resolve conflicts

.github/workflows/aot-check.yml

@@ -23,7 +23,7 @@ jobs:
         fetch-depth: 1
 
     - name: Setup .NET 9.0.x
-      uses: actions/setup-dotnet@v4.1.0
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: 9.0.x
 

.github/workflows/codeql-analysis.yml

@@ -26,6 +26,11 @@ jobs:
       with:
         fetch-depth: 2
 
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: 9.0.x        
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

.github/workflows/dotnetcore.yml

@@ -24,27 +24,32 @@ jobs:
   build:
     runs-on: windows-latest
     continue-on-error: false
+
     name: "Build and run unit tests"
     steps:
+    - name: Set git core.longpaths flag
+      run: |
+          git config --system core.longpaths true
+
     - name: Checkout repository
       uses: actions/checkout@v4.1.1
 
     - name: Setup .NET 9.x
-      uses: actions/setup-dotnet@v4.1.0
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: 9.x
 
     - name: Strong name bypass
       run: |
-          regedit /s .\build\strongNameBypass.reg  
+          regedit /s .\build\strongNameBypass.reg
 
     - name: Run the tests
       run: dotnet test Wilson.sln --collect:"XPlat Code Coverage" --settings:./build/CodeCoverage.runsettings
 
     - name: Create code coverage report
       run: |
         dotnet tool install -g dotnet-reportgenerator-globaltool --version 5.4.1
-        reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:CodeCoverage -reporttypes:'MarkdownSummaryGithub;Cobertura'
+        reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:CodeCoverage -reporttypes:'MarkdownSummaryGithub;Cobertura' -filefilters:'+src/**/*.cs'
 
     - name: Write coverage to job summary
       shell: bash

CHANGELOG.md

@@ -1,5 +1,55 @@
 See the [releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases) for details on bug fixes and added features.
 
+8.3.0
+=====
+
+## New features
+
+### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)
+* SAML and SAML2 new model validation: Token Replay. See [#2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)
+* Extensibility tests: Token Type - JWT ([#3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))
+* Avoid code duplication in extensibility testing. See [#3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)
+* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011
+* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044
+
+## Bug fixes
+* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042
+* Fixed SignedHttpRequest flaky test. See [#3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)
+
+## Fundamentals
+* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018
+* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009
+* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045
+* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046
+* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010
+* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048
+* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049
+* Stack parameters to improve reading of code. by @brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031
+
+## New Contributors
+* @ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042
+
+8.2.1
+=====
+### New features
+- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).
+
+### Bug fixes
+- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).
+- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).
+
+### Fundamentals
+- Streamline token creation by using `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).
+- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).
+
+### Work related to redesign of IdentityModel's token validation logic [#2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)
+- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).
+- Implement new model for reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).
+- Implement new model for validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).
+- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).
+- Switch to new validation model for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).
+- Switch to new validation model for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).
+
 8.2.0
 =====
 ### Fundamentals

PerfAndStress.slnf

@@ -0,0 +1,20 @@
+{
+  "solution": {
+    "path": "Wilson.sln",
+    "projects": [
+      "src\\Microsoft.IdentityModel.Protocols\\Microsoft.IdentityModel.Protocols.csproj",
+      "src\\Microsoft.IdentityModel.Tokens\\Microsoft.IdentityModel.Tokens.csproj",
+      "src\\System.IdentityModel.Tokens.Jwt\\System.IdentityModel.Tokens.Jwt.csproj",
+      "src\\Microsoft.IdentityModel.Protocols.WsFederation\\Microsoft.IdentityModel.Protocols.WsFederation.csproj",
+      "src\\Microsoft.IdentityModel.Protocols.OpenIdConnect\\Microsoft.IdentityModel.Protocols.OpenIdConnect.csproj",
+      "src\\Microsoft.IdentityModel.Tokens.Saml\\Microsoft.IdentityModel.Tokens.Saml.csproj",
+      "src\\Microsoft.IdentityModel.Xml\\Microsoft.IdentityModel.Xml.csproj",
+      "src\\Microsoft.IdentityModel.Logging\\Microsoft.IdentityModel.Logging.csproj",
+      "src\\Microsoft.IdentityModel.JsonWebTokens\\Microsoft.IdentityModel.JsonWebTokens.csproj",
+      "src\\Microsoft.IdentityModel.Protocols.SignedHttpRequest\\Microsoft.IdentityModel.Protocols.SignedHttpRequest.csproj",
+      "src\\Microsoft.IdentityModel.Validators\\Microsoft.IdentityModel.Validators.csproj",
+      "src\\Microsoft.IdentityModel.Abstractions\\Microsoft.IdentityModel.Abstractions.csproj",
+      "src\\Microsoft.IdentityModel.LoggingExtensions\\Microsoft.IdentityModel.LoggingExtensions.csproj"
+    ]
+  }
+}

Wilson.sln

@@ -92,8 +92,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.IdentityModel.Abs
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.IdentityModel.AotCompatibility.TestApp", "test\Microsoft.IdentityModel.AotCompatibility.TestApp\Microsoft.IdentityModel.AotCompatibility.TestApp.csproj", "{8105289F-3D54-4054-9738-5985F3B6CF2C}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.IdentityModel.AotCompatibility.Tests", "test\Microsoft.IdentityModel.AotCompatibility.Tests\Microsoft.IdentityModel.AotCompatibility.Tests.csproj", "{CD0EEF56-7221-4420-8181-48EE82E91306}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.IdentityModel.Benchmarks", "benchmark\Microsoft.IdentityModel.Benchmarks\Microsoft.IdentityModel.Benchmarks.csproj", "{F1BB31E4-8865-4425-8BD4-94F1815C16E0}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{BC99A01F-1C6E-4994-8991-4919A9B096E1}"
@@ -225,10 +223,6 @@ Global
 		{8105289F-3D54-4054-9738-5985F3B6CF2C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8105289F-3D54-4054-9738-5985F3B6CF2C}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8105289F-3D54-4054-9738-5985F3B6CF2C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{CD0EEF56-7221-4420-8181-48EE82E91306}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{CD0EEF56-7221-4420-8181-48EE82E91306}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{CD0EEF56-7221-4420-8181-48EE82E91306}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{CD0EEF56-7221-4420-8181-48EE82E91306}.Release|Any CPU.Build.0 = Release|Any CPU
 		{F1BB31E4-8865-4425-8BD4-94F1815C16E0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{F1BB31E4-8865-4425-8BD4-94F1815C16E0}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{F1BB31E4-8865-4425-8BD4-94F1815C16E0}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -267,7 +261,6 @@ Global
 		{C1F5A997-FAA9-45E5-8D28-D4E92D4A034D} = {EB14B99B-2255-45BC-BF14-E488DCD4A4BA}
 		{EF9A4431-6D2C-4DD1-BF6B-6F2CC619DEE1} = {8905D2E3-4499-4A86-BF3E-F098F228DD59}
 		{8105289F-3D54-4054-9738-5985F3B6CF2C} = {8905D2E3-4499-4A86-BF3E-F098F228DD59}
-		{CD0EEF56-7221-4420-8181-48EE82E91306} = {8905D2E3-4499-4A86-BF3E-F098F228DD59}
 		{F1BB31E4-8865-4425-8BD4-94F1815C16E0} = {2F79F3C4-F4E3-46DD-8B34-8EF403A6F7F5}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution

build/dependencies.props

@@ -13,4 +13,29 @@
     <SystemTextJson>8.0.5</SystemTextJson>
   </PropertyGroup>
 
+
+<PropertyGroup Condition="'$(TargetFramework)' == 'net9.0'">
+    <MicrosoftExtensionsLoggingAbstractionsVersion>9.0.0</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <MicrosoftExtensionsLoggingAbstractionsVersion>8.0.0</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net7.0'">
+    <MicrosoftExtensionsLoggingAbstractionsVersion>7.0.0</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0'">
+    <MicrosoftExtensionsLoggingAbstractionsVersion>6.0.0</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net462'">   
+    <MicrosoftExtensionsLoggingAbstractionsVersion>6.0.0</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)' == 'netstandard2.0' Or '$(TargetFramework)' == 'net472'">
+    <MicrosoftExtensionsLoggingAbstractionsVersion>2.1.0</MicrosoftExtensionsLoggingAbstractionsVersion>
+  </PropertyGroup>
+
 </Project>

build/template-Build-run-tests-sign.yml

@@ -53,7 +53,10 @@ steps:
         dotnet nuget add source https://identitydivision.pkgs.visualstudio.com/_packaging/IDDP/nuget/v3/index.json -n IDDP
         dotnet nuget list source
     }
+  workingDirectory: '$(Build.SourcesDirectory)\$(WilsonSourceDirectory)'
   displayName: 'Remove external "NuGet" Source and add "IDDP artifacts" as a NuGet Source, if needed.'
+  env:
+    DOTNET_NOLOGO: 1
 
 - task: DotNetCoreCLI@2
   displayName: Build
@@ -209,6 +212,13 @@ steps:
     PathtoPublish: '$(Build.SourcesDirectory)\artifacts'
     ArtifactName: '$(Build.BuildNumber)-nuget-package'
 
+- task: BuildQualityChecks@9
+  displayName: 'Check Warnings'
+  inputs:
+    checkWarnings: true
+    warningFailOption: 'build'
+    showStatistics: true
+
 - task: mspremier.PostBuildCleanup.PostBuildCleanup-task.PostBuildCleanup@3
   displayName: 'Clean Agent Directories'
   condition: and(succeeded(), eq(variables['PipelineType'], 'legacy'))

build/version.props

@@ -2,7 +2,7 @@
 <Project>
 <!-- MicrosoftIdentityModelVersion  -->
   <PropertyGroup>
-    <MicrosoftIdentityModelCurrentVersion>8.2.1</MicrosoftIdentityModelCurrentVersion>
+    <MicrosoftIdentityModelCurrentVersion>8.3.1</MicrosoftIdentityModelCurrentVersion>
 
     <PreviewVersionSuffix Condition="'$(PreviewVersionSuffix)' == '' and '$(BuildingInsideVisualStudio)' != 'true'">preview-$([System.DateTime]::Now.AddYears(-2019).Year)$([System.DateTime]::Now.ToString("MMddHHmmss"))</PreviewVersionSuffix>
     <!--VS re-evaluates the variables, so having seconds or minutes creates an infinite loop of package updates-->

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs

@@ -19,9 +19,6 @@ public partial class JsonWebToken : SecurityToken
     {
         internal const string ClassName = "Microsoft.IdentityModel.JsonWebTokens.JsonWebToken";
 
-        private ClaimsIdentity _claimsIdentity;
-        private bool _wasClaimsIdentitySet;
-
         private string _act;
         private string _authenticationTag;
         private string _ciphertext;
@@ -629,61 +626,6 @@ public Claim GetClaim(string key)
         /// </summary>
         internal IReadOnlyCollection<string> PayloadClaimNames => Payload._jsonClaims.Keys;
 
-        internal ClaimsIdentity ClaimsIdentity
-        {
-            get
-            {
-                if (!_wasClaimsIdentitySet)
-                {
-                    _wasClaimsIdentitySet = true;
-                    string actualIssuer = ActualIssuer ?? Issuer;
-
-                    foreach (Claim claim in Claims)
-                    {
-                        string claimType = claim.Type;
-                        if (claimType == ClaimTypes.Actor)
-                        {
-                            if (_claimsIdentity.Actor != null)
-                                throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX14112, LogHelper.MarkAsNonPII(JwtRegisteredClaimNames.Actort), claim.Value)));
-
-#pragma warning disable CA1031 // Do not catch general exception types
-                            try
-                            {
-                                JsonWebToken actorToken = new JsonWebToken(claim.Value);
-                                _claimsIdentity.Actor = ActorClaimsIdentity;
-                            }
-                            catch
-                            {
-
-                            }
-#pragma warning restore CA1031 // Do not catch general exception types
-                        }
-
-                        if (claim.Properties.Count == 0)
-                        {
-                            _claimsIdentity.AddClaim(new Claim(claimType, claim.Value, claim.ValueType, actualIssuer, actualIssuer, _claimsIdentity));
-                        }
-                        else
-                        {
-                            Claim newClaim = new Claim(claimType, claim.Value, claim.ValueType, actualIssuer, actualIssuer, _claimsIdentity);
-
-                            foreach (var kv in claim.Properties)
-                                newClaim.Properties[kv.Key] = kv.Value;
-
-                            _claimsIdentity.AddClaim(newClaim);
-                        }
-                    }
-                }
-
-                return _claimsIdentity;
-            }
-
-            set
-            {
-                _claimsIdentity = value;
-            }
-        }
-
         /// <summary>
         /// Try to get a <see cref="Claim"/> representing the { key, 'value' } pair corresponding to the provided <paramref name="key"/>.
         /// The value is obtained from the Payload.