From 29fc2041d5d310bb420631f49db64da5b844bfc7 Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Mon, 24 Jun 2024 10:53:35 -0400 Subject: [PATCH] Dispose KeyWrapProvider in JwtSecurityTokenHandler KeyWrapProvider is an IDisposable, so we should dispose it when done using it? This was flagged by a static analysis tool. --- .../JwtSecurityTokenHandler.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs index 9c315c7da6..1b53531017 100644 --- a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs +++ b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs @@ -1867,7 +1867,7 @@ internal IEnumerable GetContentEncryptionKeys(JwtSecurityToken jwtT string apu = jwtToken.Header.GetStandardClaim(JwtHeaderParameterNames.Apu); string apv = jwtToken.Header.GetStandardClaim(JwtHeaderParameterNames.Apv); SecurityKey kdf = ecdhKeyExchangeProvider.GenerateKdf(apu, apv); - var kwp = key.CryptoProviderFactory.CreateKeyWrapProviderForUnwrap(kdf, ecdhKeyExchangeProvider.GetEncryptionAlgorithm()); + using var kwp = key.CryptoProviderFactory.CreateKeyWrapProviderForUnwrap(kdf, ecdhKeyExchangeProvider.GetEncryptionAlgorithm()); var unwrappedKey = kwp.UnwrapKey(Base64UrlEncoder.DecodeBytes(jwtToken.RawEncryptedKey)); unwrappedKeys.Add(new SymmetricSecurityKey(unwrappedKey)); } @@ -1875,7 +1875,7 @@ internal IEnumerable GetContentEncryptionKeys(JwtSecurityToken jwtT #endif if (key.CryptoProviderFactory.IsSupportedAlgorithm(jwtToken.Header.Alg, key)) { - var kwp = key.CryptoProviderFactory.CreateKeyWrapProviderForUnwrap(key, jwtToken.Header.Alg); + using var kwp = key.CryptoProviderFactory.CreateKeyWrapProviderForUnwrap(key, jwtToken.Header.Alg); var unwrappedKey = kwp.UnwrapKey(Base64UrlEncoder.DecodeBytes(jwtToken.RawEncryptedKey)); unwrappedKeys.Add(new SymmetricSecurityKey(unwrappedKey)); }