Пример #1
        private CacheableKeyRing CreateCacheableKeyRingCoreStep2(
            DateTimeOffset now,
            CancellationToken cacheExpirationToken,
            IKey defaultKey,
            IEnumerable <IKey> allKeys
            Debug.Assert(defaultKey != null);

            // Invariant: our caller ensures that CreateEncryptorInstance succeeded at least once
            Debug.Assert(defaultKey.CreateEncryptor() != null);


            var nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod);

            // The cached keyring should expire at the earliest of (default key expiration, next auto-refresh time).
            // Since the refresh period and safety window are not user-settable, we can guarantee that there's at
            // least one auto-refresh between the start of the safety window and the key's expiration date.
            // This gives us an opportunity to update the key ring before expiration, and it prevents multiple
            // servers in a cluster from trying to update the key ring simultaneously. Special case: if the default
            // key's expiration date is in the past, then we know we're using a fallback key and should disregard
            // its expiration date in favor of the next auto-refresh time.
            return(new CacheableKeyRing(
                       expirationToken: cacheExpirationToken,
                       expirationTime: (defaultKey.ExpirationDate <= now) ? nextAutoRefreshTime : Min(defaultKey.ExpirationDate, nextAutoRefreshTime),
                       defaultKey: defaultKey,
                       allKeys: allKeys
Пример #2
        private bool CanCreateAuthenticatedEncryptor(IKey key)
                var encryptorInstance = key.CreateEncryptor();
                if (encryptorInstance == null)
                    throw new CryptographicException("Assertion failed: CreateEncryptorInstance returned null."); // original CryptoUtil.Fail call replaced

            catch (Exception ex)
                _logger.LogWarning(ex, "Key {KeyId:B} is ineligible to be the default key because its {MethodName} method failed.", key.KeyId, nameof(IKey.CreateEncryptor)); // original ILogger extensions call replaced
Пример #3
    private bool CanCreateAuthenticatedEncryptor(IKey key)
            var encryptorInstance = key.CreateEncryptor();
            if (encryptorInstance == null)
                CryptoUtil.Fail <IAuthenticatedEncryptor>("CreateEncryptorInstance returned null.");

        catch (Exception ex)
            _logger.KeyIsIneligibleToBeTheDefaultKeyBecauseItsMethodFailed(key.KeyId, nameof(IKey.CreateEncryptor), ex);
Пример #4
            internal IAuthenticatedEncryptor?GetEncryptorInstance(out bool isRevoked)
                // simple double-check lock pattern
                // we can't use LazyInitializer<T> because we don't have a simple value factory
                IAuthenticatedEncryptor?encryptor = Volatile.Read(ref _encryptor);

                if (encryptor == null)
                    lock (this)
                        encryptor = Volatile.Read(ref _encryptor);
                        if (encryptor == null)
                            encryptor = _key.CreateEncryptor();
                            Volatile.Write(ref _encryptor, encryptor);
                isRevoked = _key.IsRevoked;