Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decrypt token: Remove exceptions + use new ValidationParameters #2729

Merged
merged 14 commits into from
Jul 30, 2024
Merged

Decrypt token: Remove exceptions + use new ValidationParameters #2729

merged 14 commits into from
Jul 30, 2024

Conversation

iNinja
Copy link
Contributor

@iNinja iNinja commented Jul 17, 2024

Decrypt token: Remove exceptions + use new ValidationParameters

  • You've read the Contributor Guide and Code of Conduct.
  • You've included unit or integration tests for your change, where applicable.
  • You've included inline docs for your change, where applicable.
  • If any gains or losses in performance are possible, you've included benchmarks for your changes. More info
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Description

  • Added new TokenDecryptingResult
  • Added missing delegate for ValidateAlgorithm
  • Updated ValidationParameters to provide the delegates required for token decryption
  • Refactored DecryptToken method and dependencies to not throw exceptions and return result type.

Raising this as a draft PR to discuss the approach and validate the plan.
I will add tests before making it official.

Part of #2711.

iNinja added 2 commits July 17, 2024 15:45
@iNinja
Updated documentation.
67ad94c
@iNinja
Changing DecryptionToken from property to method to make it easier to…
6b8f348 
… understand its use and potential for exception throwing if used wrong.
@iNinja iNinja marked this pull request as ready for review July 23, 2024 16:56
@iNinja iNinja requested a review from a team as a code owner July 23, 2024 16:56
@iNinja iNinja requested a review from brentschmaltz July 23, 2024 16:56
FuPingFranco
FuPingFranco approved these changes Jul 27, 2024
View reviewed changes
Copy link
Contributor

@FuPingFranco FuPingFranco left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, you'll need to rebase as my changes went it on Friday

@iNinja
Merge branch 'dev' into iinglese/decrypt-token-validation-parameters
c2174b4 
# Conflicts:
#	src/Microsoft.IdentityModel.Tokens/Validation/ValidationParameters.cs
jennyf19
jennyf19 reviewed Jul 29, 2024
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs
/// <param name="decryptionParameters">The decryption parameters container.</param>
/// <param name="callContext">The call context used for logging.</param>
/// <returns>The decrypted, and if the 'zip' claim is set, decompressed string representation of the token.</returns>
internal static TokenDecryptionResult DecryptJwtToken(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: any possibility of splitting this into smaller helper methods?

jennyf19
jennyf19 reviewed Jul 29, 2024
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs
string zipAlgorithm = null;
foreach (SecurityKey key in decryptionParameters.Keys)
{
var cryptoProviderFactory = validationParameters.CryptoProviderFactory ?? key.CryptoProviderFactory;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can the decryption logic be extracted to a helper method?

jennyf19
jennyf19 reviewed Jul 29, 2024
View reviewed changes
src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs
(exceptionStrings ??= new StringBuilder()).AppendLine(ex.ToString());
}

if (key != null)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to implement any key management or caching (not related to the purpose of keysAttempted but more around overall impact on performance.

jennyf19
jennyf19 approved these changes Jul 29, 2024
View reviewed changes
Copy link
Collaborator

@jennyf19 jennyf19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few nits, nothing blocking.
:shipit:

@iNinja iNinja merged commit dd9d145 into dev Jul 30, 2024
6 checks passed
@iNinja iNinja deleted the iinglese/decrypt-token-validation-parameters branch November 15, 2024 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brentschmaltz brentschmaltz brentschmaltz left review comments

@FuPingFranco FuPingFranco FuPingFranco approved these changes

@jennyf19 jennyf19 jennyf19 approved these changes

@GeoK GeoK Awaiting requested review from GeoK

@keegan-caruso keegan-caruso Awaiting requested review from keegan-caruso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@iNinja @brentschmaltz @jennyf19 @FuPingFranco