Uses Fallback When Without Repository (#48103)

Author: feiyun0112

src/DataProtection/DataProtection/src/KeyManagement/XmlKeyManager.cs

@@ -96,15 +96,10 @@ internal XmlKeyManager(
         var keyEncryptor = keyManagementOptions.Value.XmlEncryptor;
         if (keyRepository == null)
         {
-            if (keyEncryptor != null)
+            var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair();
+            keyRepository = keyRepositoryEncryptorPair.Key;
+            if (keyEncryptor == null)
             {
-                throw new InvalidOperationException(
-                    Resources.FormatXmlKeyManager_IXmlRepositoryNotFound(nameof(IXmlRepository), nameof(IXmlEncryptor)));
-            }
-            else
-            {
-                var keyRepositoryEncryptorPair = GetFallbackKeyRepositoryEncryptorPair();
-                keyRepository = keyRepositoryEncryptorPair.Key;
                 keyEncryptor = keyRepositoryEncryptorPair.Value;
             }
         }

src/DataProtection/DataProtection/src/Resources.resx

@@ -1,17 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <root>
-  <!-- 
-    Microsoft ResX Schema 
-    
+  <!--
+    Microsoft ResX Schema
+
     Version 2.0
-    
-    The primary goals of this format is to allow a simple XML format 
-    that is mostly human readable. The generation and parsing of the 
-    various data types are done through the TypeConverter classes 
+
+    The primary goals of this format is to allow a simple XML format
+    that is mostly human readable. The generation and parsing of the
+    various data types are done through the TypeConverter classes
     associated with the data types.
-    
+
     Example:
-    
+
     ... ado.net/XML headers & schema ...
     <resheader name="resmimetype">text/microsoft-resx</resheader>
     <resheader name="version">2.0</resheader>
@@ -26,36 +26,36 @@
         <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
         <comment>This is a comment</comment>
     </data>
-                
-    There are any number of "resheader" rows that contain simple 
+
+    There are any number of "resheader" rows that contain simple
     name/value pairs.
-    
-    Each data row contains a name, and value. The row also contains a 
-    type or mimetype. Type corresponds to a .NET class that support 
-    text/value conversion through the TypeConverter architecture. 
-    Classes that don't support this are serialized and stored with the 
+
+    Each data row contains a name, and value. The row also contains a
+    type or mimetype. Type corresponds to a .NET class that support
+    text/value conversion through the TypeConverter architecture.
+    Classes that don't support this are serialized and stored with the
     mimetype set.
-    
-    The mimetype is used for serialized objects, and tells the 
-    ResXResourceReader how to depersist the object. This is currently not 
+
+    The mimetype is used for serialized objects, and tells the
+    ResXResourceReader how to depersist the object. This is currently not
     extensible. For a given mimetype the value must be set accordingly:
-    
-    Note - application/x-microsoft.net.object.binary.base64 is the format 
-    that the ResXResourceWriter will generate, however the reader can 
+
+    Note - application/x-microsoft.net.object.binary.base64 is the format
+    that the ResXResourceWriter will generate, however the reader can
     read any of the formats listed below.
-    
+
     mimetype: application/x-microsoft.net.object.binary.base64
-    value   : The object must be serialized with 
+    value   : The object must be serialized with
             : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
             : and then encoded with base64 encoding.
-    
+
     mimetype: application/x-microsoft.net.object.soap.base64
-    value   : The object must be serialized with 
+    value   : The object must be serialized with
             : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
             : and then encoded with base64 encoding.
 
     mimetype: application/x-microsoft.net.object.bytearray.base64
-    value   : The object must be serialized into a byte array 
+    value   : The object must be serialized into a byte array
             : using a System.ComponentModel.TypeConverter
             : and then encoded with base64 encoding.
     -->
@@ -189,9 +189,6 @@
   <data name="LifetimeMustNotBeNegative" xml:space="preserve">
     <value>{0} must not be negative. For more information go to http://aka.ms/dataprotectionwarning</value>
   </data>
-  <data name="XmlKeyManager_IXmlRepositoryNotFound" xml:space="preserve">
-    <value>The '{0}' instance could not be found. When an '{1}' instance is set, a corresponding '{0}' instance must also be set. For more information go to http://aka.ms/dataprotectionwarning</value>
-  </data>
   <data name="FileSystem_EphemeralKeysLocationInContainer" xml:space="preserve">
     <value>Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/dataprotectionwarning</value>
   </data>

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/XmlKeyManagerTests.cs

@@ -51,20 +51,24 @@ public void Ctor_WithoutEncryptorOrRepository_UsesFallback()
     }
 
     [Fact]
-    public void Ctor_WithEncryptorButNoRepository_IgnoresFallback_FailsWithServiceNotFound()
+    public void Ctor_WithEncryptorButNoRepository_UsesFallback()
     {
         // Arrange
+        var expectedXmlEncryptor = new Mock<IXmlEncryptor>().Object;
         var options = Options.Create(new KeyManagementOptions()
         {
             AuthenticatedEncryptorConfiguration = new Mock<AlgorithmConfiguration>().Object,
             XmlRepository = null,
-            XmlEncryptor = new Mock<IXmlEncryptor>().Object
+            XmlEncryptor = expectedXmlEncryptor
         });
 
-        // Act & assert - we don't care about exception type, only exception message
-        Exception ex = Assert.ThrowsAny<Exception>(
-            () => new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance));
-        Assert.Contains("IXmlRepository", ex.Message);
+        // Act
+        var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
+
+        // Assert
+        Assert.NotNull(keyManager.KeyRepository);
+
+        Assert.Same(expectedXmlEncryptor, keyManager.KeyEncryptor);
     }
 
     [Fact]

src/DataProtection/Extensions/test/DataProtectionProviderTests.cs

@@ -239,6 +239,30 @@ public void System_UsesInMemoryCertificate()
         });
     }
 
+    [Fact]
+    public void System_UsesCertificate()
+    {
+        var filePath = Path.Combine(GetTestFilesPath(), "TestCert2.pfx");
+        var certificate = new X509Certificate2(filePath, "password");
+
+        AssetStoreDoesNotContain(certificate);
+
+        WithUniqueTempDirectory(directory =>
+        {
+            // Step 1: directory should be completely empty
+            directory.Create();
+            Assert.Empty(directory.GetFiles());
+
+            // Step 2: instantiate the system and round-trip a payload
+            var protector = DataProtectionProvider.Create("Test", certificate).CreateProtector("purpose");
+            Assert.Equal("payload",
+                protector.Unprotect(protector.Protect("payload")));
+
+            // Step 3: validate that there's no key in the directory
+            Assert.Empty(directory.GetFiles());
+        });
+    }
+
     private static void AssetStoreDoesNotContain(X509Certificate2 certificate)
     {
         using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))