DataProtection Key的选择

时间:2023-01-21 00:34:17

代码位于: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.cs

private IKey FindDefaultKey(DateTimeOffset now, IEnumerable<IKey> allKeys, out IKey fallbackKey, out bool callerShouldGenerateNewKey)
         {
             // find the preferred default key (allowing for server-to-server clock skew)
             var preferredDefaultKey = (from key in allKeys
                                        where key.ActivationDate <= now + _maxServerToServerClockSkew
                                        orderby key.ActivationDate descending, key.KeyId ascending
                                        select key).FirstOrDefault();

if (preferredDefaultKey != null)
             {
                 _logger.ConsideringKeyWithExpirationDateAsDefaultKey(preferredDefaultKey.KeyId, preferredDefaultKey.ExpirationDate);

// if the key has been revoked or is expired, it is no longer a candidate
                 if (preferredDefaultKey.IsRevoked || preferredDefaultKey.IsExpired(now) || !CanCreateAuthenticatedEncryptor(preferredDefaultKey))
                 {
                     _logger.KeyIsNoLongerUnderConsiderationAsDefault(preferredDefaultKey.KeyId);
                     preferredDefaultKey = null;
                 }
             }

// Only the key that has been most recently activated is eligible to be the preferred default,
             // and only if it hasn't expired or been revoked. This is intentional: generating a new key is
             // an implicit signal that we should stop using older keys (even if they're not revoked), so
             // activating a new key should permanently mark all older keys as non-preferred.

if (preferredDefaultKey != null)
             {
                 // Does *any* key in the key ring fulfill the requirement that its activation date is prior
                 // to the preferred default key's expiration date (allowing for skew) and that it will
                 // remain valid one propagation cycle from now? If so, the caller doesn't need to add a
                 // new key.
                 callerShouldGenerateNewKey = !allKeys.Any(key =>
                    key.ActivationDate <= (preferredDefaultKey.ExpirationDate + _maxServerToServerClockSkew)
                    && !key.IsExpired(now + _keyPropagationWindow)
                    && !key.IsRevoked);

if (callerShouldGenerateNewKey)
                 {
                     _logger.DefaultKeyExpirationImminentAndRepository();
                 }

fallbackKey = null;
                 return preferredDefaultKey;
             }

// If we got this far, the caller must generate a key now.
             // We should locate a fallback key, which is a key that can be used to protect payloads if
             // the caller is configured not to generate a new key. We should try to make sure the fallback
             // key has propagated to all callers (so its creation date should be before the previous
             // propagation period), and we cannot use revoked keys. The fallback key may be expired.
             fallbackKey = (from key in (from key in allKeys
                                         where key.CreationDate <= now - _keyPropagationWindow
                                         orderby key.CreationDate descending
                                         select key).Concat(from key in allKeys
                                                            orderby key.CreationDate ascending
                                                            select key)
                            where !key.IsRevoked && CanCreateAuthenticatedEncryptor(key)
                            select key).FirstOrDefault();

_logger.RepositoryContainsNoViableDefaultKey();

callerShouldGenerateNewKey = true;
             return null;
         }