private CacheableKeyRing CreateCacheableKeyRingCoreStep2( DateTimeOffset now, CancellationToken cacheExpirationToken, IKey defaultKey, IEnumerable <IKey> allKeys ) { Debug.Assert(defaultKey != null); // Invariant: our caller ensures that CreateEncryptorInstance succeeded at least once Debug.Assert(defaultKey.CreateEncryptor() != null); _logger.UsingKeyAsDefaultKey(defaultKey.KeyId); var nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod); // The cached keyring should expire at the earliest of (default key expiration, next auto-refresh time). // Since the refresh period and safety window are not user-settable, we can guarantee that there's at // least one auto-refresh between the start of the safety window and the key's expiration date. // This gives us an opportunity to update the key ring before expiration, and it prevents multiple // servers in a cluster from trying to update the key ring simultaneously. Special case: if the default // key's expiration date is in the past, then we know we're using a fallback key and should disregard // its expiration date in favor of the next auto-refresh time. return(new CacheableKeyRing( expirationToken: cacheExpirationToken, expirationTime: (defaultKey.ExpirationDate <= now) ? nextAutoRefreshTime : Min(defaultKey.ExpirationDate, nextAutoRefreshTime), defaultKey: defaultKey, allKeys: allKeys )); }
private bool CanCreateAuthenticatedEncryptor(IKey key) { try { var encryptorInstance = key.CreateEncryptor(); if (encryptorInstance == null) { throw new CryptographicException("Assertion failed: CreateEncryptorInstance returned null."); // original CryptoUtil.Fail call replaced } return(true); } catch (Exception ex) { _logger.LogWarning(ex, "Key {KeyId:B} is ineligible to be the default key because its {MethodName} method failed.", key.KeyId, nameof(IKey.CreateEncryptor)); // original ILogger extensions call replaced return(false); } }
private bool CanCreateAuthenticatedEncryptor(IKey key) { try { var encryptorInstance = key.CreateEncryptor(); if (encryptorInstance == null) { CryptoUtil.Fail <IAuthenticatedEncryptor>("CreateEncryptorInstance returned null."); } return(true); } catch (Exception ex) { _logger.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptor), ex); return(false); } }
internal IAuthenticatedEncryptor?GetEncryptorInstance(out bool isRevoked) { // simple double-check lock pattern // we can't use LazyInitializer<T> because we don't have a simple value factory IAuthenticatedEncryptor?encryptor = Volatile.Read(ref _encryptor); if (encryptor == null) { lock (this) { encryptor = Volatile.Read(ref _encryptor); if (encryptor == null) { encryptor = _key.CreateEncryptor(); Volatile.Write(ref _encryptor, encryptor); } } } isRevoked = _key.IsRevoked; return(encryptor); }