internal XmlKeyManager(IServiceProvider services)
        {
            // First, see if an explicit encryptor or repository was specified.
            // If either was specified, then we won't use the fallback.
            KeyEncryptor  = services.GetService <IXmlEncryptor>(); // optional
            KeyRepository = (KeyEncryptor != null)
                ? services.GetRequiredService <IXmlRepository>()   // required if encryptor is specified
                : services.GetService <IXmlRepository>();          // optional if encryptor not specified

            // If the repository is missing, then we get both the encryptor and the repository from the fallback.
            // If the fallback is missing, the final call to GetRequiredService below will throw.
            if (KeyRepository == null)
            {
                var defaultKeyServices = services.GetService <IDefaultKeyServices>();
                KeyEncryptor  = defaultKeyServices?.GetKeyEncryptor(); // optional
                KeyRepository = defaultKeyServices?.GetKeyRepository() ?? services.GetRequiredService <IXmlRepository>();
            }

            _activator = services.GetActivator(); // returns non-null
            _authenticatedEncryptorConfiguration = services.GetRequiredService <IAuthenticatedEncryptorConfiguration>();
            _internalKeyManager = services.GetService <IInternalXmlKeyManager>() ?? this;
            _keyEscrowSink      = services.GetKeyEscrowSink();          // not required
            _logger             = services.GetLogger <XmlKeyManager>(); // not required
            TriggerAndResetCacheExpirationToken(suppressLogging: true);
        }
Exemple #2
0
        /// <summary>
        /// Creates an <see cref="XmlKeyManager"/>.
        /// </summary>
        /// <param name="keyManagementOptions">The <see cref="IOptions{KeyManagementOptions}"/> instance that provides the configuration.</param>
        /// <param name="activator">The <see cref="IActivator"/>.</param>
        /// <param name="loggerFactory">The <see cref="ILoggerFactory"/>.</param>
        public XmlKeyManager(IOptions <KeyManagementOptions> keyManagementOptions, IActivator activator, ILoggerFactory loggerFactory)
        {
            _loggerFactory = loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory));
            _logger        = _loggerFactory.CreateLogger <XmlKeyManager>();

            KeyRepository = keyManagementOptions.Value.XmlRepository;
            KeyEncryptor  = keyManagementOptions.Value.XmlEncryptor;
            if (KeyRepository == null)
            {
                if (KeyEncryptor != null)
                {
                    throw new InvalidOperationException(
                              Resources.FormatXmlKeyManager_IXmlRepositoryNotFound(nameof(IXmlRepository), nameof(IXmlEncryptor)));
                }
                else
                {
                    var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair();
                    KeyRepository = keyRepositoryEncryptorPair.Key;
                    KeyEncryptor  = keyRepositoryEncryptorPair.Value;
                }
            }

            _authenticatedEncryptorConfiguration = keyManagementOptions.Value.AuthenticatedEncryptorConfiguration;

            var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks;

            _keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null;
            _activator     = activator;
            TriggerAndResetCacheExpirationToken(suppressLogging: true);
            _internalKeyManager = _internalKeyManager ?? this;
            _encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories;
        }
        /// <summary>
        /// Creates an <see cref="XmlKeyManager"/>.
        /// </summary>
        /// <param name="repository">The repository where keys are stored.</param>
        /// <param name="configuration">Configuration for newly-created keys.</param>
        /// <param name="services">A provider of optional services.</param>
        public XmlKeyManager(
            IXmlRepository repository,
            IAuthenticatedEncryptorConfiguration configuration,
            IServiceProvider services)
        {
            if (repository == null)
            {
                throw new ArgumentNullException(nameof(repository));
            }

            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            KeyEncryptor = services.GetService<IXmlEncryptor>(); // optional
            KeyRepository = repository;

            _activator = services.GetActivator(); // returns non-null
            _authenticatedEncryptorConfiguration = configuration;
            _internalKeyManager = services.GetService<IInternalXmlKeyManager>() ?? this;
            _keyEscrowSink = services.GetKeyEscrowSink(); // not required
            _logger = services.GetLogger<XmlKeyManager>(); // not required
            TriggerAndResetCacheExpirationToken(suppressLogging: true);
        }
        /// <summary>
        /// Creates an <see cref="XmlKeyManager"/>.
        /// </summary>
        /// <param name="repository">The repository where keys are stored.</param>
        /// <param name="configuration">Configuration for newly-created keys.</param>
        /// <param name="services">A provider of optional services.</param>
        public XmlKeyManager(
            IXmlRepository repository,
            IAuthenticatedEncryptorConfiguration configuration,
            IServiceProvider services)
        {
            if (repository == null)
            {
                throw new ArgumentNullException(nameof(repository));
            }

            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            KeyEncryptor  = services.GetService <IXmlEncryptor>(); // optional
            KeyRepository = repository;

            _activator = services.GetActivator(); // returns non-null
            _authenticatedEncryptorConfiguration = configuration;
            _internalKeyManager = services.GetService <IInternalXmlKeyManager>() ?? this;
            _keyEscrowSink      = services.GetKeyEscrowSink();          // not required
            _logger             = services.GetLogger <XmlKeyManager>(); // not required
            TriggerAndResetCacheExpirationToken(suppressLogging: true);
        }
Exemple #5
0
 // Internal for testing.
 internal XmlKeyManager(
     IOptions <KeyManagementOptions> keyManagementOptions,
     IActivator activator,
     ILoggerFactory loggerFactory,
     IInternalXmlKeyManager internalXmlKeyManager)
     : this(keyManagementOptions, activator, loggerFactory)
 {
     _internalKeyManager = internalXmlKeyManager;
 }
 public DeferredKey(
     Guid keyId,
     DateTimeOffset creationDate,
     DateTimeOffset activationDate,
     DateTimeOffset expirationDate,
     IInternalXmlKeyManager keyManager,
     XElement keyElement)
     : base(keyId, creationDate, activationDate, expirationDate, new Lazy<IAuthenticatedEncryptor>(GetLazyEncryptorDelegate(keyManager, keyElement)))
 {
 }
 public DeferredKey(
     Guid keyId,
     DateTimeOffset creationDate,
     DateTimeOffset activationDate,
     DateTimeOffset expirationDate,
     IInternalXmlKeyManager keyManager,
     XElement keyElement)
     : base(keyId, creationDate, activationDate, expirationDate, new Lazy <IAuthenticatedEncryptor>(GetLazyEncryptorDelegate(keyManager, keyElement)))
 {
 }
Exemple #8
0
 public DeferredKey(
     Guid keyId,
     DateTimeOffset creationDate,
     DateTimeOffset activationDate,
     DateTimeOffset expirationDate,
     IInternalXmlKeyManager keyManager,
     XElement keyElement,
     IEnumerable <IAuthenticatedEncryptorFactory> encryptorFactories)
     : base(keyId,
            creationDate,
            activationDate,
            expirationDate,
            new Lazy <IAuthenticatedEncryptorDescriptor>(GetLazyDescriptorDelegate(keyManager, keyElement)),
            encryptorFactories)
 {
 }
        private static Func<IAuthenticatedEncryptor> GetLazyEncryptorDelegate(IInternalXmlKeyManager keyManager, XElement keyElement)
        {
            // The <key> element will be held around in memory for a potentially lengthy period
            // of time. Since it might contain sensitive information, we should protect it.
            var encryptedKeyElement = keyElement.ToSecret();

            try
            {
                return () => keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement()).CreateEncryptorInstance();
            }
            finally
            {
                // It's important that the lambda above doesn't capture 'descriptorElement'. Clearing the reference here
                // helps us detect if we've done this by causing a null ref at runtime.
                keyElement = null;
            }
        }
Exemple #10
0
        private static Func <IAuthenticatedEncryptor> GetLazyEncryptorDelegate(IInternalXmlKeyManager keyManager, XElement keyElement)
        {
            // The <key> element will be held around in memory for a potentially lengthy period
            // of time. Since it might contain sensitive information, we should protect it.
            var encryptedKeyElement = keyElement.ToSecret();

            try
            {
                return(() => keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement()).CreateEncryptorInstance());
            }
            finally
            {
                // It's important that the lambda above doesn't capture 'descriptorElement'. Clearing the reference here
                // helps us detect if we've done this by causing a null ref at runtime.
                keyElement = null;
            }
        }
Exemple #11
0
        internal XmlKeyManager(
            IOptions <KeyManagementOptions> keyManagementOptions,
            IActivator activator,
            ILoggerFactory loggerFactory,
            IDefaultKeyStorageDirectories keyStorageDirectories)
        {
            _loggerFactory         = loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory));
            _logger                = _loggerFactory.CreateLogger <XmlKeyManager>();
            _keyStorageDirectories = keyStorageDirectories ?? throw new ArgumentNullException(nameof(keyStorageDirectories));

            KeyRepository = keyManagementOptions.Value.XmlRepository;
            KeyEncryptor  = keyManagementOptions.Value.XmlEncryptor;
            if (KeyRepository == null)
            {
                if (KeyEncryptor != null)
                {
                    throw new InvalidOperationException($"The '{nameof(IXmlRepository)}' instance could not be found. When an '{nameof(IXmlEncryptor)}' instance is set, a corresponding '{nameof(IXmlRepository)}' instance must also be set.");
                }
                else
                {
                    var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair();
                    KeyRepository = keyRepositoryEncryptorPair.Key;
                    KeyEncryptor  = keyRepositoryEncryptorPair.Value;
                }
            }

            _authenticatedEncryptorConfiguration = keyManagementOptions.Value.AuthenticatedEncryptorConfiguration;

            var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks;

            _keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null;
            _activator     = activator;
            TriggerAndResetCacheExpirationToken(suppressLogging: true);
            _internalKeyManager = _internalKeyManager ?? this;
            _encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories;
        }
        internal XmlKeyManager(IServiceProvider services)
        {
            // First, see if an explicit encryptor or repository was specified.
            // If either was specified, then we won't use the fallback.
            KeyEncryptor = services.GetService<IXmlEncryptor>(); // optional
            KeyRepository = (KeyEncryptor != null)
                ? services.GetRequiredService<IXmlRepository>() // required if encryptor is specified
                : services.GetService<IXmlRepository>(); // optional if encryptor not specified

            // If the repository is missing, then we get both the encryptor and the repository from the fallback.
            // If the fallback is missing, the final call to GetRequiredService below will throw.
            if (KeyRepository == null)
            {
                var defaultKeyServices = services.GetService<IDefaultKeyServices>();
                KeyEncryptor = defaultKeyServices?.GetKeyEncryptor(); // optional
                KeyRepository = defaultKeyServices?.GetKeyRepository() ?? services.GetRequiredService<IXmlRepository>();
            }

            _activator = services.GetActivator(); // returns non-null
            _authenticatedEncryptorConfiguration = services.GetRequiredService<IAuthenticatedEncryptorConfiguration>();
            _internalKeyManager = services.GetService<IInternalXmlKeyManager>() ?? this;
            _keyEscrowSink = services.GetKeyEscrowSink(); // not required
            _logger = services.GetLogger<XmlKeyManager>(); // not required
            TriggerAndResetCacheExpirationToken(suppressLogging: true);
        }