internal XmlKeyManager(IServiceProvider services)
{
// First, see if an explicit encryptor or repository was specified.
// If either was specified, then we won't use the fallback.
KeyEncryptor = services.GetService <IXmlEncryptor>(); // optional
KeyRepository = (KeyEncryptor != null)
? services.GetRequiredService <IXmlRepository>() // required if encryptor is specified
: services.GetService <IXmlRepository>(); // optional if encryptor not specified
// If the repository is missing, then we get both the encryptor and the repository from the fallback.
// If the fallback is missing, the final call to GetRequiredService below will throw.
if (KeyRepository == null)
{
var defaultKeyServices = services.GetService <IDefaultKeyServices>();
KeyEncryptor = defaultKeyServices?.GetKeyEncryptor(); // optional
KeyRepository = defaultKeyServices?.GetKeyRepository() ?? services.GetRequiredService <IXmlRepository>();
}
_activator = services.GetActivator(); // returns non-null
_authenticatedEncryptorConfiguration = services.GetRequiredService <IAuthenticatedEncryptorConfiguration>();
_internalKeyManager = services.GetService <IInternalXmlKeyManager>() ?? this;
_keyEscrowSink = services.GetKeyEscrowSink(); // not required
_logger = services.GetLogger <XmlKeyManager>(); // not required
TriggerAndResetCacheExpirationToken(suppressLogging: true);
}
/// <summary>
/// Creates an <see cref="XmlKeyManager"/>.
/// </summary>
/// <param name="keyManagementOptions">The <see cref="IOptions{KeyManagementOptions}"/> instance that provides the configuration.</param>
/// <param name="activator">The <see cref="IActivator"/>.</param>
/// <param name="loggerFactory">The <see cref="ILoggerFactory"/>.</param>
public XmlKeyManager(IOptions <KeyManagementOptions> keyManagementOptions, IActivator activator, ILoggerFactory loggerFactory)
{
_loggerFactory = loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory));
_logger = _loggerFactory.CreateLogger <XmlKeyManager>();
KeyRepository = keyManagementOptions.Value.XmlRepository;
KeyEncryptor = keyManagementOptions.Value.XmlEncryptor;
if (KeyRepository == null)
{
if (KeyEncryptor != null)
{
throw new InvalidOperationException(
Resources.FormatXmlKeyManager_IXmlRepositoryNotFound(nameof(IXmlRepository), nameof(IXmlEncryptor)));
}
else
{
var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair();
KeyRepository = keyRepositoryEncryptorPair.Key;
KeyEncryptor = keyRepositoryEncryptorPair.Value;
}
}
_authenticatedEncryptorConfiguration = keyManagementOptions.Value.AuthenticatedEncryptorConfiguration;
var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks;
_keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null;
_activator = activator;
TriggerAndResetCacheExpirationToken(suppressLogging: true);
_internalKeyManager = _internalKeyManager ?? this;
_encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories;
}
/// <summary>
/// Creates an <see cref="XmlKeyManager"/>.
/// </summary>
/// <param name="repository">The repository where keys are stored.</param>
/// <param name="configuration">Configuration for newly-created keys.</param>
/// <param name="services">A provider of optional services.</param>
public XmlKeyManager(
IXmlRepository repository,
IAuthenticatedEncryptorConfiguration configuration,
IServiceProvider services)
{
if (repository == null)
{
throw new ArgumentNullException(nameof(repository));
}
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
KeyEncryptor = services.GetService<IXmlEncryptor>(); // optional
KeyRepository = repository;
_activator = services.GetActivator(); // returns non-null
_authenticatedEncryptorConfiguration = configuration;
_internalKeyManager = services.GetService<IInternalXmlKeyManager>() ?? this;
_keyEscrowSink = services.GetKeyEscrowSink(); // not required
_logger = services.GetLogger<XmlKeyManager>(); // not required
TriggerAndResetCacheExpirationToken(suppressLogging: true);
}
/// <summary>
/// Creates an <see cref="XmlKeyManager"/>.
/// </summary>
/// <param name="repository">The repository where keys are stored.</param>
/// <param name="configuration">Configuration for newly-created keys.</param>
/// <param name="services">A provider of optional services.</param>
public XmlKeyManager(
IXmlRepository repository,
IAuthenticatedEncryptorConfiguration configuration,
IServiceProvider services)
{
if (repository == null)
{
throw new ArgumentNullException(nameof(repository));
}
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
KeyEncryptor = services.GetService <IXmlEncryptor>(); // optional
KeyRepository = repository;
_activator = services.GetActivator(); // returns non-null
_authenticatedEncryptorConfiguration = configuration;
_internalKeyManager = services.GetService <IInternalXmlKeyManager>() ?? this;
_keyEscrowSink = services.GetKeyEscrowSink(); // not required
_logger = services.GetLogger <XmlKeyManager>(); // not required
TriggerAndResetCacheExpirationToken(suppressLogging: true);
}
// Internal for testing.
internal XmlKeyManager(
IOptions <KeyManagementOptions> keyManagementOptions,
IActivator activator,
ILoggerFactory loggerFactory,
IInternalXmlKeyManager internalXmlKeyManager)
: this(keyManagementOptions, activator, loggerFactory)
{
_internalKeyManager = internalXmlKeyManager;
}
public DeferredKey(
Guid keyId,
DateTimeOffset creationDate,
DateTimeOffset activationDate,
DateTimeOffset expirationDate,
IInternalXmlKeyManager keyManager,
XElement keyElement)
: base(keyId, creationDate, activationDate, expirationDate, new Lazy<IAuthenticatedEncryptor>(GetLazyEncryptorDelegate(keyManager, keyElement)))
{
}
public DeferredKey(
Guid keyId,
DateTimeOffset creationDate,
DateTimeOffset activationDate,
DateTimeOffset expirationDate,
IInternalXmlKeyManager keyManager,
XElement keyElement)
: base(keyId, creationDate, activationDate, expirationDate, new Lazy <IAuthenticatedEncryptor>(GetLazyEncryptorDelegate(keyManager, keyElement)))
{
}
public DeferredKey(
Guid keyId,
DateTimeOffset creationDate,
DateTimeOffset activationDate,
DateTimeOffset expirationDate,
IInternalXmlKeyManager keyManager,
XElement keyElement,
IEnumerable <IAuthenticatedEncryptorFactory> encryptorFactories)
: base(keyId,
creationDate,
activationDate,
expirationDate,
new Lazy <IAuthenticatedEncryptorDescriptor>(GetLazyDescriptorDelegate(keyManager, keyElement)),
encryptorFactories)
{
}
private static Func<IAuthenticatedEncryptor> GetLazyEncryptorDelegate(IInternalXmlKeyManager keyManager, XElement keyElement)
{
// The <key> element will be held around in memory for a potentially lengthy period
// of time. Since it might contain sensitive information, we should protect it.
var encryptedKeyElement = keyElement.ToSecret();
try
{
return () => keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement()).CreateEncryptorInstance();
}
finally
{
// It's important that the lambda above doesn't capture 'descriptorElement'. Clearing the reference here
// helps us detect if we've done this by causing a null ref at runtime.
keyElement = null;
}
}
private static Func <IAuthenticatedEncryptor> GetLazyEncryptorDelegate(IInternalXmlKeyManager keyManager, XElement keyElement)
{
// The <key> element will be held around in memory for a potentially lengthy period
// of time. Since it might contain sensitive information, we should protect it.
var encryptedKeyElement = keyElement.ToSecret();
try
{
return(() => keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement()).CreateEncryptorInstance());
}
finally
{
// It's important that the lambda above doesn't capture 'descriptorElement'. Clearing the reference here
// helps us detect if we've done this by causing a null ref at runtime.
keyElement = null;
}
}
internal XmlKeyManager(
IOptions <KeyManagementOptions> keyManagementOptions,
IActivator activator,
ILoggerFactory loggerFactory,
IDefaultKeyStorageDirectories keyStorageDirectories)
{
_loggerFactory = loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory));
_logger = _loggerFactory.CreateLogger <XmlKeyManager>();
_keyStorageDirectories = keyStorageDirectories ?? throw new ArgumentNullException(nameof(keyStorageDirectories));
KeyRepository = keyManagementOptions.Value.XmlRepository;
KeyEncryptor = keyManagementOptions.Value.XmlEncryptor;
if (KeyRepository == null)
{
if (KeyEncryptor != null)
{
throw new InvalidOperationException($"The '{nameof(IXmlRepository)}' instance could not be found. When an '{nameof(IXmlEncryptor)}' instance is set, a corresponding '{nameof(IXmlRepository)}' instance must also be set.");
}
else
{
var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair();
KeyRepository = keyRepositoryEncryptorPair.Key;
KeyEncryptor = keyRepositoryEncryptorPair.Value;
}
}
_authenticatedEncryptorConfiguration = keyManagementOptions.Value.AuthenticatedEncryptorConfiguration;
var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks;
_keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null;
_activator = activator;
TriggerAndResetCacheExpirationToken(suppressLogging: true);
_internalKeyManager = _internalKeyManager ?? this;
_encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories;
}
internal XmlKeyManager(IServiceProvider services)
{
// First, see if an explicit encryptor or repository was specified.
// If either was specified, then we won't use the fallback.
KeyEncryptor = services.GetService<IXmlEncryptor>(); // optional
KeyRepository = (KeyEncryptor != null)
? services.GetRequiredService<IXmlRepository>() // required if encryptor is specified
: services.GetService<IXmlRepository>(); // optional if encryptor not specified
// If the repository is missing, then we get both the encryptor and the repository from the fallback.
// If the fallback is missing, the final call to GetRequiredService below will throw.
if (KeyRepository == null)
{
var defaultKeyServices = services.GetService<IDefaultKeyServices>();
KeyEncryptor = defaultKeyServices?.GetKeyEncryptor(); // optional
KeyRepository = defaultKeyServices?.GetKeyRepository() ?? services.GetRequiredService<IXmlRepository>();
}
_activator = services.GetActivator(); // returns non-null
_authenticatedEncryptorConfiguration = services.GetRequiredService<IAuthenticatedEncryptorConfiguration>();
_internalKeyManager = services.GetService<IInternalXmlKeyManager>() ?? this;
_keyEscrowSink = services.GetKeyEscrowSink(); // not required
_logger = services.GetLogger<XmlKeyManager>(); // not required
TriggerAndResetCacheExpirationToken(suppressLogging: true);
}
