Merge branch 'dotnet:main' into dotnet#46810

Author: MattyLeslie

eng/Version.Details.xml

@@ -12,6 +12,7 @@
     <Dependency Name="dotnet-ef" Version="9.0.0-preview.4.24205.3">
       <Uri>https://github.com/dotnet/efcore</Uri>
       <Sha>45448efb1da8914489739bc4116f7a8f6c9374a2</Sha>
+      <SourceBuildTarball RepoName="efcore" ManagedOnly="true" />
     </Dependency>
     <Dependency Name="Microsoft.EntityFrameworkCore.InMemory" Version="9.0.0-preview.4.24205.3">
       <Uri>https://github.com/dotnet/efcore</Uri>
@@ -324,14 +325,14 @@
       <Uri>https://github.com/dotnet/runtime</Uri>
       <Sha>9b57a265c7efd3732b035bade005561a04767128</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.Web.Xdt" Version="9.0.0-preview.24204.1">
+    <Dependency Name="Microsoft.Web.Xdt" Version="9.0.0-preview.24208.1">
       <Uri>https://github.com/dotnet/xdt</Uri>
-      <Sha>67956470ccbe5a51255b5b014811076ae99ae79f</Sha>
+      <Sha>282e0064c30d5cef9b1c1cabb12ef6b55775c54d</Sha>
     </Dependency>
     <!-- Intermediate is necessary for source build. -->
-    <Dependency Name="Microsoft.SourceBuild.Intermediate.xdt" Version="9.0.0-preview.24204.1">
+    <Dependency Name="Microsoft.SourceBuild.Intermediate.xdt" Version="9.0.0-preview.24208.1">
       <Uri>https://github.com/dotnet/xdt</Uri>
-      <Sha>67956470ccbe5a51255b5b014811076ae99ae79f</Sha>
+      <Sha>282e0064c30d5cef9b1c1cabb12ef6b55775c54d</Sha>
       <SourceBuild RepoName="xdt" ManagedOnly="true" />
     </Dependency>
     <Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-reference-packages" Version="9.0.0-alpha.1.24162.2">
@@ -367,9 +368,9 @@
       <Sha>9b57a265c7efd3732b035bade005561a04767128</Sha>
     </Dependency>
     <!-- Intermediate is necessary for source build. -->
-    <Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-externals" Version="9.0.0-alpha.1.24201.3">
+    <Dependency Name="Microsoft.SourceBuild.Intermediate.source-build-externals" Version="9.0.0-alpha.1.24203.1">
       <Uri>https://github.com/dotnet/source-build-externals</Uri>
-      <Sha>bcd44732882bc2b81b30146c778eb6ccb7fea793</Sha>
+      <Sha>1e2e91d2544726b2cf68109f946178ef6bef3ad9</Sha>
       <SourceBuild RepoName="source-build-externals" ManagedOnly="true" />
     </Dependency>
   </ProductDependencies>
@@ -430,9 +431,9 @@
       <Sha>8fef55f5a55a3b4f2c96cd1a9b5ddc51d4b927f8</Sha>
     </Dependency>
     <!-- Intermediate is necessary for source build. -->
-    <Dependency Name="Microsoft.SourceBuild.Intermediate.symreader" Version="2.1.0-beta.24171.1">
+    <Dependency Name="Microsoft.SourceBuild.Intermediate.symreader" Version="2.1.0-beta.24177.1">
       <Uri>https://github.com/dotnet/symreader</Uri>
-      <Sha>01de94d9718fd48c511cae276437edcd41b41fa4</Sha>
+      <Sha>7ae564f9397e5d1b6035f6cf9ebe4f6b0b94882a</Sha>
       <SourceBuild RepoName="symreader" ManagedOnly="true" />
     </Dependency>
   </ToolsetDependencies>

eng/Versions.props

@@ -164,16 +164,16 @@
     <MicrosoftDotNetRemoteExecutorVersion>9.0.0-beta.24207.1</MicrosoftDotNetRemoteExecutorVersion>
     <MicrosoftSourceBuildIntermediatearcadeVersion>9.0.0-beta.24207.1</MicrosoftSourceBuildIntermediatearcadeVersion>
     <!-- Packages from dotnet/source-build-externals -->
-    <MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>9.0.0-alpha.1.24201.3</MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>
+    <MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>9.0.0-alpha.1.24203.1</MicrosoftSourceBuildIntermediatesourcebuildexternalsVersion>
     <!-- Packages from dotnet/source-build-reference-packages -->
     <MicrosoftSourceBuildIntermediatesourcebuildreferencepackagesVersion>9.0.0-alpha.1.24162.2</MicrosoftSourceBuildIntermediatesourcebuildreferencepackagesVersion>
     <!-- Packages from dotnet/symreader -->
-    <MicrosoftSourceBuildIntermediatesymreaderVersion>2.1.0-beta.24171.1</MicrosoftSourceBuildIntermediatesymreaderVersion>
+    <MicrosoftSourceBuildIntermediatesymreaderVersion>2.1.0-beta.24177.1</MicrosoftSourceBuildIntermediatesymreaderVersion>
     <!-- Packages from dotnet/winforms -->
     <SystemDrawingCommonVersion>9.0.0-preview.4.24206.1</SystemDrawingCommonVersion>
     <!-- Packages from dotnet/xdt -->
-    <MicrosoftWebXdtVersion>9.0.0-preview.24204.1</MicrosoftWebXdtVersion>
-    <MicrosoftSourceBuildIntermediatexdtVersion>9.0.0-preview.24204.1</MicrosoftSourceBuildIntermediatexdtVersion>
+    <MicrosoftWebXdtVersion>9.0.0-preview.24208.1</MicrosoftWebXdtVersion>
+    <MicrosoftSourceBuildIntermediatexdtVersion>9.0.0-preview.24208.1</MicrosoftSourceBuildIntermediatexdtVersion>
   </PropertyGroup>
   <!--
 

src/DataProtection/DataProtection/src/KeyManagement/DeferredKey.cs

@@ -3,30 +3,156 @@
 
 using System;
 using System.Collections.Generic;
+using System.Xml.Linq;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
+using Microsoft.AspNetCore.DataProtection.KeyManagement.Internal;
+using Microsoft.AspNetCore.DataProtection.XmlEncryption;
 
 namespace Microsoft.AspNetCore.DataProtection.KeyManagement;
 
 /// <summary>
-/// The basic implementation of <see cref="IKey"/>, where the <see cref="IAuthenticatedEncryptorDescriptor"/>
-/// has already been created.
+/// The basic implementation of <see cref="IKey"/>.
 /// </summary>
-internal sealed class Key : KeyBase
+internal sealed class Key : IKey
 {
+    private readonly Lazy<IAuthenticatedEncryptorDescriptor> _lazyDescriptor;
+    private readonly IEnumerable<IAuthenticatedEncryptorFactory> _encryptorFactories;
+
+    private IAuthenticatedEncryptor? _encryptor;
+
+    /// <summary>
+    /// The basic implementation of <see cref="IKey"/>, where the <see cref="IAuthenticatedEncryptorDescriptor"/>
+    /// has already been created.
+    /// </summary>
     public Key(
         Guid keyId,
         DateTimeOffset creationDate,
         DateTimeOffset activationDate,
         DateTimeOffset expirationDate,
         IAuthenticatedEncryptorDescriptor descriptor,
         IEnumerable<IAuthenticatedEncryptorFactory> encryptorFactories)
-        : base(keyId,
+        : this(keyId,
               creationDate,
               activationDate,
               expirationDate,
               new Lazy<IAuthenticatedEncryptorDescriptor>(() => descriptor),
               encryptorFactories)
     {
     }
+
+    /// <summary>
+    /// The basic implementation of <see cref="IKey"/>, where the incoming XML element
+    /// hasn't yet been fully processed.
+    /// </summary>
+    public Key(
+        Guid keyId,
+        DateTimeOffset creationDate,
+        DateTimeOffset activationDate,
+        DateTimeOffset expirationDate,
+        IInternalXmlKeyManager keyManager,
+        XElement keyElement,
+        IEnumerable<IAuthenticatedEncryptorFactory> encryptorFactories)
+        : this(keyId,
+              creationDate,
+              activationDate,
+              expirationDate,
+              new Lazy<IAuthenticatedEncryptorDescriptor>(GetLazyDescriptorDelegate(keyManager, keyElement)),
+              encryptorFactories)
+    {
+    }
+
+    private Key(
+        Guid keyId,
+        DateTimeOffset creationDate,
+        DateTimeOffset activationDate,
+        DateTimeOffset expirationDate,
+        Lazy<IAuthenticatedEncryptorDescriptor> lazyDescriptor,
+        IEnumerable<IAuthenticatedEncryptorFactory> encryptorFactories)
+    {
+        KeyId = keyId;
+        CreationDate = creationDate;
+        ActivationDate = activationDate;
+        ExpirationDate = expirationDate;
+        _lazyDescriptor = lazyDescriptor;
+        _encryptorFactories = encryptorFactories;
+    }
+
+    public DateTimeOffset ActivationDate { get; }
+
+    public DateTimeOffset CreationDate { get; }
+
+    public DateTimeOffset ExpirationDate { get; }
+
+    public bool IsRevoked { get; private set; }
+
+    public Guid KeyId { get; }
+
+    public IAuthenticatedEncryptorDescriptor Descriptor
+    {
+        get
+        {
+            return _lazyDescriptor.Value;
+        }
+    }
+
+    public IAuthenticatedEncryptor? CreateEncryptor()
+    {
+        if (_encryptor == null)
+        {
+            foreach (var factory in _encryptorFactories)
+            {
+                var encryptor = factory.CreateEncryptorInstance(this);
+                if (encryptor != null)
+                {
+                    _encryptor = encryptor;
+                    break;
+                }
+            }
+        }
+
+        return _encryptor;
+    }
+
+    internal void SetRevoked()
+    {
+        IsRevoked = true;
+    }
+
+    internal Key Clone()
+    {
+        return new Key(
+            keyId: KeyId,
+            creationDate: CreationDate,
+            activationDate: ActivationDate,
+            expirationDate: ExpirationDate,
+            lazyDescriptor: _lazyDescriptor,
+            encryptorFactories: _encryptorFactories)
+        {
+            IsRevoked = IsRevoked,
+        };
+    }
+
+    private static Func<IAuthenticatedEncryptorDescriptor> GetLazyDescriptorDelegate(IInternalXmlKeyManager keyManager, XElement keyElement)
+    {
+        // The <key> element will be held around in memory for a potentially lengthy period
+        // of time. Since it might contain sensitive information, we should protect it.
+        var encryptedKeyElement = keyElement.ToSecret();
+
+        try
+        {
+            return GetLazyDescriptorDelegate;
+        }
+        finally
+        {
+            // It's important that the lambda above doesn't capture 'descriptorElement'. Clearing the reference here
+            // helps us detect if we've done this by causing a null ref at runtime.
+            keyElement = null!;
+        }
+
+        IAuthenticatedEncryptorDescriptor GetLazyDescriptorDelegate()
+        {
+            return keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement());
+        }
+    }
 }