Restore AOT compatibility for IdentityModel (#2773)

* Enabled AOT compatibility checks at build time. Refactored ExceptionDetail to not rely on reflection. * Added tests
AzureAD · Aug 8, 2024 · d2632a7 · d2632a7
1 parent 15e26cf
commit d2632a7
Show file tree

Hide file tree

Showing 26 changed files with 398 additions and 125 deletions.
diff --git a/build/common.props b/build/common.props
@@ -73,4 +73,8 @@
     </PackageReference>
   </ItemGroup>
 
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <IsAotCompatible>true</IsAotCompatible>
+  </PropertyGroup>
+
 </Project>
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.DecryptToken.cs
@@ -47,7 +47,7 @@ internal TokenDecryptionResult DecryptToken(
                     ValidationFailureType.TokenDecryptionFailed,
                     new ExceptionDetail(
                         new MessageDetail(TokenLogMessages.IDX10612),
-                        typeof(SecurityTokenException),
+                        ExceptionDetail.ExceptionType.SecurityToken,
                         new System.Diagnostics.StackFrame()));
 
             var keysOrExceptionDetail = GetContentEncryptionKeys(jwtToken, validationParameters, configuration, callContext);
@@ -66,7 +66,7 @@ internal TokenDecryptionResult DecryptToken(
                         new MessageDetail(
                             TokenLogMessages.IDX10609,
                             LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)),
-                        typeof(SecurityTokenDecryptionFailedException),
+                        ExceptionDetail.ExceptionType.SecurityTokenDecryptionFailed,
                         new System.Diagnostics.StackFrame()));
 
             return JwtTokenUtilities.DecryptJwtToken(
@@ -202,7 +202,7 @@ internal TokenDecryptionResult DecryptToken(
                         keysAttempted?.ToString() ?? "",
                         exceptionStrings?.ToString() ?? "",
                         LogHelper.MarkAsSecurityArtifact(jwtToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    typeof(SecurityTokenKeyWrapException),
+                    ExceptionDetail.ExceptionType.SecurityTokenKeyWrap,
                     new System.Diagnostics.StackFrame());
                 return (null, exceptionDetail);
             }

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ReadToken.cs
@@ -36,7 +36,7 @@ internal static TokenReadingResult ReadToken(
                         new MessageDetail(
                             TokenLogMessages.IDX10000,
                             LogHelper.MarkAsNonPII(nameof(token))),
-                        typeof(ArgumentNullException),
+                        ExceptionDetail.ExceptionType.ArgumentNull,
                         new System.Diagnostics.StackFrame()));
             }
 
@@ -54,7 +54,7 @@ internal static TokenReadingResult ReadToken(
                     ValidationFailureType.TokenReadingFailed,
                     new ExceptionDetail(
                         new MessageDetail(LogMessages.IDX14107),
-                        ex.GetType(),
+                        ExceptionDetail.ExceptionType.SecurityTokenMalformed,
                         new System.Diagnostics.StackFrame(),
                         ex));
             }

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs
@@ -55,7 +55,7 @@ internal static SignatureValidationResult ValidateSignature(
                                 jwtToken.EncodedToken,
                                 JwtTokenUtilities.SafeLogJwtToken)
                             ),
-                        typeof(SecurityTokenInvalidSignatureException),
+                        ExceptionDetail.ExceptionType.SecurityTokenInvalidSignature,
                         new StackFrame()));
 
             SecurityKey? key = null;
@@ -93,7 +93,7 @@ internal static SignatureValidationResult ValidateSignature(
                     ValidationFailureType.SignatureValidationFailed,
                     new ExceptionDetail(
                         new MessageDetail(TokenLogMessages.IDX10500),
-                        typeof(SecurityTokenSignatureKeyNotFoundException),
+                        ExceptionDetail.ExceptionType.SecurityTokenSignatureKeyNotFound,
                         new StackFrame()));
         }
 
@@ -130,7 +130,7 @@ private static SignatureValidationResult ValidateSignatureUsingAllKeys(
                     ValidationFailureType.SignatureValidationFailed,
                     new ExceptionDetail(
                         new MessageDetail(TokenLogMessages.IDX10500),
-                        typeof(SecurityTokenSignatureKeyNotFoundException),
+                        ExceptionDetail.ExceptionType.SecurityTokenSignatureKeyNotFound,
                         new StackFrame()));
 
             StringBuilder exceptionStrings = new();
@@ -215,7 +215,7 @@ private static SignatureValidationResult ValidateSignatureWithKey(
                             LogMessages.IDX14000,
                             LogHelper.MarkAsNonPII(jsonWebToken.Alg),
                             key),
-                        typeof(SecurityTokenInvalidAlgorithmException),
+                        ExceptionDetail.ExceptionType.SecurityTokenInvalidAlgorithm,
                         new StackFrame()));
             }
 
@@ -240,7 +240,7 @@ private static SignatureValidationResult ValidateSignatureWithKey(
                             new MessageDetail(TokenLogMessages.IDX10636,
                                 key?.ToString() ?? "Null",
                                 LogHelper.MarkAsNonPII(jsonWebToken.Alg)),
-                            typeof(InvalidOperationException),
+                            ExceptionDetail.ExceptionType.InvalidOperation,
                             new StackFrame()));
 
                 bool valid = EncodingUtils.PerformEncodingDependentOperation<bool, string, int, SignatureProvider>(
@@ -260,7 +260,7 @@ private static SignatureValidationResult ValidateSignatureWithKey(
                         ValidationFailureType.SignatureValidationFailed,
                         new ExceptionDetail(
                             new MessageDetail(TokenLogMessages.IDX10504),
-                            typeof(SecurityTokenInvalidSignatureException),
+                            ExceptionDetail.ExceptionType.SecurityTokenInvalidSignature,
                             new StackFrame()));
             }
 #pragma warning disable CA1031 // Do not catch general exception types
@@ -271,7 +271,7 @@ private static SignatureValidationResult ValidateSignatureWithKey(
                     ValidationFailureType.SignatureValidationFailed,
                     new ExceptionDetail(
                         new MessageDetail(TokenLogMessages.IDX10504, ex.ToString()),
-                        ex.GetType(),
+                        ExceptionDetail.ExceptionType.SecurityTokenInvalidSignature,
                         new StackFrame(),
                         ex));
             }
@@ -311,7 +311,7 @@ private static ExceptionDetail GetSignatureValidationFailureExceptionDetails(
                         LogHelper.MarkAsNonPII(jwtToken.Kid),
                         exceptionStrings.ToString(),
                         LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    typeof(SecurityTokenSignatureKeyNotFoundException),
+                    ExceptionDetail.ExceptionType.SecurityTokenSignatureKeyNotFound,
                     new StackFrame());
             }
 
@@ -325,7 +325,7 @@ private static ExceptionDetail GetSignatureValidationFailureExceptionDetails(
                         LogHelper.MarkAsNonPII(numKeysInConfiguration),
                         exceptionStrings.ToString(),
                         LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                    typeof(SecurityTokenSignatureKeyNotFoundException),
+                    ExceptionDetail.ExceptionType.SecurityTokenSignatureKeyNotFound,
                     new StackFrame());
 
             return new ExceptionDetail(
@@ -336,7 +336,7 @@ private static ExceptionDetail GetSignatureValidationFailureExceptionDetails(
                     LogHelper.MarkAsNonPII(numKeysInConfiguration),
                     exceptionStrings.ToString(),
                     LogHelper.MarkAsSecurityArtifact(jwtToken.EncodedToken, JwtTokenUtilities.SafeLogJwtToken)),
-                typeof(SecurityTokenSignatureKeyNotFoundException),
+                ExceptionDetail.ExceptionType.SecurityTokenSignatureKeyNotFound,
                 new StackFrame());
         }
 

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.DecryptTokenResult.cs
@@ -35,7 +35,7 @@ internal static TokenDecryptionResult DecryptJwtToken(
                         new MessageDetail(
                             TokenLogMessages.IDX10000,
                             nameof(validationParameters)),
-                        typeof(ArgumentNullException),
+                        ExceptionDetail.ExceptionType.ArgumentNull,
                         new System.Diagnostics.StackFrame()));
 
             if (decryptionParameters == null)
@@ -46,7 +46,7 @@ internal static TokenDecryptionResult DecryptJwtToken(
                         new MessageDetail(
                             TokenLogMessages.IDX10000,
                             nameof(decryptionParameters)),
-                        typeof(ArgumentNullException),
+                        ExceptionDetail.ExceptionType.ArgumentNull,
                         new System.Diagnostics.StackFrame()));
 
             bool decryptionSucceeded = false;
@@ -142,7 +142,7 @@ internal static TokenDecryptionResult DecryptJwtToken(
                         new MessageDetail(
                             TokenLogMessages.IDX10679,
                             zipAlgorithm),
-                        typeof(SecurityTokenDecompressionFailedException),
+                        ExceptionDetail.ExceptionType.SecurityTokenDecompressionFailed,
                         new StackFrame(),
                         ex));
             }

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JwtTokenUtilities.cs
@@ -367,7 +367,7 @@ private static ExceptionDetail GetDecryptionExceptionDetail(
                         keysAttempted.ToString(),
                         exceptionStrings?.ToString() ?? string.Empty,
                         LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)),
-                    typeof(SecurityTokenDecryptionFailedException),
+                    ExceptionDetail.ExceptionType.SecurityTokenDecryptionFailed,
                     new StackFrame(true),
                     null);
             else if (algorithmNotSupportedByCryptoProvider)
@@ -376,15 +376,15 @@ private static ExceptionDetail GetDecryptionExceptionDetail(
                         TokenLogMessages.IDX10619,
                         LogHelper.MarkAsNonPII(decryptionParameters.Alg),
                         LogHelper.MarkAsNonPII(decryptionParameters.Enc)),
-                    typeof(SecurityTokenDecryptionFailedException),
+                    ExceptionDetail.ExceptionType.SecurityTokenDecryptionFailed,
                     new StackFrame(true),
                     null);
             else
                 return new ExceptionDetail(
                     new MessageDetail(
                         TokenLogMessages.IDX10609,
                         LogHelper.MarkAsSecurityArtifact(decryptionParameters.EncodedToken, SafeLogJwtToken)),
-                    typeof(SecurityTokenDecryptionFailedException),
+                    ExceptionDetail.ExceptionType.SecurityTokenDecryptionFailed,
                     new StackFrame(true),
                     null);
         }

diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/ExceptionDetail.cs b/src/Microsoft.IdentityModel.Tokens/Validation/ExceptionDetail.cs
@@ -19,7 +19,7 @@ internal class ExceptionDetail
         /// <paramref name="messageDetail"/> contains information about the exception that is used to generate the exception message.
         /// <paramref name="exceptionType"/> is the type of exception that occurred.
         /// <paramref name="stackFrame"/> contains information about the stack frame where the exception occurred.
-        public ExceptionDetail(MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame)
+        public ExceptionDetail(MessageDetail messageDetail, ExceptionType exceptionType, StackFrame stackFrame)
             : this(messageDetail, exceptionType, stackFrame, null)
         {
         }
@@ -31,9 +31,9 @@ public ExceptionDetail(MessageDetail messageDetail, Type exceptionType, StackFra
         /// <paramref name="exceptionType"/> is the type of exception that occurred.
         /// <paramref name="stackFrame"/> contains information about the stack frame where the exception occurred.
         /// <paramref name="innerException"/> is the inner exception that occurred.
-        public ExceptionDetail(MessageDetail messageDetail, Type exceptionType, StackFrame stackFrame, Exception innerException)
+        public ExceptionDetail(MessageDetail messageDetail, ExceptionType exceptionType, StackFrame stackFrame, Exception innerException)
         {
-            ExceptionType = exceptionType;
+            Type = exceptionType;
             InnerException = innerException;
             MessageDetail = messageDetail;
             StackFrames.Add(stackFrame);
@@ -43,25 +43,19 @@ public ExceptionDetail(MessageDetail messageDetail, Type exceptionType, StackFra
         /// Creates an instance of an <see cref="Exception"/> using <see cref="ExceptionDetail"/>
         /// </summary>
         /// <returns>An instantance of an Exception.</returns>
-        public Exception GetException()
-        {
-            if (InnerException != null)
-                return Activator.CreateInstance(ExceptionType, MessageDetail.Message, InnerException) as Exception;
-
-            return Activator.CreateInstance(ExceptionType, MessageDetail.Message) as Exception;
-        }
+        public Exception GetException() => ExceptionFromType(Type, InnerException);
 
         internal static ExceptionDetail NullParameter(string parameterName) => new ExceptionDetail(
             new MessageDetail(
                 LogMessages.IDX10000,
                 LogHelper.MarkAsNonPII(parameterName)),
-            typeof(ArgumentNullException),
+            ExceptionType.ArgumentNull,
             new StackFrame());
 
         /// <summary>
         /// Gets the type of exception that occurred.
         /// </summary>
-        public Type ExceptionType { get; }
+        public ExceptionType Type { get; }
 
         /// <summary>
         /// Gets the inner exception that occurred.
@@ -77,5 +71,80 @@ public Exception GetException()
         /// Gets the stack frames where the exception occurred.
         /// </summary>
         public IList<StackFrame> StackFrames { get; } = [];
+
+        public enum ExceptionType
+        {
+            Unknown = -1,
+            ArgumentNull,
+            InvalidOperation,
+            SecurityToken,
+            SecurityTokenDecompressionFailed,
+            SecurityTokenDecryptionFailed,
+            SecurityTokenExpired,
+            SecurityTokenInvalidAudience,
+            SecurityTokenInvalidAlgorithm,
+            SecurityTokenInvalidIssuer,
+            SecurityTokenInvalidLifetime,
+            SecurityTokenInvalidSigningKey,
+            SecurityTokenInvalidSignature,
+            SecurityTokenInvalidType,
+            SecurityTokenKeyWrap,
+            SecurityTokenMalformed,
+            SecurityTokenNoExpiration,
+            SecurityTokenNotYetValid,
+            SecurityTokenReplayDetected,
+            SecurityTokenReplayAddFailed,
+            SecurityTokenSignatureKeyNotFound,
+            ExceptionTypeCount
+        }
+
+        private Exception ExceptionFromType(ExceptionType exceptionType, Exception innerException)
+        {
+            switch (exceptionType)
+            {
+                case ExceptionType.ArgumentNull:
+                    return new ArgumentNullException(MessageDetail.Message, innerException);
+                case ExceptionType.InvalidOperation:
+                    return new InvalidOperationException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityToken:
+                    return new SecurityTokenException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenDecompressionFailed:
+                    return new SecurityTokenDecompressionFailedException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenDecryptionFailed:
+                    return new SecurityTokenDecryptionFailedException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenExpired:
+                    return new SecurityTokenExpiredException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidAudience:
+                    return new SecurityTokenInvalidAudienceException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidAlgorithm:
+                    return new SecurityTokenInvalidAlgorithmException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidIssuer:
+                    return new SecurityTokenInvalidIssuerException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidLifetime:
+                    return new SecurityTokenInvalidLifetimeException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidSignature:
+                    return new SecurityTokenInvalidSignatureException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidSigningKey:
+                    return new SecurityTokenInvalidSigningKeyException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenInvalidType:
+                    return new SecurityTokenInvalidTypeException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenKeyWrap:
+                    return new SecurityTokenKeyWrapException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenMalformed:
+                    return new SecurityTokenMalformedException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenNoExpiration:
+                    return new SecurityTokenNoExpirationException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenNotYetValid:
+                    return new SecurityTokenNotYetValidException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenReplayDetected:
+                    return new SecurityTokenReplayDetectedException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenReplayAddFailed:
+                    return new SecurityTokenReplayAddFailedException(MessageDetail.Message, innerException);
+                case ExceptionType.SecurityTokenSignatureKeyNotFound:
+                    return new SecurityTokenSignatureKeyNotFoundException(MessageDetail.Message, innerException);
+                default:
+                    throw new ArgumentException("Invalid ExceptionType.");
+            }
+        }
     }
 }
diff --git a/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs b/src/Microsoft.IdentityModel.Tokens/Validation/Validators.Algorithm.cs
@@ -54,7 +54,7 @@ internal static AlgorithmValidationResult ValidateAlgorithm(
                         new MessageDetail(
                             LogMessages.IDX10000,
                             LogHelper.MarkAsNonPII(nameof(validationParameters))),
-                        typeof(ArgumentNullException),
+                        ExceptionDetail.ExceptionType.ArgumentNull,
                         new StackFrame(true)));
             }
 
@@ -67,7 +67,7 @@ internal static AlgorithmValidationResult ValidateAlgorithm(
                         new MessageDetail(
                             LogMessages.IDX10696,
                             LogHelper.MarkAsNonPII(algorithm)),
-                        typeof(SecurityTokenInvalidAlgorithmException),
+                        ExceptionDetail.ExceptionType.SecurityTokenInvalidAlgorithm,
                         new StackFrame(true)));
             }