zoukankan      html  css  js  c++  java
  • DataProtection Key的选择

    代码位于: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.cs

    private IKey FindDefaultKey(DateTimeOffset now, IEnumerable<IKey> allKeys, out IKey fallbackKey, out bool callerShouldGenerateNewKey)
             {
                 // find the preferred default key (allowing for server-to-server clock skew)
                 var preferredDefaultKey = (from key in allKeys
                                            where key.ActivationDate <= now + _maxServerToServerClockSkew
                                            orderby key.ActivationDate descending, key.KeyId ascending
                                            select key).FirstOrDefault();

                if (preferredDefaultKey != null)
                 {
                     _logger.ConsideringKeyWithExpirationDateAsDefaultKey(preferredDefaultKey.KeyId, preferredDefaultKey.ExpirationDate);

                    // if the key has been revoked or is expired, it is no longer a candidate
                     if (preferredDefaultKey.IsRevoked || preferredDefaultKey.IsExpired(now) || !CanCreateAuthenticatedEncryptor(preferredDefaultKey))
                     {
                         _logger.KeyIsNoLongerUnderConsiderationAsDefault(preferredDefaultKey.KeyId);
                         preferredDefaultKey = null;
                     }
                 }

                // Only the key that has been most recently activated is eligible to be the preferred default,
                 // and only if it hasn't expired or been revoked. This is intentional: generating a new key is
                 // an implicit signal that we should stop using older keys (even if they're not revoked), so
                 // activating a new key should permanently mark all older keys as non-preferred.

                if (preferredDefaultKey != null)
                 {
                     // Does *any* key in the key ring fulfill the requirement that its activation date is prior
                     // to the preferred default key's expiration date (allowing for skew) and that it will
                     // remain valid one propagation cycle from now? If so, the caller doesn't need to add a
                     // new key.
                     callerShouldGenerateNewKey = !allKeys.Any(key =>
                        key.ActivationDate <= (preferredDefaultKey.ExpirationDate + _maxServerToServerClockSkew)
                        && !key.IsExpired(now + _keyPropagationWindow)
                        && !key.IsRevoked);

                    if (callerShouldGenerateNewKey)
                     {
                         _logger.DefaultKeyExpirationImminentAndRepository();
                     }

                    fallbackKey = null;
                     return preferredDefaultKey;
                 }

                // If we got this far, the caller must generate a key now.
                 // We should locate a fallback key, which is a key that can be used to protect payloads if
                 // the caller is configured not to generate a new key. We should try to make sure the fallback
                 // key has propagated to all callers (so its creation date should be before the previous
                 // propagation period), and we cannot use revoked keys. The fallback key may be expired.
                 fallbackKey = (from key in (from key in allKeys
                                             where key.CreationDate <= now - _keyPropagationWindow
                                             orderby key.CreationDate descending
                                             select key).Concat(from key in allKeys
                                                                orderby key.CreationDate ascending
                                                                select key)
                                where !key.IsRevoked && CanCreateAuthenticatedEncryptor(key)
                                select key).FirstOrDefault();

                _logger.RepositoryContainsNoViableDefaultKey();

                callerShouldGenerateNewKey = true;
                 return null;
             }

  • 相关阅读:
    bzoj 3744: Gty的妹子序列 主席树+分块
    bzoj 3110: [Zjoi2013]K大数查询 树状数组套线段树
    bzoj 3041: 水叮当的舞步 迭代加深搜索 && NOIP RP++
    约瑟夫问题例题小结
    bzoj 3594: [Scoi2014]方伯伯的玉米田 dp树状数组优化
    人生第一场CTF的解题报告(部分)
    ZOJ 3811 Untrusted Patrol【并查集】
    POJ 2112: Optimal Milking【二分,网络流】
    Codeforces Round #277 (Div. 2 Only)
    POJ 2195 Going Home【最小费用流 二分图最优匹配】
  • 原文地址:https://www.cnblogs.com/feinian/p/7735146.html
Copyright © 2011-2022 走看看