Merge branch 'release/8.0'

Author: BrennanConroy

eng/Version.Details.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -118,15 +118,15 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="CryptCommon_PayloadInvalid" xml:space="preserve">
-    <value>The payload was invalid.</value>
+    <value>The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="DataProtectionExtensions_NullPurposesCollection" xml:space="preserve">
     <value>The purposes collection cannot be null or empty and cannot contain null elements.</value>
   </data>
   <data name="CryptCommon_GenericError" xml:space="preserve">
-    <value>An error occurred during a cryptographic operation.</value>
+    <value>An error occurred during a cryptographic operation. Refer to the inner exception for more information.</value>
   </data>
   <data name="DataProtectionExtensions_NoService" xml:space="preserve">
     <value>No service for type '{0}' has been registered.</value>
   </data>
-</root>
+</root>

eng/Versions.props

@@ -184,7 +184,7 @@ private static bool IsLogLevelEnabledCore([NotNullWhen(true)] ILogger? logger, L
     [LoggerMessage(48, LogLevel.Error, "An error occurred while reading the key ring.", EventName = "ErrorOccurredWhileReadingKeyRing")]
     public static partial void ErrorOccurredWhileReadingKeyRing(this ILogger logger, Exception exception);
 
-    [LoggerMessage(49, LogLevel.Error, "The key ring does not contain a valid default key, and the key manager is configured with auto-generation of keys disabled.", EventName = "KeyRingDoesNotContainValidDefaultKey")]
+    [LoggerMessage(49, LogLevel.Error, "The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/dataprotectionwarning", EventName = "KeyRingDoesNotContainValidDefaultKey")]
     public static partial void KeyRingDoesNotContainValidDefaultKey(this ILogger logger);
 
     [LoggerMessage(50, LogLevel.Warning, "Using an in-memory repository. Keys will not be persisted to storage.", EventName = "UsingInMemoryRepository")]
@@ -235,6 +235,6 @@ private static bool IsLogLevelEnabledCore([NotNullWhen(true)] ILogger? logger, L
     [LoggerMessage(66, LogLevel.Information, "Key ring failed to load during application startup.", EventName = "KeyRingFailedToLoadOnStartup")]
     public static partial void KeyRingFailedToLoadOnStartup(this ILogger logger, Exception innerException);
 
-    [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.", EventName = "UsingEphemeralFileSystemLocationInContainer")]
+    [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning", EventName = "UsingEphemeralFileSystemLocationInContainer")]
     public static partial void UsingEphemeralFileSystemLocationInContainer(this ILogger logger, string path);
 }

src/DataProtection/Abstractions/src/Resources.resx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!--
     Microsoft ResX Schema
@@ -118,34 +118,34 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="CryptCommon_GenericError" xml:space="preserve">
-    <value>An error occurred during a cryptographic operation. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>An error occurred during a cryptographic operation. Refer to the inner exception for more information.</value>
   </data>
   <data name="Common_BufferIncorrectlySized" xml:space="preserve">
-    <value>The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length.</value>
   </data>
   <data name="CryptCommon_PayloadInvalid" xml:space="preserve">
-    <value>The payload was invalid. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="Common_PropertyCannotBeNullOrEmpty" xml:space="preserve">
     <value>Property {0} cannot be null or empty.</value>
   </data>
   <data name="Common_DecryptionFailed" xml:space="preserve">
-    <value>The provided payload could not be decrypted. Refer to the inner exception for more information. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The provided payload could not be decrypted. Refer to the inner exception for more information.</value>
   </data>
   <data name="Common_EncryptionFailed" xml:space="preserve">
-    <value>An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information.</value>
   </data>
   <data name="Common_KeyNotFound" xml:space="preserve">
-    <value>The key {0:B} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The key {0:B} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="Common_KeyRevoked" xml:space="preserve">
-    <value>The key {0:B} has been revoked. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The key {0:B} has been revoked. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="ProtectionProvider_BadMagicHeader" xml:space="preserve">
-    <value>The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="ProtectionProvider_BadVersion" xml:space="preserve">
-    <value>The provided payload cannot be decrypted because it was protected with a newer version of the protection provider. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The provided payload cannot be decrypted because it was protected with a newer version of the protection provider.</value>
   </data>
   <data name="Common_ValueMustBeNonNegative" xml:space="preserve">
     <value>Value must be non-negative.</value>
@@ -154,42 +154,44 @@
     <value>The type '{1}' is not assignable to '{0}'.</value>
   </data>
   <data name="KeyManagementOptions_MinNewKeyLifetimeViolated" xml:space="preserve">
-    <value>The new key lifetime must be at least one week. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The new key lifetime must be at least one week. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="XmlKeyManager_DuplicateKey" xml:space="preserve">
-    <value>The key {0:B} already exists in the keyring. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The key {0:B} already exists in the keyring. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="Common_ArgumentCannotBeNullOrEmpty" xml:space="preserve">
     <value>Argument cannot be null or empty.</value>
   </data>
   <data name="Common_PropertyMustBeNonNegative" xml:space="preserve">
-    <value>Property {0} must have a non-negative value. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>Property {0} must have a non-negative value.</value>
   </data>
   <data name="Platform_WindowsRequiredForGcm" xml:space="preserve">
-    <value>GCM algorithms require the Windows platform. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>GCM algorithms require the Windows platform. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="CertificateXmlEncryptor_CertificateNotFound" xml:space="preserve">
-    <value>A certificate with the thumbprint '{0}' could not be found. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>A certificate with the thumbprint '{0}' could not be found. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
+  <!-- This is no longer used -->
   <data name="EncryptedXmlDecryptor_DoesNotWorkOnCoreClr" xml:space="preserve">
-    <value>Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="AlgorithmAssert_BadBlockSize" xml:space="preserve">
-    <value>The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits.</value>
   </data>
   <data name="AlgorithmAssert_BadDigestSize" xml:space="preserve">
-    <value>The validation algorithm digest size of {0} bits is invalid. The digest size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The validation algorithm digest size of {0} bits is invalid. The digest size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits.</value>
   </data>
   <data name="AlgorithmAssert_BadKeySize" xml:space="preserve">
-    <value>The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits.</value>
   </data>
   <data name="KeyRingProvider_NoDefaultKey_AutoGenerateDisabled" xml:space="preserve">
-    <value>The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
   <data name="LifetimeMustNotBeNegative" xml:space="preserve">
-    <value>{0} must not be negative. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>{0} must not be negative.</value>
   </data>
+  <!-- This is only used to test LoggingExtensions.UsingEphemeralFileSystemLocationInContainer -->
   <data name="FileSystem_EphemeralKeysLocationInContainer" xml:space="preserve">
-    <value>Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
 </root>

src/DataProtection/DataProtection/src/LoggingExtensions.cs

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
   <!-- 
     Microsoft ResX Schema 
@@ -118,12 +118,12 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="CryptCommon_GenericError" xml:space="preserve">
-    <value>An error occurred during a cryptographic operation. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>An error occurred during a cryptographic operation. Refer to the inner exception for more information.</value>
   </data>
   <data name="TimeLimitedDataProtector_PayloadExpired" xml:space="preserve">
-    <value>The payload expired at {0}. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The payload expired at {0}.</value>
   </data>
   <data name="TimeLimitedDataProtector_PayloadInvalid" xml:space="preserve">
-    <value>The payload is invalid. For more information go to http://aka.ms/dataprotectionwarning</value>
+    <value>The payload is invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning</value>
   </data>
 </root>

src/DataProtection/DataProtection/src/Resources.resx

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Globalization;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net;
 using System.Net.Http;
@@ -958,15 +959,15 @@ public async Task ExpirationAndIssuedSetOnAuthenticateResult()
     }
 
     [Fact]
-    public async Task ExpirationAndIssuedNullWhenMinOrMaxValue()
+    public async Task ExpirationAndIssuedWhenMinOrMaxValue()
     {
         var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(new string('a', 128)));
         var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
 
         var claims = new[]
         {
-                new Claim(ClaimTypes.NameIdentifier, "Bob")
-            };
+            new Claim(ClaimTypes.NameIdentifier, "Bob")
+        };
 
         var token = new JwtSecurityToken(
             issuer: "issuer.contoso.com",
@@ -995,8 +996,18 @@ public async Task ExpirationAndIssuedNullWhenMinOrMaxValue()
         Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
         var responseBody = await response.Response.Content.ReadAsStringAsync();
         using var dom = JsonDocument.Parse(responseBody);
-        Assert.Equal(JsonValueKind.Null, dom.RootElement.GetProperty("expires").ValueKind);
         Assert.Equal(JsonValueKind.Null, dom.RootElement.GetProperty("issued").ValueKind);
+
+        var expiresElement = dom.RootElement.GetProperty("expires");
+        Assert.Equal(JsonValueKind.String, expiresElement.ValueKind);
+
+        var elementValue = DateTime.Parse(expiresElement.GetString(), CultureInfo.InvariantCulture);
+        var elementValueUtc = elementValue.ToUniversalTime();
+        // roundtrip DateTime.MaxValue through parsing because it is lossy and we
+        // need equivalent values to compare against.
+        var max = DateTime.Parse(DateTime.MaxValue.ToString(CultureInfo.InvariantCulture), CultureInfo.InvariantCulture);
+
+        Assert.Equal(max, elementValueUtc);
     }
 
     [Fact]

src/DataProtection/Extensions/src/Resources.resx

@@ -81,22 +81,53 @@ public HubMethodDescriptor(ObjectMethodExecutor methodExecutor, IServiceProvider
             }
             else if (p.CustomAttributes.Any())
             {
+                var markedParameter = false;
                 foreach (var attribute in p.GetCustomAttributes(true))
                 {
                     if (attribute is IFromServiceMetadata)
                     {
-                        return MarkServiceParameter(index);
+                        ThrowIfMarked(markedParameter);
+                        markedParameter = true;
+                        MarkServiceParameter(index);
                     }
                     else if (attribute is FromKeyedServicesAttribute keyedServicesAttribute)
                     {
-                        if (serviceProviderIsService is IServiceProviderIsKeyedService keyedServiceProvider &&
-                            keyedServiceProvider.IsKeyedService(GetServiceType(p.ParameterType), keyedServicesAttribute.Key))
+                        ThrowIfMarked(markedParameter);
+                        markedParameter = true;
+
+                        if (serviceProviderIsService is IServiceProviderIsKeyedService keyedServiceProvider)
+                        {
+                            if (keyedServiceProvider.IsKeyedService(GetServiceType(p.ParameterType), keyedServicesAttribute.Key))
+                            {
+                                KeyedServiceKeys ??= new List<(int, object)>();
+                                KeyedServiceKeys.Add((index, keyedServicesAttribute.Key));
+                                MarkServiceParameter(index);
+                            }
+                            else
+                            {
+                                throw new InvalidOperationException($"'{p.ParameterType}' is not in DI as a keyed service.");
+                            }
+                        }
+                        else
                         {
-                            KeyedServiceKeys ??= new List<(int, object)>();
-                            KeyedServiceKeys.Add((index, keyedServicesAttribute.Key));
-                            return MarkServiceParameter(index);
+                            throw new InvalidOperationException($"This service provider doesn't support keyed services.");
                         }
                     }
+
+                    void ThrowIfMarked(bool marked)
+                    {
+                        if (marked)
+                        {
+                            throw new InvalidOperationException(
+                                $"{methodExecutor.MethodInfo.DeclaringType?.Name}.{methodExecutor.MethodInfo.Name}: The {nameof(FromKeyedServicesAttribute)} is not supported on parameters that are also annotated with {nameof(IFromServiceMetadata)}.");
+                        }
+                    }
+                }
+
+                if (markedParameter)
+                {
+                    // If the parameter is marked because of being a service, we don't want to consider it for method parameters during deserialization
+                    return false;
                 }
             }
             else if (serviceProviderIsService?.IsService(GetServiceType(p.ParameterType)) == true)