Fix HttpClient object leak described in #5948 (no socket exhaustion)

src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SimpleHttpClientFactory.cs

@@ -6,6 +6,7 @@
 using System.Net.Http;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
+using System.Threading;
 using Microsoft.Identity.Client.Http;
 using Microsoft.Identity.Client.ManagedIdentity;
 
@@ -24,8 +25,14 @@
         private static readonly ConcurrentDictionary<string, HttpClient> s_httpClientPool = new ConcurrentDictionary<string, HttpClient>();
         private static readonly object s_cacheLock = new object();
 
+        private static int s_httpClientCreationCount;
+
+        // referenced in unit tests
+        internal static int HttpClientCreationCount => s_httpClientCreationCount;
+
         private static HttpClient CreateHttpClient()
         {
+            Interlocked.Increment(ref s_httpClientCreationCount);
             CheckAndManageCache();
 
             var httpClient = new HttpClient(new HttpClientHandler()
@@ -63,7 +70,7 @@
 
         public HttpClient GetHttpClient()
         {
-            return s_httpClientPool.GetOrAdd("non_mtls", CreateHttpClient());
+            return s_httpClientPool.GetOrAdd("non_mtls", _ => CreateHttpClient());
         }
 
         public HttpClient GetHttpClient(X509Certificate2 x509Certificate2)
@@ -74,7 +81,7 @@
             }
 
             string key = x509Certificate2.Thumbprint;
-            return s_httpClientPool.GetOrAdd(key, CreateMtlsHttpClient(x509Certificate2));
+            return s_httpClientPool.GetOrAdd(key, _ => CreateMtlsHttpClient(x509Certificate2));
         }
 
         private static void CheckAndManageCache()
@@ -88,6 +95,25 @@
             }
         }
 
+        // referenced in unit tests
+        internal static void ResetStaticStateForTest()
+        {
+            lock (s_cacheLock)
+            {
+                foreach (KeyValuePair<string, HttpClient> pooledClient in s_httpClientPool)
+                {
+                    pooledClient.Value?.Dispose();
+                }
+
+                s_httpClientPool.Clear();
+                Interlocked.Exchange(ref s_httpClientCreationCount, 0);
+            }
+                client.Dispose();
+            }
+            s_httpClientPool.Clear();
+            s_httpClientCreationCount = 0;
+        }
+
         // This method is used for Service Fabric scenarios where a custom server certificate validation callback is required.
         // It allows the caller to provide a custom HttpClientHandler with the callback.
         // The server cert rotates so we need a new HttpClient for each call.
@@ -114,4 +140,4 @@
 #endif
         }
     }
 }

tests/Microsoft.Identity.Test.Unit/CoreTests/HttpTests/HttpClientFactoryTests.cs

@@ -77,5 +77,28 @@ public void TestHttpClientWithMtlsCertificateAndCustomHandler()
             Assert.AreNotSame(mtlsClient, handlerClient); // Should be different instances
         }
 
+        [TestMethod]
+        public void TestGetHttpClient_DoesNotLeakHttpClients()
+        {
+            // Arrange - reset static state so we start from a clean pool
+            SimpleHttpClientFactory.ResetStaticStateForTest();
+            var factory = new SimpleHttpClientFactory();
+
+            // Act - call GetHttpClient multiple times with the same (default) key
+            factory.GetHttpClient();
+            factory.GetHttpClient();
+            factory.GetHttpClient();
+
+            int created = SimpleHttpClientFactory.HttpClientCreationCount;
+
+            // Assert - CreateHttpClient should be called exactly once.
+            // Before the fix, GetOrAdd(key, CreateHttpClient()) eagerly evaluates
+            // CreateHttpClient() on every call, causing unnecessary throwaway
+            // HttpClient/HttpClientHandler allocations.
+            Assert.AreEqual(1, created,
+                $"CreateHttpClient was called {created} times for 3 lookups. " +
+                "Use GetOrAdd(key, factory_delegate) to avoid creating throwaway HttpClient instances.");
+        }
+
     }
 }