Finish/verify non-windows support

[Tratcher]

There are several code paths that throw PlatformNotSupportedException on non-windows. See:
https://github.com/aspnet/DataProtection/search?utf8=%E2%9C%93&q=PlatformNotSupportedException
https://github.com/aspnet/DataProtection/search?utf8=%E2%9C%93&q=AssertPlatformIsWindows
#60

We at least need to verify how functional everything is despite these gaps, like if we really can run MusicStore on coreclr on mac or linux?

@muratg

[Tratcher]

The basic APIs will work since they auto-detect the environment at startup and choose an appropriate configuration based on what they detected. However, if the developer manually overrides the system’s auto-selected defaults, he’ll run into issues if he tries to use an unsupported API.

For instance, none of the key encryption at rest APIs will work properly on Core CLR on Linux. If you call configure.ProtectKeysWithXyz from within your startup routine, you’ll run into PlatformNotSupportedException. Likewise, if you call configure.UseCryptographicAlgorithms and specify AES_*_GCM, you’ll run into PlatformNotSupportedException.

~ Levi

[muratg]

@danroth27 Do we have the APIs available now? Should we schedule this work for Beta 8?

[GrabYourPitchforks]

A big omission is EncryptedXml support on CoreCLR. See #60 and https://github.com/dotnet/corefx/issues/1132. Search the DataProtection source code for "[[ISSUE60]]" to see all places which are affected.

[muratg]

Tentatively putting this in beta8.

[GrabYourPitchforks]

FYI - the DataProtection stack functionally works on non-Windows platforms. What this thread has been about is that there are some specific configuration settings which aren't supported, but the default "add services" logic should correctly identify the environment and not activate these particular configuration switches on non-Windows platforms. The basic IDataProtectionProvider / IDataProtector consumer APIs should behave as expected regardless of platform.

[muratg]

Assigning to myself for now until I can identify the owner for this work.

[pakrym]

User scenarios and API's not available on coreclr (mostly related to absence of EncryptedXml class):

1. EncryptedXmlDecryptor class
2. ICertificateResolver interface
3. CertificateResolver class
4. DataProtectionConfiguration.ProtectKeysWithCertificate method.

User scenarios and API's not available on non windows platforms:

1. DpapiNGXmlDecryptor and DpapiNGXmlEncryptor classes (require Windows 8 and up)
2. DpapiXmlDecryptor and DpapiXmlEncryptor classes
3. GCM encryption algorithms EncryptionAlgorithm.AES_128_GCM, EncryptionAlgorithm.AES_192_GCM, EncryptionAlgorithm.AES_256_GCM,
4. RegistryXmlRepository class

[timmydo]

Are there any updates for this? I'd like to use certificates with the DP API on .net core--I'm not sure what OOTB alternatives exist for protecting auth cookies in environments that have more than one machine. #60 @muratg

[blowdart]

We're still awaiting support for encrypted XML in Core.

[natemcmaster]

I'm looking into this for 2.0. Encrypted XML is in .NET Core 2.0, and there is tentative support for netstandard2.0 too. cref dotnet/corefx#19189