IKey IInternalXmlKeyManager.CreateNewKey(Guid keyId, DateTimeOffset creationDate, DateTimeOffset activationDate, DateTimeOffset expirationDate) { // <key id="{guid}" version="1"> // <creationDate>...</creationDate> // <activationDate>...</activationDate> // <expirationDate>...</expirationDate> // <descriptor deserializerType="{typeName}"> // ... // </descriptor> // </key> _logger.CreatingKey(keyId, creationDate, activationDate, expirationDate); var newDescriptor = _authenticatedEncryptorConfiguration.CreateNewDescriptor() ?? CryptoUtil.Fail <IAuthenticatedEncryptorDescriptor>("CreateNewDescriptor returned null."); var descriptorXmlInfo = newDescriptor.ExportToXml(); _logger.DescriptorDeserializerTypeForKeyIs(keyId, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName); // build the <key> element var keyElement = new XElement(KeyElementName, new XAttribute(IdAttributeName, keyId), new XAttribute(VersionAttributeName, 1), new XElement(CreationDateElementName, creationDate), new XElement(ActivationDateElementName, activationDate), new XElement(ExpirationDateElementName, expirationDate), new XElement(DescriptorElementName, new XAttribute(DeserializerTypeAttributeName, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName), descriptorXmlInfo.SerializedDescriptorElement)); // If key escrow policy is in effect, write the *unencrypted* key now. if (_keyEscrowSink != null) { _logger.KeyEscrowSinkFoundWritingKeyToEscrow(keyId); } else { _logger.NoKeyEscrowSinkFoundNotWritingKeyToEscrow(keyId); } _keyEscrowSink?.Store(keyId, keyElement); // If an XML encryptor has been configured, protect secret key material now. if (KeyEncryptor == null) { _logger.NoXMLEncryptorConfiguredKeyMayBePersistedToStorageInUnencryptedForm(keyId); } var possiblyEncryptedKeyElement = KeyEncryptor?.EncryptIfNecessary(keyElement) ?? keyElement; // Persist it to the underlying repository and trigger the cancellation token. var friendlyName = string.Format(CultureInfo.InvariantCulture, "key-{0:D}", keyId); KeyRepository.StoreElement(possiblyEncryptedKeyElement, friendlyName); TriggerAndResetCacheExpirationToken(); // And we're done! return(new Key( keyId: keyId, creationDate: creationDate, activationDate: activationDate, expirationDate: expirationDate, descriptor: newDescriptor, encryptorFactories: _encryptorFactories)); }
IKey IInternalXmlKeyManager.CreateNewKey(Guid keyId, DateTimeOffset creationDate, DateTimeOffset activationDate, DateTimeOffset expirationDate) { // <key id="{guid}" version="1"> // <creationDate>...</creationDate> // <activationDate>...</activationDate> // <expirationDate>...</expirationDate> // <descriptor deserializerType="{typeName}"> // ... // </descriptor> // </key> if (_logger.IsInformationLevelEnabled()) { _logger.LogInformationF($"Creating key {keyId:B} with creation date {creationDate:u}, activation date {activationDate:u}, and expiration date {expirationDate:u}."); } var newDescriptor = _authenticatedEncryptorConfiguration.CreateNewDescriptor() ?? CryptoUtil.Fail <IAuthenticatedEncryptorDescriptor>("CreateNewDescriptor returned null."); var descriptorXmlInfo = newDescriptor.ExportToXml(); if (_logger.IsVerboseLevelEnabled()) { _logger.LogVerboseF($"Descriptor deserializer type for key {keyId:B} is '{descriptorXmlInfo.DeserializerType.AssemblyQualifiedName}'."); } // build the <key> element var keyElement = new XElement(KeyElementName, new XAttribute(IdAttributeName, keyId), new XAttribute(VersionAttributeName, 1), new XElement(CreationDateElementName, creationDate), new XElement(ActivationDateElementName, activationDate), new XElement(ExpirationDateElementName, expirationDate), new XElement(DescriptorElementName, new XAttribute(DeserializerTypeAttributeName, descriptorXmlInfo.DeserializerType.AssemblyQualifiedName), descriptorXmlInfo.SerializedDescriptorElement)); // If key escrow policy is in effect, write the *unencrypted* key now. if (_logger.IsVerboseLevelEnabled()) { if (_keyEscrowSink != null) { _logger.LogVerboseF($"Key escrow sink found. Writing key {keyId:B} to escrow."); } else { _logger.LogVerboseF($"No key escrow sink found. Not writing key {keyId:B} to escrow."); } } _keyEscrowSink?.Store(keyId, keyElement); // If an XML encryptor has been configured, protect secret key material now. if (KeyEncryptor == null && _logger.IsWarningLevelEnabled()) { _logger.LogWarningF($"No XML encryptor configured. Key {keyId:B} may be persisted to storage in unencrypted form."); } var possiblyEncryptedKeyElement = KeyEncryptor?.EncryptIfNecessary(keyElement) ?? keyElement; // Persist it to the underlying repository and trigger the cancellation token. string friendlyName = Invariant($"key-{keyId:D}"); KeyRepository.StoreElement(possiblyEncryptedKeyElement, friendlyName); TriggerAndResetCacheExpirationToken(); // And we're done! return(new Key( keyId: keyId, creationDate: creationDate, activationDate: activationDate, expirationDate: expirationDate, descriptor: newDescriptor)); }