From 89417e50ae618c5834815b4799f91443cd0e7e74 Mon Sep 17 00:00:00 2001 From: Stephen Toub Date: Wed, 26 Jul 2023 16:08:58 -0400 Subject: [PATCH] Avoid extra enumerator and Concat iterator in GetAllSigningKeys (#2166) A single iterator method can just iterate through both sources. --- .../JsonWebTokenHandler.cs | 4 +- .../Saml/SamlSecurityTokenHandler.cs | 2 +- .../Saml/SamlTokenUtilities.cs | 2 +- .../Saml2/Saml2SecurityTokenHandler.cs | 2 +- .../TokenUtilities.cs | 57 ++++++++----------- .../JwtSecurityTokenHandler.cs | 4 +- 6 files changed, 31 insertions(+), 40 deletions(-) diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs index 911a4575d9..20a38ac996 100644 --- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs +++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs @@ -1715,7 +1715,7 @@ private static JsonWebToken ValidateSignature(JsonWebToken jwtToken, TokenValida // 1. User specified delegate: IssuerSigningKeyResolver returned null // 2. ResolveIssuerSigningKey returned null // Try all the keys. This is the degenerate case, not concerned about perf. - keys = TokenUtilities.GetAllSigningKeys(validationParameters, configuration); + keys = TokenUtilities.GetAllSigningKeys(configuration, validationParameters); } // keep track of exceptions thrown, keys that were tried @@ -1751,7 +1751,7 @@ private static JsonWebToken ValidateSignature(JsonWebToken jwtToken, TokenValida } // Get information on where keys used during token validation came from for debugging purposes. - var keysInTokenValidationParameters = TokenUtilities.GetAllSigningKeys(validationParameters); + var keysInTokenValidationParameters = TokenUtilities.GetAllSigningKeys(validationParameters: validationParameters); var keysInConfiguration = TokenUtilities.GetAllSigningKeys(configuration); var numKeysInTokenValidationParameters = keysInTokenValidationParameters.Count(); var numKeysInConfiguration = keysInConfiguration.Count(); diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs index 874ecf1722..5759413506 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlSecurityTokenHandler.cs @@ -1042,7 +1042,7 @@ private SamlSecurityToken ValidateSignature(SamlSecurityToken samlToken, string // 1. User specified delegate: IssuerSigningKeyResolver returned null // 2. ResolveIssuerSigningKey returned null // Try all the keys. This is the degenerate case, not concerned about perf. - keys = TokenUtilities.GetAllSigningKeys(validationParameters); + keys = TokenUtilities.GetAllSigningKeys(validationParameters: validationParameters); } // keep track of exceptions thrown, keys that were tried diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlTokenUtilities.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlTokenUtilities.cs index 16b55be7ba..2677b3663e 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlTokenUtilities.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml/SamlTokenUtilities.cs @@ -75,7 +75,7 @@ internal static IEnumerable GetKeysForTokenSignatureValidation(stri keyMatched = false; if (validationParameters.TryAllIssuerSigningKeys) { - return TokenUtilities.GetAllSigningKeys(validationParameters); + return TokenUtilities.GetAllSigningKeys(validationParameters: validationParameters); } } } diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs index 30c37eea29..6f17203279 100644 --- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs +++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs @@ -423,7 +423,7 @@ private Saml2SecurityToken ValidateSignature(Saml2SecurityToken samlToken, strin // 1. User specified delegate: IssuerSigningKeyResolver returned null // 2. ResolveIssuerSigningKey returned null // Try all the keys. This is the degenerate case, not concerned about perf. - keys = TokenUtilities.GetAllSigningKeys(validationParameters); + keys = TokenUtilities.GetAllSigningKeys(validationParameters: validationParameters); } // keep track of exceptions thrown, keys that were tried diff --git a/src/Microsoft.IdentityModel.Tokens/TokenUtilities.cs b/src/Microsoft.IdentityModel.Tokens/TokenUtilities.cs index 6d202a24d4..c3f0c6d560 100644 --- a/src/Microsoft.IdentityModel.Tokens/TokenUtilities.cs +++ b/src/Microsoft.IdentityModel.Tokens/TokenUtilities.cs @@ -112,47 +112,38 @@ internal static object GetClaimValueUsingValueType(Claim claim) } /// - /// Returns all provided in validationParameters. + /// Returns all provided in and . /// + /// The that contains signing keys used for validation. /// A required for validation. - /// Returns all provided in validationParameters. - internal static IEnumerable GetAllSigningKeys(TokenValidationParameters validationParameters) + /// Returns all provided in provided in and . + internal static IEnumerable GetAllSigningKeys(BaseConfiguration configuration = null, TokenValidationParameters validationParameters = null) { - LogHelper.LogInformation(TokenLogMessages.IDX10243); - if (validationParameters.IssuerSigningKey != null) - yield return validationParameters.IssuerSigningKey; - - if (validationParameters.IssuerSigningKeys != null) - foreach (SecurityKey key in validationParameters.IssuerSigningKeys) - yield return key; - } + if (configuration is not null) + { + if (validationParameters is not null) + { + LogHelper.LogInformation(TokenLogMessages.IDX10264); + } + LogHelper.LogInformation(TokenLogMessages.IDX10265); - /// - /// Returns all provided in . - /// - /// The that contains signing keys used for validation. - /// Returns all provided in provided in . - internal static IEnumerable GetAllSigningKeys(BaseConfiguration configuration) - { - LogHelper.LogInformation(TokenLogMessages.IDX10265); + if (configuration?.SigningKeys != null) + foreach (SecurityKey key in configuration.SigningKeys) + yield return key; + } - if (configuration?.SigningKeys != null) - foreach (SecurityKey key in configuration.SigningKeys) - yield return key; - } + if (validationParameters is not null) + { + LogHelper.LogInformation(TokenLogMessages.IDX10243); - /// - /// Returns all provided in and . - /// - /// The that contains signing keys used for validation. - /// A required for validation. - /// Returns all provided in provided in and . - internal static IEnumerable GetAllSigningKeys(TokenValidationParameters validationParameters, BaseConfiguration configuration) - { - LogHelper.LogInformation(TokenLogMessages.IDX10264); + if (validationParameters.IssuerSigningKey != null) + yield return validationParameters.IssuerSigningKey; - return GetAllSigningKeys(configuration).Concat(GetAllSigningKeys(validationParameters)); + if (validationParameters.IssuerSigningKeys != null) + foreach (SecurityKey key in validationParameters.IssuerSigningKeys) + yield return key; + } } /// diff --git a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs index 9e731c9c40..2078ff976c 100644 --- a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs +++ b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs @@ -1343,7 +1343,7 @@ private JwtSecurityToken ValidateSignature(string token, JwtSecurityToken jwtTok // 1. User specified delegate: IssuerSigningKeyResolver returned null // 2. ResolveIssuerSigningKey returned null // Try all the keys. This is the degenerate case, not concerned about perf. - keys = TokenUtilities.GetAllSigningKeys(validationParameters, configuration); + keys = TokenUtilities.GetAllSigningKeys(configuration, validationParameters); } // keep track of exceptions thrown, keys that were tried @@ -1390,7 +1390,7 @@ private JwtSecurityToken ValidateSignature(string token, JwtSecurityToken jwtTok } // Get information on where keys used during token validation came from for debugging purposes. - var keysInTokenValidationParameters = TokenUtilities.GetAllSigningKeys(validationParameters); + var keysInTokenValidationParameters = TokenUtilities.GetAllSigningKeys(validationParameters: validationParameters); var keysInConfiguration = TokenUtilities.GetAllSigningKeys(configuration); var numKeysInTokenValidationParameters = keysInTokenValidationParameters.Count(); var numKeysInConfiguration = keysInConfiguration.Count();