityTokenValidator" />
     <ProjectReference Include="..\..\src\IdentityTokenValidator\IdentityTokenValidator.csproj" />
+
+
+    <TrimmerRootAssembly Include="IdentityModel.OidcClient.DPoP" />
+    <ProjectReference Include="..\..\src\DPoP\DPoP.csproj" />
+
+
    </ItemGroup>
 
 </Project>

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public static JsonWebKey CreateRsa(string algorithm = OidcConstants.Algorithms.A`
`31`	`31`	`/// </summary>`
`32`	`32`	`public static string CreateRsaJson(string algorithm = OidcConstants.Algorithms.Asymmetric.PS256)`
`33`	`33`	`{`
`34`		`- return JsonSerializer.Serialize(CreateRsa(algorithm));`
	`34`	`+ return JsonSerializer.Serialize(CreateRsa(algorithm), SourceGenerationContext.Default.JsonWebKey);`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`/// <summary>`
`@@ -53,7 +53,7 @@ public static JsonWebKey CreateECDsa(string algorithm = OidcConstants.Algorithms`
`53`	`53`	`/// </summary>`
`54`	`54`	`public static string CreateECDsaJson(string algorithm = OidcConstants.Algorithms.Asymmetric.ES256)`
`55`	`55`	`{`
`56`		`- return JsonSerializer.Serialize(CreateECDsa(algorithm));`
	`56`	`+ return JsonSerializer.Serialize(CreateECDsa(algorithm), SourceGenerationContext.Default.JsonWebKey);`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`internal static string GetCurveNameFromSigningAlgorithm(string alg)`