web-eid · svenzik · Sep 1, 2025
diff --git a/src/WebEid.Security.Tests/Validator/AuthTokenValidationConfigurationTests.cs b/src/WebEid.Security.Tests/Validator/AuthTokenValidationConfigurationTests.cs
@@ -39,7 +39,7 @@ public void AuthTokenValidationConfigurationWithoutSiteOriginThrowsArgumentExcep
         {
             var configuration = new AuthTokenValidationConfiguration();
             Assert.Throws<ArgumentNullException>(() => configuration.Validate())
-                .WithMessage("Value cannot be null. (Parameter 'SiteOrigin')");
+                .WithMessage("Value cannot be null. (Parameter 'siteOrigin')");
         }
 
         [Test]

diff --git a/src/WebEid.Security.Tests/Validator/AuthTokenValidatorBuilderTest.cs b/src/WebEid.Security.Tests/Validator/AuthTokenValidatorBuilderTest.cs
@@ -36,7 +36,7 @@ public class AuthTokenValidatorBuilderTest
         [Test]
         public void WhenOriginMissingThenBuildingFails() =>
             Assert.Throws<ArgumentNullException>(() => this.builder.Build())
-                .WithMessage("Value cannot be null. (Parameter 'SiteOrigin')");
+                .WithMessage("Value cannot be null. (Parameter 'siteOrigin')");
 
         [Test]
         public void WhenRootCertificateAuthorityMissingThenBuildingFails()

diff --git a/src/WebEid.Security/Validator/AuthTokenValidationConfiguration.cs b/src/WebEid.Security/Validator/AuthTokenValidationConfiguration.cs
@@ -107,11 +107,6 @@ private AuthTokenValidationConfiguration(AuthTokenValidationConfiguration other)
 
         private static void RequirePositiveTimeSpan(TimeSpan timeSpan, string fieldName)
         {
-            if (timeSpan == null)
-            {
-                throw new ArgumentNullException($"{fieldName} must not be null");
-            }
-
             if (timeSpan.IsNegativeOrZero())
             {
                 throw new ArgumentOutOfRangeException(nameof(timeSpan), $"{fieldName} must be greater than zero");
@@ -125,9 +120,7 @@ private static void RequirePositiveTimeSpan(TimeSpan timeSpan, string fieldName)
         /// <exception cref="ArgumentException">When required parameters are null</exception>
         public void Validate()
         {
-            if (this.SiteOrigin == null)
-            { throw new ArgumentNullException(nameof(this.SiteOrigin)); }
-            ValidateIsOriginURL(this.SiteOrigin);
+            ValidateSiteOriginURL(this.SiteOrigin);
 
             if (!this.TrustedCaCertificates.Any())
             { throw new ArgumentException("At least one trusted certificate authority must be provided"); }
@@ -142,17 +135,23 @@ public void Validate()
         /// Validates that the given URI is an origin URL as defined in <a href="https://developer.mozilla.org/en-US/docs/Web/API/Location/origin">MDN</a>,
         /// in the form of <![CDATA[<code> <scheme> "://" <hostname> [ ":" <port> ]</code>]]>.
         /// </summary>
-        /// <param name="uri">URI with origin URL</param>
+        /// <param name="siteOrigin">URI with origin URL</param>
+        /// <exception cref="ArgumentNullException">When siteOrigin parameter is null</exception>
         /// <exception cref="ArgumentException">When the URI is not in the form of origin URL</exception>
-        private static void ValidateIsOriginURL(Uri uri)
+        private static void ValidateSiteOriginURL(Uri siteOrigin)
         {
+            if (siteOrigin == null)
+            {
+                throw new ArgumentNullException(nameof(siteOrigin));
+            }
+
             try
             {
                 // 1. Verify that the URI can be converted to absolute URL.
-                if (!uri.IsAbsoluteUri)
+                if (!siteOrigin.IsAbsoluteUri)
                 { throw new ArgumentException("Provided URI is not a valid URL"); }
                 // 2. Verify that the URI contains only HTTPS scheme, host and optional port components.
-                if (!new Uri($"https://{uri.Host}:{uri.Port}").Equals(uri))
+                if (!new Uri($"https://{siteOrigin.Host}:{siteOrigin.Port}").Equals(siteOrigin))
                 { throw new ArgumentException("Origin URI must only contain the HTTPS scheme, host and optional port component"); }
             }
             catch (InvalidOperationException e)

diff --git a/src/WebEid.Security/Validator/Ocsp/Service/AiaOcspService.cs b/src/WebEid.Security/Validator/Ocsp/Service/AiaOcspService.cs
@@ -42,15 +42,15 @@ public AiaOcspService(AiaOcspServiceConfiguration configuration,
             {
                 throw new ArgumentNullException(nameof(configuration));
             }
-            this.AccessLocation = this.GetOcspAiaUrlFromCertificate(certificate);
+            this.AccessLocation = GetOcspAiaUrlFromCertificate(certificate);
             this.trustedCaCertificates = configuration.TrustedCaCertificates;
             this.DoesSupportNonce = !configuration.NonceDisabledOcspUrls.Contains(this.AccessLocation);
         }
 
         public bool DoesSupportNonce { get; }
         public Uri AccessLocation { get; }
 
-        private Uri GetOcspAiaUrlFromCertificate(Org.BouncyCastle.X509.X509Certificate certificate)
+        private static Uri GetOcspAiaUrlFromCertificate(Org.BouncyCastle.X509.X509Certificate certificate)
         {
             if (certificate == null)
             { throw new ArgumentNullException(nameof(certificate)); }