From 3f2fbf19a2544030d5b89082990fe874bf18df39 Mon Sep 17 00:00:00 2001 From: Keegan Date: Thu, 9 Jan 2025 11:32:30 -0800 Subject: [PATCH 1/2] Revert change to make RequestRefresh run in the background (#3083) RequestRefresh is a sync api, it is expected that the operation be done when the method returns. With RequestRefresh being on a background thread, callers can experience unexpected behavior. Non blocking RequestRefresh should be done with issue 3040 --- .../Configuration/ConfigurationManager.cs | 2 +- .../ConfigurationManagerTests.cs | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs b/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs index 1f38022f33..ed3d4b7e67 100644 --- a/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs +++ b/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs @@ -316,7 +316,7 @@ public override void RequestRefresh() _isFirstRefreshRequest = false; if (Interlocked.CompareExchange(ref _configurationRetrieverState, ConfigurationRetrieverRunning, ConfigurationRetrieverIdle) == ConfigurationRetrieverIdle) { - _ = Task.Run(UpdateCurrentConfiguration, CancellationToken.None); + UpdateCurrentConfiguration(); _lastRequestRefresh = now; } } diff --git a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTests.cs b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTests.cs index 83d7f5d69c..2fba523106 100644 --- a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTests.cs +++ b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTests.cs @@ -230,7 +230,7 @@ public async Task VerifyInterlockGuardForRequestRefresh() // Interlocked guard will block. // Configuration should be AADCommonV1Config signalEvent.Reset(); - configurationManager.RequestRefresh(); + _ = Task.Run(() => configurationManager.RequestRefresh()); // InMemoryDocumentRetrieverWithEvents will signal when it is OK to change the MetadataAddress // otherwise, it may be the case that the MetadataAddress is changed before the previous Task has finished. @@ -239,7 +239,7 @@ public async Task VerifyInterlockGuardForRequestRefresh() // AADCommonV1Json would have been passed to the the previous retriever, which is blocked on an event. configurationManager.MetadataAddress = "AADCommonV2Json"; TestUtilities.SetField(configurationManager, "_lastRequestRefresh", DateTimeOffset.MinValue); - configurationManager.RequestRefresh(); + _ = Task.Run(() => configurationManager.RequestRefresh()); // Set the event to release the lock and let the previous retriever finish. waitEvent.Set(); @@ -658,14 +658,13 @@ public async Task GetConfigurationAsync() var configuration = await configManager.GetConfigurationAsync(CancellationToken.None); TestUtilities.SetField(configManager, "_lastRequestRefresh", DateTimeOffset.UtcNow - TimeSpan.FromHours(1)); - configManager.RequestRefresh(); configManager.MetadataAddress = "http://127.0.0.1"; + configManager.RequestRefresh(); var configuration2 = await configManager.GetConfigurationAsync(CancellationToken.None); IdentityComparer.AreEqual(configuration, configuration2, context); if (!object.ReferenceEquals(configuration, configuration2)) context.Diffs.Add("!object.ReferenceEquals(configuration, configuration2)"); - // get configuration from http address, should throw // get configuration with unsuccessful HTTP response status code TestUtilities.AssertFailIfErrors(context); From 6146f1feca4e410c576917bc1b8a37a2ee5196e0 Mon Sep 17 00:00:00 2001 From: BrentSchmaltz Date: Thu, 9 Jan 2025 13:41:12 -0800 Subject: [PATCH 2/2] For net4.6.2 select RSACng for PSS support. (#3085) Co-authored-by: id4s --- src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs | 3 +++ .../SignatureProviderTests.cs | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs b/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs index 7b09c89324..8aa11d9318 100644 --- a/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs +++ b/src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs @@ -241,6 +241,9 @@ private void InitializeUsingRsaSecurityKey(RsaSecurityKey rsaSecurityKey, string { #if NET472 || NET6_0_OR_GREATER var rsa = RSA.Create(rsaSecurityKey.Parameters); +#elif NET462 + var rsa = new RSACng(); + rsa.ImportParameters(rsaSecurityKey.Parameters); #else var rsa = RSA.Create(); rsa.ImportParameters(rsaSecurityKey.Parameters); diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/SignatureProviderTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/SignatureProviderTests.cs index 1afd38f4a4..28825138c2 100644 --- a/test/Microsoft.IdentityModel.Tokens.Tests/SignatureProviderTests.cs +++ b/test/Microsoft.IdentityModel.Tokens.Tests/SignatureProviderTests.cs @@ -1307,7 +1307,7 @@ internal static void AddSignUsingOffsets(byte[] bytes, SecurityKey securityKey, { Bytes = bytes, Count = -1, - ExpectedException = ExpectedException.ArgumentException(), + ExpectedException = prefix == "RSA" ? ExpectedException.ArgumentOutOfRangeException() : ExpectedException.ArgumentException(), Offset = 0, SignatureProvider = CreateProvider(securityKey, algorithm) }); @@ -1316,7 +1316,7 @@ internal static void AddSignUsingOffsets(byte[] bytes, SecurityKey securityKey, { Bytes = bytes, Count = bytes.Length + 1, - ExpectedException = ExpectedException.ArgumentException(), + ExpectedException = prefix == "RSA" ? ExpectedException.ArgumentOutOfRangeException() : ExpectedException.ArgumentException(), Offset = 0, SignatureProvider = CreateProvider(securityKey, algorithm) }); @@ -1325,7 +1325,7 @@ internal static void AddSignUsingOffsets(byte[] bytes, SecurityKey securityKey, { Bytes = bytes, Count = 10, - ExpectedException = ExpectedException.ArgumentException(), + ExpectedException = prefix == "RSA" ? ExpectedException.ArgumentOutOfRangeException() : ExpectedException.ArgumentException(), Offset = bytes.Length - 1, SignatureProvider = CreateProvider(securityKey, algorithm) });