diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
index 848721d594..8a73af3977 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
@@ -441,24 +441,25 @@ private static long ParseTimeValue(JToken jToken, string claimName)
/// If key fails to resolve, then null is returned
internal static SecurityKey ResolveTokenSigningKey(string kid, string x5t, TokenValidationParameters validationParameters, BaseConfiguration configuration)
{
- if (configuration?.SigningKeys == null)
- return null;
-
- if (!string.IsNullOrEmpty(kid))
+ if (configuration?.SigningKeys != null)
{
- foreach (SecurityKey signingKey in configuration.SigningKeys)
+
+ if (!string.IsNullOrEmpty(kid))
{
- if (signingKey != null && string.Equals(signingKey.KeyId, kid, signingKey is X509SecurityKey ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
- return signingKey;
+ foreach (SecurityKey signingKey in configuration.SigningKeys)
+ {
+ if (signingKey != null && string.Equals(signingKey.KeyId, kid, signingKey is X509SecurityKey ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal))
+ return signingKey;
+ }
}
- }
- if (!string.IsNullOrEmpty(x5t))
- {
- foreach (SecurityKey signingKey in configuration.SigningKeys)
+ if (!string.IsNullOrEmpty(x5t))
{
- if (signingKey != null && string.Equals(signingKey.KeyId, x5t))
- return signingKey;
+ foreach (SecurityKey signingKey in configuration.SigningKeys)
+ {
+ if (signingKey != null && string.Equals(signingKey.KeyId, x5t))
+ return signingKey;
+ }
}
}
diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestDatasets.cs b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestDatasets.cs
index 5d34568775..437c8108ac 100644
--- a/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestDatasets.cs
+++ b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestDatasets.cs
@@ -177,7 +177,7 @@ public static List ValidateJwsWithConfigTheoryData
ExpectedException = ExpectedException.SecurityTokenInvalidSigningKeyException("IDX10232: ")
},
new JwtTheoryData
- {
+ {
TestId = nameof(Default.AsymmetricJws) + "_TVPInvalid_ConfigValid_SignatureValidatorReturnsNull",
Token = Default.AsymmetricJws,
ValidationParameters = new TokenValidationParameters
@@ -255,6 +255,22 @@ public static List ValidateJwsWithConfigTheoryData
},
ExpectedException = ExpectedException.SecurityTokenInvalidIssuerException("IDX40001: "),
},
+ new JwtTheoryData {
+ TestId = nameof(Default.AsymmetricJws) + "_TVPValid_ConfigNotSet_TryAllIssuerSigningKeysFalse",
+ Token = Default.AsymmetricJws,
+ ValidationParameters = new TokenValidationParameters
+ {
+ ConfigurationManager = null,
+ ValidateIssuerSigningKey = true,
+ RequireSignedTokens = true,
+ ValidateIssuer = true,
+ ValidateAudience = false,
+ ValidateLifetime = false,
+ IssuerSigningKey = KeyingMaterial.DefaultX509Key_2048,
+ ValidIssuer = Default.Issuer,
+ TryAllIssuerSigningKeys = false
+ }
+ },
};
}
}