Migrate to IdentityModel 5.2

Author: Tratcher

build/Sakefile.shade

@@ -5,8 +5,8 @@ var SHIP='${Version(4, 0, 0, "alpha1")}'
 var DEV='${Version(0, 31, 0, "pre")}'
 set FINAL_MILESTONE='${false}'
 
-var AZUREAD_JWT_SUFFIX=''
-var AZUREAD_EXT_SUFFIX=''
+var AZUREAD_JWT_SUFFIX='.406020025-pre'
+var AZUREAD_EXT_SUFFIX='.406020025-pre'
 var VERSION='${SHIP.VERSION}'
 var FULL_VERSION='${SHIP.FULL_VERSION}'
 var EULA='https://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm'

src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationExtensions.cs

@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Globalization;
 using System.Linq;
 using Microsoft.Owin.Security.ActiveDirectory;
 using Microsoft.Owin.Security.Jwt;

src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationOptions.cs

@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.OAuth;
 
 namespace Microsoft.Owin.Security.ActiveDirectory

src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.csproj

@@ -40,6 +40,34 @@
     <StartupObject />
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Logging.5.2.0.406020025-pre\lib\net451\Microsoft.IdentityModel.Logging.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Protocols.5.2.0.406020025-pre\lib\net451\Microsoft.IdentityModel.Protocols.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols.WsFederation, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Protocols.WsFederation.5.2.0.406020025-pre\lib\net451\Microsoft.IdentityModel.Protocols.WsFederation.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Tokens.5.2.0.406020025-pre\lib\net451\Microsoft.IdentityModel.Tokens.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens.Saml, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Tokens.Saml.5.2.0.406020025-pre\lib\net451\Microsoft.IdentityModel.Tokens.Saml.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Xml, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Xml.5.2.0.406020025-pre\lib\net451\Microsoft.IdentityModel.Xml.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
@@ -48,9 +76,9 @@
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.4.0.0\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.5.2.0.406020025-pre\lib\net451\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+      <Private>True</Private>
     </Reference>
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.WebRequest" />

src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.nuspec

@@ -21,7 +21,7 @@
       <dependency id="Microsoft.Owin.Security" version="$version$" />
       <dependency id="Microsoft.Owin.Security.OAuth" version="$version$" />
       <dependency id="Microsoft.Owin.Security.Jwt" version="$version$" />
-      <dependency id="System.IdentityModel.Tokens.Jwt" version="4.0.0$azureAdJwtSuffix$" />
+      <dependency id="System.IdentityModel.Tokens.Jwt" version="5.2.0$azureAdJwtSuffix$" />
     </dependencies>
   </metadata>
   <files>

src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationOptions.cs

@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.OAuth;
 
 namespace Microsoft.Owin.Security.ActiveDirectory

src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityTokenProvider.cs

@@ -4,9 +4,9 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
 using System.Net.Http;
 using System.Threading;
+using System.IdentityModel.Tokens;
 using Microsoft.Owin.Security.Jwt;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
@@ -81,6 +81,7 @@ public IEnumerable<SecurityToken> SecurityTokens
             }
         }
 
+        [SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Can't throw exceptions on a background thread.")]
         private void RefreshMetadata()
         {
             if (_syncAfter >= DateTimeOffset.UtcNow)

src/Microsoft.Owin.Security.ActiveDirectory/WsFedMetadataRetriever.cs

@@ -2,15 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.IdentityModel.Metadata;
+using System.Collections.ObjectModel;
 using System.IdentityModel.Tokens;
 using System.IO;
-using System.Linq;
 using System.Net.Http;
-using System.Security.Cryptography.X509Certificates;
-using System.ServiceModel.Security;
 using System.Xml;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
@@ -23,9 +21,6 @@ internal static class WsFedMetadataRetriever
 
         public static IssuerSigningKeys GetSigningKeys(string metadataEndpoint, TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)
         {
-            string issuer = string.Empty;
-            var tokens = new List<X509SecurityToken>();
-
             using (var metadataRequest = new HttpClient(backchannelHttpHandler, false))
             {
                 metadataRequest.Timeout = backchannelTimeout;
@@ -35,32 +30,27 @@ public static IssuerSigningKeys GetSigningKeys(string metadataEndpoint, TimeSpan
                     Stream metadataStream = metadataResponse.Content.ReadAsStreamAsync().Result;
                     using (XmlReader metaDataReader = XmlReader.Create(metadataStream, SafeSettings))
                     {
-                        var serializer = new MetadataSerializer { CertificateValidationMode = X509CertificateValidationMode.None };
+                        var serializer = new WsFederationMetadataSerializer();
+                        var wsFederationConfiguration = serializer.ReadMetadata(metaDataReader);
+                        var x509SecurityTokens = new Collection<X509SecurityToken>();
 
-                        MetadataBase metadata = serializer.ReadMetadata(metaDataReader);
-                        var entityDescriptor = (EntityDescriptor)metadata;
+                        var issuerSigningKeys = new IssuerSigningKeys();
+                        issuerSigningKeys.Issuer = wsFederationConfiguration.Issuer;
 
-                        if (!string.IsNullOrWhiteSpace(entityDescriptor.EntityId.Id))
+                        foreach (var key in wsFederationConfiguration.SigningKeys)
                         {
-                            issuer = entityDescriptor.EntityId.Id;
-                        }
+                            var x509SecurityKey = key as X509SecurityKey;
 
-                        SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First();
-                        if (stsd == null)
-                        {
-                            throw new InvalidOperationException(Properties.Resources.Exception_MissingDescriptor);
+                            if (x509SecurityKey != null)
+                            {
+                                x509SecurityTokens.Add(new X509SecurityToken(x509SecurityKey.Certificate));
+                            }
                         }
 
-                        IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses =
-                            stsd.Keys.Where(key => key.KeyInfo != null
-                                && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified))
-                                    .Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First());
-                        tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
+                        return new IssuerSigningKeys { Issuer = wsFederationConfiguration.Issuer, Tokens = x509SecurityTokens };
                     }
                 }
             }
-
-            return new IssuerSigningKeys { Issuer = issuer, Tokens = tokens };
         }
     }
 }

src/Microsoft.Owin.Security.ActiveDirectory/packages.config

@@ -1,5 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
+  <package id="Microsoft.IdentityModel.Logging" version="5.2.0.406020025-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Protocols" version="5.2.0.406020025-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Protocols.WsFederation" version="5.2.0.406020025-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Tokens" version="5.2.0.406020025-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Tokens.Saml" version="5.2.0.406020025-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Xml" version="5.2.0.406020025-pre" targetFramework="net451" />
+  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net451" />
   <package id="Owin" version="1.0" targetFramework="net45" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.0" targetFramework="net45" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="5.2.0.406020025-pre" targetFramework="net451" />
 </packages>

src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.csproj

@@ -37,9 +37,9 @@
     <DocumentationFile>bin\Release\Microsoft.Owin.Security.Facebook.XML</DocumentationFile>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
     </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>