Skip to content

Commit

Permalink
Try to resolve signing keys from TVP if configuration is null or does…
Browse files Browse the repository at this point in the history 
… not contain any signing keys.
  • Loading branch information
@bal2 @brentschmaltz
bal2 authored and brentschmaltz committed Dec 2, 2022
1 parent 703b5c3 commit a3fd695
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 14 deletions.
27 changes: 14 additions & 13 deletions src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -441,24 +441,25 @@ private static long ParseTimeValue(JToken jToken, string claimName)
/// <remarks>If key fails to resolve, then null is returned</remarks>
internal static SecurityKey ResolveTokenSigningKey(string kid, string x5t, TokenValidationParameters validationParameters, BaseConfiguration configuration)
{
if (configuration?.SigningKeys == null)
return null;

if (!string.IsNullOrEmpty(kid))
if (configuration?.SigningKeys != null)
{
foreach (SecurityKey signingKey in configuration.SigningKeys)

if (!string.IsNullOrEmpty(kid))
{
if (signingKey != null && string.Equals(signingKey.KeyId, kid, signingKey is X509SecurityKey ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
return signingKey;
foreach (SecurityKey signingKey in configuration.SigningKeys)
{
if (signingKey != null && string.Equals(signingKey.KeyId, kid, signingKey is X509SecurityKey ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
return signingKey;
}
}
}

if (!string.IsNullOrEmpty(x5t))
{
foreach (SecurityKey signingKey in configuration.SigningKeys)
if (!string.IsNullOrEmpty(x5t))
{
if (signingKey != null && string.Equals(signingKey.KeyId, x5t))
return signingKey;
foreach (SecurityKey signingKey in configuration.SigningKeys)
{
if (signingKey != null && string.Equals(signingKey.KeyId, x5t))
return signingKey;
}
}
}

Expand Down
18 changes: 17 additions & 1 deletion test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestDatasets.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ public static List<JwtTheoryData> ValidateJwsWithConfigTheoryData
ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException("IDX10232: ")
},
new JwtTheoryData
{
{
TestId = nameof(Default.AsymmetricJws) + "_TVPInvalid_ConfigValid_SignatureValidatorReturnsNull",
Token = Default.AsymmetricJws,
ValidationParameters = new TokenValidationParameters
Expand Down Expand Up @@ -255,6 +255,22 @@ public static List<JwtTheoryData> ValidateJwsWithConfigTheoryData
},
ExpectedException = ExpectedException.SecurityTokenInvalidIssuerException("IDX40001: "),
},
new JwtTheoryData {
TestId = nameof(Default.AsymmetricJws) + "_TVPValid_ConfigNotSet_TryAllIssuerSigningKeysFalse",
Token = Default.AsymmetricJws,
ValidationParameters = new TokenValidationParameters
{
ConfigurationManager = null,
ValidateIssuerSigningKey = true,
RequireSignedTokens = true,
ValidateIssuer = true,
ValidateAudience = false,
ValidateLifetime = false,
IssuerSigningKey = KeyingMaterial.DefaultX509Key_2048,
ValidIssuer = Default.Issuer,
TryAllIssuerSigningKeys = false
}
},
};
}
}
Expand Down

0 comments on commit a3fd695

Please # to comment.