Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] MSAL sometimes crashes due to GetRSAPublicKey() call #3896

Closed
bgavrilMS opened this issue Jan 11, 2023 · 0 comments · Fixed by #3897
Closed

[Bug] MSAL sometimes crashes due to GetRSAPublicKey() call #3896

bgavrilMS opened this issue Jan 11, 2023 · 0 comments · Fixed by #3897
Assignees
@bgavrilMS
Labels
bug ICM This issue has a corresponding ICM, either for our team or another. P2
Milestone
4.50.0

Comments

@bgavrilMS
Copy link
Member

bgavrilMS commented Jan 11, 2023
edited
Loading

msal 4.48.1
confidential client flow

This bug is based on ICM https://portal.microsofticm.com/imp/v3/incidents/details/359847408/home - a crypto exception occurs in the cert signing logic (see stack trace below).

Suggestion: We should disable the RSA public key size check - the SDK isn't in the business of validating cert size. AAD / app registration is better suited to handle this.

---> Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The RPC call contains a handle that differs from the declared handle type.
at Internal.Cryptography.Helpers.OpenStorageProvider(CngProvider provider)
at System.Security.Cryptography.CngKey.Import(ReadOnlySpan1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at Internal.Cryptography.Pal.X509Pal.DecodePublicKey(Oid oid, Byte[] encodedKeyValue, Byte[] encodedParameters, ICertificatePal certificatePal) at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPublicKey[T](X509Certificate2 certificate, Predicate1 matchesConstraints)
at Microsoft.Identity.Client.PlatformsCommon.Shared.CommonCryptographyManager.SignWithCertificate(String message, X509Certificate2 certificate)
at Microsoft.Identity.Client.Internal.JsonWebToken.Sign(X509Certificate2 certificate, String base64EncodedThumbprint, Boolean sendX5C)
at Microsoft.Identity.Client.Internal.ClientCredential.CertificateAndClaimsClientCredential.AddConfidentialClientParametersAsync(OAuth2Client oAuth2Client, ILoggerAdapter logger, ICryptographyManager cryptographyManager, String clientId, String tokenEndpoint, Boolean sendX5C, CancellationToken cancellationToken)
at Microsoft.Identity.Client.OAuth2.TokenClient.AddBodyParamsAndHeadersAsync(IDictionary2 additionalBodyParameters, String scopes, CancellationToken cancellationToken) at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.FetchNewAccessTokenAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForClientParameters clientParameters, CancellationToken cancellationToken)

The exceptions came from both ADAL and MSAL auth library.
The error usually are shows in a single instance of VM frequently. Potentially could be solved by the VMSS instance restart.
@bgavrilMS bgavrilMS added bug ICM This issue has a corresponding ICM, either for our team or another. P2 labels Jan 11, 2023
@bgavrilMS bgavrilMS self-assigned this Jan 11, 2023
@bgavrilMS bgavrilMS moved this from Triage to In Progress in MSAL Customer Trust / QM Jan 11, 2023
@bgavrilMS bgavrilMS added this to the 4.50.0 milestone Jan 11, 2023
@bgavrilMS bgavrilMS mentioned this issue Jan 11, 2023
Merged
1 task
@github-project-automation github-project-automation bot moved this from In Progress to Fixed in MSAL Customer Trust / QM Jan 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bgavrilMS bgavrilMS

Labels
bug ICM This issue has a corresponding ICM, either for our team or another. P2
Projects
MSAL Customer Trust / QM
Archived in project
Milestone
4.50.0
Development

Successfully merging a pull request may close this issue.

Fix for 3896 - remove min key size check AzureAD/microsoft-authentication-library-for-dotnet
1 participant
@bgavrilMS