Add IForwardingDecryptorActivator and allow forward behavior to be altered in unit tests

Author: khellang

src/DataProtection/DataProtection/src/Internal/IForwardingDecryptorActivator.cs

@@ -0,0 +1,12 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Diagnostics.CodeAnalysis;
+using System;
+
+namespace Microsoft.AspNetCore.DataProtection.Internal;
+
+internal interface ITypeForwardingActivator : IActivator
+{
+    bool TryForwardType(string originalTypeName, [NotNullWhen(true)] out Type? type);
+}

src/DataProtection/DataProtection/src/KeyManagement/XmlKeyManager.cs

@@ -466,26 +466,24 @@ IAuthenticatedEncryptorDescriptor IInternalXmlKeyManager.DeserializeDescriptorFr
     [UnconditionalSuppressMessage("Trimmer", "IL2057", Justification = "Type.GetType result is only useful with types that are referenced by DataProtection assembly.")]
     private IAuthenticatedEncryptorDescriptorDeserializer CreateDeserializer(string descriptorDeserializerTypeName)
     {
-        var resolvedTypeName = TypeForwardingActivator.TryForwardTypeName(descriptorDeserializerTypeName, out var forwardedTypeName)
-            ? forwardedTypeName
-            : descriptorDeserializerTypeName;
-        var type = Type.GetType(resolvedTypeName, throwOnError: false);
-
-        if (type == typeof(AuthenticatedEncryptorDescriptorDeserializer))
-        {
-            return _activator.CreateInstance<AuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
-        }
-        else if (type == typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-        {
-            return _activator.CreateInstance<CngCbcAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
-        }
-        else if (type == typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-        {
-            return _activator.CreateInstance<CngGcmAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
-        }
-        else if (type == typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer))
+        if (_activator is ITypeForwardingActivator forwardingActivator && forwardingActivator.TryForwardType(descriptorDeserializerTypeName, out var type))
         {
-            return _activator.CreateInstance<ManagedAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
+            if (type == typeof(AuthenticatedEncryptorDescriptorDeserializer))
+            {
+                return _activator.CreateInstance<AuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
+            }
+            else if (type == typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                return _activator.CreateInstance<CngCbcAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
+            }
+            else if (type == typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                return _activator.CreateInstance<CngGcmAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
+            }
+            else if (type == typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer))
+            {
+                return _activator.CreateInstance<ManagedAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
+            }
         }
 
         return _activator.CreateInstance<IAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);

src/DataProtection/DataProtection/src/TypeForwardingActivator.cs

@@ -3,13 +3,14 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNetCore.DataProtection.Internal;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 
 namespace Microsoft.AspNetCore.DataProtection;
 
 #pragma warning disable CA1852 // Seal internal types
-internal class TypeForwardingActivator : SimpleActivator
+internal class TypeForwardingActivator : SimpleActivator, ITypeForwardingActivator
 #pragma warning restore CA1852 // Seal internal types
 {
     private const string OldNamespace = "Microsoft.AspNet.DataProtection";
@@ -30,31 +31,47 @@ public TypeForwardingActivator(IServiceProvider services, ILoggerFactory loggerF
     public override object CreateInstance([DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)] Type expectedBaseType, string originalTypeName)
         => CreateInstance(expectedBaseType, originalTypeName, out var _);
 
+    public bool TryForwardType(string originalTypeName, [NotNullWhen(true)] out Type? type)
+        => TryForwardType(originalTypeName, out type, out _);
+
     // for testing
-    [UnconditionalSuppressMessage("Trimmer", "IL2057", Justification = "Type.GetType is only used with forwarded types that are referenced by DataProtection assembly.")]
     internal object CreateInstance([DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)] Type expectedBaseType, string originalTypeName, out bool forwarded)
     {
-        if (TryForwardTypeName(originalTypeName, out var forwardedTypeName))
+        if (!TryForwardType(originalTypeName, out var forwardedType, out forwarded))
         {
-            var type = Type.GetType(forwardedTypeName, false);
-            if (type != null)
-            {
-                if (_logger.IsEnabled(LogLevel.Debug))
-                {
-                    _logger.LogDebug("Forwarded activator type request from {FromType} to {ToType}",
-                        originalTypeName,
-                        forwardedTypeName);
-                }
-                forwarded = true;
-                return base.CreateInstance(expectedBaseType, forwardedTypeName);
-            }
+            return base.CreateInstance(expectedBaseType, originalTypeName);
+        }
+
+        var forwardedTypeName = forwardedType.AssemblyQualifiedName!;
+        if (_logger.IsEnabled(LogLevel.Debug))
+        {
+            _logger.LogDebug("Forwarded activator type request from {FromType} to {ToType}",
+                originalTypeName,
+                forwardedTypeName);
         }
+        return base.CreateInstance(expectedBaseType, forwardedTypeName);
+    }
 
-        forwarded = false;
-        return base.CreateInstance(expectedBaseType, originalTypeName);
+    [UnconditionalSuppressMessage("Trimmer", "IL2057", Justification = "Type.GetType is only used with forwarded types that are referenced by DataProtection assembly.")]
+    private static bool TryForwardType(string originalTypeName, [NotNullWhen(true)] out Type? type, out bool forwarded)
+    {
+        forwarded = TryForwardTypeName(originalTypeName, out var resolvedTypeName);
+        try
+        {
+            // Some exceptions are thrown regardless of the value of throwOnError.
+            // For example, if the type is found but cannot be loaded,
+            // a System.TypeLoadException is thrown even if throwOnError is false.
+            type = Type.GetType(resolvedTypeName, throwOnError: false);
+            return type is not null;
+        }
+        catch
+        {
+            type = default;
+            return false;
+        }
     }
 
-    internal static bool TryForwardTypeName(string originalTypeName, out string forwardedTypeName)
+    private static bool TryForwardTypeName(string originalTypeName, out string forwardedTypeName)
     {
         forwardedTypeName = originalTypeName;
 

src/DataProtection/DataProtection/src/XmlEncryption/XmlEncryptionExtensions.cs

@@ -16,9 +16,6 @@ namespace Microsoft.AspNetCore.DataProtection.XmlEncryption;
 
 internal static unsafe class XmlEncryptionExtensions
 {
-    // Used for testing edge case assembly loading errors
-    internal static Func<string, Type?> _getType = GetType;
-
     public static XElement DecryptElement(this XElement element, IActivator activator)
     {
         // If no decryption necessary, return original element.
@@ -72,54 +69,29 @@ public static XElement DecryptElement(this XElement element, IActivator activato
 
     private static IXmlDecryptor CreateDecryptor(IActivator activator, string decryptorTypeName)
     {
-        if (!TryGetDecryptorType(decryptorTypeName, out var type))
-        {
-            return activator.CreateInstance<IXmlDecryptor>(decryptorTypeName);
-        }
-
-        if (type == typeof(DpapiNGXmlDecryptor))
+        if (activator is ITypeForwardingActivator typeForwarder && typeForwarder.TryForwardType(decryptorTypeName, out var type))
         {
-            return activator.CreateInstance<DpapiNGXmlDecryptor>(decryptorTypeName);
-        }
-        else if (type == typeof(DpapiXmlDecryptor))
-        {
-            return activator.CreateInstance<DpapiXmlDecryptor>(decryptorTypeName);
-        }
-        else if (type == typeof(EncryptedXmlDecryptor))
-        {
-            return activator.CreateInstance<EncryptedXmlDecryptor>(decryptorTypeName);
-        }
-        else if (type == typeof(NullXmlDecryptor))
-        {
-            return activator.CreateInstance<NullXmlDecryptor>(decryptorTypeName);
+            if (type == typeof(DpapiNGXmlDecryptor))
+            {
+                return activator.CreateInstance<DpapiNGXmlDecryptor>(decryptorTypeName);
+            }
+            else if (type == typeof(DpapiXmlDecryptor))
+            {
+                return activator.CreateInstance<DpapiXmlDecryptor>(decryptorTypeName);
+            }
+            else if (type == typeof(EncryptedXmlDecryptor))
+            {
+                return activator.CreateInstance<EncryptedXmlDecryptor>(decryptorTypeName);
+            }
+            else if (type == typeof(NullXmlDecryptor))
+            {
+                return activator.CreateInstance<NullXmlDecryptor>(decryptorTypeName);
+            }
         }
 
         return activator.CreateInstance<IXmlDecryptor>(decryptorTypeName);
     }
 
-    private static bool TryGetDecryptorType(string decryptorTypeName, [NotNullWhen(true)] out Type? type)
-    {
-        var resolvedTypeName = TypeForwardingActivator.TryForwardTypeName(decryptorTypeName, out var forwardedTypeName)
-            ? forwardedTypeName
-            : decryptorTypeName;
-        try
-        {
-            // Some exceptions are thrown regardless of the value of throwOnError.
-            // For example, if the type is found but cannot be loaded,
-            // a System.TypeLoadException is thrown even if throwOnError is false.
-            type = _getType(resolvedTypeName);
-            return type is not null;
-        }
-        catch
-        {
-            type = default;
-            return false;
-        }
-    }
-
-    [UnconditionalSuppressMessage("Trimmer", "IL2057", Justification = "Type.GetType result is only useful with types that are referenced by DataProtection assembly.")]
-    private static Type? GetType(string typeName) => Type.GetType(typeName, throwOnError: false);
-
     public static XElement? EncryptIfNecessary(this IXmlEncryptor encryptor, XElement element)
     {
         // If no encryption is necessary, return null.

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/MockExtensions.cs

@@ -38,7 +38,7 @@ public static void ReturnDescriptorGivenDeserializerTypeNameAndInput(this Mock<I
     /// Sets up a mock such that given the name of a decryptor class and the XML node that class's
     /// Decrypt method should expect returns the specified XML elmeent.
     /// </summary>
-    public static void ReturnDecryptedElementGivenDecryptorTypeNameAndInput(this Mock<IActivator> mockActivator, string typeName, string expectedInputXml, string outputXml)
+    public static void ReturnDecryptedElementGivenDecryptorTypeNameAndInput<T>(this Mock<T> mockActivator, string typeName, string expectedInputXml, string outputXml) where T : class, IActivator
     {
         mockActivator
             .Setup(o => o.CreateInstance(typeof(IXmlDecryptor), typeName))

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/XmlEncryptionExtensionsTests.cs

@@ -53,21 +53,22 @@ public void DecryptElement_RootNodeRequiresDecryption_Success()
     public void DecryptElement_MissingDecryptorType_Success()
     {
         // Arrange
-        // We want to simulate an error loading the specified decryptor type, i.e.
-        // Could not load file or assembly 'Azure.Extensions.AspNetCore.DataProtection.Keys,
-        // Version=1.2.2.0, Culture=neutral, PublicKeyToken=92742159e12e44c8' or one of its dependencies.
-        XmlEncryptionExtensions._getType = _ => throw new TypeLoadException();
-
         var decryptorTypeName = typeof(MyXmlDecryptor).AssemblyQualifiedName;
 
         var original = XElement.Parse(@$"
                 <x:encryptedSecret decryptorType='{decryptorTypeName}' xmlns:x='http://schemas.asp.net/2015/03/dataProtection'>
                   <node />
                 </x:encryptedSecret>");
 
-        var mockActivator = new Mock<IActivator>();
+        var mockActivator = new Mock<ITypeForwardingActivator>();
         mockActivator.ReturnDecryptedElementGivenDecryptorTypeNameAndInput(decryptorTypeName, "<node />", "<newNode />");
 
+        // We want to simulate an error loading the specified decryptor type, i.e.
+        // Could not load file or assembly 'Azure.Extensions.AspNetCore.DataProtection.Keys,
+        // Version=1.2.2.0, Culture=neutral, PublicKeyToken=92742159e12e44c8' or one of its dependencies.
+        Type type;
+        mockActivator.Setup(x => x.TryForwardType(decryptorTypeName, out type)).Returns(false);
+
         var serviceCollection = new ServiceCollection();
         serviceCollection.AddSingleton<IActivator>(mockActivator.Object);
         var services = serviceCollection.BuildServiceProvider();