dotnet
diff --git a/‎eng/Tools/ApiChief/Format/FormattingExtensions.cs‎
Lines changed: 3 additions & 3 deletions b/‎eng/Tools/ApiChief/Format/FormattingExtensions.cs‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/Libraries/Microsoft.AspNetCore.Diagnostics.Middleware/Microsoft.AspNetCore.Diagnostics.Middleware.json‎
Lines changed: 68 additions & 4 deletions b/‎src/Libraries/Microsoft.AspNetCore.Diagnostics.Middleware/Microsoft.AspNetCore.Diagnostics.Middleware.json‎
Lines changed: 68 additions & 4 deletions
diff --git a/‎src/Libraries/Microsoft.Extensions.Compliance.Abstractions/Redaction/Redactor.cs‎
Lines changed: 12 additions & 10 deletions b/‎src/Libraries/Microsoft.Extensions.Compliance.Abstractions/Redaction/Redactor.cs‎
Lines changed: 12 additions & 10 deletions
diff --git a/‎src/Libraries/Microsoft.Extensions.Compliance.Redaction/HmacRedactor.cs‎
Lines changed: 157 additions & 0 deletions b/‎src/Libraries/Microsoft.Extensions.Compliance.Redaction/HmacRedactor.cs‎
Lines changed: 157 additions & 0 deletions
diff --git a/‎src/Libraries/Microsoft.Extensions.Compliance.Redaction/HmacRedactorOptions.cs‎
Lines changed: 46 additions & 0 deletions b/‎src/Libraries/Microsoft.Extensions.Compliance.Redaction/HmacRedactorOptions.cs‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎src/Libraries/Microsoft.Extensions.Compliance.Redaction/HmacRedactorOptionsValidator.cs‎
Lines changed: 11 additions & 0 deletions b/‎src/Libraries/Microsoft.Extensions.Compliance.Redaction/HmacRedactorOptionsValidator.cs‎
Lines changed: 11 additions & 0 deletions
@@ -9,9 +9,9 @@ namespace ApiChief.Format;
 
 internal static class FormattingExtensions
 {
-    private static readonly HashSet<char> _numberLiterals = new() { 'l', 'L', 'u', 'U', 'f', 'F', 'd', 'D', 'm', 'M' };
-    private static readonly HashSet<char> _secondCharInLiterals = new() { 'l', 'L', 'u', 'U' };
-    private static readonly HashSet<char> _possibleSpecialCharactersInANumber = new() { '.', 'x', 'X', 'b', 'B' };
+    private static readonly HashSet<char> _numberLiterals = ['l', 'L', 'u', 'U', 'f', 'F', 'd', 'D', 'm', 'M'];
+    private static readonly HashSet<char> _secondCharInLiterals = ['l', 'L', 'u', 'U'];
+    private static readonly HashSet<char> _possibleSpecialCharactersInANumber = ['.', 'x', 'X', 'b', 'B'];
 
     /// <summary>
     /// Ensures a single space between parameters.
 
@@ -1,6 +1,24 @@
 {
   "Name": "Microsoft.AspNetCore.Diagnostics.Middleware, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
   "Types": [
+    {
+      "Type": "static class Microsoft.Extensions.DependencyInjection.HttpLoggingServiceCollectionExtensions",
+      "Stage": "Experimental",
+      "Methods": [
+        {
+          "Member": "static Microsoft.Extensions.DependencyInjection.IServiceCollection Microsoft.Extensions.DependencyInjection.HttpLoggingServiceCollectionExtensions.AddHttpLogEnricher<T>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services);",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "static Microsoft.Extensions.DependencyInjection.IServiceCollection Microsoft.Extensions.DependencyInjection.HttpLoggingServiceCollectionExtensions.AddHttpLoggingRedaction(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions>? configure = null);",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "static Microsoft.Extensions.DependencyInjection.IServiceCollection Microsoft.Extensions.DependencyInjection.HttpLoggingServiceCollectionExtensions.AddHttpLoggingRedaction(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, Microsoft.Extensions.Configuration.IConfigurationSection section);",
+          "Stage": "Experimental"
+        }
+      ]
+    },
     {
       "Type": "static class Microsoft.AspNetCore.Diagnostics.Logging.HttpLoggingTagNames",
       "Stage": "Stable",
@@ -33,7 +51,7 @@
         {
           "Member": "const string Microsoft.AspNetCore.Diagnostics.Logging.HttpLoggingTagNames.RequestHeaderPrefix",
           "Stage": "Stable",
-          "Value": "RequestHeader_"
+          "Value": "RequestHeader."
         },
         {
           "Member": "const string Microsoft.AspNetCore.Diagnostics.Logging.HttpLoggingTagNames.ResponseBody",
@@ -43,7 +61,7 @@
         {
           "Member": "const string Microsoft.AspNetCore.Diagnostics.Logging.HttpLoggingTagNames.ResponseHeaderPrefix",
           "Stage": "Stable",
-          "Value": "ResponseHeader_"
+          "Value": "ResponseHeader."
         },
         {
           "Member": "const string Microsoft.AspNetCore.Diagnostics.Logging.HttpLoggingTagNames.StatusCode",
@@ -58,6 +76,16 @@
         }
       ]
     },
+    {
+      "Type": "interface Microsoft.AspNetCore.Diagnostics.Logging.IHttpLogEnricher",
+      "Stage": "Experimental",
+      "Methods": [
+        {
+          "Member": "void Microsoft.AspNetCore.Diagnostics.Logging.IHttpLogEnricher.Enrich(Microsoft.Extensions.Diagnostics.Enrichment.IEnrichmentTagCollector collector, Microsoft.AspNetCore.Http.HttpContext httpContext);",
+          "Stage": "Experimental"
+        }
+      ]
+    },
     {
       "Type": "enum Microsoft.AspNetCore.Diagnostics.Logging.IncomingPathLoggingMode",
       "Stage": "Stable",
@@ -80,6 +108,42 @@
         }
       ]
     },
+    {
+      "Type": "class Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions",
+      "Stage": "Experimental",
+      "Methods": [
+        {
+          "Member": "Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.LoggingRedactionOptions();",
+          "Stage": "Experimental"
+        }
+      ],
+      "Properties": [
+        {
+          "Member": "System.Collections.Generic.ISet<string> Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.ExcludePathStartsWith { get; set; }",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "System.Collections.Generic.IDictionary<string, Microsoft.Extensions.Compliance.Classification.DataClassification> Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.RequestHeadersDataClasses { get; set; }",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "Microsoft.AspNetCore.Diagnostics.Logging.IncomingPathLoggingMode Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.RequestPathLoggingMode { get; set; }",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "Microsoft.Extensions.Http.Diagnostics.HttpRouteParameterRedactionMode Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.RequestPathParameterRedactionMode { get; set; }",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "System.Collections.Generic.IDictionary<string, Microsoft.Extensions.Compliance.Classification.DataClassification> Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.ResponseHeadersDataClasses { get; set; }",
+          "Stage": "Experimental"
+        },
+        {
+          "Member": "System.Collections.Generic.IDictionary<string, Microsoft.Extensions.Compliance.Classification.DataClassification> Microsoft.AspNetCore.Diagnostics.Logging.LoggingRedactionOptions.RouteParameterDataClasses { get; set; }",
+          "Stage": "Experimental"
+        }
+      ]
+    },
     {
       "Type": "static class Microsoft.AspNetCore.Diagnostics.Latency.RequestCheckpointConstants",
       "Stage": "Stable",
@@ -136,7 +200,7 @@
       ],
       "Properties": [
         {
-          "Member": "System.Collections.Generic.IDictionary<string, Microsoft.Extensions.Compliance.Classification.DataClassification> Microsoft.AspNetCore.Diagnostics.RequestHeadersLogEnricherOptions.Logging.HeadersDataClasses { get; set; }",
+          "Member": "System.Collections.Generic.IDictionary<string, Microsoft.Extensions.Compliance.Classification.DataClassification> Microsoft.AspNetCore.Diagnostics.Logging.RequestHeadersLogEnricherOptions.HeadersDataClasses { get; set; }",
           "Stage": "Experimental"
         }
       ]
@@ -194,4 +258,4 @@
       ]
     }
   ]
-}
+}
@@ -245,30 +245,32 @@ public bool TryRedact<T>(T value, Span<char> destination, out int charsWritten,
         }
 #endif
 
-        string? str = null;
         ReadOnlySpan<char> ros = default;
         if (value is IFormattable)
         {
             var fmt = format.Length > 0 ? format.ToString() : string.Empty;
-            str = ((IFormattable)value).ToString(fmt, provider);
+            var str = ((IFormattable)value).ToString(fmt, provider);
+            if (str != null)
+            {
+                ros = str.AsSpan();
+            }
         }
         else if (value is char[])
         {
-            // An attempt to call value.ToString() on a char[] will produce a string "System.Char[]" and all redaction will be attempted on it,
-            // instead of the provided array. This will lead to incorrectly allocated buffers.
+            // An attempt to call value.ToString() on a char[] will produce the string "System.Char[]" and redaction will be attempted on it,
+            // instead of the provided array.
             //
             // Not using pattern matching as it is recognized by the JIT and since this is a generic type, the JIT ends up generating code
             // without any of those conditional statements being present. But this only happens when not using pattern matching.
             ros = ((char[])(object)value).AsSpan();
         }
         else
         {
-            str = value?.ToString();
-        }
-
-        if (str is not null)
-        {
-            ros = str.AsSpan();
+            var str = value?.ToString();
+            if (str != null)
+            {
+                ros = str.AsSpan();
+            }
         }
 
         int len = GetRedactedLength(ros);
 
@@ -0,0 +1,157 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Security.Cryptography;
+using Microsoft.Extensions.Options;
+using Microsoft.Shared.Diagnostics;
+using Microsoft.Shared.Text;
+
+#if NET6_0_OR_GREATER
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+#else
+using System.Diagnostics.CodeAnalysis;
+using System.Text;
+#endif
+
+namespace Microsoft.Extensions.Compliance.Redaction;
+
+internal sealed class HmacRedactor : Redactor
+{
+#if NET6_0_OR_GREATER
+    private const int SHA256HashSizeInBytes = 32;
+#endif
+    private const int BytesOfHashWeUse = 16;
+
+    /// <remarks>
+    /// Magic numbers are formula for calculating base64 length with padding.
+    /// </remarks>
+    private const int Base64HashLength = ((BytesOfHashWeUse + 2) / 3) * 4;
+
+    private readonly int _redactedLength;
+    private readonly byte[] _hashKey;
+    private readonly string _keyId;
+
+    public HmacRedactor(IOptions<HmacRedactorOptions> options)
+    {
+        var value = Throw.IfMemberNull(options, options.Value);
+
+        _hashKey = Convert.FromBase64String(value.Key);
+        _keyId = value.KeyId.HasValue ? value.KeyId.Value.ToInvariantString() + ':' : string.Empty;
+        _redactedLength = Base64HashLength + _keyId.Length;
+    }
+
+    public override int GetRedactedLength(ReadOnlySpan<char> source)
+    {
+        if (source.IsEmpty)
+        {
+            return 0;
+        }
+
+        return _redactedLength;
+    }
+
+#if NET6_0_OR_GREATER
+    public override int Redact(ReadOnlySpan<char> source, Span<char> destination)
+    {
+        var length = GetRedactedLength(source);
+        if (length == 0)
+        {
+            return 0;
+        }
+
+        Throw.IfBufferTooSmall(destination.Length, length, nameof(destination));
+
+        _keyId.AsSpan().CopyTo(destination);
+        return CreateSha256Hash(source, destination[_keyId.Length..], _hashKey) + _keyId.Length;
+    }
+
+    [SkipLocalsInit]
+    private static int CreateSha256Hash(ReadOnlySpan<char> source, Span<char> destination, byte[] hashKey)
+    {
+        Span<byte> hashBuffer = stackalloc byte[SHA256HashSizeInBytes];
+
+        _ = HMACSHA256.HashData(hashKey, MemoryMarshal.AsBytes(source), hashBuffer);
+
+        // this won't fail, we ensured the destination is big enough previously
+        _ = Convert.TryToBase64Chars(hashBuffer.Slice(0, BytesOfHashWeUse), destination, out int charsWritten);
+
+        return charsWritten;
+    }
+
+#else
+
+    public override int Redact(ReadOnlySpan<char> source, Span<char> destination)
+    {
+        const int RemainingBytesToPadForBase64Hash = BytesOfHashWeUse % 3;
+
+        var length = GetRedactedLength(source);
+        if (length == 0)
+        {
+            return 0;
+        }
+
+        Throw.IfBufferTooSmall(destination.Length, length, nameof(destination));
+
+        _keyId.AsSpan().CopyTo(destination);
+        return ConvertBytesToBase64(CreateSha256Hash(source, _hashKey), destination, RemainingBytesToPadForBase64Hash, _keyId.Length) + _keyId.Length;
+    }
+
+    private static byte[] CreateSha256Hash(ReadOnlySpan<char> value, byte[] hashKey)
+    {
+        using var hmac = new HMACSHA256(hashKey);
+        return hmac.ComputeHash(Encoding.Unicode.GetBytes(value.ToArray()));
+    }
+
+    private static readonly char[] _base64CharactersTable =
+    {
+        'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O',
+        'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
+        'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's',
+        't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
+        '8', '9', '+', '/', '=',
+    };
+
+    [SuppressMessage("Code smell", "S109", Justification = "Bit operation.")]
+    private static int ConvertBytesToBase64(byte[] hashToConvert, Span<char> destination, int remainingBytesToPad, int startOffset)
+    {
+        var iterations = BytesOfHashWeUse - remainingBytesToPad;
+        var offset = startOffset;
+
+        unchecked
+        {
+            for (var i = 0; i < iterations; i += 3)
+            {
+                destination[offset] = _base64CharactersTable[(hashToConvert[i] & 0xfc) >> 2];
+                destination[offset + 1] = _base64CharactersTable[((hashToConvert[i] & 0x03) << 4) | ((hashToConvert[i + 1] & 0xf0) >> 4)];
+                destination[offset + 2] = _base64CharactersTable[((hashToConvert[i + 1] & 0x0f) << 2) | ((hashToConvert[i + 2] & 0xc0) >> 6)];
+                destination[offset + 3] = _base64CharactersTable[hashToConvert[i + 2] & 0x3f];
+                offset += 4;
+            }
+
+            if (remainingBytesToPad == 2)
+            {
+                destination[offset] = _base64CharactersTable[(hashToConvert[iterations] & 0xfc) >> 2];
+                destination[offset + 1] = _base64CharactersTable[((hashToConvert[iterations] & 0x03) << 4) | ((hashToConvert[iterations + 1] & 0xf0) >> 4)];
+                destination[offset + 2] = _base64CharactersTable[(hashToConvert[iterations + 1] & 0x0f) << 2];
+                destination[offset + 3] = _base64CharactersTable[64];
+                offset += 4;
+            }
+
+            if (remainingBytesToPad == 1)
+            {
+                destination[offset] = _base64CharactersTable[(hashToConvert[iterations] & 0xfc) >> 2];
+                destination[offset + 1] = _base64CharactersTable[(hashToConvert[iterations] & 0x03) << 4];
+                destination[offset + 2] = _base64CharactersTable[64];
+                destination[offset + 3] = _base64CharactersTable[64];
+                offset += 4;
+            }
+        }
+
+        var charsWritten = offset - startOffset;
+        return charsWritten;
+    }
+
+#endif
+}
@@ -0,0 +1,46 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.Shared.DiagnosticIds;
+
+namespace Microsoft.Extensions.Compliance.Redaction;
+
+/// <summary>
+/// A redactor using HMACSHA256 to encode data being redacted.
+/// </summary>
+[Experimental(diagnosticId: DiagnosticIds.Experiments.Compliance, UrlFormat = DiagnosticIds.UrlFormat)]
+public class HmacRedactorOptions
+{
+    /// <summary>
+    /// Gets or sets the key ID.
+    /// </summary>
+    /// <value>
+    /// Default set to <see langword="null"/>.
+    /// </value>
+    /// <remarks>
+    /// The key id is appended to each redacted value and is intended to identity the key that was used to hash the data.
+    /// In general, every distinct key should have a unique id associated with it. When the hashed values have different key ids,
+    /// it means the values are unrelated and can't be used for correlation.
+    /// </remarks>
+    public int? KeyId { get; set; }
+
+    /// <summary>
+    /// Gets or sets the hashing key.
+    /// </summary>
+    /// <remarks>
+    /// The key is specified in base 64 format, and must be a minimum of 44 characters long.
+    ///
+    /// We recommend using a distinct key for each major deployment of a service (say for each region the service is in). Additionally,
+    /// the key material should be kept secret, and rotated on a regular basis.
+    /// </remarks>
+    /// <value>
+    /// Default set to <see cref="string.Empty" />.
+    /// </value>
+    [StringSyntax("Base64")]
+#if NET8_0_OR_GREATER
+    [System.ComponentModel.DataAnnotations.Base64String]
+#endif
+    [Microsoft.Shared.Data.Validation.Length(44)]
+    public string Key { get; set; } = string.Empty;
+}
@@ -0,0 +1,11 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.Compliance.Redaction;
+
+[OptionsValidator]
+internal sealed partial class HmacRedactorOptionsValidator : IValidateOptions<HmacRedactorOptions>
+{
+}