Fix build
This commit is contained in:
Pavel Krymets
parent
c48173c948
commit
09f54d6857
|
|
@ -111,7 +111,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption
|
|||
throw Error.Common_PropertyCannotBeNullOrEmpty(nameof(HashAlgorithm));
|
||||
}
|
||||
|
||||
logger.OpeningCNGAlgorithmFromProviderWithHMAC(HashAlgorithm, HashAlgorithmProvider);
|
||||
logger?.OpeningCNGAlgorithmFromProviderWithHMAC(HashAlgorithm, HashAlgorithmProvider);
|
||||
BCryptAlgorithmHandle algorithmHandle = null;
|
||||
|
||||
// Special-case cached providers
|
||||
|
|
@ -148,7 +148,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption
|
|||
throw Error.Common_PropertyMustBeNonNegative(nameof(EncryptionAlgorithmKeySize));
|
||||
}
|
||||
|
||||
logger.OpeningCNGAlgorithmFromProviderWithChainingModeCBC(EncryptionAlgorithm, EncryptionAlgorithmProvider);
|
||||
logger?.OpeningCNGAlgorithmFromProviderWithChainingModeCBC(EncryptionAlgorithm, EncryptionAlgorithmProvider);
|
||||
|
||||
BCryptAlgorithmHandle algorithmHandle = null;
|
||||
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption
|
|||
|
||||
BCryptAlgorithmHandle algorithmHandle = null;
|
||||
|
||||
logger.OpeningCNGAlgorithmFromProviderWithChainingModeGCM(EncryptionAlgorithm, EncryptionAlgorithmProvider);
|
||||
logger?.OpeningCNGAlgorithmFromProviderWithChainingModeGCM(EncryptionAlgorithm, EncryptionAlgorithmProvider);
|
||||
// Special-case cached providers
|
||||
if (EncryptionAlgorithmProvider == null)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption
|
|||
throw Error.Common_PropertyCannotBeNullOrEmpty(nameof(ValidationAlgorithmType));
|
||||
}
|
||||
|
||||
logger.UsingManagedKeyedHashAlgorithm(ValidationAlgorithmType.FullName);
|
||||
logger?.UsingManagedKeyedHashAlgorithm(ValidationAlgorithmType.FullName);
|
||||
if (ValidationAlgorithmType == typeof(HMACSHA256))
|
||||
{
|
||||
return () => new HMACSHA256();
|
||||
|
|
@ -114,7 +114,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption
|
|||
throw Error.Common_PropertyMustBeNonNegative(nameof(EncryptionAlgorithmKeySize));
|
||||
}
|
||||
|
||||
logger.UsingManagedSymmetricAlgorithm(EncryptionAlgorithmType.FullName);
|
||||
logger?.UsingManagedSymmetricAlgorithm(EncryptionAlgorithmType.FullName);
|
||||
|
||||
if (EncryptionAlgorithmType == typeof(Aes))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -42,10 +42,7 @@ namespace Microsoft.Extensions.DependencyInjection
|
|||
var azureWebSitesKeysFolder = FileSystemXmlRepository.GetKeyStorageDirectoryForAzureWebSites();
|
||||
if (azureWebSitesKeysFolder != null)
|
||||
{
|
||||
if (log.IsInformationLevelEnabled())
|
||||
{
|
||||
log.LogInformationF($"Azure Web Sites environment detected. Using '{azureWebSitesKeysFolder.FullName}' as key repository; keys will not be encrypted at rest.");
|
||||
}
|
||||
log?.UsingAzureAsKeyRepository(azureWebSitesKeysFolder.FullName);
|
||||
|
||||
// Cloud DPAPI isn't yet available, so we don't encrypt keys at rest.
|
||||
// This isn't all that different than what Azure Web Sites does today, and we can always add this later.
|
||||
|
|
@ -65,16 +62,13 @@ namespace Microsoft.Extensions.DependencyInjection
|
|||
}
|
||||
keyRepositoryDescriptor = DataProtectionServiceDescriptors.IXmlRepository_FileSystem(localAppDataKeysFolder);
|
||||
|
||||
if (log.IsInformationLevelEnabled())
|
||||
if (keyEncryptorDescriptor != null)
|
||||
{
|
||||
if (keyEncryptorDescriptor != null)
|
||||
{
|
||||
log.LogInformationF($"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository and Windows DPAPI to encrypt keys at rest.");
|
||||
}
|
||||
else
|
||||
{
|
||||
log.LogInformationF($"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository; keys will not be encrypted at rest.");
|
||||
}
|
||||
log?.UsingProfileAsKeyRepositoryWithDPAPI(localAppDataKeysFolder.FullName);
|
||||
}
|
||||
else
|
||||
{
|
||||
log?.UsingProfileAsKeyRepository(localAppDataKeysFolder.FullName);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
@ -91,10 +85,7 @@ namespace Microsoft.Extensions.DependencyInjection
|
|||
keyEncryptorDescriptor = DataProtectionServiceDescriptors.IXmlEncryptor_Dpapi(protectToMachine: true);
|
||||
keyRepositoryDescriptor = DataProtectionServiceDescriptors.IXmlRepository_Registry(regKeyStorageKey);
|
||||
|
||||
if (log.IsInformationLevelEnabled())
|
||||
{
|
||||
log.LogInformationF($"User profile not available. Using '{regKeyStorageKey.Name}' as key repository and Windows DPAPI to encrypt keys at rest.");
|
||||
}
|
||||
log?.UsingRegistryAsKeyRepositoryWithDPAPI(regKeyStorageKey.Name);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -102,10 +93,7 @@ namespace Microsoft.Extensions.DependencyInjection
|
|||
// This can only be used for development scenarios.
|
||||
keyRepositoryDescriptor = DataProtectionServiceDescriptors.IXmlRepository_InMemory();
|
||||
|
||||
if (log.IsWarningLevelEnabled())
|
||||
{
|
||||
log.LogWarning("Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.");
|
||||
}
|
||||
log?.UsingEphemeralKeyRepository();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ namespace Microsoft.AspNet.DataProtection
|
|||
}
|
||||
|
||||
var logger = services.GetLogger<EphemeralDataProtectionProvider>();
|
||||
logger.UsingEphemeralDataProtectionProvider();
|
||||
logger?.UsingEphemeralDataProtectionProvider();
|
||||
|
||||
_dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptorInstance), ex);
|
||||
_logger?.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptorInstance), ex);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -69,12 +69,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
|
||||
if (preferredDefaultKey != null)
|
||||
{
|
||||
_logger.ConsideringKeyWithExpirationDateAsDefaultKey(preferredDefaultKey.KeyId, preferredDefaultKey.ExpirationDate);
|
||||
_logger?.ConsideringKeyWithExpirationDateAsDefaultKey(preferredDefaultKey.KeyId, preferredDefaultKey.ExpirationDate);
|
||||
|
||||
// if the key has been revoked or is expired, it is no longer a candidate
|
||||
if (preferredDefaultKey.IsRevoked || preferredDefaultKey.IsExpired(now) || !CanCreateAuthenticatedEncryptor(preferredDefaultKey))
|
||||
{
|
||||
_logger.KeyIsNoLongerUnderConsiderationAsDefault(preferredDefaultKey.KeyId);
|
||||
_logger?.KeyIsNoLongerUnderConsiderationAsDefault(preferredDefaultKey.KeyId);
|
||||
preferredDefaultKey = null;
|
||||
}
|
||||
}
|
||||
|
|
@ -97,7 +97,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
|
||||
if (callerShouldGenerateNewKey)
|
||||
{
|
||||
_logger.DefaultKeyExpirationImminentAndRepository();
|
||||
_logger?.DefaultKeyExpirationImminentAndRepository();
|
||||
}
|
||||
|
||||
fallbackKey = null;
|
||||
|
|
@ -118,7 +118,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
where !key.IsRevoked && CanCreateAuthenticatedEncryptor(key)
|
||||
select key).FirstOrDefault();
|
||||
|
||||
_logger.RepositoryContainsNoViableDefaultKey();
|
||||
_logger?.RepositoryContainsNoViableDefaultKey();
|
||||
|
||||
callerShouldGenerateNewKey = true;
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -245,7 +245,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
var requestedEncryptor = currentKeyRing.GetAuthenticatedEncryptorByKeyId(keyIdFromPayload, out keyWasRevoked);
|
||||
if (requestedEncryptor == null)
|
||||
{
|
||||
_logger.KeyWasNotFoundInTheKeyRingUnprotectOperationCannotProceed(keyIdFromPayload);
|
||||
_logger?.KeyWasNotFoundInTheKeyRingUnprotectOperationCannotProceed(keyIdFromPayload);
|
||||
throw Error.Common_KeyNotFound(keyIdFromPayload);
|
||||
}
|
||||
|
||||
|
|
@ -261,12 +261,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
{
|
||||
if (allowOperationsOnRevokedKeys)
|
||||
{
|
||||
_logger.KeyWasRevokedCallerRequestedUnprotectOperationProceedRegardless(keyIdFromPayload);
|
||||
_logger?.KeyWasRevokedCallerRequestedUnprotectOperationProceedRegardless(keyIdFromPayload);
|
||||
status = UnprotectStatus.DecryptionKeyWasRevoked;
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.KeyWasRevokedUnprotectOperationCannotProceed(keyIdFromPayload);
|
||||
_logger?.KeyWasRevokedUnprotectOperationCannotProceed(keyIdFromPayload);
|
||||
throw Error.Common_KeyRevoked(keyIdFromPayload);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
return CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, defaultKeyPolicy.DefaultKey, allKeys);
|
||||
}
|
||||
|
||||
_logger.PolicyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing();
|
||||
_logger?.PolicyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing();
|
||||
|
||||
// We shouldn't call CreateKey more than once, else we risk stack diving. This code path shouldn't
|
||||
// get hit unless there was an ineligible key with an activation date slightly later than the one we
|
||||
|
|
@ -66,12 +66,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
var keyToUse = defaultKeyPolicy.DefaultKey ?? defaultKeyPolicy.FallbackKey;
|
||||
if (keyToUse == null)
|
||||
{
|
||||
_logger.KeyRingDoesNotContainValidDefaultKey();
|
||||
_logger?.KeyRingDoesNotContainValidDefaultKey();
|
||||
throw new InvalidOperationException(Resources.KeyRingProvider_NoDefaultKey_AutoGenerateDisabled);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.UsingFallbackKeyWithExpirationAsDefaultKey(keyToUse.KeyId, keyToUse.ExpirationDate);
|
||||
_logger?.UsingFallbackKeyWithExpirationAsDefaultKey(keyToUse.KeyId, keyToUse.ExpirationDate);
|
||||
return CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys);
|
||||
}
|
||||
}
|
||||
|
|
@ -100,7 +100,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
// Invariant: our caller ensures that CreateEncryptorInstance succeeded at least once
|
||||
Debug.Assert(defaultKey.CreateEncryptorInstance() != null);
|
||||
|
||||
_logger.UsingKeyAsDefaultKey(defaultKey.KeyId);
|
||||
_logger?.UsingKeyAsDefaultKey(defaultKey.KeyId);
|
||||
|
||||
DateTimeOffset nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod);
|
||||
|
||||
|
|
@ -155,7 +155,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
|
||||
if (existingCacheableKeyRing != null)
|
||||
{
|
||||
_logger.ExistingCachedKeyRingIsExpired();
|
||||
_logger?.ExistingCachedKeyRingIsExpired();
|
||||
}
|
||||
|
||||
// It's up to us to refresh the cached keyring.
|
||||
|
|
@ -170,11 +170,11 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
{
|
||||
if (existingCacheableKeyRing != null)
|
||||
{
|
||||
_logger.ErrorOccurredWhileRefreshingKeyRing(ex);
|
||||
_logger?.ErrorOccurredWhileRefreshingKeyRing(ex);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.ErrorOccurredWhileReadingKeyRing(ex);
|
||||
_logger?.ErrorOccurredWhileReadingKeyRing(ex);
|
||||
}
|
||||
|
||||
// Failures that occur while refreshing the keyring are most likely transient, perhaps due to a
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
else
|
||||
{
|
||||
// Skip unknown elements.
|
||||
_logger.UnknownElementWithNameFoundInKeyringSkipping(element.Name);
|
||||
_logger?.UnknownElementWithNameFoundInKeyringSkipping(element.Name);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -189,11 +189,11 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
if (key != null)
|
||||
{
|
||||
key.SetRevoked();
|
||||
_logger.MarkedKeyAsRevokedInTheKeyring(revokedKeyId);
|
||||
_logger?.MarkedKeyAsRevokedInTheKeyring(revokedKeyId);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.TriedToProcessRevocationOfKeyButNoSuchKeyWasFound(revokedKeyId);
|
||||
_logger?.TriedToProcessRevocationOfKeyButNoSuchKeyWasFound(revokedKeyId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -211,7 +211,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
if (key.CreationDate < mostRecentMassRevocationDate)
|
||||
{
|
||||
key.SetRevoked();
|
||||
_logger.MarkedKeyAsRevokedInTheKeyring(key.KeyId);
|
||||
_logger?.MarkedKeyAsRevokedInTheKeyring(key.KeyId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -237,7 +237,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
DateTimeOffset activationDate = (DateTimeOffset)keyElement.Element(ActivationDateElementName);
|
||||
DateTimeOffset expirationDate = (DateTimeOffset)keyElement.Element(ExpirationDateElementName);
|
||||
|
||||
_logger.FoundKey(keyId);
|
||||
_logger?.FoundKey(keyId);
|
||||
|
||||
return new DeferredKey(
|
||||
keyId: keyId,
|
||||
|
|
@ -268,14 +268,14 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
{
|
||||
// this is a mass revocation of all keys as of the specified revocation date
|
||||
DateTimeOffset massRevocationDate = (DateTimeOffset)revocationElement.Element(RevocationDateElementName);
|
||||
_logger.FoundRevocationOfAllKeysCreatedPriorTo(massRevocationDate);
|
||||
_logger?.FoundRevocationOfAllKeysCreatedPriorTo(massRevocationDate);
|
||||
return massRevocationDate;
|
||||
}
|
||||
else
|
||||
{
|
||||
// only one key is being revoked
|
||||
Guid keyId = XmlConvert.ToGuid(keyIdAsString);
|
||||
_logger.FoundRevocationOfKey(keyId);
|
||||
_logger?.FoundRevocationOfKey(keyId);
|
||||
return keyId;
|
||||
}
|
||||
}
|
||||
|
|
@ -283,7 +283,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
{
|
||||
// Any exceptions that occur are fatal - we don't want to continue if we cannot process
|
||||
// revocation information.
|
||||
_logger.ExceptionWhileProcessingRevocationElement(revocationElement, ex);
|
||||
_logger?.ExceptionWhileProcessingRevocationElement(revocationElement, ex);
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
|
@ -297,7 +297,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
// <reason>...</reason>
|
||||
// </revocation>
|
||||
|
||||
_logger.RevokingAllKeysAsOfForReason(revocationDate, reason);
|
||||
_logger?.RevokingAllKeysAsOfForReason(revocationDate, reason);
|
||||
|
||||
var revocationElement = new XElement(RevocationElementName,
|
||||
new XAttribute(VersionAttributeName, 1),
|
||||
|
|
@ -325,7 +325,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
{
|
||||
if (!suppressLogging)
|
||||
{
|
||||
_logger.KeyCacheExpirationTokenTriggeredByOperation(opName);
|
||||
_logger?.KeyCacheExpirationTokenTriggeredByOperation(opName);
|
||||
}
|
||||
|
||||
Interlocked.Exchange(ref _cacheExpirationTokenSource, new CancellationTokenSource())?.Cancel();
|
||||
|
|
@ -339,10 +339,10 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
// include sensitive information in the exception message.
|
||||
|
||||
// write sanitized <key> element
|
||||
_logger.ExceptionWhileProcessingKeyElement(keyElement.WithoutChildNodes(), error);
|
||||
_logger?.ExceptionWhileProcessingKeyElement(keyElement.WithoutChildNodes(), error);
|
||||
|
||||
// write full <key> element
|
||||
_logger.AnExceptionOccurredWhileProcessingElementDebug(keyElement, error);
|
||||
_logger?.AnExceptionOccurredWhileProcessingElementDebug(keyElement, error);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -357,13 +357,13 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
// </descriptor>
|
||||
// </key>
|
||||
|
||||
_logger.CreatingKey(keyId, creationDate, activationDate, expirationDate);
|
||||
_logger?.CreatingKey(keyId, creationDate, activationDate, expirationDate);
|
||||
|
||||
var newDescriptor = _authenticatedEncryptorConfiguration.CreateNewDescriptor()
|
||||
?? CryptoUtil.Fail<IAuthenticatedEncryptorDescriptor>("CreateNewDescriptor returned null.");
|
||||
var descriptorXmlInfo = newDescriptor.ExportToXml();
|
||||
|
||||
_logger.DescriptorDeserializerTypeForKeyIs(keyId, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName);
|
||||
_logger?.DescriptorDeserializerTypeForKeyIs(keyId, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName);
|
||||
|
||||
// build the <key> element
|
||||
var keyElement = new XElement(KeyElementName,
|
||||
|
|
@ -379,18 +379,18 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
// If key escrow policy is in effect, write the *unencrypted* key now.
|
||||
if (_keyEscrowSink != null)
|
||||
{
|
||||
_logger.KeyEscrowSinkFoundWritingKeyToEscrow(keyId);
|
||||
_logger?.KeyEscrowSinkFoundWritingKeyToEscrow(keyId);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.NoKeyEscrowSinkFoundNotWritingKeyToEscrow(keyId);
|
||||
_logger?.NoKeyEscrowSinkFoundNotWritingKeyToEscrow(keyId);
|
||||
}
|
||||
_keyEscrowSink?.Store(keyId, keyElement);
|
||||
|
||||
// If an XML encryptor has been configured, protect secret key material now.
|
||||
if (KeyEncryptor == null)
|
||||
{
|
||||
_logger.NoXMLEncryptorConfiguredKeyMayBePersistedToStorageInUnencryptedForm(keyId);
|
||||
_logger?.NoXMLEncryptorConfiguredKeyMayBePersistedToStorageInUnencryptedForm(keyId);
|
||||
}
|
||||
var possiblyEncryptedKeyElement = KeyEncryptor?.EncryptIfNecessary(keyElement) ?? keyElement;
|
||||
|
||||
|
|
@ -438,7 +438,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement
|
|||
// <reason>...</reason>
|
||||
// </revocation>
|
||||
|
||||
_logger.RevokingKeyForReason(keyId, revocationDate, reason);
|
||||
_logger?.RevokingKeyForReason(keyId, revocationDate, reason);
|
||||
|
||||
var revocationElement = new XElement(RevocationElementName,
|
||||
new XAttribute(VersionAttributeName, 1),
|
||||
|
|
|
|||
|
|
@ -129,6 +129,16 @@ namespace Microsoft.Extensions.Logging
|
|||
|
||||
private static Action<ILogger, Exception> _policyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing;
|
||||
|
||||
private static Action<ILogger, Exception> _usingEphemeralKeyRepository;
|
||||
|
||||
private static Action<ILogger, string, Exception> _usingRegistryAsKeyRepositoryWithDPAPI;
|
||||
|
||||
private static Action<ILogger, string, Exception> _usingProfileAsKeyRepository;
|
||||
|
||||
private static Action<ILogger, string, Exception> _usingProfileAsKeyRepositoryWithDPAPI;
|
||||
|
||||
private static Action<ILogger, string, Exception> _usingAzureAsKeyRepository;
|
||||
|
||||
static LoggingExtensions()
|
||||
{
|
||||
_usingFallbackKeyWithExpirationAsDefaultKey = LoggerMessage.Define<Guid, DateTimeOffset>(
|
||||
|
|
@ -363,6 +373,21 @@ namespace Microsoft.Extensions.Logging
|
|||
eventId: 58,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "Creating key {KeyId:B} with creation date {CreationDate:u}, activation date {ActivationDate:u}, and expiration date {ExpirationDate:u}.");
|
||||
_usingEphemeralKeyRepository = LoggerMessage.Define(eventId: 59,
|
||||
logLevel: LogLevel.Warning,
|
||||
formatString: "Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.");
|
||||
_usingRegistryAsKeyRepositoryWithDPAPI = LoggerMessage.Define<string>(eventId: 0,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "User profile not available. Using '{Name}' as key repository and Windows DPAPI to encrypt keys at rest.");
|
||||
_usingProfileAsKeyRepository = LoggerMessage.Define<string>(eventId: 0,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "User profile is available. Using '{FullName}' as key repository; keys will not be encrypted at rest.");
|
||||
_usingProfileAsKeyRepositoryWithDPAPI = LoggerMessage.Define<string>(eventId: 0,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "User profile is available. Using '{FullName}' as key repository and Windows DPAPI to encrypt keys at rest.");
|
||||
_usingAzureAsKeyRepository = LoggerMessage.Define<string>(eventId: 0,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "Azure Web Sites environment detected. Using '{FullName}' as key repository; keys will not be encrypted at rest.");
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
|
@ -710,5 +735,30 @@ namespace Microsoft.Extensions.Logging
|
|||
{
|
||||
_creatingKey(logger, keyId, creationDate, activationDate, expirationDate, null);
|
||||
}
|
||||
|
||||
public static void UsingEphemeralKeyRepository(this ILogger logger)
|
||||
{
|
||||
_usingEphemeralKeyRepository(logger, null);
|
||||
}
|
||||
|
||||
public static void UsingRegistryAsKeyRepositoryWithDPAPI(this ILogger logger, string name)
|
||||
{
|
||||
_usingRegistryAsKeyRepositoryWithDPAPI(logger, name, null);
|
||||
}
|
||||
|
||||
public static void UsingProfileAsKeyRepository(this ILogger logger, string fullName)
|
||||
{
|
||||
_usingProfileAsKeyRepository(logger, fullName, null);
|
||||
}
|
||||
|
||||
public static void UsingProfileAsKeyRepositoryWithDPAPI(this ILogger logger, string fullName)
|
||||
{
|
||||
_usingProfileAsKeyRepositoryWithDPAPI(logger, fullName, null);
|
||||
}
|
||||
|
||||
public static void UsingAzureAsKeyRepository(this ILogger logger, string fullName)
|
||||
{
|
||||
_usingAzureAsKeyRepository(logger, fullName, null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -20,7 +20,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories
|
|||
public EphemeralXmlRepository(IServiceProvider services)
|
||||
{
|
||||
var logger = services?.GetLogger<EphemeralXmlRepository>();
|
||||
logger.UsingInmemoryRepository();
|
||||
logger?.UsingInmemoryRepository();
|
||||
}
|
||||
|
||||
public virtual IReadOnlyCollection<XElement> GetAllElements()
|
||||
|
|
|
|||
|
|
@ -185,7 +185,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories
|
|||
|
||||
private XElement ReadElementFromFile(string fullPath)
|
||||
{
|
||||
_logger.ReadingDataFromFile(fullPath);
|
||||
_logger?.ReadingDataFromFile(fullPath);
|
||||
|
||||
using (var fileStream = File.OpenRead(fullPath))
|
||||
{
|
||||
|
|
@ -203,7 +203,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories
|
|||
if (!IsSafeFilename(friendlyName))
|
||||
{
|
||||
string newFriendlyName = Guid.NewGuid().ToString();
|
||||
_logger.NameIsNotSafeFileName(friendlyName, newFriendlyName);
|
||||
_logger?.NameIsNotSafeFileName(friendlyName, newFriendlyName);
|
||||
friendlyName = newFriendlyName;
|
||||
}
|
||||
|
||||
|
|
@ -229,7 +229,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories
|
|||
|
||||
// Once the file has been fully written, perform the rename.
|
||||
// Renames are atomic operations on the file systems we support.
|
||||
_logger.WritingDataToFile(finalFilename);
|
||||
_logger?.WritingDataToFile(finalFilename);
|
||||
File.Move(tempFilename, finalFilename);
|
||||
}
|
||||
finally
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories
|
|||
|
||||
private XElement ReadElementFromRegKey(RegistryKey regKey, string valueName)
|
||||
{
|
||||
_logger.ReadingDataFromRegistryKeyValue(regKey, valueName);
|
||||
_logger?.ReadingDataFromRegistryKeyValue(regKey, valueName);
|
||||
|
||||
string data = regKey.GetValue(valueName) as string;
|
||||
return (!String.IsNullOrEmpty(data)) ? XElement.Parse(data) : null;
|
||||
|
|
@ -156,7 +156,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories
|
|||
if (!IsSafeRegistryValueName(friendlyName))
|
||||
{
|
||||
string newFriendlyName = Guid.NewGuid().ToString();
|
||||
_logger.NameIsNotSafeRegistryValueName(friendlyName, newFriendlyName);
|
||||
_logger?.NameIsNotSafeRegistryValueName(friendlyName, newFriendlyName);
|
||||
friendlyName = newFriendlyName;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.ExceptionWhileTryingToResolveCertificateWithThumbprint(thumbprint, ex);
|
||||
_logger?.ExceptionWhileTryingToResolveCertificateWithThumbprint(thumbprint, ex);
|
||||
|
||||
throw;
|
||||
}
|
||||
|
|
@ -161,7 +161,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
var cert = _certFactory()
|
||||
?? CryptoUtil.Fail<X509Certificate2>("Cert factory returned null.");
|
||||
|
||||
_logger.EncryptingToX509CertificateWithThumbprint(cert.Thumbprint);
|
||||
_logger?.EncryptingToX509CertificateWithThumbprint(cert.Thumbprint);
|
||||
|
||||
try
|
||||
{
|
||||
|
|
@ -169,7 +169,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.AnErrorOccurredWhileEncryptingToX509CertificateWithThumbprint(cert.Thumbprint, ex);
|
||||
_logger?.AnErrorOccurredWhileEncryptingToX509CertificateWithThumbprint(cert.Thumbprint, ex);
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
{
|
||||
// It's OK for us to log the error, as we control the exception, and it doesn't contain
|
||||
// sensitive information.
|
||||
_logger.ExceptionOccurredTryingToDecryptElement(ex);
|
||||
_logger?.ExceptionOccurredTryingToDecryptElement(ex);
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
}
|
||||
|
||||
string protectionDescriptorRuleString = _protectionDescriptorHandle.GetProtectionDescriptorRuleString();
|
||||
_logger.EncryptingToWindowsDPAPINGUsingProtectionDescriptorRule(protectionDescriptorRuleString);
|
||||
_logger?.EncryptingToWindowsDPAPINGUsingProtectionDescriptorRule(protectionDescriptorRuleString);
|
||||
|
||||
// Convert the XML element to a binary secret so that it can be run through DPAPI
|
||||
byte[] cngDpapiEncryptedData;
|
||||
|
|
@ -86,7 +86,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.ErrorOccurredWhileEncryptingToWindowsDPAPING(ex);
|
||||
_logger?.ErrorOccurredWhileEncryptingToWindowsDPAPING(ex);
|
||||
throw;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
throw new ArgumentNullException(nameof(encryptedElement));
|
||||
}
|
||||
|
||||
_logger.DecryptingSecretElementUsingWindowsDPAPI();
|
||||
_logger?.DecryptingSecretElementUsingWindowsDPAPI();
|
||||
|
||||
try
|
||||
{
|
||||
|
|
@ -67,7 +67,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
{
|
||||
// It's OK for us to log the error, as we control the exception, and it doesn't contain
|
||||
// sensitive information.
|
||||
_logger.AnExceptionOccurredWhileTryingToDecryptElement(ex);
|
||||
_logger?.ExceptionOccurredTryingToDecryptElement(ex);
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,11 +62,11 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
}
|
||||
if (_protectToLocalMachine)
|
||||
{
|
||||
_logger.EncryptingToWindowsDPAPIForLocalMachineAccount();
|
||||
_logger?.EncryptingToWindowsDPAPIForLocalMachineAccount();
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.EncryptingToWindowsDPAPIForCurrentUserAccount(WindowsIdentity.GetCurrent().Name);
|
||||
_logger?.EncryptingToWindowsDPAPIForCurrentUserAccount(WindowsIdentity.GetCurrent().Name);
|
||||
}
|
||||
|
||||
// Convert the XML element to a binary secret so that it can be run through DPAPI
|
||||
|
|
@ -80,7 +80,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.ErrorOccurredWhileEncryptingToWindowsDPAPI(ex);
|
||||
_logger?.ErrorOccurredWhileEncryptingToWindowsDPAPI(ex);
|
||||
throw;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption
|
|||
throw new ArgumentNullException(nameof(plaintextElement));
|
||||
}
|
||||
|
||||
_logger.EncryptingUsingNullEncryptor();
|
||||
_logger?.EncryptingUsingNullEncryptor();
|
||||
|
||||
// <unencryptedKey>
|
||||
// <!-- This key is not encrypted. -->
|
||||
|
|
|
|||
Loading…
Reference in New Issue