Extensibility Testing: Refactor

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs

@@ -50,9 +50,9 @@ internal ValidationResult<string> DecryptToken(
                 StackFrame headerMissingStackFrame = StackFrames.DecryptionHeaderMissing ??= new StackFrame(true);
                 return new ValidationError(
                     new MessageDetail(TokenLogMessages.IDX10612),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenException),
-                    headerMissingStackFrame);
+                    headerMissingStackFrame,
+                    ValidationFailureType.TokenDecryptionFailed);
             }
 
             (IList<SecurityKey>? contentEncryptionKeys, ValidationError? validationError) result =
@@ -71,9 +71,9 @@ internal ValidationResult<string> DecryptToken(
                     new MessageDetail(
                         TokenLogMessages.IDX10609,
                         LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenDecryptionFailedException),
-                    noKeysTriedStackFrame);
+                    noKeysTriedStackFrame,
+                    ValidationFailureType.TokenDecryptionFailed);
             }
 
             return JwtTokenUtilities.DecryptJwtToken(
@@ -218,9 +218,9 @@ internal ValidationResult<string> DecryptToken(
                         keysAttempted?.ToString() ?? "",
                         exceptionStrings?.ToString() ?? "",
                         LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenKeyWrapException),
-                    decryptionKeyUnwrapFailedStackFrame);
+                    decryptionKeyUnwrapFailedStackFrame,
+                    ValidationFailureType.TokenDecryptionFailed);
 
                 return (null, validationError);
             }

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs

@@ -46,9 +46,9 @@ internal static ValidationResult<SecurityToken> ReadToken(
                 StackFrame malformedTokenStackFrame = StackFrames.ReadTokenMalformed ?? new StackFrame(true);
                 return new ValidationError(
                     new MessageDetail(LogMessages.IDX14107),
-                    ValidationFailureType.TokenReadingFailed,
                     typeof(SecurityTokenMalformedException),
                     malformedTokenStackFrame,
+                    ValidationFailureType.TokenReadingFailed,
                     ex);
             }
         }

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs

@@ -55,9 +55,9 @@ internal static ValidationResult<SecurityKey> ValidateSignature(
                         LogHelper.MarkAsSecurityArtifact(
                             jwtToken.EncodedToken,
                             JwtTokenUtilities.SafeLogJwtToken)),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenInvalidSignatureException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.SignatureValidationFailed);
 
             SecurityKey? key = null;
             if (validationParameters.IssuerSigningKeyResolver is not null)
@@ -101,17 +101,17 @@ internal static ValidationResult<SecurityKey> ValidateSignature(
                             LogHelper.MarkAsNonPII(validationParameters.IssuerSigningKeys.Count),
                             LogHelper.MarkAsNonPII(configuration?.SigningKeys.Count ?? 0),
                             LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                        ValidationFailureType.SignatureValidationFailed,
                         typeof(SecurityTokenSignatureKeyNotFoundException),
-                        kidNotMatchedNoTryAllStackFrame);
+                        kidNotMatchedNoTryAllStackFrame,
+                        ValidationFailureType.SignatureValidationFailed);
                 }
 
                 StackFrame noKeysProvidedStackFrame = StackFrames.NoKeysProvided ??= new StackFrame(true);
                 return new ValidationError(
                     new MessageDetail(TokenLogMessages.IDX10500),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenSignatureKeyNotFoundException),
-                    noKeysProvidedStackFrame);
+                    noKeysProvidedStackFrame,
+                    ValidationFailureType.SignatureValidationFailed);
             }
         }
 
@@ -146,9 +146,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureUsingAllKeys(
             if (vpFailedResult is null && configFailedResult is null) // No keys were attempted
                 return new ValidationError(
                     new MessageDetail(TokenLogMessages.IDX10500),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenSignatureKeyNotFoundException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.SignatureValidationFailed);
 
             StringBuilder exceptionStrings = new();
             StringBuilder keysAttempted = new();
@@ -228,9 +228,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
                         TokenLogMessages.IDX10400,
                         LogHelper.MarkAsNonPII(jsonWebToken.Alg),
                         key),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenInvalidAlgorithmException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.SignatureValidationFailed);
             }
 
             ValidationResult<string> result = validationParameters.AlgorithmValidator(
@@ -259,9 +259,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
                         new MessageDetail(
                             TokenLogMessages.IDX10518,
                             result.UnwrapError().MessageDetail.Message),
-                        ValidationFailureType.SignatureAlgorithmValidationFailed,
                         typeof(SecurityTokenInvalidAlgorithmException),
-                        new StackFrame(true));
+                        new StackFrame(true),
+                        ValidationFailureType.SignatureAlgorithmValidationFailed);
                 }
             }
 
@@ -274,9 +274,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
                             TokenLogMessages.IDX10636,
                             key?.ToString() ?? "Null",
                             LogHelper.MarkAsNonPII(jsonWebToken.Alg)),
-                        ValidationFailureType.SignatureValidationFailed,
                         typeof(InvalidOperationException),
-                        new StackFrame(true));
+                        new StackFrame(true),
+                        ValidationFailureType.SignatureValidationFailed);
 
                 bool valid = EncodingUtils.PerformEncodingDependentOperation<bool, string, int, SignatureProvider>(
                     jsonWebToken.EncodedToken,
@@ -297,9 +297,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
                             LogHelper.MarkAsSecurityArtifact(
                                 jsonWebToken.EncodedToken,
                                 JwtTokenUtilities.SafeLogJwtToken)),
-                        ValidationFailureType.SignatureValidationFailed,
                         typeof(SecurityTokenInvalidSignatureException),
-                        new StackFrame(true));
+                        new StackFrame(true),
+                        ValidationFailureType.SignatureValidationFailed);
             }
 #pragma warning disable CA1031 // Do not catch general exception types
             catch (Exception ex)
@@ -311,9 +311,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
                         LogHelper.MarkAsSecurityArtifact(
                             jsonWebToken.EncodedToken,
                             JwtTokenUtilities.SafeLogJwtToken)),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenInvalidSignatureException),
                     new StackFrame(true),
+                    ValidationFailureType.SignatureValidationFailed,
                     ex);
             }
             finally
@@ -352,9 +352,9 @@ private static ValidationError GetSignatureValidationError(
                         LogHelper.MarkAsNonPII(jwtToken.Kid),
                         exceptionStrings.ToString(),
                         LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenSignatureKeyNotFoundException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.SignatureValidationFailed);
             }
 
             if (kidExists)
@@ -367,9 +367,9 @@ private static ValidationError GetSignatureValidationError(
                         LogHelper.MarkAsNonPII(numKeysInConfiguration),
                         exceptionStrings.ToString(),
                         LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenSignatureKeyNotFoundException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.SignatureValidationFailed);
 
             return new ValidationError(
                 new MessageDetail(
@@ -379,9 +379,9 @@ private static ValidationError GetSignatureValidationError(
                     LogHelper.MarkAsNonPII(numKeysInConfiguration),
                     exceptionStrings.ToString(),
                     LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                ValidationFailureType.SignatureValidationFailed,
                 typeof(SecurityTokenSignatureKeyNotFoundException),
-                new StackFrame(true));
+                new StackFrame(true),
+                ValidationFailureType.SignatureValidationFailed);
         }
 
         private static void PopulateFailedResults(

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.Internal.cs

@@ -64,9 +64,9 @@ internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
                             TokenLogMessages.IDX10209,
                             LogHelper.MarkAsNonPII(token.Length),
                             LogHelper.MarkAsNonPII(MaximumTokenSizeInBytes)),
-                        ValidationFailureType.InvalidSecurityToken,
                         typeof(ArgumentException),
-                        invalidTokenLengthStackFrame);
+                        invalidTokenLengthStackFrame,
+                        ValidationFailureType.InvalidSecurityToken);
             }
 
             ValidationResult<SecurityToken> readResult = ReadToken(token, callContext);
@@ -118,9 +118,9 @@ internal async Task<ValidationResult<ValidatedToken>> ValidateTokenAsync(
                 StackFrame notJwtStackFrame = StackFrames.TokenNotJWT ??= new StackFrame(true);
                 return new ValidationError(
                     new MessageDetail(TokenLogMessages.IDX10001, nameof(token), nameof(JsonWebToken)),
-                    ValidationFailureType.InvalidSecurityToken,
                     typeof(ArgumentException),
-                    notJwtStackFrame);
+                    notJwtStackFrame,
+                    ValidationFailureType.InvalidSecurityToken);
             }
 
             BaseConfiguration? currentConfiguration =
@@ -294,10 +294,10 @@ private async ValueTask<ValidationResult<ValidatedToken>> ValidateJWSAsync(
             {
                 return new IssuerValidationError(
                     new MessageDetail(TokenLogMessages.IDX10269),
-                    ValidationFailureType.IssuerValidatorThrew,
                     typeof(SecurityTokenInvalidIssuerException),
                     ValidationError.GetCurrentStackFrame(),
                     jsonWebToken.Issuer,
+                    ValidationFailureType.IssuerValidatorThrew,
                     ex);
             }
 

src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs

@@ -122,9 +122,9 @@ internal static ValidationResult<string> DecryptJwtToken(
             {
                 return new ValidationError(
                     new MessageDetail(TokenLogMessages.IDX10679, zipAlgorithm),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenDecompressionFailedException),
                     new StackFrame(true),
+                    ValidationFailureType.TokenDecryptionFailed,
                     ex);
             }
         }

src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs

@@ -371,26 +371,26 @@ private static ValidationError GetDecryptionError(
                         keysAttempted.ToString(),
                         exceptionStrings?.ToString() ?? string.Empty,
                         LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenDecryptionFailedException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.TokenDecryptionFailed);
             else if (algorithmNotSupportedByCryptoProvider)
                 return new ValidationError(
                     new MessageDetail(
                         TokenLogMessages.IDX10619,
                         LogHelper.MarkAsNonPII(decryptionParameters.Alg),
                         LogHelper.MarkAsNonPII(decryptionParameters.Enc)),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenDecryptionFailedException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.TokenDecryptionFailed);
             else
                 return new ValidationError(
                     new MessageDetail(
                         TokenLogMessages.IDX10609,
                         LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)),
-                    ValidationFailureType.TokenDecryptionFailed,
                     typeof(SecurityTokenDecryptionFailedException),
-                    new StackFrame(true));
+                    new StackFrame(true),
+                    ValidationFailureType.TokenDecryptionFailed);
         }
 
         private static byte[] DecryptToken(CryptoProviderFactory cryptoProviderFactory, SecurityKey key, string encAlg, byte[] ciphertext, byte[] headerAscii, byte[] initializationVector, byte[] authenticationTag)

src/Microsoft.IdentityModel.Tokens.Saml/InternalAPI.Unshipped.txt

@@ -11,14 +11,12 @@ Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidatedConditions
 Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.Saml.SamlSecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
 Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
 Microsoft.IdentityModel.Tokens.Saml.SamlValidationError
-Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail MessageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame) -> void
-Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException) -> void
+Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.SamlValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.StackFrames
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken samlToken, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateTokenAsync(string token, Microsoft.IdentityModel.Tokens.ValidationParameters validationParameters, Microsoft.IdentityModel.Tokens.CallContext callContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<Microsoft.IdentityModel.Tokens.ValidationResult<Microsoft.IdentityModel.Tokens.ValidatedToken>>
 Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError
-Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail MessageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame) -> void
-Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.Exception innerException) -> void
+Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.Saml2ValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationFailureType failureType, System.Exception innerException = null) -> void
 override Microsoft.IdentityModel.Tokens.Saml.SamlValidationError.GetException() -> System.Exception
 override Microsoft.IdentityModel.Tokens.Saml2.Saml2ValidationError.GetException() -> System.Exception
 static Microsoft.IdentityModel.Tokens.Saml.SamlSecurityTokenHandler.StackFrames.IssuerSigningKeyValidationFailed -> System.Diagnostics.StackFrame

src/Microsoft.IdentityModel.Tokens.Saml/Saml/Exceptions/SamlValidationError.cs

@@ -4,11 +4,18 @@
 using System;
 using System.Diagnostics;
 
+#nullable enable
 namespace Microsoft.IdentityModel.Tokens.Saml
 {
     internal class SamlValidationError : ValidationError
     {
-        internal SamlValidationError(MessageDetail messageDetail, ValidationFailureType failureType, Type exceptionType, StackFrame stackFrame, Exception innerException) : base(messageDetail, failureType, exceptionType, stackFrame, innerException)
+        internal SamlValidationError(
+            MessageDetail messageDetail,
+            Type exceptionType,
+            StackFrame stackFrame,
+            ValidationFailureType failureType,
+            Exception? innerException = null)
+            : base(messageDetail, exceptionType, stackFrame, failureType, innerException)
         {
         }
 
@@ -24,3 +31,4 @@ internal override Exception GetException()
         }
     }
 }
+#nullable restore