From eb99228ddc313433d4cbc17e047bbc0a835d29b6 Mon Sep 17 00:00:00 2001 From: Roja Ennam Date: Thu, 8 Apr 2021 14:51:58 -0700 Subject: [PATCH] Remove virtual method call from constructor. --- .../AuthenticatedEncryptionProvider.cs | 11 ++++++++-- .../JsonWebTokenHandlerTests.cs | 21 +++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs b/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs index 61cb0e476f..15d598b537 100644 --- a/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs +++ b/src/Microsoft.IdentityModel.Tokens/Encryption/AuthenticatedEncryptionProvider.cs @@ -50,6 +50,7 @@ private struct AuthenticatedKeys private Lazy _authenticatedkeys; private CryptoProviderFactory _cryptoProviderFactory; private bool _disposed; + private Lazy _keySizeIsValid; private string _hmacAlgorithm; private Lazy _symmetricSignatureProvider; private DecryptionDelegate DecryptFunction; @@ -76,7 +77,6 @@ public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) Key = key; Algorithm = algorithm; _cryptoProviderFactory = key.CryptoProviderFactory; - if (SupportedAlgorithms.IsSupportedEncryptionAlgorithm(algorithm, key)) { if (SupportedAlgorithms.IsAesGcm(algorithm)) @@ -96,7 +96,7 @@ public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm) private void InitializeUsingAesGcm() { - ValidateKeySize(Key, Algorithm); + _keySizeIsValid = new Lazy(ValidKeySize); EncryptFunction = EncryptWithAesGcm; DecryptFunction = DecryptWithAesGcm; } @@ -110,6 +110,12 @@ private void InitializeUsingAesCbc() DecryptFunction = DecryptWithAesCbc; } + internal bool ValidKeySize() + { + ValidateKeySize(Key, Algorithm); + return true; + } + private AuthenticatedEncryptionResult EncryptWithAesGcm(byte[] plaintext, byte[] authenticatedData, byte[] iv) { throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10715, Algorithm))); @@ -117,6 +123,7 @@ private AuthenticatedEncryptionResult EncryptWithAesGcm(byte[] plaintext, byte[] private byte[] DecryptWithAesGcm(byte[] ciphertext, byte[] authenticatedData, byte[] iv, byte[] authenticationTag) { + _ = _keySizeIsValid.Value; byte[] clearBytes = new byte[ciphertext.Length]; using (var aes = new AesGcm(GetKeyBytes(Key))) { diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs index 02e1837ede..634f8e3087 100644 --- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs +++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs @@ -317,6 +317,27 @@ public static TheoryData CreateJWEWithAesGcmTheoryData JsonWebTokenHandler = new JsonWebTokenHandler(), JwtSecurityTokenHandler = tokenHandler, ExpectedException = ExpectedException.SecurityTokenEncryptionFailedException("IDX10616:", typeof(NotSupportedException)) + }, + new CreateTokenTheoryData + { + TestId = "AesGcm_InvalidDecryptionKeySize", + TokenDescriptor = new SecurityTokenDescriptor + { + SigningCredentials = KeyingMaterial.JsonWebKeyRsa256SigningCredentials, + EncryptingCredentials = encryptionCredentials, + Subject = new ClaimsIdentity(Default.PayloadClaims), + TokenType = "TokenType" + }, + JsonWebTokenHandler = new JsonWebTokenHandler(), + JwtSecurityTokenHandler = tokenHandler, + ValidationParameters = new TokenValidationParameters + { + IssuerSigningKey = KeyingMaterial.JsonWebKeyRsa256SigningCredentials.Key, + TokenDecryptionKey = KeyingMaterial.DefaultSymmetricSecurityKey_64, + ValidAudience = Default.Audience, + ValidIssuer = Default.Issuer + }, + ExpectedException = ExpectedException.SecurityTokenDecryptionFailedException("IDX10653:") } }; }