Skip to content

Commit

Permalink
scrub log messages (#2288)
Browse files Browse the repository at this point in the history 
Co-authored-by: Keegan Caruso <keegancaruso@microsoft.com>
  • Loading branch information
@keegan-caruso
keegan-caruso and Keegan Caruso committed Sep 5, 2023
1 parent 3ef57d9 commit 2cf0feb
Show file tree
Hide file tree
Showing 6 changed files with 48 additions and 48 deletions.
32 changes: 16 additions & 16 deletions src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,11 +437,11 @@ private void ReadToken(string encodedJson)
// JWT must have 2 dots
Dot1 = encodedJson.IndexOf('.');
if (Dot1 == -1 || Dot1 == encodedJson.Length - 1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100));

Dot2 = encodedJson.IndexOf('.', Dot1 + 1);
if (Dot2 == -1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14120, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14120));

if (Dot2 == encodedJson.Length - 1)
Dot3 = -1;
Expand All @@ -468,7 +468,7 @@ private void ReadToken(string encodedJson)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1), encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1)), ex));
}

try
Expand All @@ -483,7 +483,7 @@ private void ReadToken(string encodedJson)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14101, encodedJson.Substring(Dot2, Dot2 - Dot1), encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14101, encodedJson.Substring(Dot2, Dot2 - Dot1)), ex));
}
}
else
Expand All @@ -497,28 +497,28 @@ private void ReadToken(string encodedJson)
Payload = new JsonClaimSet(JsonDocument.Parse("{}"));
#endif
if (Dot3 == encodedJson.Length)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14121, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14121));

Dot4 = encodedJson.IndexOf('.', Dot3 + 1);

// JWE needs to have 4 dots
if (Dot4 == -1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14121, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14121));

// too many dots...
if (encodedJson.IndexOf('.', Dot4 + 1) != -1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14122, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14122));

// must have something after 4th dot
if (Dot4 == encodedJson.Length - 1)
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14310, encodedJson)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14310));

// right number of dots for JWE
_hChars = encodedJson.ToCharArray(0, Dot1);

// header cannot be empty
if (_hChars.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14307, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14307));

HeaderAsciiBytes = Encoding.ASCII.GetBytes(_hChars);
try
Expand All @@ -527,7 +527,7 @@ private void ReadToken(string encodedJson)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1), encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14102, encodedJson.Substring(0, Dot1)), ex));
}

// dir does not have any key bytes
Expand All @@ -544,41 +544,41 @@ private void ReadToken(string encodedJson)

char[] initializationVectorChars = encodedJson.ToCharArray(Dot2 + 1, Dot3 - Dot2 - 1);
if (initializationVectorChars.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14308, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14308));

try
{
InitializationVectorBytes = Base64UrlEncoder.UnsafeDecode(initializationVectorChars);
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14309, encodedJson, encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14309, ex));
}

char[] authTagChars = encodedJson.ToCharArray(Dot4 + 1, encodedJson.Length - Dot4 - 1);
if (authTagChars.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14310, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14310));

try
{
AuthenticationTagBytes = Base64UrlEncoder.UnsafeDecode(authTagChars);
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14311, encodedJson, encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14311, ex));
}

char[] cipherTextBytes = encodedJson.ToCharArray(Dot3 + 1, Dot4 - Dot3 - 1);
if (cipherTextBytes.Length == 0)
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14306, encodedJson)));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14306));

try
{
CipherTextBytes = Base64UrlEncoder.UnsafeDecode(encodedJson.ToCharArray(Dot3 + 1, Dot4 - Dot3 - 1));
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX14312, encodedJson, encodedJson), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14312, ex));
}
}

Expand Down
6 changes: 3 additions & 3 deletions src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,7 +688,7 @@ public virtual string CreateToken(string payload, SigningCredentials signingCred
}
catch(Exception ex)
{
LogHelper.LogExceptionMessage(new SecurityTokenException(LogHelper.FormatInvariant(LogMessages.IDX14307, ex, payload)));
LogHelper.LogExceptionMessage(new SecurityTokenException(LogMessages.IDX14307, ex));
}

payload = jsonPayload != null ? jsonPayload.ToString(Formatting.None) : payload;
Expand Down Expand Up @@ -1370,7 +1370,7 @@ public override async Task<TokenValidationResult> ValidateTokenAsync(SecurityTok

var jwt = token as JsonWebToken;
if (jwt == null)
return new TokenValidationResult { Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, token))), IsValid = false };
return new TokenValidationResult { Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100)), IsValid = false };

try
{
Expand Down Expand Up @@ -1418,7 +1418,7 @@ private static TokenValidationResult ReadToken(string token, TokenValidationPara
{
return new TokenValidationResult
{
Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX14100, LogHelper.MarkAsSecurityArtifact(token, JwtTokenUtilities.SafeLogJwtToken), ex))),
Exception = LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14100, ex)),
IsValid = false
};
}
Expand Down
28 changes: 14 additions & 14 deletions src/Microsoft.IdentityModel.JsonWebTokens/LogMessages.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,23 @@ internal static class LogMessages
internal const string IDX14000 = "IDX14000: Signature validation of this JWT is not supported for: Algorithm: '{0}', SecurityKey: '{1}'.";

// JWT messages
internal const string IDX14100 = "IDX14100: JWT is not well formed: '{0}', there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14101 = "IDX14101: Unable to decode the payload '{0}' as Base64Url encoded string. jwtEncodedString: '{1}'.";
internal const string IDX14102 = "IDX14102: Unable to decode the header '{0}' as Base64Url encoded string. jwtEncodedString: '{1}'.";
internal const string IDX14100 = "IDX14100: JWT is not well formed, there are no dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14101 = "IDX14101: Unable to decode the payload '{0}' as Base64Url encoded string.";
internal const string IDX14102 = "IDX14102: Unable to decode the header '{0}' as Base64Url encoded string.";
internal const string IDX14103 = "IDX14103: Failed to create the token encryption provider.";
//internal const string IDX14105 = "IDX14105:";
// internal const string IDX14106 = "IDX14106:";
internal const string IDX14107 = "IDX14107: Token string does not match the token formats: JWE (header.encryptedKey.iv.ciphertext.tag) or JWS (header.payload.signature)";
//internal const string IDX14111 = "IDX14111: JWT: '{0}' must have three segments (JWS) or five segments (JWE).";
internal const string IDX14112 = "IDX14112: Only a single 'Actor' is supported. Found second claim of type: '{0}', value: '{1}'";
internal const string IDX14112 = "IDX14112: Only a single 'Actor' is supported. Found second claim of type: '{0}'";
internal const string IDX14113 = "IDX14113: A duplicate value for 'SecurityTokenDescriptor.{0}' exists in 'SecurityTokenDescriptor.Claims'. \nThe value of 'SecurityTokenDescriptor.{0}' is used.";
internal const string IDX14114 = "IDX14114: Both '{0}.{1}' and '{0}.{2}' are null or empty.";
// internal const string IDX14115 = "IDX14115:";
internal const string IDX14116 = "IDX14116: '{0}' cannot contain the following claims: '{1}'. These values are added by default (if necessary) during security token creation.";
// number of sections 'dots' is not correct
internal const string IDX14120 = "IDX14120: JWT is not well formed, there is only one dot (.): '{0}'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14121 = "IDX14121: JWT is not a well formed JWE, there are there must be four dots (.): '{0}'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14122 = "IDX14122: JWT is not a well formed JWE, there are more than four dots (.) a JWE can have at most 4 dots: '{0}'.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14120 = "IDX14120: JWT is not well formed, there is only one dot (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14121 = "IDX14121: JWT is not a well formed JWE, there are there must be four dots (.).\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";
internal const string IDX14122 = "IDX14122: JWT is not a well formed JWE, there are more than four dots (.) a JWE can have at most 4 dots.\nThe token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.";

// logging
internal const string IDX14200 = "IDX14200: Creating raw signature using the signature credentials.";
Expand All @@ -47,13 +47,13 @@ internal static class LogMessages
//internal const string IDX14303 = "IDX14303: Claim with name '{0}' does not exist in the header.";
internal const string IDX14304 = "IDX14304: Claim with name '{0}' does not exist in the payload.";
internal const string IDX14305 = "IDX14305: Unable to convert the '{0}' json property to the following type: '{1}'. Property type was: '{2}'. Value: '{3}'.";
internal const string IDX14306 = "IDX14306: JWE Ciphertext cannot be an empty string. jwtEncodedString: '{0}'.";
internal const string IDX14307 = "IDX14307: JWE header is missing. jwtEncodedString: '{0}'.";
internal const string IDX14308 = "IDX14308: JWE initialization vector is missing. jwtEncodedString: '{0}'.";
internal const string IDX14309 = "IDX14309: Unable to decode the initialization vector as Base64Url encoded string. jwtEncodedString: '{0}'.";
internal const string IDX14310 = "IDX14310: JWE authentication tag is missing. jwtEncodedString: '{0}'.";
internal const string IDX14311 = "IDX14311: Unable to decode the authentication tag as a Base64Url encoded string. jwtEncodedString: '{0}'.";
internal const string IDX14312 = "IDX14312: Unable to decode the cipher text as a Base64Url encoded string. jwtEncodedString: '{0}'.";
internal const string IDX14306 = "IDX14306: JWE Ciphertext cannot be an empty string.";
internal const string IDX14307 = "IDX14307: JWE header is missing.";
internal const string IDX14308 = "IDX14308: JWE initialization vector is missing.";
internal const string IDX14309 = "IDX14309: Unable to decode the initialization vector as Base64Url encoded string.";
internal const string IDX14310 = "IDX14310: JWE authentication tag is missing.";
internal const string IDX14311 = "IDX14311: Unable to decode the authentication tag as a Base64Url encoded string.";
internal const string IDX14312 = "IDX14312: Unable to decode the cipher text as a Base64Url encoded string.";

#pragma warning restore 1591
}
Expand Down
10 changes: 5 additions & 5 deletions src/System.IdentityModel.Tokens.Jwt/JwtSecurityToken.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,15 @@ public JwtSecurityToken(string jwtEncodedString)
if (tokenParts.Length == JwtConstants.JwsSegmentCount)
{
if (!JwtTokenUtilities.RegexJws.IsMatch(jwtEncodedString))
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12739, jwtEncodedString)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12739));
}
else if (tokenParts.Length == JwtConstants.JweSegmentCount)
{
if (!JwtTokenUtilities.RegexJwe.IsMatch(jwtEncodedString))
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12740, jwtEncodedString)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12740));
}
else
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogHelper.FormatInvariant(LogMessages.IDX12741, jwtEncodedString)));
throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX12741));

Decode(tokenParts, jwtEncodedString);
}
Expand Down Expand Up @@ -486,7 +486,7 @@ internal void Decode(string[] tokenParts, string rawData)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12729, tokenParts[0], rawData), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12729, tokenParts[0]), ex));
}

if (tokenParts.Length == JwtConstants.JweSegmentCount)
Expand Down Expand Up @@ -514,7 +514,7 @@ private void DecodeJws(string[] tokenParts)
}
catch (Exception ex)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12723, tokenParts[1], RawData), ex));
throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX12723, tokenParts[1]), ex));
}

RawHeader = tokenParts[0];
Expand Down
Loading

0 comments on commit 2cf0feb

Please sign in to comment.