PR feedback for platform compatibility update (#25815)

* PR feedback for platform compatibility update

Follow up to https://github.com/dotnet/aspnetcore/pull/25421

* Add SupportedOSPlatform attributes to a few more DataProtection API
* Update the SDK to rc2
* Clean up warning suppression in CertificateManager
* React to nit feedbacks

Fixes https://github.com/dotnet/aspnetcore/issues/25781

* Apply suggestions from code review

global.json

@@ -1,9 +1,9 @@
 {
   "sdk": {
-    "version": "5.0.100-rc.1.20429.2"
+    "version": "5.0.100-rc.1.20452.10"
   },
   "tools": {
-    "dotnet": "5.0.100-rc.1.20429.2",
+    "dotnet": "5.0.100-rc.1.20452.10",
     "runtimes": {
       "dotnet/x64": [
         "2.1.18",

src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs

@@ -1,7 +1,9 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using Microsoft.AspNetCore.Cryptography;
 using Microsoft.AspNetCore.Cryptography.Cng;
@@ -52,6 +54,8 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
                     throw new PlatformNotSupportedException(Resources.Platform_WindowsRequiredForGcm);
                 }
 
+                Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
+
                 var configuration = new CngGcmAuthenticatedEncryptorConfiguration()
                 {
                     EncryptionAlgorithm = GetBCryptAlgorithmNameFromEncryptionAlgorithm(authenticatedConfiguration.EncryptionAlgorithm),
@@ -64,6 +68,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
             {
                 if (OSVersionUtil.IsWindows())
                 {
+                    Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
                     // CNG preferred over managed implementations if running on Windows
                     var configuration = new CngCbcAuthenticatedEncryptorConfiguration()
                     {

src/DataProtection/DataProtection/src/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactory.cs

@@ -1,7 +1,10 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Runtime.Versioning;
 using Microsoft.AspNetCore.Cryptography;
 using Microsoft.AspNetCore.Cryptography.Cng;
 using Microsoft.AspNetCore.Cryptography.SafeHandles;
@@ -32,9 +35,11 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
                 return null;
             }
 
+            Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
             return CreateAuthenticatedEncryptorInstance(descriptor.MasterKey, descriptor.Configuration);
         }
 
+        [SupportedOSPlatform("windows")]
         internal CbcAuthenticatedEncryptor CreateAuthenticatedEncryptorInstance(
             ISecret secret,
             CngCbcAuthenticatedEncryptorConfiguration configuration)
@@ -51,6 +56,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
                 hmacAlgorithmHandle: GetHmacAlgorithmHandle(configuration));
         }
 
+        [SupportedOSPlatform("windows")]
         private BCryptAlgorithmHandle GetHmacAlgorithmHandle(CngCbcAuthenticatedEncryptorConfiguration configuration)
         {
             // basic argument checking
@@ -84,6 +90,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
             return algorithmHandle;
         }
 
+        [SupportedOSPlatform("windows")]
         private BCryptAlgorithmHandle GetSymmetricBlockCipherAlgorithmHandle(CngCbcAuthenticatedEncryptorConfiguration configuration)
         {
             // basic argument checking

src/DataProtection/DataProtection/src/AuthenticatedEncryption/CngGcmAuthenticatedEncryptorFactory.cs

@@ -2,6 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Runtime.Versioning;
 using Microsoft.AspNetCore.Cryptography;
 using Microsoft.AspNetCore.Cryptography.Cng;
 using Microsoft.AspNetCore.Cryptography.SafeHandles;
@@ -32,9 +35,12 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
                 return null;
             }
 
+            Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
+
             return CreateAuthenticatedEncryptorInstance(descriptor.MasterKey, descriptor.Configuration);
         }
 
+        [SupportedOSPlatform("windows")]
         internal GcmAuthenticatedEncryptor CreateAuthenticatedEncryptorInstance(
             ISecret secret,
             CngGcmAuthenticatedEncryptorConfiguration configuration)
@@ -50,6 +56,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption
                 symmetricAlgorithmKeySizeInBytes: (uint)(configuration.EncryptionAlgorithmKeySize / 8));
         }
 
+        [SupportedOSPlatform("windows")]
         private BCryptAlgorithmHandle GetSymmetricBlockCipherAlgorithmHandle(CngGcmAuthenticatedEncryptorConfiguration configuration)
         {
             // basic argument checking

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorConfiguration.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Runtime.Versioning;
 using Microsoft.AspNetCore.Cryptography;
 using Microsoft.Extensions.Logging.Abstractions;
 
@@ -10,6 +11,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.Configurat
     /// Represents a configured authenticated encryption mechanism which uses
     /// Windows CNG algorithms in CBC encryption + HMAC authentication modes.
     /// </summary>
+    [SupportedOSPlatform("windows")]
     public sealed class CngCbcAuthenticatedEncryptorConfiguration : AlgorithmConfiguration, IInternalAlgorithmConfiguration
     {
         /// <summary>

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptor.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Runtime.Versioning;
 using System.Xml.Linq;
 
 namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
@@ -10,6 +11,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.Configurat
     /// A descriptor which can create an authenticated encryption system based upon the
     /// configuration provided by an <see cref="CngCbcAuthenticatedEncryptorConfiguration"/> object.
     /// </summary>
+    [SupportedOSPlatform("windows")]
     public sealed class CngCbcAuthenticatedEncryptorDescriptor : IAuthenticatedEncryptorDescriptor
     {
         public CngCbcAuthenticatedEncryptorDescriptor(CngCbcAuthenticatedEncryptorConfiguration configuration, ISecret masterKey)

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Runtime.Versioning;
 using System.Xml.Linq;
 
 namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
@@ -10,6 +11,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.Configurat
     /// A class that can deserialize an <see cref="XElement"/> that represents the serialized version
     /// of an <see cref="CngCbcAuthenticatedEncryptorDescriptor"/>.
     /// </summary>
+    [SupportedOSPlatform("windows")]
     public sealed class CngCbcAuthenticatedEncryptorDescriptorDeserializer : IAuthenticatedEncryptorDescriptorDeserializer
     {
         /// <summary>

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorConfiguration.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Runtime.Versioning;
 using Microsoft.AspNetCore.Cryptography;
 using Microsoft.Extensions.Logging.Abstractions;
 
@@ -10,6 +11,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.Configurat
     /// Represents a configured authenticated encryption mechanism which uses
     /// Windows CNG algorithms in GCM encryption + authentication modes.
     /// </summary>
+    [SupportedOSPlatform("windows")]
     public sealed class CngGcmAuthenticatedEncryptorConfiguration : AlgorithmConfiguration, IInternalAlgorithmConfiguration
     {
         /// <summary>

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptor.cs

@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Runtime.Versioning;
 using System.Xml.Linq;
-using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
 {
@@ -11,6 +11,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.Configurat
     /// A descriptor which can create an authenticated encryption system based upon the
     /// configuration provided by an <see cref="CngGcmAuthenticatedEncryptorConfiguration"/> object.
     /// </summary>
+    [SupportedOSPlatform("windows")]
     public sealed class CngGcmAuthenticatedEncryptorDescriptor : IAuthenticatedEncryptorDescriptor
     {
         public CngGcmAuthenticatedEncryptorDescriptor(CngGcmAuthenticatedEncryptorConfiguration configuration, ISecret masterKey)

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Runtime.Versioning;
 using System.Xml.Linq;
 
 namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
@@ -10,6 +11,7 @@ namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.Configurat
     /// A class that can deserialize an <see cref="XElement"/> that represents the serialized version
     /// of an <see cref="CngGcmAuthenticatedEncryptorDescriptor"/>.
     /// </summary>
+    [SupportedOSPlatform("windows")]
     public sealed class CngGcmAuthenticatedEncryptorDescriptorDeserializer : IAuthenticatedEncryptorDescriptorDeserializer
     {
 

src/DataProtection/DataProtection/src/DataProtectionBuilderExtensions.cs

@@ -529,6 +529,7 @@ namespace Microsoft.AspNetCore.DataProtection
         /// This API is only available on Windows.
         /// </remarks>
         [EditorBrowsable(EditorBrowsableState.Advanced)]
+        [SupportedOSPlatform("windows")]
         public static IDataProtectionBuilder UseCustomCryptographicAlgorithms(this IDataProtectionBuilder builder, CngCbcAuthenticatedEncryptorConfiguration configuration)
         {
             if (builder == null)
@@ -557,6 +558,7 @@ namespace Microsoft.AspNetCore.DataProtection
         /// This API is only available on Windows.
         /// </remarks>
         [EditorBrowsable(EditorBrowsableState.Advanced)]
+        [SupportedOSPlatform("windows")]
         public static IDataProtectionBuilder UseCustomCryptographicAlgorithms(this IDataProtectionBuilder builder, CngGcmAuthenticatedEncryptorConfiguration configuration)
         {
             if (builder == null)

src/DataProtection/DataProtection/src/EphemeralDataProtectionProvider.cs

@@ -2,6 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
 using Microsoft.AspNetCore.Cryptography.Cng;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
@@ -102,6 +104,8 @@ namespace Microsoft.AspNetCore.DataProtection
                 var configuration = new T();
                 if (configuration is CngGcmAuthenticatedEncryptorConfiguration)
                 {
+                    Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
+
                     var descriptor = (CngGcmAuthenticatedEncryptorDescriptor)new T().CreateNewDescriptor();
                     return new CngGcmAuthenticatedEncryptorFactory(loggerFactory)
                         .CreateAuthenticatedEncryptorInstance(

src/DataProtection/DataProtection/src/Microsoft.AspNetCore.DataProtection.csproj

@@ -15,7 +15,7 @@
   <ItemGroup>
     <Compile Include="..\..\shared\src\*.cs" />
     <Compile Include="$(SharedSourceRoot)PlatformAttributes.cs"
-             Condition="'$(TargetFramework)' != '$(DefaultNetCoreTargetFramework)'" />
+      Condition="'$(TargetFramework)' != '$(DefaultNetCoreTargetFramework)'" />
   </ItemGroup>
 
   <ItemGroup>

src/Shared/PlatformAttributes.cs

@@ -78,10 +78,6 @@ namespace System.Runtime.Versioning
     /// <summary>
     /// Marks APIs that were removed in a given operating system version.
     /// </summary>
-    /// <remarks>
-    /// Primarily used by OS bindings to indicate APIs that are only available in
-    /// earlier versions.
-    /// </remarks>
     [AttributeUsage(AttributeTargets.Assembly |
                     AttributeTargets.Class |
                     AttributeTargets.Constructor |