From 055721dc61d83d07f1376758ff2176670d4bbbe5 Mon Sep 17 00:00:00 2001
From: trwalke <trwalke@microsoft.com>
Date: Fri, 10 Jan 2025 11:33:34 -0800
Subject: [PATCH 1/4] Enabling symmetric and asymmetric keys to be created
 publicly with JWK

---
 .../PublicAPI.Unshipped.txt                              | 2 ++
 src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs     | 9 ++++++++-
 .../SymmetricSecurityKey.cs                              | 9 +++++++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
index d2c20a77d4..5858767cd2 100644
--- a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
@@ -1,2 +1,4 @@
+Microsoft.IdentityModel.Tokens.RsaSecurityKey.RsaSecurityKey(Microsoft.IdentityModel.Tokens.JsonWebKey webKey) -> void
 Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IncludeKeyIdInHeader.get -> bool
 Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IncludeKeyIdInHeader.set -> void
+Microsoft.IdentityModel.Tokens.SymmetricSecurityKey.SymmetricSecurityKey(Microsoft.IdentityModel.Tokens.JsonWebKey webKey) -> void
diff --git a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
index d3b973ed38..578397e063 100644
--- a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
@@ -20,9 +20,16 @@ public class RsaSecurityKey : AsymmetricSecurityKey
 
         private const string _className = "Microsoft.IdentityModel.Tokens.RsaSecurityKey";
 
-        internal RsaSecurityKey(JsonWebKey webKey)
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RsaSecurityKey"/> class.
+        /// </summary>
+        /// <param name="webKey"><see cref="JsonWebKey"/></param>
+        public RsaSecurityKey(JsonWebKey webKey)
             : base(webKey)
         {
+            if (webKey == null)
+                throw LogHelper.LogArgumentNullException(nameof(webKey));
+
             IntializeWithRsaParameters(webKey.CreateRsaParameters());
             webKey.ConvertedSecurityKey = this;
         }
diff --git a/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
index 89de6ec096..8ad1c49240 100644
--- a/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Security.Cryptography;
 using Microsoft.IdentityModel.Logging;
 
 namespace Microsoft.IdentityModel.Tokens
@@ -14,8 +15,12 @@ public class SymmetricSecurityKey : SecurityKey
         int _keySize;
         byte[] _key;
 
-        internal SymmetricSecurityKey(JsonWebKey webKey)
-            : base(webKey)
+        /// <summary>
+        /// Returns a new instance of <see cref="SymmetricSecurityKey"/> instance.
+        /// </summary>
+        /// <param name="webKey"><see cref="JsonWebKey"/></param>
+        public SymmetricSecurityKey(JsonWebKey webKey)
+            : base(webKey ?? throw LogHelper.LogArgumentNullException(nameof(webKey)))
         {
             if (string.IsNullOrEmpty(webKey.K))
                 throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10703, LogHelper.MarkAsNonPII(typeof(SymmetricSecurityKey)))));

From e3d07909d97d77e820ed626cec4759bbd33c8c26 Mon Sep 17 00:00:00 2001
From: trwalke <trwalke@microsoft.com>
Date: Fri, 10 Jan 2025 11:41:49 -0800
Subject: [PATCH 2/4] Clean up

---
 src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
index 8ad1c49240..7d84b9ece6 100644
--- a/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
@@ -2,7 +2,6 @@
 // Licensed under the MIT License.
 
 using System;
-using System.Security.Cryptography;
 using Microsoft.IdentityModel.Logging;
 
 namespace Microsoft.IdentityModel.Tokens

From d9ab07a99186366d22b8ad95d76365c2ffd79272 Mon Sep 17 00:00:00 2001
From: trwalke <trwalke@microsoft.com>
Date: Fri, 10 Jan 2025 11:52:10 -0800
Subject: [PATCH 3/4] Revert "Enabling symmetric and asymmetric keys to be
 created publicly with JWK"

This reverts commit 055721dc61d83d07f1376758ff2176670d4bbbe5.
---
 .../PublicAPI.Unshipped.txt                              | 2 --
 src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs     | 9 +--------
 .../SymmetricSecurityKey.cs                              | 8 ++------
 3 files changed, 3 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
index 5858767cd2..d2c20a77d4 100644
--- a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
@@ -1,4 +1,2 @@
-Microsoft.IdentityModel.Tokens.RsaSecurityKey.RsaSecurityKey(Microsoft.IdentityModel.Tokens.JsonWebKey webKey) -> void
 Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IncludeKeyIdInHeader.get -> bool
 Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IncludeKeyIdInHeader.set -> void
-Microsoft.IdentityModel.Tokens.SymmetricSecurityKey.SymmetricSecurityKey(Microsoft.IdentityModel.Tokens.JsonWebKey webKey) -> void
diff --git a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
index 578397e063..d3b973ed38 100644
--- a/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/RsaSecurityKey.cs
@@ -20,16 +20,9 @@ public class RsaSecurityKey : AsymmetricSecurityKey
 
         private const string _className = "Microsoft.IdentityModel.Tokens.RsaSecurityKey";
 
-        /// <summary>
-        /// Initializes a new instance of the <see cref="RsaSecurityKey"/> class.
-        /// </summary>
-        /// <param name="webKey"><see cref="JsonWebKey"/></param>
-        public RsaSecurityKey(JsonWebKey webKey)
+        internal RsaSecurityKey(JsonWebKey webKey)
             : base(webKey)
         {
-            if (webKey == null)
-                throw LogHelper.LogArgumentNullException(nameof(webKey));
-
             IntializeWithRsaParameters(webKey.CreateRsaParameters());
             webKey.ConvertedSecurityKey = this;
         }
diff --git a/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs b/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
index 7d84b9ece6..89de6ec096 100644
--- a/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SymmetricSecurityKey.cs
@@ -14,12 +14,8 @@ public class SymmetricSecurityKey : SecurityKey
         int _keySize;
         byte[] _key;
 
-        /// <summary>
-        /// Returns a new instance of <see cref="SymmetricSecurityKey"/> instance.
-        /// </summary>
-        /// <param name="webKey"><see cref="JsonWebKey"/></param>
-        public SymmetricSecurityKey(JsonWebKey webKey)
-            : base(webKey ?? throw LogHelper.LogArgumentNullException(nameof(webKey)))
+        internal SymmetricSecurityKey(JsonWebKey webKey)
+            : base(webKey)
         {
             if (string.IsNullOrEmpty(webKey.K))
                 throw LogHelper.LogExceptionMessage(new ArgumentException(LogHelper.FormatInvariant(LogMessages.IDX10703, LogHelper.MarkAsNonPII(typeof(SymmetricSecurityKey)))));

From 057102d8f894691e1f0a482e4e66f4ed587c8745 Mon Sep 17 00:00:00 2001
From: trwalke <trwalke@microsoft.com>
Date: Fri, 10 Jan 2025 11:54:50 -0800
Subject: [PATCH 4/4] Making TryConvertToSecurityKey public

---
 .../JsonWebKeyConverter.cs                             | 10 +++++++++-
 .../PublicAPI.Unshipped.txt                            |  1 +
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs b/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs
index 786d6c1b25..ae41d800b0 100644
--- a/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs
+++ b/src/Microsoft.IdentityModel.Tokens/JsonWebKeyConverter.cs
@@ -199,8 +199,16 @@ public static JsonWebKey ConvertFromECDsaSecurityKey(ECDsaSecurityKey key)
         }
 #endif
 
-        internal static bool TryConvertToSecurityKey(JsonWebKey webKey, out SecurityKey key)
+        /// <summary>
+        /// This will attempt to convert the <see cref="JsonWebKey"/> to a <see cref="SecurityKey"/>.
+        /// </summary>
+        /// <param name="webKey"><see cref="JsonWebKey"/></param>
+        /// <param name="key"><see cref="SecurityKey"/></param>
+        public static bool TryConvertToSecurityKey(JsonWebKey webKey, out SecurityKey key)
         {
+            if (webKey == null)
+                throw LogHelper.LogArgumentNullException(nameof(webKey));
+
             if (webKey.ConvertedSecurityKey != null)
             {
                 key = webKey.ConvertedSecurityKey;
diff --git a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
index d2c20a77d4..0743567f72 100644
--- a/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
+++ b/src/Microsoft.IdentityModel.Tokens/PublicAPI.Unshipped.txt
@@ -1,2 +1,3 @@
 Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IncludeKeyIdInHeader.get -> bool
 Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor.IncludeKeyIdInHeader.set -> void
+static Microsoft.IdentityModel.Tokens.JsonWebKeyConverter.TryConvertToSecurityKey(Microsoft.IdentityModel.Tokens.JsonWebKey webKey, out Microsoft.IdentityModel.Tokens.SecurityKey key) -> bool