Xml Decryption can throw before forwarding on to custom Activator instance #48910
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
As reported in Azure/azure-sdk-for-net#37043, XML decryption can fail with the following exception when the decryptorType does not match the exact version of Azure.Extensions.AspNetCore.DataProtection.Keys in use:
Could not load file or assembly 'Azure.Extensions.AspNetCore.DataProtection.Keys, Version=1.1.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark)
at System.Type.GetType(String typeName, Boolean throwOnError)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.CreateDecryptor(IActivator activator, String decryptorTypeName)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.<GetLazyDescriptorDelegate>g__GetLazyDescriptorDelegate|0()
at System.Lazy\`1.CreateValue()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Lazy`1.get_Value()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.KeyHolder.GetEncryptorInstance(Boolean& isRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRing.GetAuthenticatedEncryptorByKeyId(Guid keyId, Boolean& isRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
This is despite the fact that the library uses a custom activator which handles stripping out the version from the referenced decryptorType. The issue appears to have been caused by this change, which added the Type.GetType call before invoking Activator.CreateInstance.
Expected Behavior
It should be possible to avoid this FileNotFoundException when using a custom Activator.
Steps To Reproduce
- Protect something with a key encrypted with Azure.Extensions.AspNetCore.DataProtection.Keys v1.1.0
- Upgrade to Azure.Extensions.AspNetCore.DataProtection.Keys v1.2.2
- Unprotect secret stored with key from Azure.Extensions.AspNetCore.DataProtection.Keys v1.2.2
- use Microsoft.AspNetCore.DataProtection v7.x
Exceptions (if any)
Listed above.
.NET Version
Azure AppService on .NET Framework 4.8
Anything else?
No response