/// <summary> /// Creates an ephemeral <see cref="IDataProtectionProvider"/> with logging. /// </summary> /// <param name="loggerFactory">The <see cref="ILoggerFactory" />.</param> public EphemeralDataProtectionProvider(ILoggerFactory loggerFactory) { if (loggerFactory == null) { throw new ArgumentNullException(nameof(loggerFactory)); } IKeyRingProvider keyringProvider; if (OSVersionUtil.IsWindows()) { // Assertion for platform compat analyzer Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.Windows)); // Fastest implementation: AES-256-GCM [CNG] keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptorConfiguration>(loggerFactory); } else { // Slowest implementation: AES-256-CBC + HMACSHA256 [Managed] keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptorConfiguration>(loggerFactory); } var logger = loggerFactory.CreateLogger <EphemeralDataProtectionProvider>(); logger.UsingEphemeralDataProtectionProvider(); _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, loggerFactory); }
public DefaultDataProtectionProvider( [NotNull] IOptions <DataProtectionOptions> optionsAccessor, [NotNull] IKeyManager keyManager) { KeyRingBasedDataProtectionProvider rootProvider = new KeyRingBasedDataProtectionProvider(new KeyRingProvider(keyManager)); var options = optionsAccessor.Options; _innerProvider = (!String.IsNullOrEmpty(options.ApplicationDiscriminator)) ? (IDataProtectionProvider)rootProvider.CreateProtector(options.ApplicationDiscriminator) : rootProvider; }
public EphemeralDataProtectionProvider() { IKeyRingProvider keyringProvider; if (OSVersionUtil.IsBCryptOnWin7OrLaterAvailable()) { // Fastest implementation: AES-GCM keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptorConfigurationOptions>(); } else { // Slowest implementation: managed CBC + HMAC keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptorConfigurationOptions>(); } _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider); }
private static void AddDataProtectionServices( IServiceCollection services ) { if (OSVersionUtil.IsWindows()) { services.TryAddSingleton <IRegistryPolicyResolver, RegistryPolicyResolver>(); } services.TryAddEnumerable( ServiceDescriptor.Singleton <IConfigureOptions <KeyManagementOptions>, KeyManagementOptionsSetup>()); services.TryAddEnumerable( ServiceDescriptor.Transient <IConfigureOptions <DataProtectionOptions>, DataProtectionOptionsSetup>()); services.TryAddSingleton <IKeyManager, XmlKeyManager>(); services.TryAddSingleton <IApplicationDiscriminator, HostingApplicationDiscriminator>(); services.TryAddEnumerable(ServiceDescriptor.Singleton <IStartupFilter, DataProtectionStartupFilter>()); // Internal services services.TryAddSingleton <IDefaultKeyResolver, DefaultKeyResolver>(); services.TryAddSingleton <IKeyRingProvider, KeyRingProvider>(); services.TryAddSingleton <IDataProtectionProvider>(s => { var dpOptions = s.GetRequiredService <IOptions <DataProtectionOptions> >(); var keyRingProvider = s.GetRequiredService <IKeyRingProvider>(); var loggerFactory = s.GetService <ILoggerFactory>() ?? NullLoggerFactory.Instance; IDataProtectionProvider dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyRingProvider, loggerFactory); // Link the provider to the supplied discriminator if (!string.IsNullOrEmpty(dpOptions.Value.ApplicationDiscriminator)) { dataProtectionProvider = dataProtectionProvider.CreateProtector( dpOptions.Value.ApplicationDiscriminator ); } return(dataProtectionProvider); }); services.TryAddSingleton <ICertificateResolver, CertificateResolver>(); }
internal static IDataProtectionProvider GetProviderFromServices(DataProtectionOptions options, IServiceProvider services, bool mustCreateImmediately) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (services == null) { throw new ArgumentNullException(nameof(services)); } IDataProtectionProvider dataProtectionProvider = null; // If we're being asked to create the provider immediately, then it means that // we're already in a call to GetService, and we're responsible for supplying // the default implementation ourselves. We can't call GetService again or // else we risk stack diving. if (!mustCreateImmediately) { dataProtectionProvider = services.GetService <IDataProtectionProvider>(); } // If all else fails, create a keyring manually based on the other registered services. if (dataProtectionProvider == null) { var keyRingProvider = new KeyRingProvider( keyManager: services.GetRequiredService <IKeyManager>(), keyManagementOptions: services.GetService <IOptions <KeyManagementOptions> >()?.Value, // might be null services: services); dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyRingProvider, services); } // Finally, link the provider to the supplied discriminator if (!String.IsNullOrEmpty(options.ApplicationDiscriminator)) { dataProtectionProvider = dataProtectionProvider.CreateProtector(options.ApplicationDiscriminator); } return(dataProtectionProvider); }
/// <summary> /// Creates an ephemeral <see cref="IDataProtectionProvider"/>, optionally providing /// services (such as logging) for consumption by the provider. /// </summary> public EphemeralDataProtectionProvider(IServiceProvider services) { IKeyRingProvider keyringProvider; if (OSVersionUtil.IsWindows()) { // Fastest implementation: AES-256-GCM [CNG] keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptionSettings>(); } else { // Slowest implementation: AES-256-CBC + HMACSHA256 [Managed] keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptionSettings>(); } var logger = services.GetLogger <EphemeralDataProtectionProvider>(); logger?.UsingEphemeralDataProtectionProvider(); _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services); }
/// <summary> /// Creates an ephemeral <see cref="IDataProtectionProvider"/>, optionally providing /// services (such as logging) for consumption by the provider. /// </summary> public EphemeralDataProtectionProvider(IServiceProvider services) { IKeyRingProvider keyringProvider; if (OSVersionUtil.IsWindows()) { // Fastest implementation: AES-256-GCM [CNG] keyringProvider = new EphemeralKeyRing <CngGcmAuthenticatedEncryptionOptions>(); } else { // Slowest implementation: AES-256-CBC + HMACSHA256 [Managed] keyringProvider = new EphemeralKeyRing <ManagedAuthenticatedEncryptionOptions>(); } var logger = services.GetLogger <EphemeralDataProtectionProvider>(); if (logger.IsWarningLevelEnabled()) { logger.LogWarning("Using ephemeral data protection provider. Payloads will be undecipherable upon application shutdown."); } _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services); }