Merge branch 'main' into dev-feature-sdkmigration

Author: drewgillies

Directory.Packages.props

@@ -12,13 +12,13 @@
     <PackageVersion Include="Autofac.Owin" Version="4.2.0" />
     <PackageVersion Include="Autofac.WebApi2" Version="4.1.0" />
     <PackageVersion Include="Autofac" Version="4.9.1" />
-    <PackageVersion Include="Azure.Core" Version="1.40.0" />
+    <PackageVersion Include="Azure.Core" Version="1.44.1" />
     <PackageVersion Include="Azure.Data.Tables" Version="12.8.3" />
-    <PackageVersion Include="Azure.Identity" Version="1.12.0" />
+    <PackageVersion Include="Azure.Identity" Version="1.12.1" />
     <PackageVersion Include="Azure.Messaging.ServiceBus" Version="7.16.1" />
     <PackageVersion Include="Azure.Search.Documents" Version="11.4.0-beta.6" />
     <PackageVersion Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
-    <PackageVersion Include="Azure.Storage.Blobs" Version="12.20.0" />
+    <PackageVersion Include="Azure.Storage.Blobs" Version="12.22.2" />
     <PackageVersion Include="Azure.Storage.Queues" Version="12.18.0" />
     <PackageVersion Include="CommonMark.NET" Version="0.15.1" />
     <PackageVersion Include="CsvHelper" Version="7.1.1" />
@@ -40,18 +40,18 @@
     <PackageVersion Include="Microsoft.ApplicationInsights" Version="2.21.0" />
     <PackageVersion Include="Microsoft.AspNet.DynamicData.EFProvider" Version="6.0.0" />
     <PackageVersion Include="Microsoft.AspNet.Identity.Core" Version="1.0.0" />
-    <PackageVersion Include="Microsoft.AspNet.Mvc" Version="5.2.3" />
+    <PackageVersion Include="Microsoft.AspNet.Mvc" Version="5.2.9" />
     <PackageVersion Include="Microsoft.AspNet.Razor" Version="3.2.9" />
     <PackageVersion Include="Microsoft.AspNet.Web.Optimization" Version="1.1.3" />
-    <PackageVersion Include="Microsoft.AspNet.WebApi.Client" Version="5.2.3" />
-    <PackageVersion Include="Microsoft.AspNet.WebApi.Core" Version="5.2.3" />
+    <PackageVersion Include="Microsoft.AspNet.WebApi.Client" Version="5.2.9" />
+    <PackageVersion Include="Microsoft.AspNet.WebApi.Core" Version="5.2.9" />
     <PackageVersion Include="Microsoft.AspNet.WebApi.MessageHandlers.Compression.StrongName" Version="1.3.0" />
     <PackageVersion Include="Microsoft.AspNet.WebApi.OData" Version="5.7.0" />
-    <PackageVersion Include="Microsoft.AspNet.WebApi.WebHost" Version="5.2.3" />
-    <PackageVersion Include="Microsoft.AspNet.WebHelpers" Version="3.2.3" />
-    <PackageVersion Include="Microsoft.AspNet.WebPages.Data" Version="3.2.3" />
-    <PackageVersion Include="Microsoft.AspNet.WebPages.WebData" Version="3.2.3" />
-    <PackageVersion Include="Microsoft.AspNet.WebPages" Version="3.2.3" />
+    <PackageVersion Include="Microsoft.AspNet.WebApi.WebHost" Version="5.2.9" />
+    <PackageVersion Include="Microsoft.AspNet.WebHelpers" Version="3.2.9" />
+    <PackageVersion Include="Microsoft.AspNet.WebPages.Data" Version="3.2.9" />
+    <PackageVersion Include="Microsoft.AspNet.WebPages.WebData" Version="3.2.9" />
+    <PackageVersion Include="Microsoft.AspNet.WebPages" Version="3.2.9" />
     <PackageVersion Include="Microsoft.AspNetCore.Cryptography.Internal" Version="1.0.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="1.0.0" />
     <PackageVersion Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
@@ -77,7 +77,7 @@
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="2.2.0" />
     <PackageVersion Include="Microsoft.Extensions.Options" Version="2.2.0" />
     <PackageVersion Include="Microsoft.Extensions.Primitives" Version="2.2.0" />
-    <PackageVersion Include="Microsoft.Identity.Client" Version="4.61.3" />
+    <PackageVersion Include="Microsoft.Identity.Client" Version="4.65.0" />
     <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.3.1" />
     <PackageVersion Include="Microsoft.Net.Http" Version="2.2.29" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
@@ -133,13 +133,14 @@
     <PackageVersion Include="System.Data.SqlClient" Version="4.8.6" />
     <PackageVersion Include="System.Diagnostics.Debug" Version="4.3.0" />
     <PackageVersion Include="System.Drawing.Common" Version="4.7.2" />
-    <PackageVersion Include="System.Formats.Asn1" Version="6.0.1" />
+    <PackageVersion Include="System.Formats.Asn1" Version="8.0.1" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="5.7.0" />
     <PackageVersion Include="System.Linq.Expressions" Version="4.3.0" />
     <PackageVersion Include="System.Net.Http" Version="4.3.4" />
     <PackageVersion Include="System.Reflection.Metadata" Version="1.7.0-preview1-26717-04" />
     <PackageVersion Include="System.Runtime" Version="4.3.1" />
     <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />
-    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.5" />
     <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageVersion Include="System.ValueTuple" Version="4.5.0" />
     <PackageVersion Include="Test.Utility" Version="6.4.2-rc.25" />
@@ -151,4 +152,4 @@
     <PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
     <PackageVersion Include="xunit" Version="2.9.0" />
   </ItemGroup>
-</Project>
+</Project>

src/Catalog/Persistence/AzureStorage.cs

@@ -421,7 +421,7 @@ protected override async Task OnDeleteAsync(Uri resourceUri, DeleteRequestOption
             string blobName = GetName(resourceUri);
             BlobRequestConditions accessCondition = (deleteRequestOptions as DeleteRequestOptionsWithAccessCondition)?.BlobRequestConditions;
             BlockBlobClient blobClient = GetBlockBlobReference(blobName);
-            await blobClient.DeleteAsync(DeleteSnapshotsOption.IncludeSnapshots, accessCondition, cancellationToken);
+            await blobClient.DeleteIfExistsAsync(DeleteSnapshotsOption.IncludeSnapshots, accessCondition, cancellationToken);
         }
 
         public override Uri GetUri(string name)

src/Catalog/Persistence/Storage.cs

@@ -8,8 +8,8 @@
 using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
+using Azure;
 using Newtonsoft.Json;
-using NuGetGallery;
 
 namespace NuGet.Services.Metadata.Catalog.Persistence
 {
@@ -125,21 +125,9 @@ public async Task DeleteAsync(Uri resourceUri, CancellationToken cancellationTok
             {
                 await OnDeleteAsync(resourceUri, deleteRequestOptions, cancellationToken);
             }
-            catch (CloudBlobStorageException e)
+            catch (RequestFailedException e) when (e.Status == (int)HttpStatusCode.NotFound)
             {
-                WebException webException = e.InnerException as WebException;
-                if (webException != null)
-                {
-                    HttpStatusCode statusCode = ((HttpWebResponse)webException.Response).StatusCode;
-                    if (statusCode != HttpStatusCode.NotFound)
-                    {
-                        throw;
-                    }
-                }
-                else
-                {
-                    throw;
-                }
+                // continue
             }
             catch (Exception e)
             {

src/NuGet.Protocol.Catalog/NuGet.Protocol.Catalog.csproj

@@ -11,6 +11,7 @@
     <PackageReference Include="Newtonsoft.Json" />
     <PackageReference Include="NuGet.Protocol" />
     <PackageReference Include="System.Formats.Asn1" />
+    <PackageReference Include="System.Text.Json" />
   </ItemGroup>
 
 </Project>

src/NuGet.Services.Configuration/ConfigurationUtility.cs

@@ -1,8 +1,13 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.ComponentModel;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using NuGet.Services.KeyVault;
 
 namespace NuGet.Services.Configuration
 {
@@ -25,5 +30,40 @@ public static T ConvertFromString<T>(string value)
 
             throw new NotSupportedException("No converter exists from string to " + typeof(T).Name + "!");
         }
+
+        /// <summary>
+        /// Injects secret into a string trying to use cached value first. If the value is absent
+        /// in cache, falls back to actually querying underlying secret store.
+        /// </summary>
+        /// <param name="value">String to inject secret into.</param>
+        /// <param name="secretInjector">Caching secret injector to use.</param>
+        /// <param name="logger">Logger.</param>
+        /// <returns>String with secrets injected.</returns>
+        public static string InjectCachedSecret(string value, ICachingSecretInjector secretInjector, ILogger logger)
+        {
+            if (secretInjector.TryInjectCached(value, logger, out var injectedValue))
+            {
+                return injectedValue;
+            }
+            return secretInjector.Inject(value, logger);
+        }
+
+        public static IServiceCollection ConfigureInjected<T>(this IServiceCollection services, string sectionPrefix)
+            where T : class
+            => services.AddSingleton(sp => GetInjectedOptions<T>(sp, sectionPrefix));
+
+        private static IConfigureOptions<T> GetInjectedOptions<T>(IServiceProvider sp, string sectionPrefix)
+            where T : class
+        {
+            return new ConfigureNamedOptions<T, IConfiguration>(
+                Options.DefaultName,
+                sp.GetRequiredService<IConfiguration>(),
+                (settings, configuration) =>
+                    new SecretInjectedConfiguration(
+                        configuration.GetSection(sectionPrefix),
+                        sp.GetRequiredService<ICachingSecretInjector>(),
+                        sp.GetRequiredService<ILogger<SecretInjectedConfiguration>>())
+                    .Bind(settings));
+        }
     }
 }

src/NuGet.Services.Configuration/NuGet.Services.Configuration.csproj

@@ -8,6 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
     <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" />

src/NuGet.Services.Configuration/SecretInjectedConfiguration.cs

@@ -0,0 +1,46 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
+using NuGet.Services.KeyVault;
+
+namespace NuGet.Services.Configuration
+{
+    public class SecretInjectedConfiguration : IConfiguration
+    {
+        protected readonly IConfiguration _baseConfiguration;
+        protected readonly ICachingSecretInjector _secretInjector;
+        protected readonly ILogger _logger;
+
+        public SecretInjectedConfiguration(
+            IConfiguration baseConfiguration,
+            ICachingSecretInjector secretInjector,
+            ILogger logger)
+        {
+            _baseConfiguration = baseConfiguration ?? throw new ArgumentNullException(nameof(baseConfiguration));
+            _secretInjector = secretInjector ?? throw new ArgumentNullException(nameof(secretInjector));
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+        }
+
+        public string this[string key]
+        {
+            get => ConfigurationUtility.InjectCachedSecret(_baseConfiguration[key], _secretInjector, _logger);
+            set => _baseConfiguration[key] = value;
+        }
+
+        public IEnumerable<IConfigurationSection> GetChildren() =>
+            _baseConfiguration.GetChildren().Select(originalSection => new SecretInjectedConfigurationSection(originalSection, _secretInjector, _logger));
+
+
+        public IChangeToken GetReloadToken() =>
+            _baseConfiguration.GetReloadToken();
+
+        public IConfigurationSection GetSection(string key) =>
+            new SecretInjectedConfigurationSection(_baseConfiguration.GetSection(key), _secretInjector, _logger);
+    }
+}

src/NuGet.Services.Configuration/SecretInjectedConfigurationSection.cs

@@ -0,0 +1,38 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
+using NuGet.Services.KeyVault;
+
+namespace NuGet.Services.Configuration
+{
+    public class SecretInjectedConfigurationSection : SecretInjectedConfiguration, IConfigurationSection
+    {
+        public SecretInjectedConfigurationSection(
+            IConfigurationSection baseSection,
+            ICachingSecretInjector secretInjector,
+            ILogger logger)
+            : base(baseSection, secretInjector, logger)
+        {
+        }
+
+        private IConfigurationSection BaseSection => (IConfigurationSection)_baseConfiguration;
+
+        public string Key => BaseSection.Key;
+
+        public string Path => BaseSection.Path;
+
+        public string Value
+        {
+            get => ConfigurationUtility.InjectCachedSecret(BaseSection.Value, _secretInjector, _logger);
+            set => BaseSection.Value = value;
+        }
+    }
+}

src/NuGet.Services.Entities/Extensions/ExceptionExtensions.cs

@@ -0,0 +1,34 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Data;
+using System.Data.SqlClient;
+
+namespace NuGet.Services.Entities
+{
+    public static class ExceptionExtensions
+    {
+        public static bool IsSqlUniqueConstraintViolation(this DataException exception)
+        {
+            Exception current = exception;
+            while (current is not null)
+            {
+                if (current is SqlException sqlException)
+                {
+                    switch (sqlException.Number)
+                    {
+                        case 547:  // Constraint check violation: https://learn.microsoft.com/en-us/sql/relational-databases/errors-events/database-engine-events-and-errors-0-to-999
+                        case 2601: // Duplicated key row error: https://learn.microsoft.com/en-us/sql/relational-databases/replication/mssql-eng002601
+                        case 2627: // Unique constraint error: https://learn.microsoft.com/en-us/sql/relational-databases/replication/mssql-eng002627
+                            return true;
+                    }
+                }
+
+                current = current.InnerException;
+            }
+
+            return false;
+        }
+    }
+}

src/NuGet.Services.KeyVault/KeyVaultReader.cs

@@ -13,14 +13,23 @@ namespace NuGet.Services.KeyVault
 {
     /// <summary>
     /// Reads secretes from KeyVault.
-    /// Authentication with KeyVault is done using either a managed identity or a certificate in location:LocalMachine store name:My 
+    /// Authentication with KeyVault is done using either a managed identity or a certificate in location:LocalMachine store name:My
     /// </summary>
     public class KeyVaultReader : ISecretReader
     {
         private readonly KeyVaultConfiguration _configuration;
         private readonly Lazy<SecretClient> _keyVaultClient;
-
         protected SecretClient KeyVaultClient => _keyVaultClient.Value;
+        internal bool _testMode;
+        internal bool _isUsingSendx5c;
+
+        internal KeyVaultReader(SecretClient secretClient, KeyVaultConfiguration configuration, bool testMode = false)
+        {
+            _configuration = configuration;
+            _keyVaultClient = new Lazy<SecretClient>(() => secretClient);
+            _testMode = testMode;
+            InitializeClient();
+        }
 
         public KeyVaultReader(KeyVaultConfiguration configuration)
         {
@@ -97,10 +106,27 @@ private SecretClient InitializeClient()
                     credential = new ManagedIdentityCredential(_configuration.ClientId);
                 }
             }
+            else if (_configuration.SendX5c)
+            {
+                var clientCredentialOptions = new ClientCertificateCredentialOptions
+                {
+                    SendCertificateChain = true
+                };
+
+                credential = new ClientCertificateCredential(_configuration.TenantId, _configuration.ClientId, _configuration.Certificate, clientCredentialOptions);
+
+                // If we are in unit testing mode, we dont actually create a SecretClient
+                if (_testMode)
+                {
+                    _isUsingSendx5c = true;
+                    return _keyVaultClient.Value;
+                }
+            }
             else
             {
                 credential = new ClientCertificateCredential(_configuration.TenantId, _configuration.ClientId, _configuration.Certificate);
             }
+
             return new SecretClient(GetKeyVaultUri(_configuration), credential);
         }