reworked error logging

src/Microsoft.Identity.Web.Certificate/CertificateErrorMessage.cs

@@ -16,6 +16,9 @@ internal static class CertificateErrorMessage
         public const string BothClientSecretAndCertificateProvided = "IDW10105: Both client secret and client certificate, " +
                    "cannot be included in the configuration of the web app when calling a web API. ";
         public const string ClientCertificatesHaveExpiredOrCannotBeLoaded = "IDW10109: All client certificates passed to the configuration have expired or can't be loaded. ";
+        public const string CustomProviderNameNullOrEmpty = "IDW10111 The name of the custom signed assertion provider is null or empty.";
+        public const string CustomProviderNotFound = "IDW10112: The custom signed assertion provider with name '{0}' was not found.";
+        public const string CustomProviderSourceLoaderNullOrEmpty = "IDW10113 The dictionary of SourceLoaders for custom signed assertion providers is null or empty.";
 
         // Encoding IDW10600 = "IDW10600:"
         public const string InvalidBase64UrlString = "IDW10601: Invalid Base64URL string. ";

src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoader.CustomSignedAssertion.cs

@@ -0,0 +1,75 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Identity.Abstractions;
+
+
+namespace Microsoft.Identity.Web
+{
+    public partial class DefaultCredentialsLoader
+    {
+        /// <summary>
+        /// Constructor for DefaultCredentialsLoader when using custom signed assertion provider source loaders.
+        /// </summary>
+        /// <param name="logger"></param>
+        /// <param name="customSignedAssertionProviders">Set of custom signed assertion providers.</param>
+        public DefaultCredentialsLoader(ILogger<DefaultCredentialsLoader>? logger, IEnumerable<ICustomSignedAssertionProvider> customSignedAssertionProviders) : this(logger)
+        {
+            var sourceLoaderDict = new Dictionary<string, ICredentialSourceLoader>();
+
+            foreach (var provider in customSignedAssertionProviders)
+            {
+                sourceLoaderDict.Add(provider.Name ?? provider.GetType().FullName!, provider);
+            }
+
+            CustomSignedAssertionCredentialSourceLoaders = sourceLoaderDict;
+        }
+
+        /// <summary>
+        /// Dictionary of custom signed assertion credential source loaders, by name (fully qualified type name).
+        /// </summary>
+        public IDictionary<string, ICredentialSourceLoader>? CustomSignedAssertionCredentialSourceLoaders { get; }
+
+
+        private async Task ProcessCustomSignedAssertionAsync(CredentialDescription credentialDescription, CredentialSourceLoaderParameters? parameters)
+        {
+            // No source loader(s)
+            if (CustomSignedAssertionCredentialSourceLoaders == null || !CustomSignedAssertionCredentialSourceLoaders.Any())
+            {
+                _logger.LogError(CertificateErrorMessage.CustomProviderSourceLoaderNullOrEmpty);
+            }
+
+            // No provider name
+            else if (string.IsNullOrEmpty(credentialDescription.CustomSignedAssertionProviderName))
+            {
+                _logger.LogError(CertificateErrorMessage.CustomProviderNameNullOrEmpty);
+            }
+
+            // No source loader for provider name
+            else if (!CustomSignedAssertionCredentialSourceLoaders!.TryGetValue(credentialDescription.CustomSignedAssertionProviderName!, out ICredentialSourceLoader? sourceLoader))
+            {
+                _logger.LogError(CertificateErrorMessage.CustomProviderNotFound, credentialDescription.CustomSignedAssertionProviderName);
+            }
+
+            // Load the credentials, if there is an error, it is coming from the user's custom extension and should be logged and propagated.
+            else
+            {
+                try
+                {
+                    await sourceLoader.LoadIfNeededAsync(credentialDescription, parameters);
+                }
+                catch (Exception ex)
+                {
+                    Logger.CustomSignedAssertionProviderLoadingFailure(_logger, credentialDescription, ex);
+                    throw;
+                }
+                return;
+            }
+        }
+    }
+}

src/Microsoft.Identity.Web.Certificate/DefaultCredentialsLoader.Logger.cs

@@ -37,7 +37,7 @@ public static void CredentialLoadingFailure(ILogger logger, CredentialDescriptio
             public static void CustomSignedAssertionProviderLoadingFailure(
                 ILogger logger,
                 CredentialDescription cd,
-                CustomSignedAssertionProviderNotFoundException ex
+                Exception ex
                 ) => s_customSignedAssertionProviderLoadingFailure(logger, cd.CustomSignedAssertionProviderName ?? "NameMissing", cd.SourceType.ToString(), cd.Skip, ex);
         }
     }

src/Microsoft.Identity.Web.Certificate/InternalAPI.Unshipped.txt

@@ -1,3 +1,6 @@
+const Microsoft.Identity.Web.CertificateErrorMessage.CustomProviderNameNullOrEmpty = "IDW10111 The name of the custom signed assertion provider is null or empty." -> string!
+const Microsoft.Identity.Web.CertificateErrorMessage.CustomProviderNotFound = "IDW10112: The custom signed assertion provider with name '{0}' was not found." -> string!
+const Microsoft.Identity.Web.CertificateErrorMessage.CustomProviderSourceLoaderNullOrEmpty = "IDW10113 The dictionary of SourceLoaders for custom signed assertion providers is null or empty." -> string!
 Microsoft.Identity.Web.CustomSignedAssertionProviderNotFoundException
 Microsoft.Identity.Web.CustomSignedAssertionProviderNotFoundException.CustomSignedAssertionProviderNotFoundException(string! message) -> void
 static Microsoft.Identity.Web.CustomSignedAssertionProviderNotFoundException.ProviderNameNotFound(string! name) -> Microsoft.Identity.Web.CustomSignedAssertionProviderNotFoundException!

tests/Directory.Build.props

@@ -34,6 +34,7 @@
     <MicrosoftApplicationInsightsEventCounterCollectionVersion>2.22.0</MicrosoftApplicationInsightsEventCounterCollectionVersion>
     <MicrosoftExtensionsCachingStackExchangeRedisVersion>6.0.12</MicrosoftExtensionsCachingStackExchangeRedisVersion>
     <MicrosoftPlaywrightVersion>1.48.0</MicrosoftPlaywrightVersion>
+    <MoqVersion>4.20.72</MoqVersion>
     <StackExchangeRedisVersion>2.2.4</StackExchangeRedisVersion>
     <!--CVE-2021-24112-->
     <SystemDrawingCommonVersion>5.0.3</SystemDrawingCommonVersion>