take brent's suggestion in prev PR to use string instead of byte[] to…

… reduce calls to convert.FromBase64String (#2834)

src/Microsoft.IdentityModel.Protocols.WsFederation/Configuration/WsFederationConfigurationValidator.cs

@@ -147,7 +147,7 @@ public ConfigurationValidationResult Validate(WsFederationConfiguration configur
 
                     try
                     {
-                        cert = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(signatureCertData.Current));
+                        cert = CertificateHelper.LoadX509Certificate(signatureCertData.Current);
                         signingKeyId = cert.Thumbprint;
                     }
                     catch (CryptographicException)

src/Microsoft.IdentityModel.Protocols.WsFederation/WsFederationMetadataSerializer.cs

@@ -100,7 +100,7 @@ protected virtual WsFederationConfiguration ReadEntityDescriptor(XmlReader reade
                             {
                                 foreach (var certificate in data.Certificates)
                                 {
-                                    X509Certificate2 cert = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(certificate));
+                                    X509Certificate2 cert = CertificateHelper.LoadX509Certificate(certificate);
                                     configuration.SigningKeys.Add(new X509SecurityKey(cert));
                                 }
                             }

src/Microsoft.IdentityModel.Tokens/CertificateHelper.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.Security.Cryptography.X509Certificates;
 
 namespace Microsoft.IdentityModel.Tokens
@@ -10,12 +11,15 @@ namespace Microsoft.IdentityModel.Tokens
     /// </summary>
     internal class CertificateHelper
     {
-        public static X509Certificate2 LoadX509Certificate(byte[] data)
+        /// <summary>
+        /// Load a X509Certificate2 from a base64 encoded string.
+        /// </summary>
+        public static X509Certificate2 LoadX509Certificate(string data)
         {
 #if NET9_0_OR_GREATER
-            return X509CertificateLoader.LoadCertificate(data);
+            return X509CertificateLoader.LoadCertificate(Convert.FromBase64String(data));
 #else
-            return new X509Certificate2(data);
+            return new X509Certificate2(Convert.FromBase64String(data));
 #endif
         }
     }

src/Microsoft.IdentityModel.Tokens/X509SecurityKey.cs

@@ -21,7 +21,7 @@ public class X509SecurityKey : AsymmetricSecurityKey
         internal X509SecurityKey(JsonWebKey webKey)
             : base(webKey)
         {
-            Certificate = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(webKey.X5c[0]));
+            Certificate = CertificateHelper.LoadX509Certificate(webKey.X5c[0]);
             X5t = Base64UrlEncoder.Encode(Certificate.GetCertHash());
             webKey.ConvertedSecurityKey = this;
         }

src/Microsoft.IdentityModel.Xml/KeyInfo.cs

@@ -146,7 +146,7 @@ private bool Matches(X509SecurityKey key)
                 foreach (var certificate in data.Certificates)
                 {
                     // depending on the target, X509Certificate2 may be disposable
-                    X509Certificate2 cert = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(certificate));
+                    X509Certificate2 cert = CertificateHelper.LoadX509Certificate(certificate);
                     try
                     {
                         if (cert.Equals(key.Certificate))
@@ -197,14 +197,14 @@ private bool Matches(JsonWebKey key)
             foreach (var x5c in key.X5c)
             {
                 // depending on the target, X509Certificate2 may be disposable
-                X509Certificate2 certToMatch = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(x5c));
+                X509Certificate2 certToMatch = CertificateHelper.LoadX509Certificate(x5c);
                 try
                 {
                     foreach (var data in X509Data)
                     {
                         foreach (var certificate in data.Certificates)
                         {
-                            X509Certificate2 cert = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(certificate));
+                            X509Certificate2 cert = CertificateHelper.LoadX509Certificate(certificate);
                             try
                             {
                                 if (cert.Equals(certToMatch))

test/Microsoft.IdentityModel.Protocols.Tests/HttpRequestDataTests.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using System;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.IdentityModel.TestUtils;
 using Xunit;
@@ -17,7 +16,7 @@ public void ClientCertificates()
             Assert.NotNull(httpRequestData.ClientCertificates);
             Assert.Empty(httpRequestData.ClientCertificates);
 
-            X509Certificate2 cert = TestUtils.CertificateHelper.LoadX509Certificate(Convert.FromBase64String(KeyingMaterial.AADCertData));
+            X509Certificate2 cert = TestUtils.CertificateHelper.LoadX509Certificate(KeyingMaterial.AADCertData);
             httpRequestData.ClientCertificates.Add(cert);
 
             Assert.Single(httpRequestData.ClientCertificates);

test/Microsoft.IdentityModel.Protocols.WsFederation.Tests/WsFederationMessageTests.cs

@@ -142,7 +142,7 @@ public static TheoryData<WsFederationSigninMessageTheoryData> WaSignInTheoryData
                 {
                     TokenValidationParameters = new TokenValidationParameters
                     {
-                        IssuerSigningKey = new X509SecurityKey(TestUtils.CertificateHelper.LoadX509Certificate(Convert.FromBase64String(_x509DataADFS))),
+                        IssuerSigningKey = new X509SecurityKey(TestUtils.CertificateHelper.LoadX509Certificate(_x509DataADFS)),
                         ValidIssuer = "http://sts.sub2.fracas365.msftonlinerepro.com/adfs/services/trust",
                         ValidAudience = "https://app1.sub2.fracas365.msftonlinerepro.com/sampapp/",
                         ValidateLifetime = false,

test/Microsoft.IdentityModel.TestUtils/CertificateHelper.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
 
@@ -11,39 +12,35 @@ namespace Microsoft.IdentityModel.TestUtils
     /// </summary>
     public class CertificateHelper
     {
-        public static X509Certificate2 LoadX509Certificate(byte[] data)
+        /// <summary>
+        /// Load a X509Certificate2 from a base64 encoded string.
+        /// </summary>
+        public static X509Certificate2 LoadX509Certificate(string data)
         {
 #if NET9_0_OR_GREATER
-            return X509CertificateLoader.LoadCertificate(data);
+            return X509CertificateLoader.LoadCertificate(Convert.FromBase64String(data));
 #else
-            return new X509Certificate2(data);
+            return new X509Certificate2(Convert.FromBase64String(data));
 #endif
         }
 
         /// <summary>
         /// Construct a X509Certificate2 from a byte array, a password, and a flag.
         /// </summary>
-        /// <param name="data"></param>
-        /// <param name="password"></param>
-        /// <param name="flag"></param>
-        /// <returns></returns>
-        public static X509Certificate2 LoadX509Certificate(byte[] data, SecureString password, X509KeyStorageFlags flag)
+        public static X509Certificate2 LoadX509Certificate(string data, SecureString password, X509KeyStorageFlags flag)
         {
 #pragma warning disable SYSLIB0057 // X509CertificateLoader does not have the correct overloads for this constructor
-            return new X509Certificate2(data, password, flag);
+            return new X509Certificate2(Convert.FromBase64String(data), password, flag);
 #pragma warning restore SYSLIB0057 // issue tracking this warning https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2833
         }
 
         /// <summary>
         /// Construct a X509Certificate2 from a byte array and a password.
         /// </summary>
-        /// <param name="data"></param>
-        /// <param name="password"></param>
-        /// <returns></returns>
-        public static X509Certificate2 LoadX509Certificate(byte[] data, SecureString password)
+        public static X509Certificate2 LoadX509Certificate(string data, SecureString password)
         {
 #pragma warning disable SYSLIB0057 // X509CertificateLoader does not have the correct overloads for this constructor
-            return new X509Certificate2(data, password);
+            return new X509Certificate2(Convert.FromBase64String(data), password);
 #pragma warning restore SYSLIB0057 // issue tracking this warning https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2833
         }
     }

test/Microsoft.IdentityModel.TestUtils/Default.cs

@@ -197,7 +197,7 @@ public static string Binding
 
         public static X509Certificate2 Certificate
         {
-            get => CertificateHelper.LoadX509Certificate(Convert.FromBase64String(CertificateData));
+            get => CertificateHelper.LoadX509Certificate(CertificateData);
         }
 
         public static string CertificateData
@@ -270,7 +270,7 @@ public static KeyInfo KeyInfo
             get
             {
                 var keyInfo = new KeyInfo();
-                X509Certificate2 cert = CertificateHelper.LoadX509Certificate(Convert.FromBase64String(CertificateData));
+                X509Certificate2 cert = CertificateHelper.LoadX509Certificate(CertificateData);
                 keyInfo.X509Data.Add(new X509Data(cert));
                 return keyInfo;
             }