aspnet · pakrym · Nov 13, 2015 · anpete · Nov 13, 2015 · victorhurdugaci
diff --git a/...oft.AspNet.DataProtection/AuthenticatedEncryption/CngCbcAuthenticatedEncryptionOptions.cs b/...oft.AspNet.DataProtection/AuthenticatedEncryption/CngCbcAuthenticatedEncryptionOptions.cs
@@ -113,7 +113,7 @@ private BCryptAlgorithmHandle GetHmacAlgorithmHandle(ILogger logger)
 
             if (logger.IsVerboseLevelEnabled())
             {
-                logger.LogVerboseF($"Opening CNG algorithm '{HashAlgorithm}' from provider '{HashAlgorithmProvider}' with HMAC.");
+                logger.LogVerbose(DataProtectionEventId.CngCbcAuthenticatedEncryptionOptions, $"Opening CNG algorithm '{HashAlgorithm}' from provider '{HashAlgorithmProvider}' with HMAC.");
             }
 
             BCryptAlgorithmHandle algorithmHandle = null;
@@ -154,7 +154,7 @@ private BCryptAlgorithmHandle GetSymmetricBlockCipherAlgorithmHandle(ILogger log
 
             if (logger.IsVerboseLevelEnabled())
             {
-                logger.LogVerboseF($"Opening CNG algorithm '{EncryptionAlgorithm}' from provider '{EncryptionAlgorithmProvider}' with chaining mode CBC.");
+                logger.LogVerbose(DataProtectionEventId.CngCbcAuthenticatedEncryptionOptions, $"Opening CNG algorithm '{EncryptionAlgorithm}' from provider '{EncryptionAlgorithmProvider}' with chaining mode CBC.");
             }
 
             BCryptAlgorithmHandle algorithmHandle = null;

diff --git a/...oft.AspNet.DataProtection/AuthenticatedEncryption/CngGcmAuthenticatedEncryptionOptions.cs b/...oft.AspNet.DataProtection/AuthenticatedEncryption/CngGcmAuthenticatedEncryptionOptions.cs
@@ -94,7 +94,7 @@ private BCryptAlgorithmHandle GetSymmetricBlockCipherAlgorithmHandle(ILogger log
 
             if (logger.IsVerboseLevelEnabled())
             {
-                logger.LogVerboseF($"Opening CNG algorithm '{EncryptionAlgorithm}' from provider '{EncryptionAlgorithmProvider}' with chaining mode GCM.");
+                logger.LogVerbose(DataProtectionEventId.CngGcmAuthenticatedEncryptionOptions, $"Opening CNG algorithm '{EncryptionAlgorithm}' from provider '{EncryptionAlgorithmProvider}' with chaining mode GCM.");
             }
 
             // Special-case cached providers

diff --git a/...ft.AspNet.DataProtection/AuthenticatedEncryption/ManagedAuthenticatedEncryptionOptions.cs b/...ft.AspNet.DataProtection/AuthenticatedEncryption/ManagedAuthenticatedEncryptionOptions.cs
@@ -88,7 +88,7 @@ private Func<KeyedHashAlgorithm> GetKeyedHashAlgorithmFactory(ILogger logger)
 
             if (logger.IsVerboseLevelEnabled())
             {
-                logger.LogVerboseF($"Using managed keyed hash algorithm '{ValidationAlgorithmType.FullName}'.");
+                logger.LogVerbose(DataProtectionEventId.ManagedAuthenticatedEncryptionOptions, $"Using managed keyed hash algorithm '{ValidationAlgorithmType.FullName}'.");
             }
 
             if (ValidationAlgorithmType == typeof(HMACSHA256))
@@ -120,7 +120,7 @@ private Func<SymmetricAlgorithm> GetSymmetricBlockCipherAlgorithmFactory(ILogger
 
             if (logger.IsVerboseLevelEnabled())
             {
-                logger.LogVerboseF($"Using managed symmetric algorithm '{EncryptionAlgorithmType.FullName}'.");
+                logger.LogVerbose(DataProtectionEventId.ManagedAuthenticatedEncryptionOptions, $"Using managed symmetric algorithm '{EncryptionAlgorithmType.FullName}'.");
             }
 
             if (EncryptionAlgorithmType == typeof(Aes))

diff --git a/src/Microsoft.AspNet.DataProtection/DataProtectionEventId.cs b/src/Microsoft.AspNet.DataProtection/DataProtectionEventId.cs
@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.DataProtection
+{
+    public enum DataProtectionEventId
+    {
+        KeyServices = 1,
+        XmlKeyManager,
+        KeyRingProvider,
+        CertificateXmlEncryptor,
+        DpapiNGXmlEncryptor,
+        DpapiNGXmlDecryptor,
+        DpapiXmlEncryptor,
+        DpapiXmlDecryptor,
+        NullXmlDecryptor,
+        DefaultKeyResolver,
+        RegistryXmlRepository,
+        EphemeralXmlRepository,
+        FileSystemXmlRepository,
+        KeyRingBasedDataProtector,
+        EphemeralDataProtectionProvider,
+        CngGcmAuthenticatedEncryptionOptions,
+        ManagedAuthenticatedEncryptionOptions,
+        CngCbcAuthenticatedEncryptionOptions
+    }
+}
diff --git a/src/Microsoft.AspNet.DataProtection/DataProtectionServices.cs b/src/Microsoft.AspNet.DataProtection/DataProtectionServices.cs
@@ -44,7 +44,7 @@ public static IEnumerable<ServiceDescriptor> GetDefaultServices()
                 {
                     if (log.IsInformationLevelEnabled())
                     {
-                        log.LogInformationF($"Azure Web Sites environment detected. Using '{azureWebSitesKeysFolder.FullName}' as key repository; keys will not be encrypted at rest.");
+                        log.LogInformation(DataProtectionEventId.KeyServices, $"Azure Web Sites environment detected. Using '{azureWebSitesKeysFolder.FullName}' as key repository; keys will not be encrypted at rest.");
                     }
 
                     // Cloud DPAPI isn't yet available, so we don't encrypt keys at rest.
@@ -69,11 +69,11 @@ public static IEnumerable<ServiceDescriptor> GetDefaultServices()
                         {
                             if (keyEncryptorDescriptor != null)
                             {
-                                log.LogInformationF($"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository and Windows DPAPI to encrypt keys at rest.");
+                                log.LogInformation(DataProtectionEventId.KeyServices, $"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository and Windows DPAPI to encrypt keys at rest.");
                             }
                             else
                             {
-                                log.LogInformationF($"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository; keys will not be encrypted at rest.");
+                                log.LogInformation(DataProtectionEventId.KeyServices, $"User profile is available. Using '{localAppDataKeysFolder.FullName}' as key repository; keys will not be encrypted at rest.");
                             }
                         }
                     }
@@ -93,7 +93,7 @@ public static IEnumerable<ServiceDescriptor> GetDefaultServices()
 
                             if (log.IsInformationLevelEnabled())
                             {
-                                log.LogInformationF($"User profile not available. Using '{regKeyStorageKey.Name}' as key repository and Windows DPAPI to encrypt keys at rest.");
+                                log.LogInformation(DataProtectionEventId.KeyServices, $"User profile not available. Using '{regKeyStorageKey.Name}' as key repository and Windows DPAPI to encrypt keys at rest.");
                             }
                         }
                         else
@@ -104,7 +104,7 @@ public static IEnumerable<ServiceDescriptor> GetDefaultServices()
 
                             if (log.IsWarningLevelEnabled())
                             {
-                                log.LogWarning("Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.");
+                                log.LogWarning(DataProtectionEventId.KeyServices, $"Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.");
                             }
                         }
                     }

diff --git a/src/Microsoft.AspNet.DataProtection/EphemeralDataProtectionProvider.cs b/src/Microsoft.AspNet.DataProtection/EphemeralDataProtectionProvider.cs
@@ -50,7 +50,7 @@ public EphemeralDataProtectionProvider(IServiceProvider services)
             var logger = services.GetLogger<EphemeralDataProtectionProvider>();
             if (logger.IsWarningLevelEnabled())
             {
-                logger.LogWarning("Using ephemeral data protection provider. Payloads will be undecipherable upon application shutdown.");
+                logger.LogWarning(DataProtectionEventId.EphemeralDataProtectionProvider, $"Using ephemeral data protection provider. Payloads will be undecipherable upon application shutdown.");
             }
 
             _dataProtectionProvider = new KeyRingBasedDataProtectionProvider(keyringProvider, services);

diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/DefaultKeyResolver.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/DefaultKeyResolver.cs
@@ -56,7 +56,7 @@ private bool CanCreateAuthenticatedEncryptor(IKey key)
             {
                 if (_logger.IsWarningLevelEnabled())
                 {
-                    _logger.LogWarningF(ex, $"Key {key.KeyId:B} is ineligible to be the default key because its {nameof(IKey.CreateEncryptorInstance)} method failed.");
+                    _logger.LogWarning(DataProtectionEventId.DefaultKeyResolver, ex, $"Key {key.KeyId:B} is ineligible to be the default key because its {nameof(IKey.CreateEncryptorInstance)} method failed.");
                 }
                 return false;
             }
@@ -74,15 +74,15 @@ private IKey FindDefaultKey(DateTimeOffset now, IEnumerable<IKey> allKeys, out I
             {
                 if (_logger.IsVerboseLevelEnabled())
                 {
-                    _logger.LogVerboseF($"Considering key {preferredDefaultKey.KeyId:B} with expiration date {preferredDefaultKey.ExpirationDate:u} as default key.");
+                    _logger.LogVerbose(DataProtectionEventId.DefaultKeyResolver, $"Considering key {preferredDefaultKey.KeyId:B} with expiration date {preferredDefaultKey.ExpirationDate:u} as default key.");
                 }
 
                 // if the key has been revoked or is expired, it is no longer a candidate
                 if (preferredDefaultKey.IsRevoked || preferredDefaultKey.IsExpired(now) || !CanCreateAuthenticatedEncryptor(preferredDefaultKey))
                 {
                     if (_logger.IsVerboseLevelEnabled())
                     {
-                        _logger.LogVerboseF($"Key {preferredDefaultKey.KeyId:B} is no longer under consideration as default key because it is expired, revoked, or cannot be deciphered.");
+                        _logger.LogVerbose(DataProtectionEventId.DefaultKeyResolver, $"Key {preferredDefaultKey.KeyId:B} is no longer under consideration as default key because it is expired, revoked, or cannot be deciphered.");
                     }
                     preferredDefaultKey = null;
                 }
@@ -106,7 +106,7 @@ private IKey FindDefaultKey(DateTimeOffset now, IEnumerable<IKey> allKeys, out I
 
                 if (callerShouldGenerateNewKey && _logger.IsVerboseLevelEnabled())
                 {
-                    _logger.LogVerbose("Default key expiration imminent and repository contains no viable successor. Caller should generate a successor.");
+                    _logger.LogVerbose(DataProtectionEventId.DefaultKeyResolver, "Default key expiration imminent and repository contains no viable successor. Caller should generate a successor.");
                 }
 
                 fallbackKey = null;
@@ -129,7 +129,7 @@ orderby key.CreationDate ascending
 
             if (_logger.IsVerboseLevelEnabled())
             {
-                _logger.LogVerbose("Repository contains no viable default key. Caller should generate a key with immediate activation.");
+                _logger.LogVerbose(DataProtectionEventId.DefaultKeyResolver, "Repository contains no viable default key. Caller should generate a key with immediate activation.");
             }
 
             callerShouldGenerateNewKey = true;

diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingBasedDataProtector.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingBasedDataProtector.cs
@@ -111,7 +111,7 @@ public byte[] Protect(byte[] plaintext)
 
                 if (_logger.IsDebugLevelEnabled())
                 {
-                    _logger.LogDebugF($"Performing protect operation to key {defaultKeyId:B} with purposes {JoinPurposesForLog(Purposes)}.");
+                    _logger.LogDebug(DataProtectionEventId.KeyRingBasedDataProtector, $"Performing protect operation to key {defaultKeyId:B} with purposes {JoinPurposesForLog(Purposes)}.");
                 }
 
                 // We'll need to apply the default key id to the template if it hasn't already been applied.
@@ -236,7 +236,7 @@ private byte[] UnprotectCore(byte[] protectedData, bool allowOperationsOnRevoked
 
                 if (_logger.IsDebugLevelEnabled())
                 {
-                    _logger.LogDebugF($"Performing unprotect operation to key {keyIdFromPayload:B} with purposes {JoinPurposesForLog(Purposes)}.");
+                    _logger.LogDebug(DataProtectionEventId.KeyRingBasedDataProtector, $"Performing unprotect operation to key {keyIdFromPayload:B} with purposes {JoinPurposesForLog(Purposes)}.");
                 }
 
                 // Find the correct encryptor in the keyring.
@@ -247,7 +247,7 @@ private byte[] UnprotectCore(byte[] protectedData, bool allowOperationsOnRevoked
                 {
                     if (_logger.IsDebugLevelEnabled())
                     {
-                        _logger.LogDebugF($"Key {keyIdFromPayload:B} was not found in the key ring. Unprotect operation cannot proceed.");
+                        _logger.LogDebug(DataProtectionEventId.KeyRingBasedDataProtector, $"Key {keyIdFromPayload:B} was not found in the key ring. Unprotect operation cannot proceed.");
                     }
                     throw Error.Common_KeyNotFound(keyIdFromPayload);
                 }
@@ -266,15 +266,15 @@ private byte[] UnprotectCore(byte[] protectedData, bool allowOperationsOnRevoked
                     {
                         if (_logger.IsVerboseLevelEnabled())
                         {
-                            _logger.LogVerboseF($"Key {keyIdFromPayload:B} was revoked. Caller requested unprotect operation proceed regardless.");
+                            _logger.LogVerbose(DataProtectionEventId.KeyRingBasedDataProtector, $"Key {keyIdFromPayload:B} was revoked. Caller requested unprotect operation proceed regardless.");
                         }
                         status = UnprotectStatus.DecryptionKeyWasRevoked;
                     }
                     else
                     {
                         if (_logger.IsVerboseLevelEnabled())
                         {
-                            _logger.LogVerboseF($"Key {keyIdFromPayload:B} was revoked. Unprotect operation cannot proceed.");
+                            _logger.LogVerbose(DataProtectionEventId.KeyRingBasedDataProtector, $"Key {keyIdFromPayload:B} was revoked. Unprotect operation cannot proceed.");
                         }
                         throw Error.Common_KeyRevoked(keyIdFromPayload);
                     }

diff --git a/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingProvider.cs b/src/Microsoft.AspNet.DataProtection/KeyManagement/KeyRingProvider.cs
@@ -47,7 +47,7 @@ private CacheableKeyRing CreateCacheableKeyRingCore(DateTimeOffset now, IKey key
 
             if (_logger.IsVerboseLevelEnabled())
             {
-                _logger.LogVerbose("Policy resolution states that a new key should be added to the key ring.");
+                _logger.LogVerbose(DataProtectionEventId.KeyRingProvider, "Policy resolution states that a new key should be added to the key ring.");
             }
 
             // We shouldn't call CreateKey more than once, else we risk stack diving. This code path shouldn't
@@ -71,15 +71,15 @@ private CacheableKeyRing CreateCacheableKeyRingCore(DateTimeOffset now, IKey key
                 {
                     if (_logger.IsErrorLevelEnabled())
                     {
-                        _logger.LogError("The key ring does not contain a valid default key, and the key manager is configured with auto-generation of keys disabled.");
+                        _logger.LogError(DataProtectionEventId.KeyRingProvider, "The key ring does not contain a valid default key, and the key manager is configured with auto-generation of keys disabled.");
                     }
                     throw new InvalidOperationException(Resources.KeyRingProvider_NoDefaultKey_AutoGenerateDisabled);
                 }
                 else
                 {
                     if (_logger.IsWarningLevelEnabled())
                     {
-                        _logger.LogWarningF($"Policy resolution states that a new key should be added to the key ring, but automatic generation of keys is disabled. Using fallback key {keyToUse.KeyId:B} with expiration {keyToUse.ExpirationDate:u} as default key.");
+                        _logger.LogWarning(DataProtectionEventId.KeyRingProvider, $"Policy resolution states that a new key should be added to the key ring, but automatic generation of keys is disabled. Using fallback key {keyToUse.KeyId:B} with expiration {keyToUse.ExpirationDate:u} as default key.");
                     }
                     return CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys);
                 }
@@ -111,7 +111,7 @@ private CacheableKeyRing CreateCacheableKeyRingCoreStep2(DateTimeOffset now, Can
 
             if (_logger.IsVerboseLevelEnabled())
             {
-                _logger.LogVerboseF($"Using key {defaultKey.KeyId:B} as the default key.");
+                _logger.LogVerbose(DataProtectionEventId.KeyRingProvider, $"Using key {defaultKey.KeyId:B} as the default key.");
             }
 
             DateTimeOffset nextAutoRefreshTime = now + GetRefreshPeriodWithJitter(_keyManagementOptions.KeyRingRefreshPeriod);
@@ -167,7 +167,7 @@ internal IKeyRing GetCurrentKeyRingCore(DateTime utcNow)
 
                     if (existingCacheableKeyRing != null && _logger.IsVerboseLevelEnabled())
                     {
-                        _logger.LogVerbose("Existing cached key ring is expired. Refreshing.");
+                        _logger.LogVerbose(DataProtectionEventId.KeyRingProvider, "Existing cached key ring is expired. Refreshing.");
                     }
 
                     // It's up to us to refresh the cached keyring.
@@ -184,11 +184,11 @@ internal IKeyRing GetCurrentKeyRingCore(DateTime utcNow)
                         {
                             if (existingCacheableKeyRing != null)
                             {
-                                _logger.LogError(ex, "An error occurred while refreshing the key ring. Will try again in 2 minutes.");
+                                _logger.LogError(DataProtectionEventId.KeyRingProvider, ex, "An error occurred while refreshing the key ring. Will try again in 2 minutes.");
                             }
                             else
                             {
-                                _logger.LogError(ex, "An error occurred while reading the key ring.");
+                                _logger.LogError(DataProtectionEventId.KeyRingProvider, ex, "An error occurred while reading the key ring.");
                             }
                         }