Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scrub log messages #2288

Merged
merged 1 commit into from
Sep 5, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 16 additions & 16 deletions src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
Original file line number Diff line number Diff line change
Expand Up @@ -437,11 +437,11 @@ private void ReadToken(string encodedJson)
// JWT must have 2 dots
Dot1 = encodedJson.IndexOf('.');
if (Dot1 == -1 || Dot1 == encodedJson.Length - 1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100));

Dot2 = encodedJson.IndexOf('.', Dot1 + 1);
if (Dot2 == -1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14120, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14120));

if (Dot2 == encodedJson.Length - 1)
Dot3 = -1;
Expand All @@ -468,7 +468,7 @@ private void ReadToken(string encodedJson)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1), encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1)), ex));
}

try
Expand All @@ -483,7 +483,7 @@ private void ReadToken(string encodedJson)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14101, encodedJson.Substring(Dot2, Dot2 - Dot1), encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14101, encodedJson.Substring(Dot2, Dot2 - Dot1)), ex));
}
}
else
Expand All @@ -497,28 +497,28 @@ private void ReadToken(string encodedJson)
Payload = new JsonClaimSet(JsonDocument.Parse("{}"));
#endif
if (Dot3 == encodedJson.Length)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14121, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14121));

Dot4 = encodedJson.IndexOf('.', Dot3 + 1);

// JWE needs to have 4 dots
if (Dot4 == -1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14121, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14121));

// too many dots...
if (encodedJson.IndexOf('.', Dot4 + 1) != -1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14122, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14122));

// must have something after 4th dot
if (Dot4 == encodedJson.Length - 1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14310, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14310));

// right number of dots for JWE
_hChars = encodedJson.ToCharArray(0, Dot1);

// header cannot be empty
if (_hChars.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14307, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14307));

HeaderAsciiBytes = Encoding.ASCII.GetBytes(_hChars);
try
Expand All @@ -527,7 +527,7 @@ private void ReadToken(string encodedJson)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1), encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1)), ex));
}

// dir does not have any key bytes
Expand All @@ -544,41 +544,41 @@ private void ReadToken(string encodedJson)

char[] initializationVectorChars = encodedJson.ToCharArray(Dot2 + 1, Dot3 - Dot2 - 1);
if (initializationVectorChars.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14308, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14308));

try
{
InitializationVectorBytes = Base64UrlEncoder.UnsafeDecode(initializationVectorChars);
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14309, encodedJson, encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14309, ex));
}

char[] authTagChars = encodedJson.ToCharArray(Dot4 + 1, encodedJson.Length - Dot4 - 1);
if (authTagChars.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14310, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14310));

try
{
AuthenticationTagBytes = Base64UrlEncoder.UnsafeDecode(authTagChars);
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14311, encodedJson, encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14311, ex));
}

char[] cipherTextBytes = encodedJson.ToCharArray(Dot3 + 1, Dot4 - Dot3 - 1);
if (cipherTextBytes.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14306, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14306));

try
{
CipherTextBytes = Base64UrlEncoder.UnsafeDecode(encodedJson.ToCharArray(Dot3 + 1, Dot4 - Dot3 - 1));
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14312, encodedJson, encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14312, ex));
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -688,7 +688,7 @@ private string CreateTokenPrivate(
}
catch(Exception ex)
{
LogHelper.LogExceptionMessage(new SecurityTokenException(LogHelper.FormatInvariant(LogMessages.IDX14307, ex, payload)));
LogHelper.LogExceptionMessage(new SecurityTokenException(LogMessages.IDX14307, ex));
}

payload = jsonPayload != null ? jsonPayload.ToString(Formatting.None) : payload;
Expand Down Expand Up @@ -1370,7 +1370,7 @@ public override async Task<TokenValidationResult> ValidateTokenAsync(SecurityTok

var jwt = token as JsonWebToken;
if (jwt == null)
return new TokenValidationResult { Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, token))), IsValid = false };
return new TokenValidationResult { Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100)), IsValid = false };

try
{
Expand Down Expand Up @@ -1418,7 +1418,7 @@ private static TokenValidationResult ReadToken(string token, TokenValidationPara
{
return new TokenValidationResult
{
Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, LogHelper.MarkAsSecurityArtifact(token, JwtTokenUtilities.SafeLogJwtToken), ex))),
Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100, ex)),
IsValid = false
};
}
Expand Down
28 changes: 14 additions & 14 deletions src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,23 @@ internal static class LogMessages
internal const string IDX14000 = "IDX14000: Signature validation of this JWT is not supported for: Algorithm: '{0}', SecurityKey: '{1}'.";

// JWT messages
internal const string IDX14100 = "IDX14100: JWT is not well formed: '{0}', there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14101 = "IDX14101: Unable to decode the payload '{0}' as Base64Url encoded string. jwtEncodedString: '{1}'.";
internal const string IDX14102 = "IDX14102: Unable to decode the header '{0}' as Base64Url encoded string. jwtEncodedString: '{1}'.";
internal const string IDX14100 = "IDX14100: JWT is not well formed, there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14101 = "IDX14101: Unable to decode the payload '{0}' as Base64Url encoded string.";
internal const string IDX14102 = "IDX14102: Unable to decode the header '{0}' as Base64Url encoded string.";
internal const string IDX14103 = "IDX14103: Failed to create the token encryption provider.";
//internal const string IDX14105 = "IDX14105:";
// internal const string IDX14106 = "IDX14106:";
internal const string IDX14107 = "IDX14107: Token string does not match the token formats: JWE (header.encryptedKey.iv.ciphertext.tag) or JWS (header.payload.signature)";
//internal const string IDX14111 = "IDX14111: JWT: '{0}' must have three segments (JWS) or five segments (JWE).";
internal const string IDX14112 = "IDX14112: Only a single 'Actor' is supported. Found second claim of type: '{0}', value: '{1}'";
internal const string IDX14112 = "IDX14112: Only a single 'Actor' is supported. Found second claim of type: '{0}'";
internal const string IDX14113 = "IDX14113: A duplicate value for 'SecurityTokenDescriptor.{0}' exists in 'SecurityTokenDescriptor.Claims'. \nThe value of 'SecurityTokenDescriptor.{0}' is used.";
internal const string IDX14114 = "IDX14114: Both '{0}.{1}' and '{0}.{2}' are null or empty.";
// internal const string IDX14115 = "IDX14115:";
internal const string IDX14116 = "IDX14116: '{0}' cannot contain the following claims: '{1}'. These values are added by default (if necessary) during security token creation.";
// number of sections 'dots' is not correct
internal const string IDX14120 = "IDX14120: JWT is not well formed, there is only one dot (.): '{0}'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14121 = "IDX14121: JWT is not a well formed JWE, there are there must be four dots (.): '{0}'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14122 = "IDX14122: JWT is not a well formed JWE, there are more than four dots (.) a JWE can have at most 4 dots: '{0}'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14120 = "IDX14120: JWT is not well formed, there is only one dot (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14121 = "IDX14121: JWT is not a well formed JWE, there are there must be four dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14122 = "IDX14122: JWT is not a well formed JWE, there are more than four dots (.) a JWE can have at most 4 dots.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";

// logging
internal const string IDX14200 = "IDX14200: Creating raw signature using the signature credentials.";
Expand All @@ -47,13 +47,13 @@ internal static class LogMessages
//internal const string IDX14303 = "IDX14303: Claim with name '{0}' does not exist in the header.";
internal const string IDX14304 = "IDX14304: Claim with name '{0}' does not exist in the payload.";
internal const string IDX14305 = "IDX14305: Unable to convert the '{0}' json property to the following type: '{1}'. Property type was: '{2}'. Value: '{3}'.";
internal const string IDX14306 = "IDX14306: JWE Ciphertext cannot be an empty string. jwtEncodedString: '{0}'.";
internal const string IDX14307 = "IDX14307: JWE header is missing. jwtEncodedString: '{0}'.";
internal const string IDX14308 = "IDX14308: JWE initialization vector is missing. jwtEncodedString: '{0}'.";
internal const string IDX14309 = "IDX14309: Unable to decode the initialization vector as Base64Url encoded string. jwtEncodedString: '{0}'.";
internal const string IDX14310 = "IDX14310: JWE authentication tag is missing. jwtEncodedString: '{0}'.";
internal const string IDX14311 = "IDX14311: Unable to decode the authentication tag as a Base64Url encoded string. jwtEncodedString: '{0}'.";
internal const string IDX14312 = "IDX14312: Unable to decode the cipher text as a Base64Url encoded string. jwtEncodedString: '{0}'.";
internal const string IDX14306 = "IDX14306: JWE Ciphertext cannot be an empty string.";
internal const string IDX14307 = "IDX14307: JWE header is missing.";
internal const string IDX14308 = "IDX14308: JWE initialization vector is missing.";
internal const string IDX14309 = "IDX14309: Unable to decode the initialization vector as Base64Url encoded string.";
internal const string IDX14310 = "IDX14310: JWE authentication tag is missing.";
internal const string IDX14311 = "IDX14311: Unable to decode the authentication tag as a Base64Url encoded string.";
internal const string IDX14312 = "IDX14312: Unable to decode the cipher text as a Base64Url encoded string.";

#pragma warning restore 1591
}
Expand Down
10 changes: 5 additions & 5 deletions src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,15 @@ public JwtSecurityToken(string jwtEncodedString)
if (tokenParts.Length == JwtConstants.JwsSegmentCount)
{
if (!JwtTokenUtilities.RegexJws.IsMatch(jwtEncodedString))
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12739, jwtEncodedString)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12739));
}
else if (tokenParts.Length == JwtConstants.JweSegmentCount)
{
if (!JwtTokenUtilities.RegexJwe.IsMatch(jwtEncodedString))
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12740, jwtEncodedString)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12740));
}
else
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12741, jwtEncodedString)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12741));

Decode(tokenParts, jwtEncodedString);
}
Expand Down Expand Up @@ -486,7 +486,7 @@ internal void Decode(string[] tokenParts, string rawData)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12729, tokenParts[0], rawData), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12729, tokenParts[0]), ex));
}

if (tokenParts.Length == JwtConstants.JweSegmentCount)
Expand Down Expand Up @@ -514,7 +514,7 @@ private void DecodeJws(string[] tokenParts)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12723, tokenParts[1], RawData), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12723, tokenParts[1]), ex));
}

RawHeader = tokenParts[0];
Expand Down
Loading