/// <summary> /// Creates an <see cref="XmlKeyManager"/>. /// </summary> /// <param name="repository">The repository where keys are stored.</param> /// <param name="configuration">Configuration for newly-created keys.</param> /// <param name="services">A provider of optional services.</param> public XmlKeyManager( IXmlRepository repository, IAuthenticatedEncryptorConfiguration configuration, IServiceProvider services) { if (repository == null) { throw new ArgumentNullException(nameof(repository)); } if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } KeyEncryptor = services.GetService<IXmlEncryptor>(); // optional KeyRepository = repository; _activator = services.GetActivator(); // returns non-null _authenticatedEncryptorConfiguration = configuration; _internalKeyManager = services.GetService<IInternalXmlKeyManager>() ?? this; _keyEscrowSink = services.GetKeyEscrowSink(); // not required _logger = services.GetLogger<XmlKeyManager>(); // not required TriggerAndResetCacheExpirationToken(suppressLogging: true); }
internal XmlKeyManager(IServiceProvider services) { // First, see if an explicit encryptor or repository was specified. // If either was specified, then we won't use the fallback. KeyEncryptor = services.GetService <IXmlEncryptor>(); // optional KeyRepository = (KeyEncryptor != null) ? services.GetRequiredService <IXmlRepository>() // required if encryptor is specified : services.GetService <IXmlRepository>(); // optional if encryptor not specified // If the repository is missing, then we get both the encryptor and the repository from the fallback. // If the fallback is missing, the final call to GetRequiredService below will throw. if (KeyRepository == null) { var defaultKeyServices = services.GetService <IDefaultKeyServices>(); KeyEncryptor = defaultKeyServices?.GetKeyEncryptor(); // optional KeyRepository = defaultKeyServices?.GetKeyRepository() ?? services.GetRequiredService <IXmlRepository>(); } _activator = services.GetActivator(); // returns non-null _authenticatedEncryptorConfiguration = services.GetRequiredService <IAuthenticatedEncryptorConfiguration>(); _internalKeyManager = services.GetService <IInternalXmlKeyManager>() ?? this; _keyEscrowSink = services.GetKeyEscrowSink(); // not required _logger = services.GetLogger <XmlKeyManager>(); // not required TriggerAndResetCacheExpirationToken(suppressLogging: true); }
/// <summary> /// Creates an <see cref="XmlKeyManager"/>. /// </summary> /// <param name="repository">The repository where keys are stored.</param> /// <param name="configuration">Configuration for newly-created keys.</param> /// <param name="services">A provider of optional services.</param> public XmlKeyManager( IXmlRepository repository, IAuthenticatedEncryptorConfiguration configuration, IServiceProvider services) { if (repository == null) { throw new ArgumentNullException(nameof(repository)); } if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } KeyEncryptor = services.GetService <IXmlEncryptor>(); // optional KeyRepository = repository; _activator = services.GetActivator(); // returns non-null _authenticatedEncryptorConfiguration = configuration; _internalKeyManager = services.GetService <IInternalXmlKeyManager>() ?? this; _keyEscrowSink = services.GetKeyEscrowSink(); // not required _logger = services.GetLogger <XmlKeyManager>(); // not required TriggerAndResetCacheExpirationToken(suppressLogging: true); }
/// <summary> /// Registers a <see cref="IKeyEscrowSink"/> to perform escrow before keys are persisted to storage. /// </summary> /// <param name="sink">The instance of the <see cref="IKeyEscrowSink"/> to register.</param> /// <returns>The 'this' instance.</returns> /// <remarks> /// Registrations are additive. /// </remarks> public DataProtectionConfiguration AddKeyEscrowSink(IKeyEscrowSink sink) { if (sink == null) { throw new ArgumentNullException(nameof(sink)); } Services.AddInstance <IKeyEscrowSink>(sink); return(this); }
internal XmlKeyManager( IOptions <KeyManagementOptions> keyManagementOptions, IActivator activator, ILoggerFactory loggerFactory, IDefaultKeyStorageDirectories keyStorageDirectories ) { _loggerFactory = loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory)); _logger = _loggerFactory.CreateLogger <XmlKeyManager>(); _keyStorageDirectories = keyStorageDirectories ?? throw new ArgumentNullException(nameof(keyStorageDirectories)); KeyRepository = keyManagementOptions.Value.XmlRepository; KeyEncryptor = keyManagementOptions.Value.XmlEncryptor; if (KeyRepository == null) { //当 (null== options.XmlRepository) 时 XmlKeyManager 会自动创建一个 if (KeyEncryptor != null) { throw new InvalidOperationException( Resources.FormatXmlKeyManager_IXmlRepositoryNotFound(nameof(IXmlRepository), nameof(IXmlEncryptor))); } else { //从_keyStorageDirectories中获取设置 var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair(); KeyRepository = keyRepositoryEncryptorPair.Key; KeyEncryptor = keyRepositoryEncryptorPair.Value; } } _authenticatedEncryptorConfiguration = keyManagementOptions.Value.AuthenticatedEncryptorConfiguration; var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks; _keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null; _activator = activator; TriggerAndResetCacheExpirationToken(suppressLogging: true); _internalKeyManager = _internalKeyManager ?? this; _encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories; }
internal XmlKeyManager( IOptions <KeyManagementOptions> keyManagementOptions, IActivator activator, ILoggerFactory loggerFactory, IDefaultKeyStorageDirectories keyStorageDirectories) { _loggerFactory = loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory)); _logger = _loggerFactory.CreateLogger <XmlKeyManager>(); _keyStorageDirectories = keyStorageDirectories ?? throw new ArgumentNullException(nameof(keyStorageDirectories)); KeyRepository = keyManagementOptions.Value.XmlRepository; KeyEncryptor = keyManagementOptions.Value.XmlEncryptor; if (KeyRepository == null) { if (KeyEncryptor != null) { throw new InvalidOperationException($"The '{nameof(IXmlRepository)}' instance could not be found. When an '{nameof(IXmlEncryptor)}' instance is set, a corresponding '{nameof(IXmlRepository)}' instance must also be set."); } else { var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair(); KeyRepository = keyRepositoryEncryptorPair.Key; KeyEncryptor = keyRepositoryEncryptorPair.Value; } } _authenticatedEncryptorConfiguration = keyManagementOptions.Value.AuthenticatedEncryptorConfiguration; var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks; _keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null; _activator = activator; TriggerAndResetCacheExpirationToken(suppressLogging: true); _internalKeyManager = _internalKeyManager ?? this; _encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories; }
/// <summary> /// Registers a <see cref="IKeyEscrowSink"/> to perform escrow before keys are persisted to storage. /// </summary> /// <param name="builder">The <see cref="IDataProtectionBuilder"/>.</param> /// <param name="sink">The instance of the <see cref="IKeyEscrowSink"/> to register.</param> /// <returns>A reference to the <see cref="IDataProtectionBuilder" /> after this operation has completed.</returns> /// <remarks> /// Registrations are additive. /// </remarks> public static IDataProtectionBuilder AddKeyEscrowSink(this IDataProtectionBuilder builder, IKeyEscrowSink sink) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (sink == null) { throw new ArgumentNullException(nameof(sink)); } builder.Services.Configure <KeyManagementOptions>(options => { options.KeyEscrowSinks.Add(sink); }); return(builder); }
internal XmlKeyManager(IServiceProvider services) { // First, see if an explicit encryptor or repository was specified. // If either was specified, then we won't use the fallback. KeyEncryptor = services.GetService<IXmlEncryptor>(); // optional KeyRepository = (KeyEncryptor != null) ? services.GetRequiredService<IXmlRepository>() // required if encryptor is specified : services.GetService<IXmlRepository>(); // optional if encryptor not specified // If the repository is missing, then we get both the encryptor and the repository from the fallback. // If the fallback is missing, the final call to GetRequiredService below will throw. if (KeyRepository == null) { var defaultKeyServices = services.GetService<IDefaultKeyServices>(); KeyEncryptor = defaultKeyServices?.GetKeyEncryptor(); // optional KeyRepository = defaultKeyServices?.GetKeyRepository() ?? services.GetRequiredService<IXmlRepository>(); } _activator = services.GetActivator(); // returns non-null _authenticatedEncryptorConfiguration = services.GetRequiredService<IAuthenticatedEncryptorConfiguration>(); _internalKeyManager = services.GetService<IInternalXmlKeyManager>() ?? this; _keyEscrowSink = services.GetKeyEscrowSink(); // not required _logger = services.GetLogger<XmlKeyManager>(); // not required TriggerAndResetCacheExpirationToken(suppressLogging: true); }
/// <summary> /// Registers a <see cref="IKeyEscrowSink"/> to perform escrow before keys are persisted to storage. /// </summary> /// <param name="builder">The <see cref="IDataProtectionBuilder"/>.</param> /// <param name="sink">The instance of the <see cref="IKeyEscrowSink"/> to register.</param> /// <returns>A reference to the <see cref="IDataProtectionBuilder" /> after this operation has completed.</returns> /// <remarks> /// Registrations are additive. /// </remarks> public static IDataProtectionBuilder AddKeyEscrowSink(this IDataProtectionBuilder builder, IKeyEscrowSink sink) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (sink == null) { throw new ArgumentNullException(nameof(sink)); } builder.Services.AddSingleton <IKeyEscrowSink>(sink); return(builder); }