private IEnumerable <ServiceDescriptor> ResolvePolicyCore()
{
// Read the encryption options type: CNG-CBC, CNG-GCM, Managed
IInternalAuthenticatedEncryptionOptions options = null;
string encryptionType = (string)_policyRegKey.GetValue("EncryptionType");
if (String.Equals(encryptionType, "CNG-CBC", StringComparison.OrdinalIgnoreCase))
{
options = new CngCbcAuthenticatedEncryptionOptions();
}
else if (String.Equals(encryptionType, "CNG-GCM", StringComparison.OrdinalIgnoreCase))
{
options = new CngGcmAuthenticatedEncryptionOptions();
}
else if (String.Equals(encryptionType, "Managed", StringComparison.OrdinalIgnoreCase))
{
options = new ManagedAuthenticatedEncryptionOptions();
}
else if (!String.IsNullOrEmpty(encryptionType))
{
throw CryptoUtil.Fail("Unrecognized EncryptionType: " + encryptionType);
}
if (options != null)
{
PopulateOptions(options, _policyRegKey);
yield return(DataProtectionServiceDescriptors.IAuthenticatedEncryptorConfiguration_FromOptions(options));
}
// Read ancillary data
int?defaultKeyLifetime = (int?)_policyRegKey.GetValue("DefaultKeyLifetime");
if (defaultKeyLifetime.HasValue)
{
yield return(DataProtectionServiceDescriptors.ConfigureOptions_DefaultKeyLifetime(defaultKeyLifetime.Value));
}
var keyEscrowSinks = ReadKeyEscrowSinks(_policyRegKey);
foreach (var keyEscrowSink in keyEscrowSinks)
{
yield return(DataProtectionServiceDescriptors.IKeyEscrowSink_FromTypeName(keyEscrowSink));
}
}