Check type name for known value before getting type

Author: JamesNK

src/DataProtection/DataProtection/src/Internal/DefaultTypeNameResolver.cs

@@ -0,0 +1,34 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+
+namespace Microsoft.AspNetCore.DataProtection.Internal;
+
+internal sealed class DefaultTypeNameResolver : ITypeNameResolver
+{
+    public static readonly DefaultTypeNameResolver Instance = new();
+
+    private DefaultTypeNameResolver()
+    {
+    }
+
+    [UnconditionalSuppressMessage("Trimmer", "IL2057", Justification = "Type.GetType is only used to resolve statically known types that are referenced by DataProtection assembly.")]
+    public bool TryResolveType(string typeName, [NotNullWhen(true)] out Type? type)
+    {
+        try
+        {
+            // Some exceptions are thrown regardless of the value of throwOnError.
+            // For example, if the type is found but cannot be loaded,
+            // a System.TypeLoadException is thrown even if throwOnError is false.
+            type = Type.GetType(typeName, throwOnError: false);
+            return type != null;
+        }
+        catch
+        {
+            type = null;
+            return false;
+        }
+    }
+}

src/DataProtection/DataProtection/src/Internal/ITypeNameResolver.cs

@@ -0,0 +1,12 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+
+namespace Microsoft.AspNetCore.DataProtection.Internal;
+
+internal interface ITypeNameResolver
+{
+    bool TryResolveType(string typeName, [NotNullWhen(true)] out Type? type);
+}

src/DataProtection/DataProtection/src/KeyManagement/XmlKeyManager.cs

@@ -49,6 +49,7 @@ public sealed class XmlKeyManager : IKeyManager, IInternalXmlKeyManager
     private const string RevokeAllKeysValue = "*";
 
     private readonly IActivator _activator;
+    private readonly ITypeNameResolver _typeNameResolver;
     private readonly AlgorithmConfiguration _authenticatedEncryptorConfiguration;
     private readonly IKeyEscrowSink? _keyEscrowSink;
     private readonly IInternalXmlKeyManager _internalKeyManager;
@@ -112,6 +113,7 @@ internal XmlKeyManager(
         var escrowSinks = keyManagementOptions.Value.KeyEscrowSinks;
         _keyEscrowSink = escrowSinks.Count > 0 ? new AggregateKeyEscrowSink(escrowSinks) : null;
         _activator = activator;
+        _typeNameResolver = activator as ITypeNameResolver ?? DefaultTypeNameResolver.Instance;
         TriggerAndResetCacheExpirationToken(suppressLogging: true);
         _internalKeyManager = _internalKeyManager ?? this;
         _encryptorFactories = keyManagementOptions.Value.AuthenticatedEncryptorFactories;
@@ -469,21 +471,20 @@ private IAuthenticatedEncryptorDescriptorDeserializer CreateDeserializer(string
         var resolvedTypeName = TypeForwardingActivator.TryForwardTypeName(descriptorDeserializerTypeName, out var forwardedTypeName)
             ? forwardedTypeName
             : descriptorDeserializerTypeName;
-        var type = Type.GetType(resolvedTypeName, throwOnError: false);
 
-        if (type == typeof(AuthenticatedEncryptorDescriptorDeserializer))
+        if (TypeExtensions.MatchType(resolvedTypeName, _typeNameResolver, typeof(AuthenticatedEncryptorDescriptorDeserializer)))
         {
             return _activator.CreateInstance<AuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
         }
-        else if (type == typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+        else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && TypeExtensions.MatchType(resolvedTypeName, _typeNameResolver, typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer)))
         {
             return _activator.CreateInstance<CngCbcAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
         }
-        else if (type == typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer) && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+        else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && TypeExtensions.MatchType(resolvedTypeName, _typeNameResolver, typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer)))
         {
             return _activator.CreateInstance<CngGcmAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
         }
-        else if (type == typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer))
+        else if (TypeExtensions.MatchType(resolvedTypeName, _typeNameResolver, typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer)))
         {
             return _activator.CreateInstance<ManagedAuthenticatedEncryptorDescriptorDeserializer>(descriptorDeserializerTypeName);
         }

src/DataProtection/DataProtection/src/TypeExtensions.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNetCore.DataProtection.Internal;
 
 namespace Microsoft.AspNetCore.DataProtection;
 
@@ -39,4 +40,15 @@ public static Type GetTypeWithTrimFriendlyErrorMessage(string typeName)
             throw new InvalidOperationException($"Unable to load type '{typeName}'. If the app is published with trimming then this type may have been trimmed. Ensure the type's assembly is excluded from trimming.", ex);
         }
     }
+
+    public static bool MatchType(string resolvedTypeName, ITypeNameResolver typeNameResolver, Type matchType)
+    {
+        // Before attempting to resolve the name to a type, check if it starts with the full name of the type.
+        if (matchType.FullName != null && resolvedTypeName.StartsWith(matchType.FullName, StringComparison.Ordinal))
+        {
+            return typeNameResolver.TryResolveType(resolvedTypeName, out var resolvedType) && resolvedType == matchType;
+        }
+
+        return false;
+    }
 }

src/DataProtection/DataProtection/src/XmlEncryption/XmlEncryptionExtensions.cs

@@ -16,9 +16,6 @@ namespace Microsoft.AspNetCore.DataProtection.XmlEncryption;
 
 internal static unsafe class XmlEncryptionExtensions
 {
-    // Used for testing edge case assembly loading errors
-    internal static Func<string, Type?> _getType = GetType;
-
     public static XElement DecryptElement(this XElement element, IActivator activator)
     {
         // If no decryption necessary, return original element.
@@ -72,54 +69,31 @@ public static XElement DecryptElement(this XElement element, IActivator activato
 
     private static IXmlDecryptor CreateDecryptor(IActivator activator, string decryptorTypeName)
     {
-        if (!TryGetDecryptorType(decryptorTypeName, out var type))
-        {
-            return activator.CreateInstance<IXmlDecryptor>(decryptorTypeName);
-        }
+        var resolvedTypeName = TypeForwardingActivator.TryForwardTypeName(decryptorTypeName, out var forwardedTypeName)
+            ? forwardedTypeName
+            : decryptorTypeName;
+        var typeNameResolver = activator as ITypeNameResolver ?? DefaultTypeNameResolver.Instance;
 
-        if (type == typeof(DpapiNGXmlDecryptor))
+        if (TypeExtensions.MatchType(resolvedTypeName, typeNameResolver, typeof(DpapiNGXmlDecryptor)))
         {
             return activator.CreateInstance<DpapiNGXmlDecryptor>(decryptorTypeName);
         }
-        else if (type == typeof(DpapiXmlDecryptor))
+        else if (TypeExtensions.MatchType(resolvedTypeName, typeNameResolver, typeof(DpapiXmlDecryptor)))
         {
             return activator.CreateInstance<DpapiXmlDecryptor>(decryptorTypeName);
         }
-        else if (type == typeof(EncryptedXmlDecryptor))
+        else if (TypeExtensions.MatchType(resolvedTypeName, typeNameResolver, typeof(EncryptedXmlDecryptor)))
         {
             return activator.CreateInstance<EncryptedXmlDecryptor>(decryptorTypeName);
         }
-        else if (type == typeof(NullXmlDecryptor))
+        else if (TypeExtensions.MatchType(resolvedTypeName, typeNameResolver, typeof(NullXmlDecryptor)))
         {
             return activator.CreateInstance<NullXmlDecryptor>(decryptorTypeName);
         }
 
         return activator.CreateInstance<IXmlDecryptor>(decryptorTypeName);
     }
 
-    private static bool TryGetDecryptorType(string decryptorTypeName, [NotNullWhen(true)] out Type? type)
-    {
-        var resolvedTypeName = TypeForwardingActivator.TryForwardTypeName(decryptorTypeName, out var forwardedTypeName)
-            ? forwardedTypeName
-            : decryptorTypeName;
-        try
-        {
-            // Some exceptions are thrown regardless of the value of throwOnError.
-            // For example, if the type is found but cannot be loaded,
-            // a System.TypeLoadException is thrown even if throwOnError is false.
-            type = _getType(resolvedTypeName);
-            return type is not null;
-        }
-        catch
-        {
-            type = default;
-            return false;
-        }
-    }
-
-    [UnconditionalSuppressMessage("Trimmer", "IL2057", Justification = "Type.GetType result is only useful with types that are referenced by DataProtection assembly.")]
-    private static Type? GetType(string typeName) => Type.GetType(typeName, throwOnError: false);
-
     public static XElement? EncryptIfNecessary(this IXmlEncryptor encryptor, XElement element)
     {
         // If no encryption is necessary, return null.

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/XmlEncryptionExtensionsTests.cs

@@ -50,14 +50,9 @@ public void DecryptElement_RootNodeRequiresDecryption_Success()
     }
 
     [Fact]
-    public void DecryptElement_MissingDecryptorType_Success()
+    public void DecryptElement_CustomType_TypeNameResolverNotCalled()
     {
         // Arrange
-        // We want to simulate an error loading the specified decryptor type, i.e.
-        // Could not load file or assembly 'Azure.Extensions.AspNetCore.DataProtection.Keys,
-        // Version=1.2.2.0, Culture=neutral, PublicKeyToken=92742159e12e44c8' or one of its dependencies.
-        XmlEncryptionExtensions._getType = _ => throw new TypeLoadException();
-
         var decryptorTypeName = typeof(MyXmlDecryptor).AssemblyQualifiedName;
 
         var original = XElement.Parse(@$"
@@ -67,6 +62,7 @@ public void DecryptElement_MissingDecryptorType_Success()
 
         var mockActivator = new Mock<IActivator>();
         mockActivator.ReturnDecryptedElementGivenDecryptorTypeNameAndInput(decryptorTypeName, "<node />", "<newNode />");
+        var mockTypeNameResolver = mockActivator.As<ITypeNameResolver>();
 
         var serviceCollection = new ServiceCollection();
         serviceCollection.AddSingleton<IActivator>(mockActivator.Object);
@@ -78,6 +74,72 @@ public void DecryptElement_MissingDecryptorType_Success()
 
         // Assert
         XmlAssert.Equal("<newNode />", retVal);
+        Type resolvedType;
+        mockTypeNameResolver.Verify(o => o.TryResolveType(It.IsAny<string>(), out resolvedType), Times.Never());
+    }
+
+    [Fact]
+    public void DecryptElement_KnownType_TypeNameResolverCalled()
+    {
+        // Arrange
+        var decryptorTypeName = typeof(NullXmlDecryptor).AssemblyQualifiedName;
+
+        var original = XElement.Parse(@$"
+                <x:encryptedSecret decryptorType='{decryptorTypeName}' xmlns:x='http://schemas.asp.net/2015/03/dataProtection'>
+                  <node>
+                    <value />
+                  </node>
+                </x:encryptedSecret>");
+
+        var mockActivator = new Mock<IActivator>();
+        mockActivator.Setup(o => o.CreateInstance(typeof(NullXmlDecryptor), decryptorTypeName)).Returns(new NullXmlDecryptor());
+        var mockTypeNameResolver = mockActivator.As<ITypeNameResolver>();
+        var resolvedType = typeof(NullXmlDecryptor);
+        mockTypeNameResolver.Setup(mockTypeNameResolver => mockTypeNameResolver.TryResolveType(It.IsAny<string>(), out resolvedType)).Returns(true);
+
+        var serviceCollection = new ServiceCollection();
+        serviceCollection.AddSingleton<IActivator>(mockActivator.Object);
+        var services = serviceCollection.BuildServiceProvider();
+        var activator = services.GetActivator();
+
+        // Act
+        var retVal = original.DecryptElement(activator);
+
+        // Assert
+        XmlAssert.Equal("<value />", retVal);
+        mockTypeNameResolver.Verify(o => o.TryResolveType(It.IsAny<string>(), out resolvedType), Times.Once());
+    }
+
+    [Fact]
+    public void DecryptElement_KnownType_UnableToResolveType_Success()
+    {
+        // Arrange
+        var decryptorTypeName = typeof(NullXmlDecryptor).AssemblyQualifiedName;
+
+        var original = XElement.Parse(@$"
+                <x:encryptedSecret decryptorType='{decryptorTypeName}' xmlns:x='http://schemas.asp.net/2015/03/dataProtection'>
+                  <node>
+                    <value />
+                  </node>
+                </x:encryptedSecret>");
+
+        var mockActivator = new Mock<IActivator>();
+        mockActivator.Setup(o => o.CreateInstance(typeof(IXmlDecryptor), decryptorTypeName)).Returns(new NullXmlDecryptor());
+        var mockTypeNameResolver = mockActivator.As<ITypeNameResolver>();
+        var resolvedType = typeof(NullXmlDecryptor);
+        mockTypeNameResolver.Setup(mockTypeNameResolver => mockTypeNameResolver.TryResolveType(It.IsAny<string>(), out resolvedType)).Returns(false);
+
+        var serviceCollection = new ServiceCollection();
+        serviceCollection.AddSingleton<IActivator>(mockActivator.Object);
+        var services = serviceCollection.BuildServiceProvider();
+        var activator = services.GetActivator();
+
+        // Act
+        var retVal = original.DecryptElement(activator);
+
+        // Assert
+        XmlAssert.Equal("<value />", retVal);
+        mockTypeNameResolver.Verify(o => o.TryResolveType(It.IsAny<string>(), out resolvedType), Times.Once());
     }
 
     [Fact]