diff --git a/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngCbcAuthenticatedEncryptionOptions.cs b/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngCbcAuthenticatedEncryptionOptions.cs index 07819cd5be..985bdccdb2 100644 --- a/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngCbcAuthenticatedEncryptionOptions.cs +++ b/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngCbcAuthenticatedEncryptionOptions.cs @@ -111,7 +111,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption throw Error.Common_PropertyCannotBeNullOrEmpty(nameof(HashAlgorithm)); } - logger.OpeningCNGAlgorithmFromProviderWithHMAC(HashAlgorithm, HashAlgorithmProvider); + logger?.OpeningCNGAlgorithmFromProviderWithHMAC(HashAlgorithm, HashAlgorithmProvider); BCryptAlgorithmHandle algorithmHandle = null; // Special-case cached providers @@ -148,7 +148,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption throw Error.Common_PropertyMustBeNonNegative(nameof(EncryptionAlgorithmKeySize)); } - logger.OpeningCNGAlgorithmFromProviderWithChainingModeCBC(EncryptionAlgorithm, EncryptionAlgorithmProvider); + logger?.OpeningCNGAlgorithmFromProviderWithChainingModeCBC(EncryptionAlgorithm, EncryptionAlgorithmProvider); BCryptAlgorithmHandle algorithmHandle = null; diff --git a/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngGcmAuthenticatedEncryptionOptions.cs b/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngGcmAuthenticatedEncryptionOptions.cs index 1390274b99..4a20217bbe 100644 --- a/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngGcmAuthenticatedEncryptionOptions.cs +++ b/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/CngGcmAuthenticatedEncryptionOptions.cs @@ -92,7 +92,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption BCryptAlgorithmHandle algorithmHandle = null; - logger.OpeningCNGAlgorithmFromProviderWithChainingModeGCM(EncryptionAlgorithm, EncryptionAlgorithmProvider); + logger?.OpeningCNGAlgorithmFromProviderWithChainingModeGCM(EncryptionAlgorithm, EncryptionAlgorithmProvider); // Special-case cached providers if (EncryptionAlgorithmProvider == null) { diff --git a/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/ManagedAuthenticatedEncryptionOptions.cs b/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/ManagedAuthenticatedEncryptionOptions.cs index 6c8dc804d7..533f843420 100644 --- a/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/ManagedAuthenticatedEncryptionOptions.cs +++ b/src/Microsoft.AspNet.DataProtection/AuthenticatedEncryption/ManagedAuthenticatedEncryptionOptions.cs @@ -86,7 +86,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption throw Error.Common_PropertyCannotBeNullOrEmpty(nameof(ValidationAlgorithmType)); } - logger.UsingManagedKeyedHashAlgorithm(ValidationAlgorithmType.FullName); + logger?.UsingManagedKeyedHashAlgorithm(ValidationAlgorithmType.FullName); if (ValidationAlgorithmType == typeof(HMACSHA256)) { return () => new HMACSHA256(); @@ -114,7 +114,7 @@ namespace Microsoft.AspNet.DataProtection.AuthenticatedEncryption throw Error.Common_PropertyMustBeNonNegative(nameof(EncryptionAlgorithmKeySize)); } - logger.UsingManagedSymmetricAlgorithm(EncryptionAlgorithmType.FullName); + logger?.UsingManagedSymmetricAlgorithm(EncryptionAlgorithmType.FullName); if (EncryptionAlgorithmType == typeof(Aes)) { diff --git a/src/Microsoft.AspNet.DataProtection/DataProtectionServices.cs b/src/Microsoft.AspNet.DataProtection/DataProtectionServices.cs index 862aa06998..e0a9749101 100644 --- a/src/Microsoft.AspNet.DataProtection/DataProtectionServices.cs +++ b/src/Microsoft.AspNet.DataProtection/DataProtectionServices.cs @@ -42,10 +42,7 @@ namespace Microsoft.Extensions.DependencyInjection var azureWebSitesKeysFolder = FileSystemXmlRepository.GetKeyStorageDirectoryForAzureWebSites(); if (azureWebSitesKeysFolder != null) { - if (log.IsInformationLevelEnabled()) - { - log.LogInformationF($"Azure Web Sites environment detected. Using '{azureWebSitesKeysFolder.FullName}' as key repository; keys will not be encrypted at rest."); - } + log?.UsingAzureAsKeyRepository(azureWebSitesKeysFolder.FullName); // Cloud DPAPI isn't yet available, so we don't encrypt keys at rest. // This isn't all that different than what Azure Web Sites does today, and we can always add this later. @@ -65,16 +62,13 @@ namespace Microsoft.Extensions.DependencyInjection } keyRepositoryDescriptor = DataProtectionServiceDescriptors.IXmlRepository_FileSystem(localAppDataKeysFolder); - if (log.IsInformationLevelEnabled()) + if (keyEncryptorDescriptor != null) { - if (keyEncryptorDescriptor != null) - { - log.LogInformationF($"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository and Windows DPAPI to encrypt keys at rest."); - } - else - { - log.LogInformationF($"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository; keys will not be encrypted at rest."); - } + log?.UsingProfileAsKeyRepositoryWithDPAPI(localAppDataKeysFolder.FullName); + } + else + { + log?.UsingProfileAsKeyRepository(localAppDataKeysFolder.FullName); } } else @@ -91,10 +85,7 @@ namespace Microsoft.Extensions.DependencyInjection keyEncryptorDescriptor = DataProtectionServiceDescriptors.IXmlEncryptor_Dpapi(protectToMachine: true); keyRepositoryDescriptor = DataProtectionServiceDescriptors.IXmlRepository_Registry(regKeyStorageKey); - if (log.IsInformationLevelEnabled()) - { - log.LogInformationF($"User profile not available. Using '{regKeyStorageKey.Name}' as key repository and Windows DPAPI to encrypt keys at rest."); - } + log?.UsingRegistryAsKeyRepositoryWithDPAPI(regKeyStorageKey.Name); } else { @@ -102,10 +93,7 @@ namespace Microsoft.Extensions.DependencyInjection // This can only be used for development scenarios. keyRepositoryDescriptor = DataProtectionServiceDescriptors.IXmlRepository_InMemory(); - if (log.IsWarningLevelEnabled()) - { - log.LogWarning("Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits."); - } + log?.UsingEphemeralKeyRepository(); } } } diff --git a/src/Microsoft.AspNet.DataProtection/EphemeralDataProtectionProvider.cs b/src/Microsoft.AspNet.DataProtection/EphemeralDataProtectionProvider.cs index ac6f1dc773..faaf687548 100644 --- a/src/Microsoft.AspNet.DataProtection/EphemeralDataProtectionProvider.cs +++ b/src/Microsoft.AspNet.DataProtection/EphemeralDataProtectionProvider.cs @@ -48,7 +48,7 @@ namespace Microsoft.AspNet.DataProtection } var logger = services.GetLogger(); - logger.UsingEphemeralDataProtectionProvider(); + logger?.UsingEphemeralDataProtectionProvider(); _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services); } diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/DefaultKeyResolver.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/DefaultKeyResolver.cs index 48e9684c3c..dc721a1331 100644 --- a/src/Microsoft.AspNet.DataProtection/KeyManagement/DefaultKeyResolver.cs +++ b/src/Microsoft.AspNet.DataProtection/KeyManagement/DefaultKeyResolver.cs @@ -54,7 +54,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement } catch (Exception ex) { - _logger.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptorInstance), ex); + _logger?.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptorInstance), ex); return false; } } @@ -69,12 +69,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement if (preferredDefaultKey != null) { - _logger.ConsideringKeyWithExpirationDateAsDefaultKey(preferredDefaultKey.KeyId, preferredDefaultKey.ExpirationDate); + _logger?.ConsideringKeyWithExpirationDateAsDefaultKey(preferredDefaultKey.KeyId, preferredDefaultKey.ExpirationDate); // if the key has been revoked or is expired, it is no longer a candidate if (preferredDefaultKey.IsRevoked || preferredDefaultKey.IsExpired(now) || !CanCreateAuthenticatedEncryptor(preferredDefaultKey)) { - _logger.KeyIsNoLongerUnderConsiderationAsDefault(preferredDefaultKey.KeyId); + _logger?.KeyIsNoLongerUnderConsiderationAsDefault(preferredDefaultKey.KeyId); preferredDefaultKey = null; } } @@ -97,7 +97,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement if (callerShouldGenerateNewKey) { - _logger.DefaultKeyExpirationImminentAndRepository(); + _logger?.DefaultKeyExpirationImminentAndRepository(); } fallbackKey = null; @@ -118,7 +118,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement where !key.IsRevoked && CanCreateAuthenticatedEncryptor(key) select key).FirstOrDefault(); - _logger.RepositoryContainsNoViableDefaultKey(); + _logger?.RepositoryContainsNoViableDefaultKey(); callerShouldGenerateNewKey = true; return null; diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingBasedDataProtector.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingBasedDataProtector.cs index 9e2ef2f280..c94da05ff7 100644 --- a/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingBasedDataProtector.cs +++ b/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingBasedDataProtector.cs @@ -245,7 +245,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement var requestedEncryptor = currentKeyRing.GetAuthenticatedEncryptorByKeyId(keyIdFromPayload, out keyWasRevoked); if (requestedEncryptor == null) { - _logger.KeyWasNotFoundInTheKeyRingUnprotectOperationCannotProceed(keyIdFromPayload); + _logger?.KeyWasNotFoundInTheKeyRingUnprotectOperationCannotProceed(keyIdFromPayload); throw Error.Common_KeyNotFound(keyIdFromPayload); } @@ -261,12 +261,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement { if (allowOperationsOnRevokedKeys) { - _logger.KeyWasRevokedCallerRequestedUnprotectOperationProceedRegardless(keyIdFromPayload); + _logger?.KeyWasRevokedCallerRequestedUnprotectOperationProceedRegardless(keyIdFromPayload); status = UnprotectStatus.DecryptionKeyWasRevoked; } else { - _logger.KeyWasRevokedUnprotectOperationCannotProceed(keyIdFromPayload); + _logger?.KeyWasRevokedUnprotectOperationCannotProceed(keyIdFromPayload); throw Error.Common_KeyRevoked(keyIdFromPayload); } } diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingProvider.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingProvider.cs index c41e45f380..017319c558 100644 --- a/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingProvider.cs +++ b/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingProvider.cs @@ -45,7 +45,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement return CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, defaultKeyPolicy.DefaultKey, allKeys); } - _logger.PolicyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing(); + _logger?.PolicyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing(); // We shouldn't call CreateKey more than once, else we risk stack diving. This code path shouldn't // get hit unless there was an ineligible key with an activation date slightly later than the one we @@ -66,12 +66,12 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement var keyToUse = defaultKeyPolicy.DefaultKey ?? defaultKeyPolicy.FallbackKey; if (keyToUse == null) { - _logger.KeyRingDoesNotContainValidDefaultKey(); + _logger?.KeyRingDoesNotContainValidDefaultKey(); throw new InvalidOperationException(Resources.KeyRingProvider_NoDefaultKey_AutoGenerateDisabled); } else { - _logger.UsingFallbackKeyWithExpirationAsDefaultKey(keyToUse.KeyId, keyToUse.ExpirationDate); + _logger?.UsingFallbackKeyWithExpirationAsDefaultKey(keyToUse.KeyId, keyToUse.ExpirationDate); return CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys); } } @@ -100,7 +100,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement // Invariant: our caller ensures that CreateEncryptorInstance succeeded at least once Debug.Assert(defaultKey.CreateEncryptorInstance() != null); - _logger.UsingKeyAsDefaultKey(defaultKey.KeyId); + _logger?.UsingKeyAsDefaultKey(defaultKey.KeyId); DateTimeOffset nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod); @@ -155,7 +155,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement if (existingCacheableKeyRing != null) { - _logger.ExistingCachedKeyRingIsExpired(); + _logger?.ExistingCachedKeyRingIsExpired(); } // It's up to us to refresh the cached keyring. @@ -170,11 +170,11 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement { if (existingCacheableKeyRing != null) { - _logger.ErrorOccurredWhileRefreshingKeyRing(ex); + _logger?.ErrorOccurredWhileRefreshingKeyRing(ex); } else { - _logger.ErrorOccurredWhileReadingKeyRing(ex); + _logger?.ErrorOccurredWhileReadingKeyRing(ex); } // Failures that occur while refreshing the keyring are most likely transient, perhaps due to a diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/XmlKeyManager.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/XmlKeyManager.cs index a137fef2cb..f8cf2c8e9f 100644 --- a/src/Microsoft.AspNet.DataProtection/KeyManagement/XmlKeyManager.cs +++ b/src/Microsoft.AspNet.DataProtection/KeyManagement/XmlKeyManager.cs @@ -175,7 +175,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement else { // Skip unknown elements. - _logger.UnknownElementWithNameFoundInKeyringSkipping(element.Name); + _logger?.UnknownElementWithNameFoundInKeyringSkipping(element.Name); } } @@ -189,11 +189,11 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement if (key != null) { key.SetRevoked(); - _logger.MarkedKeyAsRevokedInTheKeyring(revokedKeyId); + _logger?.MarkedKeyAsRevokedInTheKeyring(revokedKeyId); } else { - _logger.TriedToProcessRevocationOfKeyButNoSuchKeyWasFound(revokedKeyId); + _logger?.TriedToProcessRevocationOfKeyButNoSuchKeyWasFound(revokedKeyId); } } } @@ -211,7 +211,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement if (key.CreationDate < mostRecentMassRevocationDate) { key.SetRevoked(); - _logger.MarkedKeyAsRevokedInTheKeyring(key.KeyId); + _logger?.MarkedKeyAsRevokedInTheKeyring(key.KeyId); } } } @@ -237,7 +237,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement DateTimeOffset activationDate = (DateTimeOffset)keyElement.Element(ActivationDateElementName); DateTimeOffset expirationDate = (DateTimeOffset)keyElement.Element(ExpirationDateElementName); - _logger.FoundKey(keyId); + _logger?.FoundKey(keyId); return new DeferredKey( keyId: keyId, @@ -268,14 +268,14 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement { // this is a mass revocation of all keys as of the specified revocation date DateTimeOffset massRevocationDate = (DateTimeOffset)revocationElement.Element(RevocationDateElementName); - _logger.FoundRevocationOfAllKeysCreatedPriorTo(massRevocationDate); + _logger?.FoundRevocationOfAllKeysCreatedPriorTo(massRevocationDate); return massRevocationDate; } else { // only one key is being revoked Guid keyId = XmlConvert.ToGuid(keyIdAsString); - _logger.FoundRevocationOfKey(keyId); + _logger?.FoundRevocationOfKey(keyId); return keyId; } } @@ -283,7 +283,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement { // Any exceptions that occur are fatal - we don't want to continue if we cannot process // revocation information. - _logger.ExceptionWhileProcessingRevocationElement(revocationElement, ex); + _logger?.ExceptionWhileProcessingRevocationElement(revocationElement, ex); throw; } } @@ -297,7 +297,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement // ... // - _logger.RevokingAllKeysAsOfForReason(revocationDate, reason); + _logger?.RevokingAllKeysAsOfForReason(revocationDate, reason); var revocationElement = new XElement(RevocationElementName, new XAttribute(VersionAttributeName, 1), @@ -325,7 +325,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement { if (!suppressLogging) { - _logger.KeyCacheExpirationTokenTriggeredByOperation(opName); + _logger?.KeyCacheExpirationTokenTriggeredByOperation(opName); } Interlocked.Exchange(ref _cacheExpirationTokenSource, new CancellationTokenSource())?.Cancel(); @@ -339,10 +339,10 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement // include sensitive information in the exception message. // write sanitized element - _logger.ExceptionWhileProcessingKeyElement(keyElement.WithoutChildNodes(), error); + _logger?.ExceptionWhileProcessingKeyElement(keyElement.WithoutChildNodes(), error); // write full element - _logger.AnExceptionOccurredWhileProcessingElementDebug(keyElement, error); + _logger?.AnExceptionOccurredWhileProcessingElementDebug(keyElement, error); } @@ -357,13 +357,13 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement // // - _logger.CreatingKey(keyId, creationDate, activationDate, expirationDate); + _logger?.CreatingKey(keyId, creationDate, activationDate, expirationDate); var newDescriptor = _authenticatedEncryptorConfiguration.CreateNewDescriptor() ?? CryptoUtil.Fail("CreateNewDescriptor returned null."); var descriptorXmlInfo = newDescriptor.ExportToXml(); - _logger.DescriptorDeserializerTypeForKeyIs(keyId, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName); + _logger?.DescriptorDeserializerTypeForKeyIs(keyId, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName); // build the element var keyElement = new XElement(KeyElementName, @@ -379,18 +379,18 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement // If key escrow policy is in effect, write the *unencrypted* key now. if (_keyEscrowSink != null) { - _logger.KeyEscrowSinkFoundWritingKeyToEscrow(keyId); + _logger?.KeyEscrowSinkFoundWritingKeyToEscrow(keyId); } else { - _logger.NoKeyEscrowSinkFoundNotWritingKeyToEscrow(keyId); + _logger?.NoKeyEscrowSinkFoundNotWritingKeyToEscrow(keyId); } _keyEscrowSink?.Store(keyId, keyElement); // If an XML encryptor has been configured, protect secret key material now. if (KeyEncryptor == null) { - _logger.NoXMLEncryptorConfiguredKeyMayBePersistedToStorageInUnencryptedForm(keyId); + _logger?.NoXMLEncryptorConfiguredKeyMayBePersistedToStorageInUnencryptedForm(keyId); } var possiblyEncryptedKeyElement = KeyEncryptor?.EncryptIfNecessary(keyElement) ?? keyElement; @@ -438,7 +438,7 @@ namespace Microsoft.AspNet.DataProtection.KeyManagement // ... // - _logger.RevokingKeyForReason(keyId, revocationDate, reason); + _logger?.RevokingKeyForReason(keyId, revocationDate, reason); var revocationElement = new XElement(RevocationElementName, new XAttribute(VersionAttributeName, 1), diff --git a/src/Microsoft.AspNet.DataProtection/LoggingExtensions.cs b/src/Microsoft.AspNet.DataProtection/LoggingExtensions.cs index 509f1568bb..72ed762ba4 100644 --- a/src/Microsoft.AspNet.DataProtection/LoggingExtensions.cs +++ b/src/Microsoft.AspNet.DataProtection/LoggingExtensions.cs @@ -129,6 +129,16 @@ namespace Microsoft.Extensions.Logging private static Action _policyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing; + private static Action _usingEphemeralKeyRepository; + + private static Action _usingRegistryAsKeyRepositoryWithDPAPI; + + private static Action _usingProfileAsKeyRepository; + + private static Action _usingProfileAsKeyRepositoryWithDPAPI; + + private static Action _usingAzureAsKeyRepository; + static LoggingExtensions() { _usingFallbackKeyWithExpirationAsDefaultKey = LoggerMessage.Define( @@ -363,6 +373,21 @@ namespace Microsoft.Extensions.Logging eventId: 58, logLevel: LogLevel.Information, formatString: "Creating key {KeyId:B} with creation date {CreationDate:u}, activation date {ActivationDate:u}, and expiration date {ExpirationDate:u}."); + _usingEphemeralKeyRepository = LoggerMessage.Define(eventId: 59, + logLevel: LogLevel.Warning, + formatString: "Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits."); + _usingRegistryAsKeyRepositoryWithDPAPI = LoggerMessage.Define(eventId: 0, + logLevel: LogLevel.Information, + formatString: "User profile not available. Using '{Name}' as key repository and Windows DPAPI to encrypt keys at rest."); + _usingProfileAsKeyRepository = LoggerMessage.Define(eventId: 0, + logLevel: LogLevel.Information, + formatString: "User profile is available. Using '{FullName}' as key repository; keys will not be encrypted at rest."); + _usingProfileAsKeyRepositoryWithDPAPI = LoggerMessage.Define(eventId: 0, + logLevel: LogLevel.Information, + formatString: "User profile is available. Using '{FullName}' as key repository and Windows DPAPI to encrypt keys at rest."); + _usingAzureAsKeyRepository = LoggerMessage.Define(eventId: 0, + logLevel: LogLevel.Information, + formatString: "Azure Web Sites environment detected. Using '{FullName}' as key repository; keys will not be encrypted at rest."); } /// @@ -710,5 +735,30 @@ namespace Microsoft.Extensions.Logging { _creatingKey(logger, keyId, creationDate, activationDate, expirationDate, null); } + + public static void UsingEphemeralKeyRepository(this ILogger logger) + { + _usingEphemeralKeyRepository(logger, null); + } + + public static void UsingRegistryAsKeyRepositoryWithDPAPI(this ILogger logger, string name) + { + _usingRegistryAsKeyRepositoryWithDPAPI(logger, name, null); + } + + public static void UsingProfileAsKeyRepository(this ILogger logger, string fullName) + { + _usingProfileAsKeyRepository(logger, fullName, null); + } + + public static void UsingProfileAsKeyRepositoryWithDPAPI(this ILogger logger, string fullName) + { + _usingProfileAsKeyRepositoryWithDPAPI(logger, fullName, null); + } + + public static void UsingAzureAsKeyRepository(this ILogger logger, string fullName) + { + _usingAzureAsKeyRepository(logger, fullName, null); + } } } \ No newline at end of file diff --git a/src/Microsoft.AspNet.DataProtection/Repositories/EphemeralXmlRepository.cs b/src/Microsoft.AspNet.DataProtection/Repositories/EphemeralXmlRepository.cs index 1852bafaa3..e277488ca0 100644 --- a/src/Microsoft.AspNet.DataProtection/Repositories/EphemeralXmlRepository.cs +++ b/src/Microsoft.AspNet.DataProtection/Repositories/EphemeralXmlRepository.cs @@ -20,7 +20,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories public EphemeralXmlRepository(IServiceProvider services) { var logger = services?.GetLogger(); - logger.UsingInmemoryRepository(); + logger?.UsingInmemoryRepository(); } public virtual IReadOnlyCollection GetAllElements() diff --git a/src/Microsoft.AspNet.DataProtection/Repositories/FileSystemXmlRepository.cs b/src/Microsoft.AspNet.DataProtection/Repositories/FileSystemXmlRepository.cs index 84e46b24b5..a31038deab 100644 --- a/src/Microsoft.AspNet.DataProtection/Repositories/FileSystemXmlRepository.cs +++ b/src/Microsoft.AspNet.DataProtection/Repositories/FileSystemXmlRepository.cs @@ -185,7 +185,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories private XElement ReadElementFromFile(string fullPath) { - _logger.ReadingDataFromFile(fullPath); + _logger?.ReadingDataFromFile(fullPath); using (var fileStream = File.OpenRead(fullPath)) { @@ -203,7 +203,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories if (!IsSafeFilename(friendlyName)) { string newFriendlyName = Guid.NewGuid().ToString(); - _logger.NameIsNotSafeFileName(friendlyName, newFriendlyName); + _logger?.NameIsNotSafeFileName(friendlyName, newFriendlyName); friendlyName = newFriendlyName; } @@ -229,7 +229,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories // Once the file has been fully written, perform the rename. // Renames are atomic operations on the file systems we support. - _logger.WritingDataToFile(finalFilename); + _logger?.WritingDataToFile(finalFilename); File.Move(tempFilename, finalFilename); } finally diff --git a/src/Microsoft.AspNet.DataProtection/Repositories/RegistryXmlRepository.cs b/src/Microsoft.AspNet.DataProtection/Repositories/RegistryXmlRepository.cs index baed19aa53..c809cdce79 100644 --- a/src/Microsoft.AspNet.DataProtection/Repositories/RegistryXmlRepository.cs +++ b/src/Microsoft.AspNet.DataProtection/Repositories/RegistryXmlRepository.cs @@ -140,7 +140,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories private XElement ReadElementFromRegKey(RegistryKey regKey, string valueName) { - _logger.ReadingDataFromRegistryKeyValue(regKey, valueName); + _logger?.ReadingDataFromRegistryKeyValue(regKey, valueName); string data = regKey.GetValue(valueName) as string; return (!String.IsNullOrEmpty(data)) ? XElement.Parse(data) : null; @@ -156,7 +156,7 @@ namespace Microsoft.AspNet.DataProtection.Repositories if (!IsSafeRegistryValueName(friendlyName)) { string newFriendlyName = Guid.NewGuid().ToString(); - _logger.NameIsNotSafeRegistryValueName(friendlyName, newFriendlyName); + _logger?.NameIsNotSafeRegistryValueName(friendlyName, newFriendlyName); friendlyName = newFriendlyName; } diff --git a/src/Microsoft.AspNet.DataProtection/XmlEncryption/CertificateXmlEncryptor.cs b/src/Microsoft.AspNet.DataProtection/XmlEncryption/CertificateXmlEncryptor.cs index a2e7004095..e38928dbbf 100644 --- a/src/Microsoft.AspNet.DataProtection/XmlEncryption/CertificateXmlEncryptor.cs +++ b/src/Microsoft.AspNet.DataProtection/XmlEncryption/CertificateXmlEncryptor.cs @@ -149,7 +149,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption } catch (Exception ex) { - _logger.ExceptionWhileTryingToResolveCertificateWithThumbprint(thumbprint, ex); + _logger?.ExceptionWhileTryingToResolveCertificateWithThumbprint(thumbprint, ex); throw; } @@ -161,7 +161,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption var cert = _certFactory() ?? CryptoUtil.Fail("Cert factory returned null."); - _logger.EncryptingToX509CertificateWithThumbprint(cert.Thumbprint); + _logger?.EncryptingToX509CertificateWithThumbprint(cert.Thumbprint); try { @@ -169,7 +169,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption } catch (Exception ex) { - _logger.AnErrorOccurredWhileEncryptingToX509CertificateWithThumbprint(cert.Thumbprint, ex); + _logger?.AnErrorOccurredWhileEncryptingToX509CertificateWithThumbprint(cert.Thumbprint, ex); throw; } } diff --git a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlDecryptor.cs b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlDecryptor.cs index c71b0dd220..12296ffaac 100644 --- a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlDecryptor.cs +++ b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlDecryptor.cs @@ -84,7 +84,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption { // It's OK for us to log the error, as we control the exception, and it doesn't contain // sensitive information. - _logger.ExceptionOccurredTryingToDecryptElement(ex); + _logger?.ExceptionOccurredTryingToDecryptElement(ex); throw; } } diff --git a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlEncryptor.cs b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlEncryptor.cs index 6c2b718226..ec9eae530b 100644 --- a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlEncryptor.cs +++ b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiNGXmlEncryptor.cs @@ -73,7 +73,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption } string protectionDescriptorRuleString = _protectionDescriptorHandle.GetProtectionDescriptorRuleString(); - _logger.EncryptingToWindowsDPAPINGUsingProtectionDescriptorRule(protectionDescriptorRuleString); + _logger?.EncryptingToWindowsDPAPINGUsingProtectionDescriptorRule(protectionDescriptorRuleString); // Convert the XML element to a binary secret so that it can be run through DPAPI byte[] cngDpapiEncryptedData; @@ -86,7 +86,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption } catch (Exception ex) { - _logger.ErrorOccurredWhileEncryptingToWindowsDPAPING(ex); + _logger?.ErrorOccurredWhileEncryptingToWindowsDPAPING(ex); throw; } diff --git a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlDecryptor.cs b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlDecryptor.cs index fcdf952d11..0a65c22538 100644 --- a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlDecryptor.cs +++ b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlDecryptor.cs @@ -48,7 +48,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption throw new ArgumentNullException(nameof(encryptedElement)); } - _logger.DecryptingSecretElementUsingWindowsDPAPI(); + _logger?.DecryptingSecretElementUsingWindowsDPAPI(); try { @@ -67,7 +67,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption { // It's OK for us to log the error, as we control the exception, and it doesn't contain // sensitive information. - _logger.AnExceptionOccurredWhileTryingToDecryptElement(ex); + _logger?.ExceptionOccurredTryingToDecryptElement(ex); throw; } } diff --git a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlEncryptor.cs b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlEncryptor.cs index 192644d8fa..f99ee99c05 100644 --- a/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlEncryptor.cs +++ b/src/Microsoft.AspNet.DataProtection/XmlEncryption/DpapiXmlEncryptor.cs @@ -62,11 +62,11 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption } if (_protectToLocalMachine) { - _logger.EncryptingToWindowsDPAPIForLocalMachineAccount(); + _logger?.EncryptingToWindowsDPAPIForLocalMachineAccount(); } else { - _logger.EncryptingToWindowsDPAPIForCurrentUserAccount(WindowsIdentity.GetCurrent().Name); + _logger?.EncryptingToWindowsDPAPIForCurrentUserAccount(WindowsIdentity.GetCurrent().Name); } // Convert the XML element to a binary secret so that it can be run through DPAPI @@ -80,7 +80,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption } catch (Exception ex) { - _logger.ErrorOccurredWhileEncryptingToWindowsDPAPI(ex); + _logger?.ErrorOccurredWhileEncryptingToWindowsDPAPI(ex); throw; } diff --git a/src/Microsoft.AspNet.DataProtection/XmlEncryption/NullXmlEncryptor.cs b/src/Microsoft.AspNet.DataProtection/XmlEncryption/NullXmlEncryptor.cs index 5eb4aae2be..c110ed2d4c 100644 --- a/src/Microsoft.AspNet.DataProtection/XmlEncryption/NullXmlEncryptor.cs +++ b/src/Microsoft.AspNet.DataProtection/XmlEncryption/NullXmlEncryptor.cs @@ -48,7 +48,7 @@ namespace Microsoft.AspNet.DataProtection.XmlEncryption throw new ArgumentNullException(nameof(plaintextElement)); } - _logger.EncryptingUsingNullEncryptor(); + _logger?.EncryptingUsingNullEncryptor(); // //