/// <summary>
        /// Creates an ephemeral <see cref="IDataProtectionProvider"/> with logging.
        /// </summary>
        /// <param name="loggerFactory">The <see cref="ILoggerFactory" />.</param>
        public EphemeralDataProtectionProvider(ILoggerFactory loggerFactory)
        {
            if (loggerFactory == null)
            {
                throw new ArgumentNullException(nameof(loggerFactory));
            }

            IKeyRingProvider keyringProvider;

            if (OSVersionUtil.IsWindows())
            {
                // Assertion for platform compat analyzer
                Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
                // Fastest implementation: AES-256-GCM [CNG]
                keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptorConfiguration>(loggerFactory);
            }
            else
            {
                // Slowest implementation: AES-256-CBC + HMACSHA256 [Managed]
                keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptorConfiguration>(loggerFactory);
            }

            var logger = loggerFactory.CreateLogger <EphemeralDataProtectionProvider>();

            logger.UsingEphemeralDataProtectionProvider();

            _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, loggerFactory);
        }
        public DefaultDataProtectionProvider(
            [NotNull] IOptions <DataProtectionOptions> optionsAccessor,
            [NotNull] IKeyManager keyManager)
        {
            KeyRingBasedDataProtectionProvider rootProvider = new KeyRingBasedDataProtectionProvider(new KeyRingProvider(keyManager));
            var options = optionsAccessor.Options;

            _innerProvider = (!String.IsNullOrEmpty(options.ApplicationDiscriminator))
                ? (IDataProtectionProvider)rootProvider.CreateProtector(options.ApplicationDiscriminator)
                : rootProvider;
        }
Ejemplo n.º 3
0
        public EphemeralDataProtectionProvider()
        {
            IKeyRingProvider keyringProvider;

            if (OSVersionUtil.IsBCryptOnWin7OrLaterAvailable())
            {
                // Fastest implementation: AES-GCM
                keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptorConfigurationOptions>();
            }
            else
            {
                // Slowest implementation: managed CBC + HMAC
                keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptorConfigurationOptions>();
            }

            _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider);
        }
Ejemplo n.º 4
0
        private static void AddDataProtectionServices(
            IServiceCollection services
            )
        {
            if (OSVersionUtil.IsWindows())
            {
                services.TryAddSingleton <IRegistryPolicyResolver, RegistryPolicyResolver>();
            }

            services.TryAddEnumerable(
                ServiceDescriptor.Singleton <IConfigureOptions <KeyManagementOptions>, KeyManagementOptionsSetup>());
            services.TryAddEnumerable(
                ServiceDescriptor.Transient <IConfigureOptions <DataProtectionOptions>, DataProtectionOptionsSetup>());

            services.TryAddSingleton <IKeyManager, XmlKeyManager>();
            services.TryAddSingleton <IApplicationDiscriminator, HostingApplicationDiscriminator>();
            services.TryAddEnumerable(ServiceDescriptor.Singleton <IStartupFilter, DataProtectionStartupFilter>());

            // Internal services
            services.TryAddSingleton <IDefaultKeyResolver, DefaultKeyResolver>();
            services.TryAddSingleton <IKeyRingProvider, KeyRingProvider>();

            services.TryAddSingleton <IDataProtectionProvider>(s =>
            {
                var dpOptions       = s.GetRequiredService <IOptions <DataProtectionOptions> >();
                var keyRingProvider = s.GetRequiredService <IKeyRingProvider>();
                var loggerFactory   = s.GetService <ILoggerFactory>() ?? NullLoggerFactory.Instance;

                IDataProtectionProvider dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyRingProvider, loggerFactory);

                // Link the provider to the supplied discriminator
                if (!string.IsNullOrEmpty(dpOptions.Value.ApplicationDiscriminator))
                {
                    dataProtectionProvider = dataProtectionProvider.CreateProtector(
                        dpOptions.Value.ApplicationDiscriminator
                        );
                }

                return(dataProtectionProvider);
            });

            services.TryAddSingleton <ICertificateResolver, CertificateResolver>();
        }
        internal static IDataProtectionProvider GetProviderFromServices(DataProtectionOptions options, IServiceProvider services, bool mustCreateImmediately)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            if (services == null)
            {
                throw new ArgumentNullException(nameof(services));
            }

            IDataProtectionProvider dataProtectionProvider = null;

            // If we're being asked to create the provider immediately, then it means that
            // we're already in a call to GetService, and we're responsible for supplying
            // the default implementation ourselves. We can't call GetService again or
            // else we risk stack diving.
            if (!mustCreateImmediately)
            {
                dataProtectionProvider = services.GetService <IDataProtectionProvider>();
            }

            // If all else fails, create a keyring manually based on the other registered services.
            if (dataProtectionProvider == null)
            {
                var keyRingProvider = new KeyRingProvider(
                    keyManager: services.GetRequiredService <IKeyManager>(),
                    keyManagementOptions: services.GetService <IOptions <KeyManagementOptions> >()?.Value, // might be null
                    services: services);
                dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyRingProvider, services);
            }

            // Finally, link the provider to the supplied discriminator
            if (!String.IsNullOrEmpty(options.ApplicationDiscriminator))
            {
                dataProtectionProvider = dataProtectionProvider.CreateProtector(options.ApplicationDiscriminator);
            }

            return(dataProtectionProvider);
        }
Ejemplo n.º 6
0
        /// <summary>
        /// Creates an ephemeral <see cref="IDataProtectionProvider"/>, optionally providing
        /// services (such as logging) for consumption by the provider.
        /// </summary>
        public EphemeralDataProtectionProvider(IServiceProvider services)
        {
            IKeyRingProvider keyringProvider;

            if (OSVersionUtil.IsWindows())
            {
                // Fastest implementation: AES-256-GCM [CNG]
                keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptionSettings>();
            }
            else
            {
                // Slowest implementation: AES-256-CBC + HMACSHA256 [Managed]
                keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptionSettings>();
            }

            var logger = services.GetLogger <EphemeralDataProtectionProvider>();

            logger?.UsingEphemeralDataProtectionProvider();

            _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services);
        }
Ejemplo n.º 7
0
        /// <summary>
        /// Creates an ephemeral <see cref="IDataProtectionProvider"/>, optionally providing
        /// services (such as logging) for consumption by the provider.
        /// </summary>
        public EphemeralDataProtectionProvider(IServiceProvider services)
        {
            IKeyRingProvider keyringProvider;

            if (OSVersionUtil.IsWindows())
            {
                // Fastest implementation: AES-256-GCM [CNG]
                keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptionOptions>();
            }
            else
            {
                // Slowest implementation: AES-256-CBC + HMACSHA256 [Managed]
                keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptionOptions>();
            }

            var logger = services.GetLogger <EphemeralDataProtectionProvider>();

            if (logger.IsWarningLevelEnabled())
            {
                logger.LogWarning("Using ephemeral data protection provider. Payloads will be undecipherable upon application shutdown.");
            }

            _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services);
        }