Update error messages and bring E2E tests for the new validation mode…

…l from the feature branch (#3100)

* Adding end to end tests and doc for the new validation (#3077)

* Adding end to end tests

* Update

(cherry picked from commit 6df18f5)

* Added new error messages for signature validation cases that were not accurately explained in the previous.

* Updated tests failing after error message changes.

---------

Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com>

src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateSignature.cs

@@ -130,7 +130,7 @@ internal static ValidationResult<SecurityKey> ValidateSignature(
                 }
 
                 return new SignatureValidationError(
-                    new MessageDetail(TokenLogMessages.IDX10500),
+                    new MessageDetail(TokenLogMessages.IDX10519),
                     ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenSignatureKeyNotFoundException),
                     ValidationError.GetCurrentStackFrame());
@@ -318,10 +318,8 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
                 else
                     return new SignatureValidationError(
                         new MessageDetail(
-                            TokenLogMessages.IDX10504,
-                            LogHelper.MarkAsSecurityArtifact(
-                                jsonWebToken.EncodedToken,
-                                JwtTokenUtilities.SafeLogJwtToken)),
+                            TokenLogMessages.IDX10520,
+                            LogHelper.MarkAsNonPII(key.ToString())),
                         ValidationFailureType.SignatureValidationFailed,
                         typeof(SecurityTokenInvalidSignatureException),
                         ValidationError.GetCurrentStackFrame());
@@ -332,10 +330,9 @@ private static ValidationResult<SecurityKey> ValidateSignatureWithKey(
             {
                 return new SignatureValidationError(
                     new MessageDetail(
-                        TokenLogMessages.IDX10504,
-                        LogHelper.MarkAsSecurityArtifact(
-                            jsonWebToken.EncodedToken,
-                            JwtTokenUtilities.SafeLogJwtToken)),
+                        TokenLogMessages.IDX10521,
+                        LogHelper.MarkAsNonPII(key.ToString()),
+                        LogHelper.MarkAsNonPII(ex.Message)),
                     ValidationFailureType.SignatureValidationFailed,
                     typeof(SecurityTokenInvalidSignatureException),
                     ValidationError.GetCurrentStackFrame(),

src/Microsoft.IdentityModel.Tokens/LogMessages.cs

@@ -118,6 +118,9 @@ internal static class LogMessages
         //public const string IDX10516 = "IDX10516: Signature validation failed. Unable to match key: \nkid: '{0}'. \nNumber of keys in TokenValidationParameters: '{1}'. \nNumber of keys in Configuration: '{2}'. \nExceptions caught:\n '{3}'. \ntoken: '{4}'. Valid Lifetime: '{5}'. Valid Issuer: '{6}'";
         public const string IDX10517 = "IDX10517: Signature validation failed. The token's kid is missing. Keys tried: '{0}'. Number of keys in TokenValidationParameters: '{1}'. \nNumber of keys in Configuration: '{2}'. \nExceptions caught:\n '{3}'.\ntoken: '{4}'. See https://aka.ms/IDX10503 for details.";
         public const string IDX10518 = "IDX10518: Signature validation failed. Algorithm validation failed with error: '{0}'.";
+        public const string IDX10519 = "IDX10519: Signature validation failed. The token's kid is missing and ValidationParameters.TryAllIssuerSigningKeys is set to false.";
+        public const string IDX10520 = "IDX10520: Signature validation failed. The key provided could not validate the signature. Key tried: '{0}'.";
+        public const string IDX10521 = "IDX10521: Signature validation failed. An exception was thrown when trying to validate the signature. Key tried: '{0}'. Exception: '{1}'.";
 
         // encryption / decryption
         // public const string IDX10600 = "IDX10600:";

src/Microsoft.IdentityModel.Tokens/Validation/AsyncValidate.cd

@@ -1,81 +1,224 @@
 <?xml version="1.0" encoding="utf-8"?>
-<ClassDiagram MajorVersion="1" MinorVersion="1">
-  <Class Name="Microsoft.IdentityModel.Tokens.TokenValidationResult" Collapsed="true">
-    <Position X="7.75" Y="7" Width="3.25" />
+<ClassDiagram MajorVersion="1" MinorVersion="1" MembersFormat="FullSignature">
+  <Class Name="Microsoft.IdentityModel.Tokens.CallContext">
+    <Position X="16" Y="4" Width="3.5" />
+    <InheritanceLine Type="Microsoft.IdentityModel.Logging.LoggerContext" FixedToPoint="true">
+      <Path>
+        <Point X="17.625" Y="3.267" />
+        <Point X="17.625" Y="4" />
+      </Path>
+    </InheritanceLine>
     <TypeIdentifier>
-      <HashCode>ABEAIAABEEAAEAIAAAAAAAABEQAAAEEACABAAAAkIoA=</HashCode>
-      <FileName>Validation\TokenValidationResult.cs</FileName>
+      <HashCode>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
+      <FileName>CallContext.cs</FileName>
     </TypeIdentifier>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.IssuerValidationResult">
-    <Position X="12.5" Y="7" Width="2.25" />
+  <Class Name="Microsoft.IdentityModel.Logging.LoggerContext">
+    <Position X="15.75" Y="0.75" Width="3.75" />
+    <TypeIdentifier />
+  </Class>
+  <Class Name="Microsoft.IdentityModel.Tokens.AlgorithmValidationError">
+    <Position X="5.25" Y="12.75" Width="2.75" />
+    <Members>
+      <Method Name="AlgorithmValidationError" Hidden="true" />
+      <Method Name="GetException" Hidden="true" />
+    </Members>
     <TypeIdentifier>
-      <HashCode>AAEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAA=</HashCode>
-      <FileName>Validation\IssuerValidationResult.cs</FileName>
+      <HashCode>AAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\AlgorithmValidationError.cs</FileName>
     </TypeIdentifier>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.ExceptionDetail">
-    <Position X="6.25" Y="0.5" Width="1.5" />
+  <Class Name="Microsoft.IdentityModel.Tokens.ValidationError">
+    <Position X="9.5" Y="8" Width="6.5" />
+    <Members>
+      <Field Name="_exceptionType" Hidden="true" />
+      <Property Name="CachedStackFrames" Hidden="true" />
+      <Method Name="GetException" Hidden="true" />
+      <Property Name="MessageDetail" Hidden="true" />
+      <Method Name="ValidationError" Hidden="true" />
+    </Members>
+    <NestedTypes>
+      <Class Name="Microsoft.IdentityModel.Tokens.ValidationError.Logger" Collapsed="true">
+        <TypeIdentifier>
+          <NewMemberFileName>Validation\Results\Details\ValidationError.cs</NewMemberFileName>
+        </TypeIdentifier>
+      </Class>
+    </NestedTypes>
     <TypeIdentifier>
-      <HashCode>AAAEAAAAAAAAAAAAAAAAEAAEAAAAAAAAAEAABAAAAAA=</HashCode>
-      <FileName>Validation\ExceptionDetail.cs</FileName>
+      <HashCode>AQAEAAAIAAAAAAACAAAAGAAEAAwAAAAQBEAAJAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\ValidationError.cs</FileName>
     </TypeIdentifier>
-    <ShowAsAssociation>
-      <Property Name="MessageDetail" />
-    </ShowAsAssociation>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.ValidationResult">
-    <Position X="8.5" Y="3.5" Width="3.5" />
+  <Class Name="Microsoft.IdentityModel.Tokens.AudienceValidationError">
+    <Position X="8.25" Y="12.75" Width="3" />
+    <InheritanceLine Type="Microsoft.IdentityModel.Tokens.ValidationError" FixedToPoint="true">
+      <Path>
+        <Point X="12.75" Y="11.353" />
+        <Point X="12.75" Y="12.375" />
+        <Point X="9.75" Y="12.375" />
+        <Point X="9.75" Y="12.75" />
+      </Path>
+    </InheritanceLine>
     <TypeIdentifier>
-      <HashCode>AIAAAAJAAAAAAAAAAAgAIAABAAgAAAAABEBBAAAAAAA=</HashCode>
-      <FileName>Validation\ValidationResult.cs</FileName>
+      <HashCode>AAAEAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAEAA=</HashCode>
+      <FileName>Validation\Results\Details\AudienceValidationError.cs</FileName>
     </TypeIdentifier>
-    <ShowAsAssociation>
-      <Property Name="ExceptionDetail" />
-      <Property Name="CallContext" />
-      <Property Name="ValidationFailureType" />
-    </ShowAsAssociation>
-    <ShowAsCollectionAssociation>
-      <Property Name="LogDetails" />
-    </ShowAsCollectionAssociation>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.LogDetail">
-    <Position X="12" Y="0.5" Width="1.5" />
+  <Class Name="Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError">
+    <Position X="11.5" Y="12.75" Width="3.25" />
     <TypeIdentifier>
-      <HashCode>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAA=</HashCode>
-      <FileName>Validation\LogDetail.cs</FileName>
+      <HashCode>AAAEAAAIAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\IssuerSigningKeyValidationError.cs</FileName>
     </TypeIdentifier>
-    <ShowAsAssociation>
-      <Property Name="MessageDetail" />
-    </ShowAsAssociation>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.ValidationFailureType" Collapsed="true">
-    <Position X="13.5" Y="5.5" Width="2.5" />
-    <Compartments>
-      <Compartment Name="Nested Types" Collapsed="false" />
-    </Compartments>
+  <Class Name="Microsoft.IdentityModel.Tokens.IssuerValidationError">
+    <Position X="15" Y="12.75" Width="2.5" />
     <TypeIdentifier>
-      <HashCode>AAAIAAAAAAAAAAAAAAIAAAQAAABAQAAAAAAAAAAAAAA=</HashCode>
-      <FileName>Validation\ValidationFailureType.cs</FileName>
+      <HashCode>AAAEAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\IssuerValidationError.cs</FileName>
     </TypeIdentifier>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.MessageDetail">
-    <Position X="9.25" Y="0.5" Width="1.5" />
+  <Class Name="Microsoft.IdentityModel.Tokens.LifetimeValidationError">
+    <Position X="17.75" Y="12.75" Width="2.25" />
     <TypeIdentifier>
-      <HashCode>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAEIAAIAAAAAA=</HashCode>
-      <FileName>Validation\MessageDetail.cs</FileName>
+      <HashCode>AAAEAAAAAAAAAIAAAAAAAAAAAAAAAAAAIAAAAAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\LifetimeValidationError.cs</FileName>
     </TypeIdentifier>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.CallContext" Collapsed="true">
-    <Position X="13.5" Y="4.5" Width="1.5" />
+  <Class Name="Microsoft.IdentityModel.Tokens.SignatureValidationError">
+    <Position X="20.25" Y="12.75" Width="2.25" />
     <TypeIdentifier>
-      <HashCode>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
-      <FileName>CallContext.cs</FileName>
+      <HashCode>AAAEAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\SignatureValidationError.cs</FileName>
     </TypeIdentifier>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Logging.LoggerContext" Collapsed="true">
-    <Position X="15.5" Y="4.5" Width="1.5" />
-    <TypeIdentifier />
+  <Class Name="Microsoft.IdentityModel.Tokens.TokenReplayValidationError">
+    <Position X="22.75" Y="12.75" Width="2.75" />
+    <TypeIdentifier>
+      <HashCode>AAAEAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\TokenReplayValidationError.cs</FileName>
+    </TypeIdentifier>
+  </Class>
+  <Class Name="Microsoft.IdentityModel.Tokens.TokenTypeValidationError">
+    <Position X="25.75" Y="12.75" Width="2.25" />
+    <TypeIdentifier>
+      <HashCode>AAAEQAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
+      <FileName>Validation\Results\Details\TokenTypeValidationError.cs</FileName>
+    </TypeIdentifier>
   </Class>
+  <Class Name="Microsoft.IdentityModel.Tokens.ValidatedToken">
+    <Position X="5" Y="16.75" Width="4.25" />
+    <Members>
+      <Field Name="_claims" Hidden="true" />
+      <Field Name="_claimsIdentity" Hidden="true" />
+      <Field Name="_claimsIdentityInitialized" Hidden="true" />
+      <Field Name="_claimsIdentitySyncObj" Hidden="true" />
+      <Property Name="ClaimsIdentitySyncObj" Hidden="true" />
+    </Members>
+    <NestedTypes>
+      <Class Name="Microsoft.IdentityModel.Tokens.ValidatedToken.Logger" Collapsed="true">
+        <TypeIdentifier>
+          <NewMemberFileName>Validation\Results\ValidatedToken.cs</NewMemberFileName>
+        </TypeIdentifier>
+      </Class>
+    </NestedTypes>
+    <AssociationLine Name="ValidatedIssuer" Type="Microsoft.IdentityModel.Tokens.ValidatedIssuer" FixedFromPoint="true" FixedToPoint="true">
+      <Path>
+        <Point X="9.25" Y="17.591" />
+        <Point X="9.625" Y="17.591" />
+        <Point X="9.625" Y="16.062" />
+        <Point X="11" Y="16.062" />
+      </Path>
+    </AssociationLine>
+    <TypeIdentifier>
+      <HashCode>ACAAIAAAAEAAACIIAAAQAAEAARgACEEACIAAACAgQIA=</HashCode>
+      <FileName>Validation\Results\ValidatedToken.cs</FileName>
+    </TypeIdentifier>
+    <ShowAsAssociation>
+      <Property Name="ActorValidationResult" />
+      <Property Name="ValidatedIssuer" />
+      <Property Name="ValidatedLifetime" />
+      <Property Name="ValidatedSigningKeyLifetime" />
+      <Property Name="ValidatedTokenType" />
+    </ShowAsAssociation>
+  </Class>
+  <Struct Name="Microsoft.IdentityModel.Tokens.ValidationResult&lt;TResult&gt;">
+    <Position X="4" Y="8" Width="3.75" />
+    <Members>
+      <Field Name="_error" Hidden="true" />
+      <Field Name="_result" Hidden="true" />
+      <Method Name="implicit operator ValidationResult&lt;TResult&gt;" Hidden="true" />
+      <Method Name="operator !=" Hidden="true" />
+      <Method Name="operator ==" Hidden="true" />
+    </Members>
+    <TypeIdentifier>
+      <HashCode>AAAAAAAAAAAAAQACgAgAAEQBAAACIIAAABAAAAAAAiA=</HashCode>
+      <FileName>Validation\Results\ValidationResult.cs</FileName>
+    </TypeIdentifier>
+    <ShowAsAssociation>
+      <Property Name="Error" />
+    </ShowAsAssociation>
+    <Lollipop Position="0.2" />
+  </Struct>
+  <Struct Name="Microsoft.IdentityModel.Tokens.ValidatedIssuer">
+    <Position X="11" Y="15.75" Width="3.5" />
+    <Members>
+      <Method Name="Equals" Hidden="true" />
+      <Method Name="GetHashCode" Hidden="true" />
+      <Method Name="operator !=" Hidden="true" />
+      <Method Name="operator ==" Hidden="true" />
+      <Method Name="ValidatedIssuer" Hidden="true" />
+    </Members>
+    <TypeIdentifier>
+      <HashCode>AAEAAAAAAAEAAAAAgAAAAAAAAAAAAIAAAAAAAAAAAiA=</HashCode>
+      <FileName>Validation\Results\ValidatedIssuer.cs</FileName>
+    </TypeIdentifier>
+    <Lollipop Position="0.2" />
+  </Struct>
+  <Struct Name="Microsoft.IdentityModel.Tokens.ValidatedLifetime">
+    <Position X="11" Y="20.75" Width="3.75" />
+    <Members>
+      <Method Name="Equals" Hidden="true" />
+      <Method Name="GetHashCode" Hidden="true" />
+      <Method Name="operator !=" Hidden="true" />
+      <Method Name="operator ==" Hidden="true" />
+      <Method Name="ValidatedLifetime" Hidden="true" />
+    </Members>
+    <TypeIdentifier>
+      <HashCode>AAAAAAAAAAAAAIAAgAAAAAAAAAAAAIAAIAAAAAAAAiA=</HashCode>
+      <FileName>Validation\Results\ValidatedLifetime.cs</FileName>
+    </TypeIdentifier>
+    <Lollipop Position="0.2" />
+  </Struct>
+  <Struct Name="Microsoft.IdentityModel.Tokens.ValidatedSigningKeyLifetime">
+    <Position X="11" Y="17.25" Width="3.25" />
+    <Members>
+      <Method Name="Equals" Hidden="true" />
+      <Method Name="GetHashCode" Hidden="true" />
+      <Method Name="operator !=" Hidden="true" />
+      <Method Name="operator ==" Hidden="true" />
+      <Method Name="ValidatedSigningKeyLifetime" Hidden="true" />
+    </Members>
+    <TypeIdentifier>
+      <HashCode>AAAAAAAAAAAAAAAAgAAAAAAAAAgAAKAAACAAAAAAAiA=</HashCode>
+      <FileName>Validation\Results\ValidatedSigningKeyLifetime.cs</FileName>
+    </TypeIdentifier>
+    <Lollipop Position="0.2" />
+  </Struct>
+  <Struct Name="Microsoft.IdentityModel.Tokens.ValidatedTokenType">
+    <Position X="11" Y="19" Width="3.25" />
+    <Members>
+      <Method Name="Equals" Hidden="true" />
+      <Method Name="GetHashCode" Hidden="true" />
+      <Method Name="operator !=" Hidden="true" />
+      <Method Name="operator ==" Hidden="true" />
+      <Method Name="ValidatedTokenType" Hidden="true" />
+    </Members>
+    <TypeIdentifier>
+      <HashCode>AAAAAAAAAAAAAAAAgAAAACAAAAAAAIAAAQAAAAAAAiA=</HashCode>
+      <FileName>Validation\Results\ValidatedTokenType.cs</FileName>
+    </TypeIdentifier>
+    <Lollipop Position="0.2" />
+  </Struct>
   <Font Name="Segoe UI" Size="9" />
 </ClassDiagram>

src/Microsoft.IdentityModel.Tokens/Validation/Exceptions.cd

@@ -3,33 +3,23 @@
   <Class Name="Microsoft.IdentityModel.Tokens.SecurityTokenException">
     <Position X="6.25" Y="1.25" Width="2.5" />
     <TypeIdentifier>
-      <HashCode>AIAAAAAAAgAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
+      <HashCode>AAAAAAAAAoAAAgAAAAQAAAAAAAAAAAAAAEAAAAAAAAA=</HashCode>
       <FileName>Exceptions\SecurityTokenException.cs</FileName>
     </TypeIdentifier>
-    <ShowAsAssociation>
-      <Property Name="ExceptionDetail" />
-    </ShowAsAssociation>
   </Class>
   <Class Name="Microsoft.IdentityModel.Tokens.SecurityTokenValidationException" Collapsed="true">
-    <Position X="6.5" Y="4" Width="2.25" />
+    <Position X="6.25" Y="4.5" Width="2.5" />
     <TypeIdentifier>
       <HashCode>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</HashCode>
       <FileName>Exceptions\SecurityTokenValidationException.cs</FileName>
     </TypeIdentifier>
   </Class>
   <Class Name="Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException">
-    <Position X="6.25" Y="5.25" Width="2.75" />
+    <Position X="6.25" Y="5.75" Width="2.5" />
     <TypeIdentifier>
       <HashCode>AAgAAEAAAAAAAAAAAAACAAAgAAAAAAAAAAAAAAAAAAA=</HashCode>
       <FileName>Exceptions\SecurityTokenInvalidIssuerException.cs</FileName>
     </TypeIdentifier>
   </Class>
-  <Class Name="Microsoft.IdentityModel.Tokens.ExceptionDetail">
-    <Position X="10.25" Y="1.25" Width="1.75" />
-    <TypeIdentifier>
-      <HashCode>AAAEAAAAAAAAAAAAAAAAEAAEAAAAAAAAAEAABAAAAAA=</HashCode>
-      <FileName>Validation\ExceptionDetail.cs</FileName>
-    </TypeIdentifier>
-  </Class>
   <Font Name="Segoe UI" Size="9" />
 </ClassDiagram>