private CacheableKeyRing CreateCacheableKeyRingCoreStep2(DateTimeOffset now, CancellationToken cacheExpirationToken, IKey defaultKey, IEnumerable <IKey> allKeys)
        {
            Debug.Assert(defaultKey != null);

            // Invariant: our caller ensures that CreateEncryptorInstance succeeded at least once
            Debug.Assert(defaultKey.CreateEncryptorInstance() != null);

            if (_logger.IsVerboseLevelEnabled())
            {
                _logger.LogVerboseF($"Using key {defaultKey.KeyId:B} as the default key.");
            }

            DateTimeOffset nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod);

            // The cached keyring should expire at the earliest of (default key expiration, next auto-refresh time).
            // Since the refresh period and safety window are not user-settable, we can guarantee that there's at
            // least one auto-refresh between the start of the safety window and the key's expiration date.
            // This gives us an opportunity to update the key ring before expiration, and it prevents multiple
            // servers in a cluster from trying to update the key ring simultaneously. Special case: if the default
            // key's expiration date is in the past, then we know we're using a fallback key and should disregard
            // its expiration date in favor of the next auto-refresh time.
            return(new CacheableKeyRing(
                       expirationToken: cacheExpirationToken,
                       expirationTime: (defaultKey.ExpirationDate <= now) ? nextAutoRefreshTime : Min(defaultKey.ExpirationDate, nextAutoRefreshTime),
                       defaultKey: defaultKey,
                       allKeys: allKeys));
        }
 private bool CanCreateAuthenticatedEncryptor(IKey key)
 {
     try
     {
         var encryptorInstance = key.CreateEncryptorInstance() ?? CryptoUtil.Fail<IAuthenticatedEncryptor>("CreateEncryptorInstance returned null.");
         return true;
     }
     catch (Exception ex)
     {
         _logger?.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptorInstance), ex);
         return false;
     }
 }
Ejemplo n.º 3
0
 private bool CanCreateAuthenticatedEncryptor(IKey key)
 {
     try
     {
         var encryptorInstance = key.CreateEncryptorInstance() ?? CryptoUtil.Fail <IAuthenticatedEncryptor>("CreateEncryptorInstance returned null.");
         return(true);
     }
     catch (Exception ex)
     {
         _logger?.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptorInstance), ex);
         return(false);
     }
 }
Ejemplo n.º 4
0
 private bool CanCreateAuthenticatedEncryptor(IKey key)
 {
     try
     {
         var encryptorInstance = key.CreateEncryptorInstance() ?? CryptoUtil.Fail<IAuthenticatedEncryptor>("CreateEncryptorInstance returned null.");
         return true;
     }
     catch (Exception ex)
     {
         if (_logger.IsWarningLevelEnabled())
         {
             _logger.LogWarningF(ex, $"Key {key.KeyId:B} is ineligible to be the default key because its {nameof(IKey.CreateEncryptorInstance)} method failed.");
         }
         return false;
     }
 }
 private bool CanCreateAuthenticatedEncryptor(IKey key)
 {
     try
     {
         var encryptorInstance = key.CreateEncryptorInstance() ?? CryptoUtil.Fail <IAuthenticatedEncryptor>("CreateEncryptorInstance returned null.");
         return(true);
     }
     catch (Exception ex)
     {
         if (_logger.IsWarningLevelEnabled())
         {
             _logger.LogWarningF(ex, $"Key {key.KeyId:B} is ineligible to be the default key because its {nameof(IKey.CreateEncryptorInstance)} method failed.");
         }
         return(false);
     }
 }
Ejemplo n.º 6
0
            internal IAuthenticatedEncryptor GetEncryptorInstance(out bool isRevoked)
            {
                // simple double-check lock pattern
                // we can't use LazyInitializer<T> because we don't have a simple value factory
                IAuthenticatedEncryptor encryptor = Volatile.Read(ref _encryptor);

                if (encryptor == null)
                {
                    lock (this)
                    {
                        encryptor = Volatile.Read(ref _encryptor);
                        if (encryptor == null)
                        {
                            encryptor = _key.CreateEncryptorInstance();
                            Volatile.Write(ref _encryptor, encryptor);
                        }
                    }
                }
                isRevoked = _key.IsRevoked;
                return(encryptor);
            }
Ejemplo n.º 7
0
        private CacheableKeyRing CreateCacheableKeyRingCoreStep2(DateTimeOffset now, CancellationToken cacheExpirationToken, IKey defaultKey, IEnumerable<IKey> allKeys)
        {
            Debug.Assert(defaultKey != null);

            // Invariant: our caller ensures that CreateEncryptorInstance succeeded at least once
            Debug.Assert(defaultKey.CreateEncryptorInstance() != null);

            _logger?.UsingKeyAsDefaultKey(defaultKey.KeyId);

            DateTimeOffset nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod);

            // The cached keyring should expire at the earliest of (default key expiration, next auto-refresh time).
            // Since the refresh period and safety window are not user-settable, we can guarantee that there's at
            // least one auto-refresh between the start of the safety window and the key's expiration date.
            // This gives us an opportunity to update the key ring before expiration, and it prevents multiple
            // servers in a cluster from trying to update the key ring simultaneously. Special case: if the default
            // key's expiration date is in the past, then we know we're using a fallback key and should disregard
            // its expiration date in favor of the next auto-refresh time.
            return new CacheableKeyRing(
                expirationToken: cacheExpirationToken,
                expirationTime: (defaultKey.ExpirationDate <= now) ? nextAutoRefreshTime : Min(defaultKey.ExpirationDate, nextAutoRefreshTime),
                defaultKey: defaultKey,
                allKeys: allKeys);
        }