From b5ac231f3260cdab0ad43d9c8b3aa4b952f663a4 Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 09:59:27 -0700 Subject: [PATCH 1/9] Drop URL from wrapper exception messages --- src/DataProtection/Abstractions/src/Resources.resx | 6 +++--- src/DataProtection/DataProtection/src/Resources.resx | 8 ++++---- src/DataProtection/Extensions/src/Resources.resx | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/DataProtection/Abstractions/src/Resources.resx b/src/DataProtection/Abstractions/src/Resources.resx index daa9e2cbd90c..aabce65807af 100644 --- a/src/DataProtection/Abstractions/src/Resources.resx +++ b/src/DataProtection/Abstractions/src/Resources.resx @@ -1,4 +1,4 @@ - + Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to http://aka.ms/dataprotectionwarning @@ -189,6 +190,7 @@ {0} must not be negative. For more information go to http://aka.ms/dataprotectionwarning + Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/dataprotectionwarning From 720945de1a3454758e77cbc236992e483ecbcd7d Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 10:53:44 -0700 Subject: [PATCH 4/9] Drop URL from messages that are already clear --- src/DataProtection/DataProtection/src/Resources.resx | 12 ++++++------ src/DataProtection/Extensions/src/Resources.resx | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/DataProtection/DataProtection/src/Resources.resx b/src/DataProtection/DataProtection/src/Resources.resx index 900063cfaa25..87dbd1cf6193 100644 --- a/src/DataProtection/DataProtection/src/Resources.resx +++ b/src/DataProtection/DataProtection/src/Resources.resx @@ -145,7 +145,7 @@ The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to http://aka.ms/dataprotectionwarning - The provided payload cannot be decrypted because it was protected with a newer version of the protection provider. For more information go to http://aka.ms/dataprotectionwarning + The provided payload cannot be decrypted because it was protected with a newer version of the protection provider. Value must be non-negative. @@ -163,7 +163,7 @@ Argument cannot be null or empty. - Property {0} must have a non-negative value. For more information go to http://aka.ms/dataprotectionwarning + Property {0} must have a non-negative value. GCM algorithms require the Windows platform. For more information go to http://aka.ms/dataprotectionwarning @@ -176,19 +176,19 @@ Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to http://aka.ms/dataprotectionwarning - The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits. For more information go to http://aka.ms/dataprotectionwarning + The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits. - The validation algorithm digest size of {0} bits is invalid. The digest size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. For more information go to http://aka.ms/dataprotectionwarning + The validation algorithm digest size of {0} bits is invalid. The digest size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. - The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. For more information go to http://aka.ms/dataprotectionwarning + The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/dataprotectionwarning - {0} must not be negative. For more information go to http://aka.ms/dataprotectionwarning + {0} must not be negative. diff --git a/src/DataProtection/Extensions/src/Resources.resx b/src/DataProtection/Extensions/src/Resources.resx index 6307bbd98a3e..9af760ac28c5 100644 --- a/src/DataProtection/Extensions/src/Resources.resx +++ b/src/DataProtection/Extensions/src/Resources.resx @@ -121,7 +121,7 @@ An error occurred during a cryptographic operation. Refer to the inner exception for more information. - The payload expired at {0}. For more information go to http://aka.ms/dataprotectionwarning + The payload expired at {0}. The payload is invalid. For more information go to http://aka.ms/dataprotectionwarning From 40651a4b355ee6903b754c7417d3d89f432b048b Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 12:10:20 -0700 Subject: [PATCH 5/9] Drop URL from message that already has corresponding API documentation --- src/DataProtection/DataProtection/src/Resources.resx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/DataProtection/DataProtection/src/Resources.resx b/src/DataProtection/DataProtection/src/Resources.resx index 87dbd1cf6193..d0d224c3330f 100644 --- a/src/DataProtection/DataProtection/src/Resources.resx +++ b/src/DataProtection/DataProtection/src/Resources.resx @@ -121,7 +121,7 @@ An error occurred during a cryptographic operation. Refer to the inner exception for more information. - The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length. For more information go to http://aka.ms/dataprotectionwarning + The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length. The payload was invalid. For more information go to http://aka.ms/dataprotectionwarning From 3ccfacad49a4316c761637862f9a8c2b5d839e7d Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 12:14:59 -0700 Subject: [PATCH 6/9] Make copies of CryptCommon_PayloadInvalid consistent --- src/DataProtection/Abstractions/src/Resources.resx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/DataProtection/Abstractions/src/Resources.resx b/src/DataProtection/Abstractions/src/Resources.resx index aabce65807af..8f9190a98fd0 100644 --- a/src/DataProtection/Abstractions/src/Resources.resx +++ b/src/DataProtection/Abstractions/src/Resources.resx @@ -118,7 +118,7 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - The payload was invalid. + The payload was invalid. For more information go to http://aka.ms/dataprotectionwarning The purposes collection cannot be null or empty and cannot contain null elements. From 25196d1914c5e778ad38b5aa2ae4db4e29ee1e6e Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 12:17:46 -0700 Subject: [PATCH 7/9] Replace http://aka.ms/dataprotectionwarning with http://aka.ms/aspnet/dataprotectionwarning --- .../Abstractions/src/Resources.resx | 2 +- .../DataProtection/src/LoggingExtensions.cs | 2 +- .../DataProtection/src/Resources.resx | 22 +++++++++---------- .../Extensions/src/Resources.resx | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/DataProtection/Abstractions/src/Resources.resx b/src/DataProtection/Abstractions/src/Resources.resx index 8f9190a98fd0..1ec286ae7337 100644 --- a/src/DataProtection/Abstractions/src/Resources.resx +++ b/src/DataProtection/Abstractions/src/Resources.resx @@ -118,7 +118,7 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - The payload was invalid. For more information go to http://aka.ms/dataprotectionwarning + The payload was invalid. For more information go to http://aka.ms/aspnet/dataprotectionwarning The purposes collection cannot be null or empty and cannot contain null elements. diff --git a/src/DataProtection/DataProtection/src/LoggingExtensions.cs b/src/DataProtection/DataProtection/src/LoggingExtensions.cs index 487d56916258..ff0bccda5b41 100644 --- a/src/DataProtection/DataProtection/src/LoggingExtensions.cs +++ b/src/DataProtection/DataProtection/src/LoggingExtensions.cs @@ -235,6 +235,6 @@ private static bool IsLogLevelEnabledCore([NotNullWhen(true)] ILogger? logger, L [LoggerMessage(66, LogLevel.Information, "Key ring failed to load during application startup.", EventName = "KeyRingFailedToLoadOnStartup")] public static partial void KeyRingFailedToLoadOnStartup(this ILogger logger, Exception innerException); - [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/dataprotectionwarning", EventName = "UsingEphemeralFileSystemLocationInContainer")] + [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/aspnet/dataprotectionwarning", EventName = "UsingEphemeralFileSystemLocationInContainer")] public static partial void UsingEphemeralFileSystemLocationInContainer(this ILogger logger, string path); } diff --git a/src/DataProtection/DataProtection/src/Resources.resx b/src/DataProtection/DataProtection/src/Resources.resx index d0d224c3330f..ab45bce418a3 100644 --- a/src/DataProtection/DataProtection/src/Resources.resx +++ b/src/DataProtection/DataProtection/src/Resources.resx @@ -124,7 +124,7 @@ The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length. - The payload was invalid. For more information go to http://aka.ms/dataprotectionwarning + The payload was invalid. For more information go to http://aka.ms/aspnet/dataprotectionwarning Property {0} cannot be null or empty. @@ -136,13 +136,13 @@ An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information. - The key {0:B} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning + The key {0:B} was not found in the key ring. For more information go to http://aka.ms/aspnet/dataprotectionwarning - The key {0:B} has been revoked. For more information go to http://aka.ms/dataprotectionwarning + The key {0:B} has been revoked. For more information go to http://aka.ms/aspnet/dataprotectionwarning - The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to http://aka.ms/dataprotectionwarning + The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to http://aka.ms/aspnet/dataprotectionwarning The provided payload cannot be decrypted because it was protected with a newer version of the protection provider. @@ -154,10 +154,10 @@ The type '{1}' is not assignable to '{0}'. - The new key lifetime must be at least one week. For more information go to http://aka.ms/dataprotectionwarning + The new key lifetime must be at least one week. For more information go to http://aka.ms/aspnet/dataprotectionwarning - The key {0:B} already exists in the keyring. For more information go to http://aka.ms/dataprotectionwarning + The key {0:B} already exists in the keyring. For more information go to http://aka.ms/aspnet/dataprotectionwarning Argument cannot be null or empty. @@ -166,14 +166,14 @@ Property {0} must have a non-negative value. - GCM algorithms require the Windows platform. For more information go to http://aka.ms/dataprotectionwarning + GCM algorithms require the Windows platform. For more information go to http://aka.ms/aspnet/dataprotectionwarning - A certificate with the thumbprint '{0}' could not be found. For more information go to http://aka.ms/dataprotectionwarning + A certificate with the thumbprint '{0}' could not be found. For more information go to http://aka.ms/aspnet/dataprotectionwarning - Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to http://aka.ms/dataprotectionwarning + Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to http://aka.ms/aspnet/dataprotectionwarning The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits. @@ -185,13 +185,13 @@ The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. - The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/dataprotectionwarning + The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/aspnet/dataprotectionwarning {0} must not be negative. - Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/dataprotectionwarning + Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/aspnet/dataprotectionwarning diff --git a/src/DataProtection/Extensions/src/Resources.resx b/src/DataProtection/Extensions/src/Resources.resx index 9af760ac28c5..7b0b5d45ed7a 100644 --- a/src/DataProtection/Extensions/src/Resources.resx +++ b/src/DataProtection/Extensions/src/Resources.resx @@ -124,6 +124,6 @@ The payload expired at {0}. - The payload is invalid. For more information go to http://aka.ms/dataprotectionwarning + The payload is invalid. For more information go to http://aka.ms/aspnet/dataprotectionwarning From d6742d0f005777dc33e5453960db1c8d1ecb1635 Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 12:21:55 -0700 Subject: [PATCH 8/9] Use HTTPS links --- .../Abstractions/src/Resources.resx | 2 +- .../DataProtection/src/LoggingExtensions.cs | 2 +- .../DataProtection/src/Resources.resx | 22 +++++++++---------- .../Extensions/src/Resources.resx | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/DataProtection/Abstractions/src/Resources.resx b/src/DataProtection/Abstractions/src/Resources.resx index 1ec286ae7337..1371e3428489 100644 --- a/src/DataProtection/Abstractions/src/Resources.resx +++ b/src/DataProtection/Abstractions/src/Resources.resx @@ -118,7 +118,7 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - The payload was invalid. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning The purposes collection cannot be null or empty and cannot contain null elements. diff --git a/src/DataProtection/DataProtection/src/LoggingExtensions.cs b/src/DataProtection/DataProtection/src/LoggingExtensions.cs index ff0bccda5b41..301f62f1bbf3 100644 --- a/src/DataProtection/DataProtection/src/LoggingExtensions.cs +++ b/src/DataProtection/DataProtection/src/LoggingExtensions.cs @@ -235,6 +235,6 @@ private static bool IsLogLevelEnabledCore([NotNullWhen(true)] ILogger? logger, L [LoggerMessage(66, LogLevel.Information, "Key ring failed to load during application startup.", EventName = "KeyRingFailedToLoadOnStartup")] public static partial void KeyRingFailedToLoadOnStartup(this ILogger logger, Exception innerException); - [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/aspnet/dataprotectionwarning", EventName = "UsingEphemeralFileSystemLocationInContainer")] + [LoggerMessage(60, LogLevel.Warning, "Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning", EventName = "UsingEphemeralFileSystemLocationInContainer")] public static partial void UsingEphemeralFileSystemLocationInContainer(this ILogger logger, string path); } diff --git a/src/DataProtection/DataProtection/src/Resources.resx b/src/DataProtection/DataProtection/src/Resources.resx index ab45bce418a3..c69efbb97bc2 100644 --- a/src/DataProtection/DataProtection/src/Resources.resx +++ b/src/DataProtection/DataProtection/src/Resources.resx @@ -124,7 +124,7 @@ The provided buffer is of length {0} byte(s). It must instead be exactly {1} byte(s) in length. - The payload was invalid. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning Property {0} cannot be null or empty. @@ -136,13 +136,13 @@ An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information. - The key {0:B} was not found in the key ring. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The key {0:B} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning - The key {0:B} has been revoked. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The key {0:B} has been revoked. For more information go to https://aka.ms/aspnet/dataprotectionwarning - The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The provided payload cannot be decrypted because it was not protected with this protection provider. For more information go to https://aka.ms/aspnet/dataprotectionwarning The provided payload cannot be decrypted because it was protected with a newer version of the protection provider. @@ -154,10 +154,10 @@ The type '{1}' is not assignable to '{0}'. - The new key lifetime must be at least one week. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The new key lifetime must be at least one week. For more information go to https://aka.ms/aspnet/dataprotectionwarning - The key {0:B} already exists in the keyring. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The key {0:B} already exists in the keyring. For more information go to https://aka.ms/aspnet/dataprotectionwarning Argument cannot be null or empty. @@ -166,14 +166,14 @@ Property {0} must have a non-negative value. - GCM algorithms require the Windows platform. For more information go to http://aka.ms/aspnet/dataprotectionwarning + GCM algorithms require the Windows platform. For more information go to https://aka.ms/aspnet/dataprotectionwarning - A certificate with the thumbprint '{0}' could not be found. For more information go to http://aka.ms/aspnet/dataprotectionwarning + A certificate with the thumbprint '{0}' could not be found. For more information go to https://aka.ms/aspnet/dataprotectionwarning - Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to http://aka.ms/aspnet/dataprotectionwarning + Decrypting EncryptedXml-encapsulated payloads is not yet supported on Core CLR. For more information go to https://aka.ms/aspnet/dataprotectionwarning The symmetric algorithm block size of {0} bits is invalid. The block size must be between 64 and 2048 bits, inclusive, and it must be a multiple of 8 bits. @@ -185,13 +185,13 @@ The symmetric algorithm key size of {0} bits is invalid. The key size must be between 128 and 2048 bits, inclusive, and it must be a multiple of 8 bits. - The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to https://aka.ms/aspnet/dataprotectionwarning {0} must not be negative. - Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to http://aka.ms/aspnet/dataprotectionwarning + Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning diff --git a/src/DataProtection/Extensions/src/Resources.resx b/src/DataProtection/Extensions/src/Resources.resx index 7b0b5d45ed7a..276449c9c961 100644 --- a/src/DataProtection/Extensions/src/Resources.resx +++ b/src/DataProtection/Extensions/src/Resources.resx @@ -124,6 +124,6 @@ The payload expired at {0}. - The payload is invalid. For more information go to http://aka.ms/aspnet/dataprotectionwarning + The payload is invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning From f5a3fd21bfdfbe09450bcf386ac559b42e092a82 Mon Sep 17 00:00:00 2001 From: Andrew Casey Date: Thu, 31 Aug 2023 12:41:35 -0700 Subject: [PATCH 9/9] Update log message to match more helpful exception message --- src/DataProtection/DataProtection/src/LoggingExtensions.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/DataProtection/DataProtection/src/LoggingExtensions.cs b/src/DataProtection/DataProtection/src/LoggingExtensions.cs index 301f62f1bbf3..701ce885c79c 100644 --- a/src/DataProtection/DataProtection/src/LoggingExtensions.cs +++ b/src/DataProtection/DataProtection/src/LoggingExtensions.cs @@ -184,7 +184,7 @@ private static bool IsLogLevelEnabledCore([NotNullWhen(true)] ILogger? logger, L [LoggerMessage(48, LogLevel.Error, "An error occurred while reading the key ring.", EventName = "ErrorOccurredWhileReadingKeyRing")] public static partial void ErrorOccurredWhileReadingKeyRing(this ILogger logger, Exception exception); - [LoggerMessage(49, LogLevel.Error, "The key ring does not contain a valid default key, and the key manager is configured with auto-generation of keys disabled.", EventName = "KeyRingDoesNotContainValidDefaultKey")] + [LoggerMessage(49, LogLevel.Error, "The key ring does not contain a valid default protection key. The data protection system cannot create a new key because auto-generation of keys is disabled. For more information go to http://aka.ms/dataprotectionwarning", EventName = "KeyRingDoesNotContainValidDefaultKey")] public static partial void KeyRingDoesNotContainValidDefaultKey(this ILogger logger); [LoggerMessage(50, LogLevel.Warning, "Using an in-memory repository. Keys will not be persisted to storage.", EventName = "UsingInMemoryRepository")]