Ensure DataProtection can be used in trimmed apps. (#48082)

* Add a DynamicDependency to ensure Aes decryption works in EncryptedXmlDecryptor
* Suppress the warnings from EncryptedXml
* Add trimming tests to ensure these scenarios work correctly.
* Remove the RequiresUnreferencedCode attribute on AddAuthentication, since this is the only thing in that method that has warnings.

Fix #47695

* Fix parallel build to not copy files to the same destination

Author: eerhardt

AspNetCore.sln

@@ -499,7 +499,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Crypto
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Cryptography.KeyDerivation.Tests", "src\DataProtection\Cryptography.KeyDerivation\test\Microsoft.AspNetCore.Cryptography.KeyDerivation.Tests.csproj", "{F421D0C4-6EF7-48B7-9213-AFD21322E08B}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.DataProtection.Tests", "src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.Tests.csproj", "{696BE515-B3AB-4925-969C-350F1BDA5C30}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.DataProtection.Tests", "src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.Tests\Microsoft.AspNetCore.DataProtection.Tests.csproj", "{696BE515-B3AB-4925-969C-350F1BDA5C30}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.DataProtection.Extensions.Tests", "src\DataProtection\Extensions\test\Microsoft.AspNetCore.DataProtection.Extensions.Tests.csproj", "{3CB3CA43-6D65-4DDE-B5E3-A9E0DF957E38}"
 EndProject

eng/RequiresDelayedBuildProjects.props

@@ -8,6 +8,8 @@
 -->
 <Project>
   <ItemGroup>
+    <RequiresDelayedBuild Include="$(RepoRoot)src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.TrimmingTests\Microsoft.AspNetCore.DataProtection.TrimmingTests.proj" />
+    <RequiresDelayedBuild Include="$(RepoRoot)src\DefaultBuilder\test\Microsoft.AspNetCore.NativeAotTests\Microsoft.AspNetCore.NativeAotTests.proj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\perf\Microsoft.AspNetCore.Grpc.Microbenchmarks\Microsoft.AspNetCore.Grpc.Microbenchmarks.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\src\Microsoft.AspNetCore.Grpc.JsonTranscoding\Microsoft.AspNetCore.Grpc.JsonTranscoding.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\src\Microsoft.AspNetCore.Grpc.Swagger\Microsoft.AspNetCore.Grpc.Swagger.csproj" />
@@ -17,6 +19,5 @@
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\test\testassets\IntegrationTestsWebsite\IntegrationTestsWebsite.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\test\testassets\Sandbox\Sandbox.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\ProjectTemplates\test\Templates.Blazor.Tests\Templates.Blazor.Tests.csproj" />
-    <RequiresDelayedBuild Include="$(RepoRoot)src\DefaultBuilder\test\Microsoft.AspNetCore.NativeAotTests\Microsoft.AspNetCore.NativeAotTests.proj" />
   </ItemGroup>
 </Project>

eng/testing/linker/SupportFiles/Directory.Build.targets

@@ -1,5 +1,5 @@
 <Project>
-  
+
   <PropertyGroup>
     <!-- Used to silence the warning caused by the workaround for https://github.com/dotnet/runtime/issues/81382 -->
     <SuppressGenerateILCompilerExplicitPackageReferenceWarning>true</SuppressGenerateILCompilerExplicitPackageReferenceWarning>
@@ -20,6 +20,7 @@
   -->
   <ItemGroup>
     <ProjectReference Include="$(RepoRoot)src\DefaultBuilder\src\Microsoft.AspNetCore.csproj" />
+    <ProjectReference Include="$(RepoRoot)src\DataProtection\Extensions\src\Microsoft.AspNetCore.DataProtection.Extensions.csproj" />
   </ItemGroup>
-  
+
 </Project>

eng/testing/linker/trimmingTests.targets

@@ -5,15 +5,17 @@
     <TestConsoleAppSourceFiles Condition="'@(TestConsoleAppSourceFiles)' == ''" Include="$(MSBuildProjectDirectory)\*.cs" />
 
     <TestSupportFiles Include="$(MSBuildThisFileDirectory)SupportFiles\Directory.Build.*">
-      <DestinationFolder>$(TrimmingTestDir)</DestinationFolder>
+      <DestinationFolder>$([MSBuild]::NormalizeDirectory('$(TrimmingTestProjectsDir)', '$(MSBuildProjectName)'))</DestinationFolder>
     </TestSupportFiles>
   </ItemGroup>
 
   <Target Name="CreateTestDir"
           Inputs="@(TestSupportFiles)"
           Outputs="@(TestSupportFiles->'%(DestinationFolder)\%(FileName)%(Extension)')">
     <MakeDir Directories="%(TestSupportFiles.DestinationFolder)" />
-    <Copy SourceFiles="@(TestSupportFiles)" DestinationFolder="%(TestSupportFiles.DestinationFolder)" />
+    <Copy SourceFiles="@(TestSupportFiles)"
+          DestinationFolder="%(TestSupportFiles.DestinationFolder)"
+          SkipUnchangedFiles="true" />
   </Target>
 
   <Target Name="GetTestConsoleApps">

src/DataProtection/DataProtection.slnf

@@ -9,7 +9,7 @@
       "src\\DataProtection\\Cryptography.KeyDerivation\\src\\Microsoft.AspNetCore.Cryptography.KeyDerivation.csproj",
       "src\\DataProtection\\Cryptography.KeyDerivation\\test\\Microsoft.AspNetCore.Cryptography.KeyDerivation.Tests.csproj",
       "src\\DataProtection\\DataProtection\\src\\Microsoft.AspNetCore.DataProtection.csproj",
-      "src\\DataProtection\\DataProtection\\test\\Microsoft.AspNetCore.DataProtection.Tests.csproj",
+      "src\\DataProtection\\DataProtection\\test\\Microsoft.AspNetCore.DataProtection.Tests\\Microsoft.AspNetCore.DataProtection.Tests.csproj",
       "src\\DataProtection\\EntityFrameworkCore\\src\\Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.csproj",
       "src\\DataProtection\\EntityFrameworkCore\\test\\Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.Test.csproj",
       "src\\DataProtection\\Extensions\\src\\Microsoft.AspNetCore.DataProtection.Extensions.csproj",

src/DataProtection/DataProtection/src/Microsoft.AspNetCore.DataProtection.WarningSuppressions.xml

@@ -76,8 +76,10 @@ public EncryptedXmlInfo Encrypt(XElement plaintextElement)
         return new EncryptedXmlInfo(encryptedElement, typeof(EncryptedXmlDecryptor));
     }
 
+    [UnconditionalSuppressMessage("AOT", "IL2026:RequiresUnreferencedCode",
+        Justification = "This usage of EncryptedXml to encrypt an XElement using a X509Certificate2 does not use reflection.")]
     [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode",
-        Justification = "Only XSLTs require dynamic code. The usage of EncryptedXml doesn't use XSLTs.")]
+        Justification = "This usage of EncryptedXml to encrypt an XElement using a X509Certificate2 does not use XSLTs.")]
     private XElement EncryptElement(XElement plaintextElement)
     {
         // EncryptedXml works with XmlDocument, not XLinq. When we perform the conversion
@@ -88,9 +90,7 @@ private XElement EncryptElement(XElement plaintextElement)
         var elementToEncrypt = (XmlElement)xmlDocument.DocumentElement!.FirstChild!;
 
         // Perform the encryption and update the document in-place.
-#pragma warning disable IL2026 // TODO: https://github.com/dotnet/aspnetcore/issues/47695
         var encryptedXml = new EncryptedXml(xmlDocument);
-#pragma warning restore IL2026
         var encryptedData = _encryptor.PerformEncryption(encryptedXml, elementToEncrypt);
         EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, content: false);
 

src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Cryptography.Xml;
 using System.Xml;
@@ -44,6 +45,13 @@ public EncryptedXmlDecryptor(IServiceProvider? services)
     /// </summary>
     /// <param name="encryptedElement">An encrypted XML element.</param>
     /// <returns>The decrypted form of <paramref name="encryptedElement"/>.</returns>
+#pragma warning disable SYSLIB0022 // Rijndael types are obsolete
+    // RijndaelManaged (aka AES) is used by default. If we find another important algorithm, we should add it here as well.
+    // In the meantime, a useful exception will be thrown in a trimmed app if the algorithm can't be found.
+    [DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(RijndaelManaged))]
+#pragma warning restore SYSLIB0022
+    [UnconditionalSuppressMessage("AOT", "IL2026:RequiresUnreferencedCode",
+        Justification = "The common algorithms are being preserved by the above DynamicDependency attributes.")]
     [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode",
         Justification = "Only XSLTs require dynamic code. The usage of EncryptedXml doesn't use XSLTs.")]
     public XElement Decrypt(XElement encryptedElement)
@@ -83,10 +91,9 @@ private sealed class EncryptedXmlWithCertificateKeys : EncryptedXml
         private readonly XmlKeyDecryptionOptions? _options;
 
         [RequiresDynamicCode("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
+        [RequiresUnreferencedCode("The algorithm implementations referenced in the XML payload might be removed.")]
         public EncryptedXmlWithCertificateKeys(XmlKeyDecryptionOptions? options, XmlDocument document)
-#pragma warning disable IL2026 // TODO: https://github.com/dotnet/aspnetcore/issues/47695
             : base(document)
-#pragma warning restore IL2026
         {
             _options = options;
         }