Added stack frames for ReadToken and DecryptToken

AzureAD · Aug 26, 2024 · 9ba4c7b · 9ba4c7b
1 parent f180111
commit 9ba4c7b
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 7 deletions.
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs
@@ -31,34 +31,49 @@ internal Result<string, ExceptionDetail> DecryptToken(
             CallContext? callContext)
         {
             if (jwtToken == null)
+            {
+                StackFrame tokenNullStackFrame = StackFrames.DecryptionTokenNull ??= new StackFrame();
                 return ExceptionDetail.NullParameter(
                     nameof(jwtToken),
-                    new StackFrame(true));
+                    tokenNullStackFrame);
+            }
 
             if (validationParameters == null)
+            {
+                StackFrame validationParametersNullStackFrame = StackFrames.DecryptionValidationParametersNull ??= new StackFrame();
                 return ExceptionDetail.NullParameter(
                     nameof(validationParameters),
-                    new StackFrame(true));
+                    validationParametersNullStackFrame);
+            }
 
             if (string.IsNullOrEmpty(jwtToken.Enc))
+            {
+                StackFrame headerMissingStackFrame = StackFrames.DecryptionHeaderMissing ??= new StackFrame();
                 return new ExceptionDetail(
                     new MessageDetail(TokenLogMessages.IDX10612),
                     ExceptionType.SecurityToken,
-                    new StackFrame(true));
+                    headerMissingStackFrame);
+            }
 
             (IList<SecurityKey>? contentEncryptionKeys, ExceptionDetail? exceptionDetail) result =
                 GetContentEncryptionKeys(jwtToken, validationParameters, configuration, callContext);
 
             if (result.exceptionDetail != null)
-                return result.exceptionDetail;
+            {
+                StackFrame decryptionGetKeysStackFrame = StackFrames.DecryptionGetEncryptionKeys ??= new StackFrame();
+                return result.exceptionDetail.AddStackFrame(decryptionGetKeysStackFrame);
+            }
 
             if (result.contentEncryptionKeys == null)
+            {
+                StackFrame noKeysTriedStackFrame = StackFrames.DecryptionNoKeysTried ??= new StackFrame();
                 return new ExceptionDetail(
                     new MessageDetail(
                         TokenLogMessages.IDX10609,
                         LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)),
                     ExceptionType.SecurityTokenDecryptionFailed,
-                    new StackFrame(true));
+                    noKeysTriedStackFrame);
+            }
 
             return JwtTokenUtilities.DecryptJwtToken(
                 jwtToken,

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs
@@ -28,9 +28,12 @@ internal static Result<SecurityToken, ExceptionDetail> ReadToken(
 #pragma warning disable CA1801 // TODO: remove pragma disable once callContext is used for logging
         {
             if (String.IsNullOrEmpty(token))
+            {
+                StackFrame nullTokenStackFrame = StackFrames.ReadTokenNullOrEmpty ?? new StackFrame(true);
                 return ExceptionDetail.NullParameter(
                     nameof(token),
-                    new StackFrame(true));
+                    nullTokenStackFrame);
+            }
 
             try
             {
@@ -41,10 +44,11 @@ internal static Result<SecurityToken, ExceptionDetail> ReadToken(
             catch (Exception ex)
 #pragma warning restore CA1031 // Do not catch general exception types
             {
+                StackFrame malformedTokenStackFrame = StackFrames.ReadTokenMalformed ?? new StackFrame(true);
                 return new ExceptionDetail(
                     new MessageDetail(LogMessages.IDX14107),
                     ExceptionType.SecurityTokenMalformed,
-                    new StackFrame(true),
+                    malformedTokenStackFrame,
                     ex);
             }
         }

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.StackFrames.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.StackFrames.cs
@@ -39,6 +39,15 @@ internal static class StackFrames
             internal static StackFrame? TypeValidationFailed;
             internal static StackFrame? SignatureValidationFailed;
             internal static StackFrame? IssuerSigningKeyValidationFailed;
+            // DecryptToken
+            internal static StackFrame? DecryptionTokenNull;
+            internal static StackFrame? DecryptionValidationParametersNull;
+            internal static StackFrame? DecryptionHeaderMissing;
+            internal static StackFrame? DecryptionGetEncryptionKeys;
+            internal static StackFrame? DecryptionNoKeysTried;
+            // ReadToken
+            internal static StackFrame? ReadTokenNullOrEmpty;
+            internal static StackFrame? ReadTokenMalformed;
         }
     }
 }