File: DefaultPersonalDataProtector.cs
Web Access
Project: src\src\Identity\Extensions.Core\src\Microsoft.Extensions.Identity.Core.csproj (Microsoft.Extensions.Identity.Core)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System;
using System.Diagnostics;
 
namespace Microsoft.AspNetCore.Identity;
 
/// <summary>
/// Default implementation of <see cref="IPersonalDataProtector"/> that uses <see cref="ILookupProtectorKeyRing"/>
/// and <see cref="ILookupProtector"/> to protect data with a payload format of {keyId}:{protectedData}
/// </summary>
public class DefaultPersonalDataProtector : IPersonalDataProtector
{
    private readonly ILookupProtectorKeyRing _keyRing;
    private readonly ILookupProtector _encryptor;
 
    /// <summary>
    /// Constructor.
    /// </summary>
    /// <param name="keyRing"></param>
    /// <param name="protector"></param>
    public DefaultPersonalDataProtector(ILookupProtectorKeyRing keyRing, ILookupProtector protector)
    {
        _keyRing = keyRing;
        _encryptor = protector;
    }
 
    /// <summary>
    /// Unprotect the data.
    /// </summary>
    /// <param name="data">The data to unprotect.</param>
    /// <returns>The unprotected data.</returns>
    public virtual string? Unprotect(string? data)
    {
        Debug.Assert(data != null);
        var split = data.IndexOf(':');
        if (split == -1 || split == data.Length - 1)
        {
            throw new InvalidOperationException("Malformed data.");
        }
 
        var keyId = data.Substring(0, split);
        return _encryptor.Unprotect(keyId, data.Substring(split + 1));
    }
 
    /// <summary>
    /// Protect the data.
    /// </summary>
    /// <param name="data">The data to protect.</param>
    /// <returns>The protected data.</returns>
    public virtual string? Protect(string? data)
    {
        var current = _keyRing.CurrentKeyId;
        return current + ":" + _encryptor.Protect(current, data);
    }
}