add net8.0 target

Put CustomKey and a custom converter for SecurityKey in TestUtils,
transition aot test to net8.0

build/common.props

@@ -37,7 +37,12 @@
   <PropertyGroup Condition="'$(TF_BUILD)' == 'true'">
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
   </PropertyGroup>
-
+
+  <PropertyGroup>
+    <NoWarn>$(NoWarn);SYSLIB0050</NoWarn>
+    <NoWarn>$(NoWarn);SYSLIB0051</NoWarn>
+  </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="$(MicrosoftSourceLinkGitHubVersion)" PrivateAssets="All"/>
   </ItemGroup>

build/commonTest.props

@@ -18,11 +18,16 @@
     <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1'">$(DotNetCoreAppRuntimeVersion)</RuntimeFrameworkVersion>
   </PropertyGroup>
 
-  <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'net6.0' ">
+  <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
     <DefineConstants>$(DefineConstants);NET_CORE</DefineConstants>
   </PropertyGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'net6.0'">
+  <PropertyGroup>
+    <NoWarn>$(NoWarn);SYSLIB0050</NoWarn>
+    <NoWarn>$(NoWarn);SYSLIB0051</NoWarn>
+  </PropertyGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
     <PackageReference Include="Microsoft.DotNet.XUnitExtensions" Version="$(MicrosoftDotNetXUnitExtensionsVersion)" />
   </ItemGroup>
 

build/dependencies.props

@@ -3,7 +3,6 @@
     <AspNetCoreMinSupportedVersion>2.1.1</AspNetCoreMinSupportedVersion>
     <MicrosoftAzureKeyVaultVersion>3.0.5</MicrosoftAzureKeyVaultVersion>
     <MicrosoftAzureServicesAppAuthenticationVersion>1.0.3</MicrosoftAzureServicesAppAuthenticationVersion>
-    <MicrosoftCSharpVersion>4.5.0</MicrosoftCSharpVersion>
     <MicrosoftSourceLinkGitHubVersion>1.0.0</MicrosoftSourceLinkGitHubVersion>
     <NetStandardVersion>2.0.3</NetStandardVersion>
     <SystemCollectionsSpecializedVersion>4.3.0</SystemCollectionsSpecializedVersion>
@@ -15,10 +14,19 @@
     <SystemRuntimeSerializationPrimitivesVersion>4.3.0</SystemRuntimeSerializationPrimitivesVersion>
     <SystemRuntimeSerializationXmlVersion>4.3.0</SystemRuntimeSerializationXmlVersion>
     <SystemSecurityClaimsVersion>4.3.0</SystemSecurityClaimsVersion>
-    <SystemSecurityCryptographyCngVersion>4.5.0</SystemSecurityCryptographyCngVersion>
     <SystemTextEncoding>4.3.0</SystemTextEncoding>
     <SystemTextJson>4.7.2</SystemTextJson>
     <SystemTextEncodingsWeb>4.7.2</SystemTextEncodingsWeb>
     <SystemXmlXmlDocumentVersion>4.3.0</SystemXmlXmlDocumentVersion>
   </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <SystemSecurityCryptographyCngVersion>6.0.0-preview.4.21253.7</SystemSecurityCryptographyCngVersion>
+    <MicrosoftCSharpVersion>4.7.0</MicrosoftCSharpVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' != 'net8.0'">
+    <SystemSecurityCryptographyCngVersion>4.5.0</SystemSecurityCryptographyCngVersion>
+    <MicrosoftCSharpVersion>4.5.0</MicrosoftCSharpVersion>
+  </PropertyGroup>
 </Project>

build/targets.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <SrcTargets>net461;net462;net472;netstandard2.0;net6.0</SrcTargets>
+    <SrcTargets>net461;net462;net472;netstandard2.0;net6.0;net8.0</SrcTargets>
     <SrcStandardTargets>netstandard2.0</SrcStandardTargets>
   </PropertyGroup>
 </Project>

build/targetsTest.props

@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <TestTargets>net461;net462;net472;netcoreapp2.1;net6.0</TestTargets>
+    <TestTargets>net461;net462;net472;netcoreapp2.1;net6.0;net8.0</TestTargets>
     <TestOnlyCoreTargets>netcoreapp2.1</TestOnlyCoreTargets>
   </PropertyGroup>
 </Project>

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs

@@ -98,7 +98,7 @@ public bool MapInboundClaims
             }
             set
             {
-                if(!_mapInboundClaims && value && _inboundClaimTypeMap.Count == 0)
+                if (!_mapInboundClaims && value && _inboundClaimTypeMap.Count == 0)
                     _inboundClaimTypeMap = new Dictionary<string, string>(DefaultInboundClaimTypeMap);
                 _mapInboundClaims = value;
             }
@@ -685,7 +685,7 @@ private string CreateTokenPrivate(
                     }
                 }
             }
-            catch(Exception ex)
+            catch (Exception ex)
             {
                 LogHelper.LogExceptionMessage(new SecurityTokenException(LogHelper.FormatInvariant(LogMessages.IDX14307, ex, payload)));
             }
@@ -1069,7 +1069,7 @@ private static string EncryptTokenPrivate(string innerJwt, EncryptingCredentials
                     var rawHeader = Base64UrlEncoder.Encode(Encoding.UTF8.GetBytes(header.ToString(Formatting.None)));
                     var encryptionResult = encryptionProvider.Encrypt(plainText, Encoding.ASCII.GetBytes(rawHeader));
                     return JwtConstants.DirectKeyUseAlg.Equals(encryptingCredentials.Alg) ?
-                        string.Join(".", rawHeader, string.Empty, Base64UrlEncoder.Encode(encryptionResult.IV), Base64UrlEncoder.Encode(encryptionResult.Ciphertext), Base64UrlEncoder.Encode(encryptionResult.AuthenticationTag)):
+                        string.Join(".", rawHeader, string.Empty, Base64UrlEncoder.Encode(encryptionResult.IV), Base64UrlEncoder.Encode(encryptionResult.Ciphertext), Base64UrlEncoder.Encode(encryptionResult.AuthenticationTag)) :
                         string.Join(".", rawHeader, Base64UrlEncoder.Encode(wrappedKey), Base64UrlEncoder.Encode(encryptionResult.IV), Base64UrlEncoder.Encode(encryptionResult.Ciphertext), Base64UrlEncoder.Encode(encryptionResult.AuthenticationTag));
                 }
                 catch (Exception ex)
@@ -1126,16 +1126,16 @@ internal IEnumerable<SecurityKey> GetContentEncryptionKeys(JsonWebToken jwtToken
                 if (key != null)
                 {
                     LogHelper.LogInformation(TokenLogMessages.IDX10904, key);
-                } 
+                }
                 else if (configuration != null)
                 {
                     key = ResolveTokenDecryptionKeyFromConfig(jwtToken, configuration);
-                    if ( key != null )
+                    if (key != null)
                         LogHelper.LogInformation(TokenLogMessages.IDX10905, key);
                 }
-                    
+
                 if (key != null)
-                    keys = new List<SecurityKey> { key };                   
+                    keys = new List<SecurityKey> { key };
             }
 
             // on decryption for ECDH-ES, we get the public key from the EPK value see: https://datatracker.ietf.org/doc/html/rfc7518#appendix-C
@@ -1165,7 +1165,7 @@ internal IEnumerable<SecurityKey> GetContentEncryptionKeys(JsonWebToken jwtToken
             {
                 try
                 {
-#if NET472 || NET6_0
+#if NET472 || NET6_0 || NET8_0
                     if (SupportedAlgorithms.EcdsaWrapAlgorithms.Contains(jwtToken.Alg))
                     {
                         // on decryption we get the public key from the EPK value see: https://datatracker.ietf.org/doc/html/rfc7518#appendix-C

src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs

@@ -316,7 +316,7 @@ internal static SecurityKey GetSecurityKey(
 
                 securityKey = encryptingCredentials.Key;
             }
-#if NET472 || NET6_0
+#if NET472 || NET6_0 || NET8_0
             else if (SupportedAlgorithms.EcdsaWrapAlgorithms.Contains(encryptingCredentials.Alg))
             {
                 // on decryption we get the public key from the EPK value see: https://datatracker.ietf.org/doc/html/rfc7518#appendix-C

src/Microsoft.IdentityModel.JsonWebTokens/Microsoft.IdentityModel.JsonWebTokens.csproj

@@ -27,7 +27,7 @@
     <ProjectReference Include="..\Microsoft.IdentityModel.Tokens\Microsoft.IdentityModel.Tokens.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net461' Or '$(TargetFramework)' == 'net462' Or '$(TargetFramework)' == 'net472' Or '$(TargetFramework)' == 'netstandard2.0' Or '$(TargetFramework)' == 'net6.0'">
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net461' Or '$(TargetFramework)' == 'net462' Or '$(TargetFramework)' == 'net472' Or '$(TargetFramework)' == 'netstandard2.0' Or '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
     <PackageReference Include="System.Text.Encoding" Version="$(SystemTextEncoding)" />
 	<PackageReference Include="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWeb)" />
     <PackageReference Include="System.Text.Json" Version="$(SystemTextJson)" />

src/Microsoft.IdentityModel.KeyVaultExtensions/Microsoft.IdentityModel.KeyVaultExtensions.csproj

@@ -8,7 +8,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <LangVersion>latest</LangVersion>
     <PackageId>Microsoft.IdentityModel.KeyVaultExtensions</PackageId>
-    <TargetFrameworks>netstandard2.0;net6.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net6.0;net8.0</TargetFrameworks>
     <PackageTags>.NET;Windows;Authentication;Identity;Azure;Key;Vault;Extensions</PackageTags>
   </PropertyGroup>
 
@@ -30,4 +30,4 @@
     <ProjectReference Include="..\Microsoft.IdentityModel.Tokens\Microsoft.IdentityModel.Tokens.csproj" />
   </ItemGroup>
 
-</Project>
+</Project>

src/Microsoft.IdentityModel.Logging/IdentityModelTelemetryUtil.cs

@@ -39,6 +39,8 @@ public static class IdentityModelTelemetryUtil
             "ID_NETSTANDARD2_0";
 #elif NET6_0
             "ID_NET6_0";
+#elif NET8_0
+            "ID_NET8_0";
 #endif
 
         /// <summary>

src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/Microsoft.IdentityModel.Protocols.SignedHttpRequest.csproj

@@ -31,13 +31,13 @@
     <Reference Include="System.Net.Http" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net461' Or '$(TargetFramework)' == 'net462' Or '$(TargetFramework)' == 'net472' Or  '$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'net6.0'">
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net461' Or '$(TargetFramework)' == 'net462' Or '$(TargetFramework)' == 'net472' Or  '$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
     <PackageReference Include="System.Text.Encoding" Version="$(SystemTextEncoding)" />
-	<PackageReference Include="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWeb)" />
+    <PackageReference Include="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWeb)" />
     <PackageReference Include="System.Text.Json" Version="$(SystemTextJson)" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'net6.0'">
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
     <PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
   </ItemGroup>
 

src/Microsoft.IdentityModel.Protocols.WsFederation/GlobalSuppressions.cs

@@ -31,7 +31,7 @@
 [assembly: SuppressMessage("Reliability", "CA2000:Dispose objects before losing scope", Justification = "Doesn't own object", Scope = "member", Target = "~M:Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMetadataSerializer.ReadEntityDescriptor(System.Xml.XmlReader)~Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration")]
 
 [assembly: SuppressMessage("Usage", "CA2227:Collection properties should be read only", Justification = "Breaking change", Scope = "member", Target = "~P:Microsoft.IdentityModel.Protocols.WsFederation.SecurityTokenServiceTypeRoleDescriptor.KeyInfos")]
-#if NET6_0
+#if NET6_0 || NET8_0
 [assembly: SuppressMessage("Globalization", "CA1307:Specify StringComparison", Justification = "Adding StringComparison.Ordinal adds a performance penalty.", Scope = "member", Target = "~M:Microsoft.IdentityModel.Protocols.WsFederation.QueryHelper.ParseNullableQuery(System.String)~System.Collections.Generic.IDictionary{System.String,System.Collections.Generic.IList{System.String}}")]
 #endif
 

src/Microsoft.IdentityModel.Protocols.WsFederation/Microsoft.IdentityModel.Protocols.WsFederation.csproj

@@ -28,7 +28,7 @@
     <ProjectReference Include="..\Microsoft.IdentityModel.Xml\Microsoft.IdentityModel.Xml.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'net6.0'">
+  <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
     <PackageReference Include="System.Xml.XmlDocument" Version="$(SystemXmlXmlDocumentVersion)" />
   </ItemGroup>
 

src/Microsoft.IdentityModel.Protocols/GlobalSuppressions.cs

@@ -9,6 +9,6 @@
 [assembly: SuppressMessage("Performance", "CA1819:Properties should not return arrays", Justification = "Previously released as returning an array", Scope = "member", Target = "~P:Microsoft.IdentityModel.Protocols.HttpRequestData.Body")]
 [assembly: SuppressMessage("Usage", "CA2227:Collection properties should be read only", Justification = "Previously released read/write", Scope = "member", Target = "~P:Microsoft.IdentityModel.Protocols.HttpRequestData.Headers")]
 [assembly: SuppressMessage("Usage", "CA2227:Collection properties should be read only", Justification = "Previously released read/write", Scope = "member", Target = "~P:Microsoft.IdentityModel.Protocols.HttpRequestData.PropertyBag")]
-#if NET6_0
+#if NET6_0 || NET8_0
 [assembly: SuppressMessage("Globalization", "CA1307:Specify StringComparison", Justification = "Adding StringComparison.Ordinal adds a performance penalty.", Scope = "member", Target = "~M:Microsoft.IdentityModel.Protocols.AuthenticationProtocolMessage.BuildRedirectUrl~System.String")]
 #endif

src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlSecurityTokenException.cs

@@ -17,15 +17,17 @@ public class SamlSecurityTokenException : SecurityTokenException
         /// </summary>
         public SamlSecurityTokenException()
             : base()
-        {}
+        {
+        }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="SamlSecurityTokenException"/> class.
         /// </summary>
         /// <param name="message">Addtional information to be included in the exception and displayed to user.</param>
         public SamlSecurityTokenException(string message)
             : base(message)
-        {}
+        {
+        }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="SamlSecurityTokenException"/> class.
@@ -34,7 +36,8 @@ public SamlSecurityTokenException(string message)
         /// <param name="innerException">A <see cref="Exception"/> that represents the root cause of the exception.</param>
         public SamlSecurityTokenException(string message, Exception innerException)
             : base(message, innerException)
-        {}
+        {
+        }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="SamlSecurityTokenException"/> class.
@@ -43,6 +46,7 @@ public SamlSecurityTokenException(string message, Exception innerException)
         /// <param name="context">The contextual information about the source or destination.</param>
         protected SamlSecurityTokenException(SerializationInfo info, StreamingContext context)
             : base(info, context)
-        {}
+        {
+        }
     }
 }

src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Exceptions/Saml2SecurityTokenException.cs

@@ -17,15 +17,17 @@ public class Saml2SecurityTokenException : SecurityTokenException
         /// </summary>
         public Saml2SecurityTokenException()
             : base()
-        {}
+        {
+        }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="Saml2SecurityTokenException"/> class.
         /// </summary>
         /// <param name="message">Addtional information to be included in the exception and displayed to user.</param>
         public Saml2SecurityTokenException(string message)
             : base(message)
-        {}
+        {
+        }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="Saml2SecurityTokenException"/> class.
@@ -34,7 +36,8 @@ public Saml2SecurityTokenException(string message)
         /// <param name="innerException">A <see cref="Exception"/> that represents the root cause of the exception.</param>
         public Saml2SecurityTokenException(string message, Exception innerException)
             : base(message, innerException)
-        {}
+        {
+        }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="Saml2SecurityTokenException"/> class.
@@ -43,6 +46,7 @@ public Saml2SecurityTokenException(string message, Exception innerException)
         /// <param name="context">The contextual information about the source or destination.</param>
         protected Saml2SecurityTokenException(SerializationInfo info, StreamingContext context)
             : base(info, context)
-        {}
+        {
+        }
     }
 }

src/Microsoft.IdentityModel.Tokens/AsymmetricAdapter.cs

@@ -9,7 +9,7 @@
 using System.Reflection;
 #endif
 
-#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0
+#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0 || NET8_0
 using System.Security.Cryptography.X509Certificates;
 #endif
 
@@ -215,7 +215,7 @@ private void InitializeUsingRsa(RSA rsa, string algorithm)
             }
 #endif
 
-#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0
+#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0 || NET8_0
             if (algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha256) ||
                 algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha256Signature) ||
                 algorithm.Equals(SecurityAlgorithms.RsaSsaPssSha384) ||
@@ -251,7 +251,7 @@ private void InitializeUsingRsaSecurityKey(RsaSecurityKey rsaSecurityKey, string
             }
             else
             {
-#if NET472 || NET6_0
+#if NET472 || NET6_0 || NET8_0
                 var rsa = RSA.Create(rsaSecurityKey.Parameters);
 #else
                 var rsa = RSA.Create();
@@ -321,7 +321,7 @@ private bool VerifyWithECDsaWithLength(byte[] bytes, int start, int length, byte
         }
 
 #region NET61+ related code
-#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0
+#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0 || NET8_0
 
         // HasAlgorithmName was introduced into Net46
         internal AsymmetricAdapter(SecurityKey key, string algorithm, HashAlgorithm hashAlgorithm, HashAlgorithmName hashAlgorithmName, bool requirePrivateKey)
@@ -387,12 +387,12 @@ private bool VerifyWithRsaCryptoServiceProviderProxy(byte[] bytes, byte[] signat
             return RsaCryptoServiceProviderProxy.VerifyData(bytes, HashAlgorithm, signature);
         }
 
-    #if NET461_OR_GREATER
+#if NET461_OR_GREATER
         private bool VerifyWithRsaCryptoServiceProviderProxyWithLength(byte[] bytes, int offset, int length, byte[] signature)
         {
             return RsaCryptoServiceProviderProxy.VerifyDataWithLength(bytes, offset, length, HashAlgorithm, HashAlgorithmName, signature);
         }
-    #endif
+#endif
 
 #endif
 #endregion

src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs

@@ -162,7 +162,7 @@ private static PrivateKeyStatus FoundPrivateKey(SecurityKey key)
             return PrivateKeyStatus.Unknown;
         }
 
-#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0
+#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0 || NET8_0
         /// <summary>
         /// Creating a Signature requires the use of a <see cref="HashAlgorithm"/>.
         /// This method returns the <see cref="HashAlgorithmName"/>

src/Microsoft.IdentityModel.Tokens/CryptoProviderFactory.cs

@@ -318,7 +318,7 @@ public virtual SignatureProvider CreateForVerifying(SecurityKey key, string algo
             return CreateSignatureProvider(key, algorithm, false, cacheProvider);
         }
 
-#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0
+#if NET461 || NET462 || NET472 || NETSTANDARD2_0 || NET6_0 || NET8_0
         /// <summary>
         /// Creates a <see cref="HashAlgorithm"/> for a specific algorithm.
         /// </summary>
@@ -552,7 +552,7 @@ private SignatureProvider CreateSignatureProvider(SecurityKey key, string algori
                         }
                     }
                 }
-                catch(Exception ex)
+                catch (Exception ex)
                 {
                     throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10694, key, ex), ex));
                 }
@@ -599,7 +599,7 @@ private SignatureProvider CreateSignatureProvider(SecurityKey key, string algori
                 signatureProvider = new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures);
             }
             else
-            { 
+            {
                 signatureProvider = new SymmetricSignatureProvider(key, algorithm, willCreateSignatures);
             }