Fix ECCurve comparison and add new credscan exclusion entry

* On some systems, the Oid.Value property is the primary referenced identifier, while on others it's the Oid.FriendlyName property. https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.eccurve.oid?view=netcore-3.0#remarks
AzureAD · Dec 12, 2019 · cb40870 · cb40870
1 parent 498a9fe
commit cb40870
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/build/credscan-exclusion.json b/build/credscan-exclusion.json
@@ -40,6 +40,10 @@
     {
       "file": "SignedHttpRequestTestUtils.cs",
       "_justification": "File contains tokens that are used only for testing purposes."
+    },
+    {
+      "file": "JsonWebKeyTests.cs",
+      "_justification": "File contains tokens that are used only for testing purposes."
     }
   ]
 }
diff --git a/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs b/src/Microsoft.IdentityModel.Tokens/ECDsaAdapter.cs
@@ -378,14 +378,14 @@ internal string GetCrvParameterValue(ECCurve curve)
             if (curve.Oid == null)
                 throw LogHelper.LogArgumentNullException(nameof(curve.Oid));
 
-            if (string.Equals(curve.Oid.FriendlyName, ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal))
+            if (string.Equals(curve.Oid.Value, ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal) || string.Equals(curve.Oid.FriendlyName, ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal))
                 return JsonWebKeyECTypes.P256;
-            else if (string.Equals(curve.Oid.FriendlyName, ECCurve.NamedCurves.nistP384.Oid.FriendlyName, StringComparison.Ordinal))
+            else if (string.Equals(curve.Oid.Value, ECCurve.NamedCurves.nistP384.Oid.Value, StringComparison.Ordinal) || string.Equals(curve.Oid.FriendlyName, ECCurve.NamedCurves.nistP384.Oid.FriendlyName, StringComparison.Ordinal))
                 return JsonWebKeyECTypes.P384;
-            else if (string.Equals(curve.Oid.FriendlyName, ECCurve.NamedCurves.nistP521.Oid.FriendlyName, StringComparison.Ordinal))
+            else if (string.Equals(curve.Oid.Value, ECCurve.NamedCurves.nistP521.Oid.Value, StringComparison.Ordinal) || string.Equals(curve.Oid.FriendlyName, ECCurve.NamedCurves.nistP521.Oid.FriendlyName, StringComparison.Ordinal))
                 return JsonWebKeyECTypes.P521;
             else
-                throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10645, curve.Oid.FriendlyName ?? "null")));
+                throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10645, (curve.Oid.Value ?? curve.Oid.FriendlyName) ?? "null")));
         }