From f21335bec05a2a4bce296cc35071bb7708192747 Mon Sep 17 00:00:00 2001 From: Mackinnon Buck Date: Mon, 1 Aug 2022 11:00:12 -0700 Subject: [PATCH 01/26] Update SDK version --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 8df4289e5504..21af88305e6e 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22375.2" + "version": "7.0.100-rc.1.22381.2" }, "tools": { - "dotnet": "7.0.100-rc.1.22375.2", + "dotnet": "7.0.100-rc.1.22381.2", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From e5f96caa06d198a9f56016962da32021c482a809 Mon Sep 17 00:00:00 2001 From: Mackinnon Buck Date: Mon, 1 Aug 2022 12:02:11 -0700 Subject: [PATCH 02/26] Update SDK version --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 21af88305e6e..0d6e9b13d579 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22381.2" + "version": "7.0.100-rc.1.22401.1" }, "tools": { - "dotnet": "7.0.100-rc.1.22381.2", + "dotnet": "7.0.100-rc.1.22401.1", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 03ea5099cb2126b15737304da53a46fb25d50716 Mon Sep 17 00:00:00 2001 From: Mackinnon Buck Date: Tue, 2 Aug 2022 10:31:30 -0700 Subject: [PATCH 03/26] Update SDK to 7.0.100-rc.1.22402.2 --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 0d6e9b13d579..16d93a732f0d 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22401.1" + "version": "7.0.100-rc.1.22402.2" }, "tools": { - "dotnet": "7.0.100-rc.1.22401.1", + "dotnet": "7.0.100-rc.1.22402.2", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 3dbed1d41d386ede31615e85fd8e6d1121f7bb98 Mon Sep 17 00:00:00 2001 From: Steve Sanderson Date: Thu, 4 Aug 2022 12:49:10 +0100 Subject: [PATCH 04/26] Updating further --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 16d93a732f0d..73846f9fcefd 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22402.2" + "version": "7.0.100-rc.1.22403.8" }, "tools": { - "dotnet": "7.0.100-rc.1.22402.2", + "dotnet": "7.0.100-rc.1.22403.8", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 72b1fb50feb2fcd62ea8e5634d61a2c87fa45980 Mon Sep 17 00:00:00 2001 From: Chris Ross Date: Tue, 9 Aug 2022 10:25:01 -0700 Subject: [PATCH 05/26] Update SDK to 7.0.100-rc.1.22408.5 --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 73846f9fcefd..33600c1ec24b 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22403.8" + "version": "7.0.100-rc.1.22408.5" }, "tools": { - "dotnet": "7.0.100-rc.1.22403.8", + "dotnet": "7.0.100-rc.1.22408.5", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From d66e1084527c09a9f3d70e87c8887e241d45456a Mon Sep 17 00:00:00 2001 From: Chris Ross Date: Wed, 10 Aug 2022 14:17:36 -0700 Subject: [PATCH 06/26] Update SDK to 7.0.100-rc.1.22410.4 --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 33600c1ec24b..bc235a517797 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22408.5" + "version": "7.0.100-rc.1.22410.4" }, "tools": { - "dotnet": "7.0.100-rc.1.22408.5", + "dotnet": "7.0.100-rc.1.22410.4", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 265ccd44b295d4c9797648b9691b941122851bcd Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Thu, 11 Aug 2022 09:54:47 -0700 Subject: [PATCH 07/26] 7.0.100-rc.1.22404.18 --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index bc235a517797..f1c7835c4149 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22410.4" + "version": "7.0.100-rc.1.22404.18" }, "tools": { - "dotnet": "7.0.100-rc.1.22410.4", + "dotnet": "7.0.100-rc.1.22404.18", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From e7b4c1711e61a60c69f03badd79d6c1c0cd9a9a3 Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Thu, 11 Aug 2022 11:25:05 -0700 Subject: [PATCH 08/26] 7.0.100-rc.1.22410.15 --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index f1c7835c4149..00d17bc3797a 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22404.18" + "version": "7.0.100-rc.1.22410.15" }, "tools": { - "dotnet": "7.0.100-rc.1.22404.18", + "dotnet": "7.0.100-rc.1.22410.15", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From a8cadea5273fc7fd9f4b0dcb47166e1ec1d022d3 Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Thu, 11 Aug 2022 16:34:37 -0700 Subject: [PATCH 09/26] Update global.json --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 00d17bc3797a..ac58cd5e2b88 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22410.15" + "version": "7.0.100-rc.1.22411.3" }, "tools": { - "dotnet": "7.0.100-rc.1.22410.15", + "dotnet": "7.0.100-rc.1.22411.3", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 9741b928a2bef616a221e060a14c38ee3ce7ef6a Mon Sep 17 00:00:00 2001 From: Tanay Parikh Date: Fri, 12 Aug 2022 11:21:55 -0700 Subject: [PATCH 10/26] Update global.json --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index ac58cd5e2b88..857b5190f01d 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22411.3" + "version": "7.0.100-rc.1.22412.3" }, "tools": { - "dotnet": "7.0.100-rc.1.22411.3", + "dotnet": "7.0.100-rc.1.22412.3", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 47052d80f50c00d8ab795fe5f7431e5d5598b210 Mon Sep 17 00:00:00 2001 From: James Newton-King Date: Sat, 13 Aug 2022 09:33:56 +0800 Subject: [PATCH 11/26] Validate DataProtection custom algorithm has a constructor --- .../AuthenticatedEncryptorFactory.cs | 1 + .../ManagedAlgorithmHelpers.cs | 66 +++++++++++++++++++ ...agedAuthenticatedEncryptorConfiguration.cs | 3 + ...ManagedAuthenticatedEncryptorDescriptor.cs | 34 +--------- ...nticatedEncryptorDescriptorDeserializer.cs | 34 +--------- .../src/RegistryPolicyResolver.cs | 4 +- ...tedEncryptorDescriptorDeserializerTests.cs | 65 +++++++++++++++++- .../test/RegistryPolicyResolverTests.cs | 4 +- 8 files changed, 142 insertions(+), 69 deletions(-) create mode 100644 src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAlgorithmHelpers.cs diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs index e9b45de7f1f2..15351ac69936 100644 --- a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs @@ -163,6 +163,7 @@ private static string GetBCryptAlgorithmNameFromValidationAlgorithm(ValidationAl } } + [return: DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] private static Type GetManagedTypeFromEncryptionAlgorithm(EncryptionAlgorithm algorithm) { switch (algorithm) diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAlgorithmHelpers.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAlgorithmHelpers.cs new file mode 100644 index 000000000000..c9a7c3244445 --- /dev/null +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAlgorithmHelpers.cs @@ -0,0 +1,66 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System; +using System.Collections.Generic; +using System.Diagnostics.CodeAnalysis; +using System.Security.Cryptography; +using System.Xml.Linq; + +namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel; + +internal static class ManagedAlgorithmHelpers +{ + private static readonly List KnownAlgorithmTypes = new List + { + typeof(Aes), + typeof(HMACSHA1), + typeof(HMACSHA256), + typeof(HMACSHA384), + typeof(HMACSHA512) + }; + + // Any changes to this method should also be be reflected in FriendlyNameToType. + public static string TypeToFriendlyName(Type type) + { + if (KnownAlgorithmTypes.Contains(type)) + { + return type.Name; + } + else + { + return type.AssemblyQualifiedName!; + } + } + + // Any changes to this method should also be be reflected in TypeToFriendlyName. + [return: DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] + [UnconditionalSuppressMessage("Trimmer", "IL2075", Justification = "Unknown type is checked for whether it has a public parameterless constructor. Handle trimmed types by providing a useful error message.")] + [UnconditionalSuppressMessage("Trimmer", "IL2073", Justification = "Unknown type is checked for whether it has a public parameterless constructor. Handle trimmed types by providing a useful error message.")] + public static Type FriendlyNameToType(string typeName) + { + foreach (var knownType in KnownAlgorithmTypes) + { + if (knownType.Name == typeName) + { + return knownType; + } + } + + var type = TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(typeName); + + // Type name could be full or assembly qualified name of known type. + if (KnownAlgorithmTypes.Contains(type)) + { + return type; + } + + // All other types are created using Activator.CreateInstance. Validate it has a valid constructor. + if (type.GetConstructor(Type.EmptyTypes) == null) + { + throw new InvalidOperationException($"Algorithm type {type} doesn't have a public parameterless constructor. If the app is published with trimming then the constructor may have been trimmed. Ensure the type's assembly is excluded from trimming."); + } + + return type; + } +} diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfiguration.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfiguration.cs index 390c0ec4fe52..8a9262c666ff 100644 --- a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfiguration.cs +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfiguration.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System; +using System.Diagnostics.CodeAnalysis; using System.Security.Cryptography; using Microsoft.Extensions.Logging.Abstractions; @@ -24,6 +25,7 @@ public sealed class ManagedAuthenticatedEncryptorConfiguration : AlgorithmConfig /// The default algorithm is AES. /// [ApplyPolicy] + [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] public Type EncryptionAlgorithmType { get; set; } = typeof(Aes); /// @@ -47,6 +49,7 @@ public sealed class ManagedAuthenticatedEncryptorConfiguration : AlgorithmConfig /// The default algorithm is HMACSHA256. /// [ApplyPolicy] + [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] public Type ValidationAlgorithmType { get; set; } = typeof(HMACSHA256); /// diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptor.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptor.cs index 30bafe6564a8..33816cf24867 100644 --- a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptor.cs +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptor.cs @@ -49,11 +49,11 @@ public XmlSerializedDescriptorInfo ExportToXml() // var encryptionElement = new XElement("encryption", - new XAttribute("algorithm", TypeToFriendlyName(Configuration.EncryptionAlgorithmType)), + new XAttribute("algorithm", ManagedAlgorithmHelpers.TypeToFriendlyName(Configuration.EncryptionAlgorithmType)), new XAttribute("keyLength", Configuration.EncryptionAlgorithmKeySize)); var validationElement = new XElement("validation", - new XAttribute("algorithm", TypeToFriendlyName(Configuration.ValidationAlgorithmType))); + new XAttribute("algorithm", ManagedAlgorithmHelpers.TypeToFriendlyName(Configuration.ValidationAlgorithmType))); var rootElement = new XElement("descriptor", new XComment(" Algorithms provided by specified SymmetricAlgorithm and KeyedHashAlgorithm "), @@ -63,34 +63,4 @@ public XmlSerializedDescriptorInfo ExportToXml() return new XmlSerializedDescriptorInfo(rootElement, typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer)); } - - // Any changes to this method should also be be reflected - // in ManagedAuthenticatedEncryptorDescriptorDeserializer.FriendlyNameToType. - private static string TypeToFriendlyName(Type type) - { - if (type == typeof(Aes)) - { - return nameof(Aes); - } - else if (type == typeof(HMACSHA1)) - { - return nameof(HMACSHA1); - } - else if (type == typeof(HMACSHA256)) - { - return nameof(HMACSHA256); - } - else if (type == typeof(HMACSHA384)) - { - return nameof(HMACSHA384); - } - else if (type == typeof(HMACSHA512)) - { - return nameof(HMACSHA512); - } - else - { - return type.AssemblyQualifiedName!; - } - } } diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializer.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializer.cs index 09fdc3aafcf4..504b7bb3ad9b 100644 --- a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializer.cs +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializer.cs @@ -34,44 +34,14 @@ public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element) var configuration = new ManagedAuthenticatedEncryptorConfiguration(); var encryptionElement = element.Element("encryption")!; - configuration.EncryptionAlgorithmType = FriendlyNameToType((string)encryptionElement.Attribute("algorithm")!); + configuration.EncryptionAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType((string)encryptionElement.Attribute("algorithm")!); configuration.EncryptionAlgorithmKeySize = (int)encryptionElement.Attribute("keyLength")!; var validationElement = element.Element("validation")!; - configuration.ValidationAlgorithmType = FriendlyNameToType((string)validationElement.Attribute("algorithm")!); + configuration.ValidationAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType((string)validationElement.Attribute("algorithm")!); Secret masterKey = ((string)element.Element("masterKey")!).ToSecret(); return new ManagedAuthenticatedEncryptorDescriptor(configuration, masterKey); } - - // Any changes to this method should also be be reflected - // in ManagedAuthenticatedEncryptorDescriptor.TypeToFriendlyName. - private static Type FriendlyNameToType(string typeName) - { - if (typeName == nameof(Aes)) - { - return typeof(Aes); - } - else if (typeName == nameof(HMACSHA1)) - { - return typeof(HMACSHA1); - } - else if (typeName == nameof(HMACSHA256)) - { - return typeof(HMACSHA256); - } - else if (typeName == nameof(HMACSHA384)) - { - return typeof(HMACSHA384); - } - else if (typeName == nameof(HMACSHA512)) - { - return typeof(HMACSHA512); - } - else - { - return TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(typeName); - } - } } diff --git a/src/DataProtection/DataProtection/src/RegistryPolicyResolver.cs b/src/DataProtection/DataProtection/src/RegistryPolicyResolver.cs index 62e81417c5ed..dd9a213acff8 100644 --- a/src/DataProtection/DataProtection/src/RegistryPolicyResolver.cs +++ b/src/DataProtection/DataProtection/src/RegistryPolicyResolver.cs @@ -177,7 +177,7 @@ private static ManagedAuthenticatedEncryptorConfiguration GetManagedAuthenticate var valueFromRegistry = key.GetValue(nameof(ManagedAuthenticatedEncryptorConfiguration.EncryptionAlgorithmType)); if (valueFromRegistry != null) { - options.EncryptionAlgorithmType = TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!); + options.EncryptionAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!); } valueFromRegistry = key.GetValue(nameof(ManagedAuthenticatedEncryptorConfiguration.EncryptionAlgorithmKeySize)); @@ -189,7 +189,7 @@ private static ManagedAuthenticatedEncryptorConfiguration GetManagedAuthenticate valueFromRegistry = key.GetValue(nameof(ManagedAuthenticatedEncryptorConfiguration.ValidationAlgorithmType)); if (valueFromRegistry != null) { - options.ValidationAlgorithmType = TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!); + options.ValidationAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!); } return options; diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs index 3e8009677ea0..8793e806c48f 100644 --- a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs +++ b/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs @@ -50,7 +50,7 @@ public void ImportFromXml_BuiltInTypes_CreatesAppropriateDescriptor(Type encrypt } [Fact] - public void ImportFromXml_CustomType_CreatesAppropriateDescriptor() + public void ImportFromXml_FullyQualifiedBuiltInTypes_CreatesAppropriateDescriptor() { // Arrange var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); @@ -83,6 +83,69 @@ public void ImportFromXml_CustomType_CreatesAppropriateDescriptor() Assert.Equal(plaintext, roundTripPlaintext); } + [Fact] + public void ImportFromXml_CustomType_CreatesAppropriateDescriptor() + { + // Arrange + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); + + var xml = $@" + + + + + {masterKey} + + "; + + // Act + var deserializedDescriptor = new ManagedAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)); + var managedDescriptor = (ManagedAuthenticatedEncryptorDescriptor)deserializedDescriptor; + + // Assert + Assert.Equal(typeof(CustomAlgorithm), managedDescriptor.Configuration.EncryptionAlgorithmType); + } + + [Fact] + public void ImportFromXml_CustomTypeWithoutConstructor_CreatesAppropriateDescriptor() + { + // Arrange + var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]")); + + var xml = $@" + + + + + {masterKey} + + "; + + // Act + var ex = Assert.Throws(() => new ManagedAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml))); + + // Assert + Assert.Equal($"Algorithm type {typeof(CustomAlgorithmNoConstructor).FullName} doesn't have a public parameterless constructor. If the app is published with trimming then the constructor may have been trimmed. Ensure the type's assembly is excluded from trimming.", ex.Message); + } + + public class CustomAlgorithm : SymmetricAlgorithm + { + public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException(); + public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException(); + public override void GenerateIV() => throw new NotImplementedException(); + public override void GenerateKey() => throw new NotImplementedException(); + } + + public class CustomAlgorithmNoConstructor : SymmetricAlgorithm + { + private CustomAlgorithmNoConstructor() { } + + public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException(); + public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException(); + public override void GenerateIV() => throw new NotImplementedException(); + public override void GenerateKey() => throw new NotImplementedException(); + } + private static IAuthenticatedEncryptor CreateEncryptorInstanceFromDescriptor(ManagedAuthenticatedEncryptorDescriptor descriptor) { var encryptorFactory = new ManagedAuthenticatedEncryptorFactory(NullLoggerFactory.Instance); diff --git a/src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs b/src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs index 170e3b5a5414..581e3adc6239 100644 --- a/src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs +++ b/src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs @@ -226,13 +226,13 @@ public void ResolvePolicy_ManagedEncryption_WithExplicitSettings() var registryEntries = new Dictionary() { ["EncryptionType"] = "managed", - ["EncryptionAlgorithmType"] = typeof(TripleDES).AssemblyQualifiedName, + ["EncryptionAlgorithmType"] = typeof(Aes).AssemblyQualifiedName, ["EncryptionAlgorithmKeySize"] = 2048, ["ValidationAlgorithmType"] = typeof(HMACSHA1).AssemblyQualifiedName }; var expectedConfiguration = new ManagedAuthenticatedEncryptorConfiguration() { - EncryptionAlgorithmType = typeof(TripleDES), + EncryptionAlgorithmType = typeof(Aes), EncryptionAlgorithmKeySize = 2048, ValidationAlgorithmType = typeof(HMACSHA1) }; From adccce93505bd1ba3fbc7f88005ddefe287f1498 Mon Sep 17 00:00:00 2001 From: James Newton-King Date: Sat, 13 Aug 2022 11:30:00 +0800 Subject: [PATCH 12/26] Additional fixes --- .../AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs | 1 + .../ManagedAuthenticatedEncryptorFactory.cs | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs index 15351ac69936..5efc15dcfc85 100644 --- a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs @@ -181,6 +181,7 @@ private static Type GetManagedTypeFromEncryptionAlgorithm(EncryptionAlgorithm al } } + [return: DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] private static Type GetManagedTypeFromValidationAlgorithm(ValidationAlgorithm algorithm) { switch (algorithm) diff --git a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactory.cs b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactory.cs index 42b08734cc31..41ba968c9c9b 100644 --- a/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactory.cs +++ b/src/DataProtection/DataProtection/src/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactory.cs @@ -111,7 +111,7 @@ private static class AlgorithmActivator /// /// Creates a factory that wraps a call to . /// - public static Func CreateFactory(Type implementation) + public static Func CreateFactory([DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] Type implementation) { return ((IActivator)Activator.CreateInstance(typeof(AlgorithmActivatorCore<>).MakeGenericType(implementation))!).Creator; } From aa647e90bc254525dbc485857a43762781367bb7 Mon Sep 17 00:00:00 2001 From: James Newton-King Date: Sat, 13 Aug 2022 19:53:10 +0800 Subject: [PATCH 13/26] Suppress IL2121 --- Directory.Build.props | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Directory.Build.props b/Directory.Build.props index 166dbd64874c..7de4b0494281 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -119,6 +119,9 @@ $(WarningsNotAsErrors);xUnit1004 + + + $(NoWarn);IL2121 From c99908401cf45163632201865d321017fce29b1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Ros?= Date: Tue, 16 Aug 2022 08:35:08 -0700 Subject: [PATCH 14/26] Update global.json --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 857b5190f01d..371e47aa1e21 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22412.3" + "version": "7.0.100-rc.1.22416.2" }, "tools": { - "dotnet": "7.0.100-rc.1.22412.3", + "dotnet": "7.0.100-rc.1.22416.2", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 6c27bd9ade3ee95b7b986a821b6516f084b6f378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Ros?= Date: Tue, 16 Aug 2022 08:46:22 -0700 Subject: [PATCH 15/26] Update global.json --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 371e47aa1e21..fb11433fbde0 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22416.2" + "version": "7.0.100-rc.1.22416.1" }, "tools": { - "dotnet": "7.0.100-rc.1.22416.2", + "dotnet": "7.0.100-rc.1.22416.1", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 63c7a6f046554a5c950c9dd4adc6c243d09ee853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Ros?= Date: Tue, 16 Aug 2022 09:04:27 -0700 Subject: [PATCH 16/26] Update global.json --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index fb11433fbde0..371e47aa1e21 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22416.1" + "version": "7.0.100-rc.1.22416.2" }, "tools": { - "dotnet": "7.0.100-rc.1.22416.1", + "dotnet": "7.0.100-rc.1.22416.2", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From fd813cb7466b2be7ff74fef832802b92dda73f26 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Tue, 16 Aug 2022 10:34:13 -0700 Subject: [PATCH 17/26] Fix NoWarn overrides --- .../Wasm.Authentication.Server.csproj | 2 +- .../samples/ApiAuthSample/ApiAuthSample.csproj | 2 +- ...soft.AspNetCore.ApiAuthorization.IdentityServer.Tests.csproj | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj index 995a6d16303c..ff7d9284068c 100644 --- a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj +++ b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj @@ -4,7 +4,7 @@ $(DefaultNetCoreTargetFramework) - CS8002 + $(NoWarn);CS8002 false Bootstrap5 diff --git a/src/Identity/ApiAuthorization.IdentityServer/samples/ApiAuthSample/ApiAuthSample.csproj b/src/Identity/ApiAuthorization.IdentityServer/samples/ApiAuthSample/ApiAuthSample.csproj index ec21f0bbc980..abac013b1ee0 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/samples/ApiAuthSample/ApiAuthSample.csproj +++ b/src/Identity/ApiAuthorization.IdentityServer/samples/ApiAuthSample/ApiAuthSample.csproj @@ -4,7 +4,7 @@ $(DefaultNetCoreTargetFramework) aspnet-ApiAuthSample-12ED8ECC-9EF1-4D31-87B4-1405B3198E5E - CS8002 + $(NoWarn);CS8002 false diff --git a/src/Identity/ApiAuthorization.IdentityServer/test/Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Tests.csproj b/src/Identity/ApiAuthorization.IdentityServer/test/Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Tests.csproj index eddcf81ab91b..30e51abfa7f7 100644 --- a/src/Identity/ApiAuthorization.IdentityServer/test/Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Tests.csproj +++ b/src/Identity/ApiAuthorization.IdentityServer/test/Microsoft.AspNetCore.ApiAuthorization.IdentityServer.Tests.csproj @@ -6,7 +6,7 @@ avoid errors during restore --> false - CS8002 + $(NoWarn);CS8002 From 4d9c717d233ff8def44d64509c0b7f006f0cc8c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Ros?= Date: Thu, 18 Aug 2022 13:02:16 -0700 Subject: [PATCH 18/26] Update LinkabilityChecker.csproj --- src/Tools/LinkabilityChecker/LinkabilityChecker.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Tools/LinkabilityChecker/LinkabilityChecker.csproj b/src/Tools/LinkabilityChecker/LinkabilityChecker.csproj index 394ebbfcfb6e..f17c1eb60bb2 100644 --- a/src/Tools/LinkabilityChecker/LinkabilityChecker.csproj +++ b/src/Tools/LinkabilityChecker/LinkabilityChecker.csproj @@ -50,6 +50,7 @@ OutputDirectory="$(LibrariesTrimmedArtifactsPath)" ReferenceAssemblyPaths="@(RuntimePackAsset);@(ReferencePath->WithMetadataValue('ExternallyResolved', 'true'))" ExtraArgs="$(ILLinkArgs)" + NoWarn="$(NoWarn)" TrimMode="link" ToolExe="$(_DotNetHostFileName)" ToolPath="$(_DotNetHostDirectory)" /> From 5c87b988e95b763ba35852fa06e7499336c38336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Ros?= Date: Thu, 18 Aug 2022 13:02:50 -0700 Subject: [PATCH 19/26] Update WasmLinkerTest.csproj --- .../WebAssembly/testassets/WasmLinkerTest/WasmLinkerTest.csproj | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Components/WebAssembly/testassets/WasmLinkerTest/WasmLinkerTest.csproj b/src/Components/WebAssembly/testassets/WasmLinkerTest/WasmLinkerTest.csproj index 15235aca9a70..252481a43034 100644 --- a/src/Components/WebAssembly/testassets/WasmLinkerTest/WasmLinkerTest.csproj +++ b/src/Components/WebAssembly/testassets/WasmLinkerTest/WasmLinkerTest.csproj @@ -52,6 +52,7 @@ OutputDirectory="$(LibrariesTrimmedArtifactsPath)" ReferenceAssemblyPaths="@(RuntimePackAsset);@(ReferencePath->WithMetadataValue('ExternallyResolved', 'true'))" ExtraArgs="$(ILLinkArgs)" + NoWarn="$(NoWarn)" TrimMode="link" ToolExe="$(_DotNetHostFileName)" ToolPath="$(_DotNetHostDirectory)" /> From 6c327595df0dfa336dfd74437be32d5fda9e5d75 Mon Sep 17 00:00:00 2001 From: Doug Bunting <6431421+dougbu@users.noreply.github.com> Date: Mon, 22 Aug 2022 18:49:20 -0700 Subject: [PATCH 20/26] Bump SDK version yet again --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 371e47aa1e21..8b4bdd8e48b1 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.1.22416.2" + "version": "7.0.100-rc.2.22419.24" }, "tools": { - "dotnet": "7.0.100-rc.1.22416.2", + "dotnet": "7.0.100-rc.2.22419.24", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From ac92df5a430f654555e499aedbbb8562e5cc1538 Mon Sep 17 00:00:00 2001 From: Doug Bunting <6431421+dougbu@users.noreply.github.com> Date: Tue, 23 Aug 2022 19:24:43 -0700 Subject: [PATCH 21/26] Hack to stop using `msbuild` server - please open an issue to keep trying to remove this --- .azure/pipelines/jobs/default-build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.azure/pipelines/jobs/default-build.yml b/.azure/pipelines/jobs/default-build.yml index 6c5bc601054e..1dffec4d8157 100644 --- a/.azure/pipelines/jobs/default-build.yml +++ b/.azure/pipelines/jobs/default-build.yml @@ -224,6 +224,8 @@ jobs: # Include the variables we always want. COMPlus_DbgEnableMiniDump: 1 COMPlus_DbgMiniDumpName: "$(System.DefaultWorkingDirectory)/dotnet-%d.%t.core" + # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary + DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true # Expand provided `env:` properties, if any. ${{ if step.env }}: ${{ step.env }} @@ -235,12 +237,16 @@ jobs: env: COMPlus_DbgEnableMiniDump: 1 COMPlus_DbgMiniDumpName: "$(System.DefaultWorkingDirectory)/dotnet-%d.%t.core" + # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary + DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true - ${{ if ne(parameters.agentOs, 'Windows') }}: - script: $(BuildDirectory)/build.sh --ci --nobl --configuration $(BuildConfiguration) $(BuildScriptArgs) displayName: Run build.sh env: COMPlus_DbgEnableMiniDump: 1 COMPlus_DbgMiniDumpName: "$(System.DefaultWorkingDirectory)/dotnet-%d.%t.core" + # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary + DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true - ${{ parameters.afterBuild }} From 77b2e43b5f9cf84479da4c1ce522adb1aa3d40b0 Mon Sep 17 00:00:00 2001 From: Safia Abdalla Date: Thu, 25 Aug 2022 17:57:02 +0000 Subject: [PATCH 22/26] Disable msbuild server for source-build job --- .azure/pipelines/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index 6aa298db30d2..8676c933becb 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -836,6 +836,8 @@ stages: workingDirectory: $(Agent.TempDirectory) env: BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url) + # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary + DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: /eng/common/templates/post-build/post-build.yml From e9062601bb518b4ddee51f0ddee2d0f0fa99b66a Mon Sep 17 00:00:00 2001 From: Doug Bunting <6431421+dougbu@users.noreply.github.com> Date: Mon, 29 Aug 2022 09:57:23 -0700 Subject: [PATCH 23/26] Add `MSBUILDLOGALLENVIRONMENTVARIABLES` - just in source-build job since that's the one that's failing - though, this might be useful everywhere --- .azure/pipelines/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index 8676c933becb..f851f9a1759d 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -838,6 +838,8 @@ stages: BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url) # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true + # Log environment variables in binary logs to ease debugging + MSBUILDLOGALLENVIRONMENTVARIABLES: true - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: /eng/common/templates/post-build/post-build.yml From 85ac3cfb017a05b86c18f0a0b9c04400ec18271a Mon Sep 17 00:00:00 2001 From: Doug Bunting <6431421+dougbu@users.noreply.github.com> Date: Mon, 29 Aug 2022 13:44:34 -0700 Subject: [PATCH 24/26] Correct source-build job - move new `env:` settings out of `SourceIndexUpload` job - use `variables:` instead because jobs don't support `env:` --- .azure/pipelines/ci.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index f851f9a1759d..26159e6bdcc5 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -735,6 +735,11 @@ stages: buildScript: './eng/build.sh $(_PublishArgs) --no-build-repo-tasks' skipPublishValidation: true timeoutInMinutes: 120 + variables: + # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary + DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true + # Log environment variables in binary logs to ease debugging + MSBUILDLOGALLENVIRONMENTVARIABLES: true # Publish to the BAR and perform source indexing. Wait until everything else is done. - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: @@ -836,10 +841,6 @@ stages: workingDirectory: $(Agent.TempDirectory) env: BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url) - # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary - DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true - # Log environment variables in binary logs to ease debugging - MSBUILDLOGALLENVIRONMENTVARIABLES: true - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - template: /eng/common/templates/post-build/post-build.yml From 9598069706488880997071ca8d4342dfe197f96c Mon Sep 17 00:00:00 2001 From: William Godbe Date: Tue, 30 Aug 2022 10:27:19 -0700 Subject: [PATCH 25/26] Update global.json --- global.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global.json b/global.json index 8b4bdd8e48b1..d40db762e2c5 100644 --- a/global.json +++ b/global.json @@ -1,9 +1,9 @@ { "sdk": { - "version": "7.0.100-rc.2.22419.24" + "version": "7.0.100-rc.2.22426.5" }, "tools": { - "dotnet": "7.0.100-rc.2.22419.24", + "dotnet": "7.0.100-rc.2.22426.5", "runtimes": { "dotnet/x86": [ "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)" From 34a638fdf43c5bab308b82ccde9b2c8614452144 Mon Sep 17 00:00:00 2001 From: Doug Bunting <6431421+dougbu@users.noreply.github.com> Date: Tue, 30 Aug 2022 10:53:54 -0700 Subject: [PATCH 26/26] !fixup! Correct placement of source-build job properties --- .azure/pipelines/ci.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index 26159e6bdcc5..91893ff9263e 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -734,12 +734,13 @@ stages: container: 'mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-20210714125435-9b5bbc2' buildScript: './eng/build.sh $(_PublishArgs) --no-build-repo-tasks' skipPublishValidation: true - timeoutInMinutes: 120 - variables: - # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary - DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true - # Log environment variables in binary logs to ease debugging - MSBUILDLOGALLENVIRONMENTVARIABLES: true + jobProperties: + timeoutInMinutes: 120 + variables: + # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary + DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true + # Log environment variables in binary logs to ease debugging + MSBUILDLOGALLENVIRONMENTVARIABLES: true # Publish to the BAR and perform source indexing. Wait until everything else is done. - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: