Removed use of Newtonsoft

Replaced JsonDocument.Parse with Utf8JsonReader Standardized roundtrip serialization
AzureAD · Aug 17, 2023 · f5a7cb7 · f5a7cb7
1 parent 7348960
commit f5a7cb7
Show file tree

Hide file tree

Showing 51 changed files with 4,236 additions and 1,470 deletions.
diff --git a/build/common.props b/build/common.props
@@ -48,8 +48,4 @@
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="$(MicrosoftSourceLinkGitHubVersion)" PrivateAssets="All"/>
   </ItemGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Newtonsoft.Json" Version="$(NewtonsoftVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/build/commonTest.props b/build/commonTest.props
@@ -17,6 +17,7 @@
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">$(TestOnlyCoreTargets)</TargetFrameworks>
     <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1'">$(DotNetCoreAppRuntimeVersion)</RuntimeFrameworkVersion>
     <IsPackable>false</IsPackable>
+    <LangVersion>11</LangVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/GlobalSuppressions.cs b/src/Microsoft.IdentityModel.JsonWebTokens/GlobalSuppressions.cs
@@ -34,7 +34,7 @@
 [assembly: SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Exception is written to a string", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateTokenAsync(System.String,Microsoft.IdentityModel.JsonWebTokens.JsonWebToken,System.String,Microsoft.IdentityModel.Tokens.TokenValidationParameters)~System.Threading.Tasks.Task{Microsoft.IdentityModel.Tokens.TokenValidationResult}")]
 [assembly: SuppressMessage("Globalization", "CA1307:Specify StringComparison", Justification = "Vendored component", Scope = "module")]
 [assembly: SuppressMessage("Usage", "CA1801:Review unused parameters", Justification = "It is used within a defined if condition", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.GetSecurityKey(Microsoft.IdentityModel.Tokens.EncryptingCredentials,Microsoft.IdentityModel.Tokens.CryptoProviderFactory,System.Collections.Generic.IDictionary{System.String,System.Object},System.Byte[]@)~Microsoft.IdentityModel.Tokens.SecurityKey")]
-[assembly: SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Exception is written to a string", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateTokenPrivate(System.String,Microsoft.IdentityModel.Tokens.SigningCredentials,Microsoft.IdentityModel.Tokens.EncryptingCredentials,System.String,System.Collections.Generic.IDictionary{System.String,System.Object},System.Collections.Generic.IDictionary{System.String,System.Object},System.String)~System.String")]
+[assembly: SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Exception is written to a string", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateToken(System.String,Microsoft.IdentityModel.Tokens.SigningCredentials,Microsoft.IdentityModel.Tokens.EncryptingCredentials,System.String,System.Collections.Generic.IDictionary{System.String,System.Object},System.Collections.Generic.IDictionary{System.String,System.Object},System.String)~System.String")]
 [assembly: SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Exception is written to a string", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(System.String,Microsoft.IdentityModel.JsonWebTokens.JsonWebToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters,Microsoft.IdentityModel.Tokens.BaseConfiguration)~Microsoft.IdentityModel.JsonWebTokens.JsonWebToken")]
 [assembly: SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "There are additional keys to check, the next one may be successful", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(Microsoft.IdentityModel.JsonWebTokens.JsonWebToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters,Microsoft.IdentityModel.Tokens.BaseConfiguration)~Microsoft.IdentityModel.JsonWebTokens.JsonWebToken")]
 [assembly: SuppressMessage("Design", "CA1031:Do not catch general exception types", Justification = "Exception is written to a string", Scope = "member", Target = "~M:Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.GetContentEncryptionKeys(Microsoft.IdentityModel.JsonWebTokens.JsonWebToken,Microsoft.IdentityModel.Tokens.TokenValidationParameters,Microsoft.IdentityModel.Tokens.BaseConfiguration)~System.Collections.Generic.IEnumerable{Microsoft.IdentityModel.Tokens.SecurityKey}")]
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs b/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonClaimSet.cs
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonClaimValueTypes.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonClaimValueTypes.cs
@@ -1,29 +1,34 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Security.Claims;
+
 namespace Microsoft.IdentityModel.JsonWebTokens
 {
     /// <summary>
-    /// Constants for Json Web tokens.
+    /// Constants that indicate how the <see cref="Claim.Value"/> should be evaluated.
     /// </summary>
     public static class JsonClaimValueTypes
     {
         /// <summary>
-        /// A URI that represents the JSON XML data type.
+        /// A value that indicates the <see cref="Claim.Value"/> is a Json object.
         /// </summary>
-        /// <remarks>When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.</remarks>
+        /// <remarks>When creating a <see cref="Claim"/> from Json to if the value was not a simple type {String, Null, True, False, Number}
+        /// then <see cref="Claim.Value"/> will contain the Json value. If the Json was a JsonObject, the <see cref="Claim.ValueType"/> will be set to "JSON".</remarks>
         public const string Json = "JSON";
 
         /// <summary>
-        /// A URI that represents the JSON array XML data type.
+        /// A value that indicates the <see cref="Claim.Value"/> is a Json object.
         /// </summary>
-        /// <remarks>When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.</remarks>
+        /// <remarks>When creating a <see cref="Claim"/> from Json to if the value was not a simple type {String, Null, True, False, Number}
+        /// then <see cref="Claim.Value"/> will contain the Json value. If the Json was a JsonArray, the <see cref="Claim.ValueType"/> will be set to "JSON_ARRAY".</remarks>
         public const string JsonArray = "JSON_ARRAY";
 
         /// <summary>
-        /// A URI that represents the JSON null data type
+        /// A value that indicates the <see cref="Claim.Value"/> is Json null.
         /// </summary>
-        /// <remarks>When mapping json to .Net Claim(s), we use empty string to represent the claim value and set the ClaimValueType to JsonNull</remarks>
+        /// <remarks>When creating a <see cref="Claim"/> the <see cref="Claim.Value"/> cannot be null. The the Json value was nil, then the <see cref="Claim.Value"/>
+        /// will be set to <see cref="string.Empty"/> and the <see cref="Claim.ValueType"/> will be set to "JSON_NULL".</remarks>
         public const string JsonNull = "JSON_NULL";
     }
 }
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
@@ -5,18 +5,17 @@
 using System.Collections.Generic;
 using System.Security.Claims;
 using System.Text;
-using System.Text.Json;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens;
 
-
 namespace Microsoft.IdentityModel.JsonWebTokens
 {
     /// <summary>
     /// A <see cref="SecurityToken"/> designed for representing a JSON Web Token (JWT). 
     /// </summary>
     public class JsonWebToken : SecurityToken
     {
+        internal object _audienceLock = new();
         private ClaimsIdentity _claimsIdentity;
         private bool _wasClaimsIdentitySet;
 
@@ -428,7 +427,7 @@ private void ReadToken(string encodedJson)
                 IsSigned = !(Dot2 + 1 == encodedJson.Length);
                 try
                 {
-                    Header = new JsonClaimSet(JwtTokenUtilities.GetJsonDocumentFromBase64UrlEncodedString(encodedJson, 0, Dot1));
+                    Header = new JsonClaimSet(JwtTokenUtilities.ParseJsonBytes(encodedJson, 0, Dot1));
                 }
                 catch (Exception ex)
                 {
@@ -437,7 +436,7 @@ private void ReadToken(string encodedJson)
 
                 try
                 {
-                    Payload = new JsonClaimSet(JwtTokenUtilities.GetJsonDocumentFromBase64UrlEncodedString(encodedJson, Dot1 + 1, Dot2 - Dot1 - 1));
+                    Payload = new JsonClaimSet(JwtTokenUtilities.ParseJsonBytes(encodedJson, Dot1 + 1, Dot2 - Dot1 - 1));
                 }
                 catch (Exception ex)
                 {
@@ -613,18 +612,16 @@ public IEnumerable<string> Audiences
             {
                 if (_audiences == null)
                 {
-                    _audiences = new List<string>();
-
-                    if (Payload.TryGetValue(JwtRegisteredClaimNames.Aud, out JsonElement audiences))
+                    lock (_audiences)
                     {
-                        if (audiences.ValueKind == JsonValueKind.String)
+                        if (_audiences == null)
                         {
-                            _audiences.Add(audiences.GetString());
-                        }
-                        else if (audiences.ValueKind == JsonValueKind.Array)
-                        {
-                            foreach (JsonElement jsonElement in audiences.EnumerateArray())
-                                _audiences.Add(jsonElement.ToString());
+                            _audiences = new List<string>();
+                            if (Payload.TryGetValue(JwtRegisteredClaimNames.Aud, out IList<string> audiences))
+                            {
+                                foreach (string str in audiences)
+                                    _audiences.Add(str);
+                            }
                         }
                     }
                 }
@@ -633,11 +630,6 @@ public IEnumerable<string> Audiences
             }
         }
 
-        internal override IEnumerable<Claim> CreateClaims(string issuer)
-        {
-            return Payload.CreateClaims(issuer);
-        }
-
         /// <summary>
         /// Gets a <see cref="IEnumerable{Claim}"/> where each claim in the JWT { name, value } is returned as a <see cref="Claim"/>.
         /// </summary>