From 8c63acb58113a5286dd8656dc322a6adc824d011 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Thu, 4 May 2023 18:45:40 -0500
Subject: [PATCH 1/7] Ensure DataProtection can be used in trimmed apps.

Fix #47695
---
 AspNetCore.sln                                |   2 +-
 .../SupportFiles/Directory.Build.targets      |   5 +-
 src/DataProtection/DataProtection.slnf        |   2 +-
 ...ore.DataProtection.WarningSuppressions.xml |  17 --
 .../XmlEncryption/CertificateXmlEncryptor.cs  |   5 +-
 .../XmlEncryption/EncryptedXmlDecryptor.cs    |   9 +-
 .../ActivatorTests.cs                         |   0
 ...CngCbcAuthenticatedEncryptorFactoryTest.cs |   0
 ...CngGcmAuthenticatedEncryptorFactoryTest.cs |   0
 ...tedEncryptorDescriptorDeserializerTests.cs |   0
 .../AuthenticatedEncryptorDescriptorTests.cs  |   0
 ...uthenticatedEncryptorConfigurationTests.cs |   0
 ...tedEncryptorDescriptorDeserializerTests.cs |   0
 ...bcAuthenticatedEncryptorDescriptorTests.cs |   0
 ...uthenticatedEncryptorConfigurationTests.cs |   0
 ...tedEncryptorDescriptorDeserializerTests.cs |   0
 ...cmAuthenticatedEncryptorDescriptorTests.cs |   0
 ...uthenticatedEncryptorConfigurationTests.cs |   0
 ...tedEncryptorDescriptorDeserializerTests.cs |   0
 ...edAuthenticatedEncryptorDescriptorTests.cs |   0
 ...anagedAuthenticatedEncryptorFactoryTest.cs |   0
 .../Cng/CbcAuthenticatedEncryptorTests.cs     |   0
 .../Cng/CngAuthenticatedEncryptorBaseTests.cs |   0
 .../Cng/GcmAuthenticatedEncryptorTests.cs     |   0
 .../ContainerUtilsTests.cs                    |   0
 .../DataProtectionUtilityExtensionsTests.cs   |   0
 .../EphemeralDataProtectionProviderTests.cs   |   0
 .../HostingTests.cs                           |   0
 .../Internal/KeyManagementOptionsSetupTest.cs |   0
 .../KeyManagement/CacheableKeyRingTests.cs    |   0
 .../KeyManagement/DefaultKeyResolverTests.cs  |   0
 .../KeyManagement/DeferredKeyTests.cs         |   0
 ...KeyEscrowServiceProviderExtensionsTests.cs |   0
 .../KeyRingBasedDataProtectorTests.cs         |   0
 .../KeyManagement/KeyRingProviderTests.cs     |   0
 .../KeyManagement/KeyRingTests.cs             |   0
 .../KeyManagement/KeyTests.cs                 |   0
 .../KeyManagement/XmlKeyManagerTests.cs       |   0
 .../ManagedAuthenticatedEncryptorTests.cs     |   0
 ...oft.AspNetCore.DataProtection.Tests.csproj |   0
 .../MockExtensions.cs                         |   0
 .../RegistryPolicyResolverTests.cs            |   0
 .../EphemeralXmlRepositoryTests.cs            |   0
 .../FileSystemXmlRepositoryTests.cs           |   0
 .../RegistryXmlRepositoryTests.cs             |   0
 .../SP800_108/SP800_108Tests.cs               |   0
 .../SecretAssert.cs                           |   0
 .../SecretTests.cs                            |   0
 .../SequentialGenRandom.cs                    |   0
 .../ServiceCollectionTests.cs                 |   0
 .../StringLoggerFactory.cs                    |   0
 .../TestFiles/TestCert1.PublicKeyOnly.cer     | Bin
 .../TestFiles/TestCert1.pfx                   | Bin
 .../TestFiles/TestCert2.pfx                   | Bin
 .../TypeForwardingActivatorTests.cs           |   0
 .../XmlAssert.cs                              |   0
 .../CertificateXmlEncryptionTests.cs          |   0
 .../DpapiNGXmlEncryptionTests.cs              |   0
 .../XmlEncryption/DpapiXmlEncryptionTests.cs  |   0
 .../EncryptedXmlDecryptorTests.cs             |   0
 .../XmlEncryption/NullXmlEncryptionTests.cs   |   0
 .../XmlEncryptionExtensionsTests.cs           |   0
 ...pNetCore.DataProtection.TrimmingTests.proj |   8 +
 .../TestCertificateXmlEncryptor.cs            | 122 +++++++++++++++
 .../TestUnprotectWorksWithX509Certificate.cs  | 115 ++++++++++++++
 ...thenticationServiceCollectionExtensions.cs |   4 -
 src/Shared/TrimmingAttributes.cs              | 147 ++++++++++++++++++
 67 files changed, 407 insertions(+), 29 deletions(-)
 delete mode 100644 src/DataProtection/DataProtection/src/Microsoft.AspNetCore.DataProtection.WarningSuppressions.xml
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/ActivatorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactoryTest.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/CngGcmAuthenticatedEncryptorFactoryTest.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorConfigurationTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorConfigurationTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfigurationTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactoryTest.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Cng/CbcAuthenticatedEncryptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Cng/CngAuthenticatedEncryptorBaseTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Cng/GcmAuthenticatedEncryptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/ContainerUtilsTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/DataProtectionUtilityExtensionsTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/EphemeralDataProtectionProviderTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/HostingTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Internal/KeyManagementOptionsSetupTest.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/CacheableKeyRingTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/DefaultKeyResolverTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/DeferredKeyTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/KeyEscrowServiceProviderExtensionsTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/KeyRingBasedDataProtectorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/KeyRingProviderTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/KeyRingTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/KeyTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/KeyManagement/XmlKeyManagerTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Managed/ManagedAuthenticatedEncryptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Microsoft.AspNetCore.DataProtection.Tests.csproj (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/MockExtensions.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/RegistryPolicyResolverTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Repositories/EphemeralXmlRepositoryTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Repositories/FileSystemXmlRepositoryTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/Repositories/RegistryXmlRepositoryTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/SP800_108/SP800_108Tests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/SecretAssert.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/SecretTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/SequentialGenRandom.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/ServiceCollectionTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/StringLoggerFactory.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/TestFiles/TestCert1.PublicKeyOnly.cer (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/TestFiles/TestCert1.pfx (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/TestFiles/TestCert2.pfx (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/TypeForwardingActivatorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlAssert.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlEncryption/CertificateXmlEncryptionTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlEncryption/DpapiNGXmlEncryptionTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlEncryption/DpapiXmlEncryptionTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlEncryption/EncryptedXmlDecryptorTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlEncryption/NullXmlEncryptionTests.cs (100%)
 rename src/DataProtection/DataProtection/test/{ => Microsoft.AspNetCore.DataProtection.Tests}/XmlEncryption/XmlEncryptionExtensionsTests.cs (100%)
 create mode 100644 src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
 create mode 100644 src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs
 create mode 100644 src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs

diff --git a/AspNetCore.sln b/AspNetCore.sln
index 13e290d6ade3..0682ff1a645f 100644
--- a/AspNetCore.sln
+++ b/AspNetCore.sln
@@ -499,7 +499,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Crypto
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Cryptography.KeyDerivation.Tests", "src\DataProtection\Cryptography.KeyDerivation\test\Microsoft.AspNetCore.Cryptography.KeyDerivation.Tests.csproj", "{F421D0C4-6EF7-48B7-9213-AFD21322E08B}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.DataProtection.Tests", "src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.Tests.csproj", "{696BE515-B3AB-4925-969C-350F1BDA5C30}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.DataProtection.Tests", "src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.Tests\Microsoft.AspNetCore.DataProtection.Tests.csproj", "{696BE515-B3AB-4925-969C-350F1BDA5C30}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.DataProtection.Extensions.Tests", "src\DataProtection\Extensions\test\Microsoft.AspNetCore.DataProtection.Extensions.Tests.csproj", "{3CB3CA43-6D65-4DDE-B5E3-A9E0DF957E38}"
 EndProject
diff --git a/eng/testing/linker/SupportFiles/Directory.Build.targets b/eng/testing/linker/SupportFiles/Directory.Build.targets
index a2a18b071459..081650e6ede7 100644
--- a/eng/testing/linker/SupportFiles/Directory.Build.targets
+++ b/eng/testing/linker/SupportFiles/Directory.Build.targets
@@ -1,5 +1,5 @@
 <Project>
-  
+
   <PropertyGroup>
     <!-- Used to silence the warning caused by the workaround for https://github.com/dotnet/runtime/issues/81382 -->
     <SuppressGenerateILCompilerExplicitPackageReferenceWarning>true</SuppressGenerateILCompilerExplicitPackageReferenceWarning>
@@ -20,6 +20,7 @@
   -->
   <ItemGroup>
     <ProjectReference Include="$(RepoRoot)src\DefaultBuilder\src\Microsoft.AspNetCore.csproj" />
+    <ProjectReference Include="$(RepoRoot)src\DataProtection\Extensions\src\Microsoft.AspNetCore.DataProtection.Extensions.csproj" />
   </ItemGroup>
-  
+
 </Project>
diff --git a/src/DataProtection/DataProtection.slnf b/src/DataProtection/DataProtection.slnf
index 5bee17ab0637..a1eeeddbfc8b 100644
--- a/src/DataProtection/DataProtection.slnf
+++ b/src/DataProtection/DataProtection.slnf
@@ -9,7 +9,7 @@
       "src\\DataProtection\\Cryptography.KeyDerivation\\src\\Microsoft.AspNetCore.Cryptography.KeyDerivation.csproj",
       "src\\DataProtection\\Cryptography.KeyDerivation\\test\\Microsoft.AspNetCore.Cryptography.KeyDerivation.Tests.csproj",
       "src\\DataProtection\\DataProtection\\src\\Microsoft.AspNetCore.DataProtection.csproj",
-      "src\\DataProtection\\DataProtection\\test\\Microsoft.AspNetCore.DataProtection.Tests.csproj",
+      "src\\DataProtection\\DataProtection\\test\\Microsoft.AspNetCore.DataProtection.Tests\\Microsoft.AspNetCore.DataProtection.Tests.csproj",
       "src\\DataProtection\\EntityFrameworkCore\\src\\Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.csproj",
       "src\\DataProtection\\EntityFrameworkCore\\test\\Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.Test.csproj",
       "src\\DataProtection\\Extensions\\src\\Microsoft.AspNetCore.DataProtection.Extensions.csproj",
diff --git a/src/DataProtection/DataProtection/src/Microsoft.AspNetCore.DataProtection.WarningSuppressions.xml b/src/DataProtection/DataProtection/src/Microsoft.AspNetCore.DataProtection.WarningSuppressions.xml
deleted file mode 100644
index b045ef5a3db0..000000000000
--- a/src/DataProtection/DataProtection/src/Microsoft.AspNetCore.DataProtection.WarningSuppressions.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<linker>
-  <assembly fullname="Microsoft.AspNetCore.DataProtection, Version=8.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60">
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:Microsoft.AspNetCore.DataProtection.XmlEncryption.CertificateXmlEncryptor.EncryptElement(System.Xml.Linq.XElement)</property>
-    </attribute>
-    <attribute fullname="System.Diagnostics.CodeAnalysis.UnconditionalSuppressMessageAttribute">
-      <argument>ILLink</argument>
-      <argument>IL2026</argument>
-      <property name="Scope">member</property>
-      <property name="Target">M:Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.#ctor(Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlKeyDecryptionOptions,System.Xml.XmlDocument)</property>
-    </attribute>
-  </assembly>
-</linker>
\ No newline at end of file
diff --git a/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs b/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs
index c318e717702a..9251dc7d4b23 100644
--- a/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs
+++ b/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Cryptography.Xml;
 using System.Xml;
@@ -76,6 +77,8 @@ public EncryptedXmlInfo Encrypt(XElement plaintextElement)
         return new EncryptedXmlInfo(encryptedElement, typeof(EncryptedXmlDecryptor));
     }
 
+    [UnconditionalSuppressMessage("AOT", "IL2026:RequiresUnreferencedCode",
+        Justification = "This usage of EncryptedXml to encrypt an XElement using a X509Certificate2 does not require unreferenced code.")]
     [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode",
         Justification = "Only XSLTs require dynamic code. The usage of EncryptedXml doesn't use XSLTs.")]
     private XElement EncryptElement(XElement plaintextElement)
@@ -88,9 +91,7 @@ private XElement EncryptElement(XElement plaintextElement)
         var elementToEncrypt = (XmlElement)xmlDocument.DocumentElement!.FirstChild!;
 
         // Perform the encryption and update the document in-place.
-#pragma warning disable IL2026 // TODO: https://github.com/dotnet/aspnetcore/issues/47695
         var encryptedXml = new EncryptedXml(xmlDocument);
-#pragma warning restore IL2026
         var encryptedData = _encryptor.PerformEncryption(encryptedXml, elementToEncrypt);
         EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, content: false);
 
diff --git a/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs b/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs
index 43c3304833de..cabacf142896 100644
--- a/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs
+++ b/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Cryptography.Xml;
 using System.Xml;
@@ -44,6 +45,11 @@ public EncryptedXmlDecryptor(IServiceProvider? services)
     /// </summary>
     /// <param name="encryptedElement">An encrypted XML element.</param>
     /// <returns>The decrypted form of <paramref name="encryptedElement"/>.</returns>
+#pragma warning disable SYSLIB0022 // Rijndael types are obsolete
+    [DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(RijndaelManaged))]
+#pragma warning restore SYSLIB0022
+    [UnconditionalSuppressMessage("AOT", "IL2026:RequiresUnreferencedCode",
+        Justification = "The common algorithms are being preserved by the above DynamicDependency attributes.")]
     [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode",
         Justification = "Only XSLTs require dynamic code. The usage of EncryptedXml doesn't use XSLTs.")]
     public XElement Decrypt(XElement encryptedElement)
@@ -83,10 +89,9 @@ private sealed class EncryptedXmlWithCertificateKeys : EncryptedXml
         private readonly XmlKeyDecryptionOptions? _options;
 
         [RequiresDynamicCode("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
+        [RequiresUnreferencedCode("The algorithm implementations referenced in the XML payload might be removed.")]
         public EncryptedXmlWithCertificateKeys(XmlKeyDecryptionOptions? options, XmlDocument document)
-#pragma warning disable IL2026 // TODO: https://github.com/dotnet/aspnetcore/issues/47695
             : base(document)
-#pragma warning restore IL2026
         {
             _options = options;
         }
diff --git a/src/DataProtection/DataProtection/test/ActivatorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/ActivatorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/ActivatorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/ActivatorTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactoryTest.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactoryTest.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactoryTest.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/CngCbcAuthenticatedEncryptorFactoryTest.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/CngGcmAuthenticatedEncryptorFactoryTest.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/CngGcmAuthenticatedEncryptorFactoryTest.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/CngGcmAuthenticatedEncryptorFactoryTest.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/CngGcmAuthenticatedEncryptorFactoryTest.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializerTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorConfigurationTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorConfigurationTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorConfigurationTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorConfigurationTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializerTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorConfigurationTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorConfigurationTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorConfigurationTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorConfigurationTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializerTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfigurationTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfigurationTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfigurationTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfigurationTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactoryTest.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactoryTest.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactoryTest.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactoryTest.cs
diff --git a/src/DataProtection/DataProtection/test/Cng/CbcAuthenticatedEncryptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/CbcAuthenticatedEncryptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Cng/CbcAuthenticatedEncryptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/CbcAuthenticatedEncryptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/Cng/CngAuthenticatedEncryptorBaseTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/CngAuthenticatedEncryptorBaseTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Cng/CngAuthenticatedEncryptorBaseTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/CngAuthenticatedEncryptorBaseTests.cs
diff --git a/src/DataProtection/DataProtection/test/Cng/GcmAuthenticatedEncryptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/GcmAuthenticatedEncryptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Cng/GcmAuthenticatedEncryptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Cng/GcmAuthenticatedEncryptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/ContainerUtilsTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/ContainerUtilsTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/ContainerUtilsTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/ContainerUtilsTests.cs
diff --git a/src/DataProtection/DataProtection/test/DataProtectionUtilityExtensionsTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/DataProtectionUtilityExtensionsTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/DataProtectionUtilityExtensionsTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/DataProtectionUtilityExtensionsTests.cs
diff --git a/src/DataProtection/DataProtection/test/EphemeralDataProtectionProviderTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/EphemeralDataProtectionProviderTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/EphemeralDataProtectionProviderTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/EphemeralDataProtectionProviderTests.cs
diff --git a/src/DataProtection/DataProtection/test/HostingTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/HostingTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/HostingTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/HostingTests.cs
diff --git a/src/DataProtection/DataProtection/test/Internal/KeyManagementOptionsSetupTest.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Internal/KeyManagementOptionsSetupTest.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Internal/KeyManagementOptionsSetupTest.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Internal/KeyManagementOptionsSetupTest.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/CacheableKeyRingTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/CacheableKeyRingTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/CacheableKeyRingTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/CacheableKeyRingTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/DefaultKeyResolverTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/DefaultKeyResolverTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/DefaultKeyResolverTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/DefaultKeyResolverTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/DeferredKeyTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/DeferredKeyTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/DeferredKeyTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/DeferredKeyTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/KeyEscrowServiceProviderExtensionsTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyEscrowServiceProviderExtensionsTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/KeyEscrowServiceProviderExtensionsTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyEscrowServiceProviderExtensionsTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/KeyRingBasedDataProtectorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingBasedDataProtectorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/KeyRingBasedDataProtectorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingBasedDataProtectorTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/KeyRingProviderTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingProviderTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/KeyRingProviderTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingProviderTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/KeyRingTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/KeyRingTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/KeyTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/KeyTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyTests.cs
diff --git a/src/DataProtection/DataProtection/test/KeyManagement/XmlKeyManagerTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/XmlKeyManagerTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/KeyManagement/XmlKeyManagerTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/XmlKeyManagerTests.cs
diff --git a/src/DataProtection/DataProtection/test/Managed/ManagedAuthenticatedEncryptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Managed/ManagedAuthenticatedEncryptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Managed/ManagedAuthenticatedEncryptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Managed/ManagedAuthenticatedEncryptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests.csproj b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Microsoft.AspNetCore.DataProtection.Tests.csproj
similarity index 100%
rename from src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests.csproj
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Microsoft.AspNetCore.DataProtection.Tests.csproj
diff --git a/src/DataProtection/DataProtection/test/MockExtensions.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/MockExtensions.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/MockExtensions.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/MockExtensions.cs
diff --git a/src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/RegistryPolicyResolverTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/RegistryPolicyResolverTests.cs
diff --git a/src/DataProtection/DataProtection/test/Repositories/EphemeralXmlRepositoryTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Repositories/EphemeralXmlRepositoryTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Repositories/EphemeralXmlRepositoryTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Repositories/EphemeralXmlRepositoryTests.cs
diff --git a/src/DataProtection/DataProtection/test/Repositories/FileSystemXmlRepositoryTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Repositories/FileSystemXmlRepositoryTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Repositories/FileSystemXmlRepositoryTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Repositories/FileSystemXmlRepositoryTests.cs
diff --git a/src/DataProtection/DataProtection/test/Repositories/RegistryXmlRepositoryTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Repositories/RegistryXmlRepositoryTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/Repositories/RegistryXmlRepositoryTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Repositories/RegistryXmlRepositoryTests.cs
diff --git a/src/DataProtection/DataProtection/test/SP800_108/SP800_108Tests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SP800_108/SP800_108Tests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/SP800_108/SP800_108Tests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SP800_108/SP800_108Tests.cs
diff --git a/src/DataProtection/DataProtection/test/SecretAssert.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SecretAssert.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/SecretAssert.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SecretAssert.cs
diff --git a/src/DataProtection/DataProtection/test/SecretTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SecretTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/SecretTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SecretTests.cs
diff --git a/src/DataProtection/DataProtection/test/SequentialGenRandom.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SequentialGenRandom.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/SequentialGenRandom.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/SequentialGenRandom.cs
diff --git a/src/DataProtection/DataProtection/test/ServiceCollectionTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/ServiceCollectionTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/ServiceCollectionTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/ServiceCollectionTests.cs
diff --git a/src/DataProtection/DataProtection/test/StringLoggerFactory.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/StringLoggerFactory.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/StringLoggerFactory.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/StringLoggerFactory.cs
diff --git a/src/DataProtection/DataProtection/test/TestFiles/TestCert1.PublicKeyOnly.cer b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TestFiles/TestCert1.PublicKeyOnly.cer
similarity index 100%
rename from src/DataProtection/DataProtection/test/TestFiles/TestCert1.PublicKeyOnly.cer
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TestFiles/TestCert1.PublicKeyOnly.cer
diff --git a/src/DataProtection/DataProtection/test/TestFiles/TestCert1.pfx b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TestFiles/TestCert1.pfx
similarity index 100%
rename from src/DataProtection/DataProtection/test/TestFiles/TestCert1.pfx
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TestFiles/TestCert1.pfx
diff --git a/src/DataProtection/DataProtection/test/TestFiles/TestCert2.pfx b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TestFiles/TestCert2.pfx
similarity index 100%
rename from src/DataProtection/DataProtection/test/TestFiles/TestCert2.pfx
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TestFiles/TestCert2.pfx
diff --git a/src/DataProtection/DataProtection/test/TypeForwardingActivatorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TypeForwardingActivatorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/TypeForwardingActivatorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/TypeForwardingActivatorTests.cs
diff --git a/src/DataProtection/DataProtection/test/XmlAssert.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlAssert.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlAssert.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlAssert.cs
diff --git a/src/DataProtection/DataProtection/test/XmlEncryption/CertificateXmlEncryptionTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/CertificateXmlEncryptionTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlEncryption/CertificateXmlEncryptionTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/CertificateXmlEncryptionTests.cs
diff --git a/src/DataProtection/DataProtection/test/XmlEncryption/DpapiNGXmlEncryptionTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/DpapiNGXmlEncryptionTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlEncryption/DpapiNGXmlEncryptionTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/DpapiNGXmlEncryptionTests.cs
diff --git a/src/DataProtection/DataProtection/test/XmlEncryption/DpapiXmlEncryptionTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/DpapiXmlEncryptionTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlEncryption/DpapiXmlEncryptionTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/DpapiXmlEncryptionTests.cs
diff --git a/src/DataProtection/DataProtection/test/XmlEncryption/EncryptedXmlDecryptorTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/EncryptedXmlDecryptorTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlEncryption/EncryptedXmlDecryptorTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/EncryptedXmlDecryptorTests.cs
diff --git a/src/DataProtection/DataProtection/test/XmlEncryption/NullXmlEncryptionTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/NullXmlEncryptionTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlEncryption/NullXmlEncryptionTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/NullXmlEncryptionTests.cs
diff --git a/src/DataProtection/DataProtection/test/XmlEncryption/XmlEncryptionExtensionsTests.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/XmlEncryptionExtensionsTests.cs
similarity index 100%
rename from src/DataProtection/DataProtection/test/XmlEncryption/XmlEncryptionExtensionsTests.cs
rename to src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/XmlEncryption/XmlEncryptionExtensionsTests.cs
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
new file mode 100644
index 000000000000..f27bbf5e3ce5
--- /dev/null
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <ItemGroup>
+    <TestConsoleAppSourceFiles Include="TestCertificateXmlEncryptor.cs" />
+    <TestConsoleAppSourceFiles Include="TestUnprotectWorksWithX509Certificate.cs" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs
new file mode 100644
index 000000000000..45167b94bf6d
--- /dev/null
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs
@@ -0,0 +1,122 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.DataProtection.XmlEncryption;
+using Microsoft.Extensions.Logging.Abstractions;
+using System;
+using System.Security.Cryptography.X509Certificates;
+using System.Xml.Linq;
+
+var cert = new X509Certificate2(Convert.FromBase64String(Constants.Key), Constants.Password);
+
+var encryptor = new CertificateXmlEncryptor(cert, NullLoggerFactory.Instance);
+
+var e = XElement.Parse("""
+    <root>
+      <child Value="hi" />
+    </root>
+    """);
+
+var result = encryptor.Encrypt(e);
+
+if (result.DecryptorType.Name != "EncryptedXmlDecryptor")
+{
+    return -1;
+}
+if (result.EncryptedElement.Name.LocalName != "EncryptedData")
+{
+    return -2;
+}
+
+return 100;
+
+static class Constants
+{
+    public const string Password = "password";
+
+    public const string Key =
+      @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5
+        MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC
+        B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4
+        5j6PlwF8nLiANmvnNyr+tmnLLx8Fa8XGmi4ggs3YGPJEw6u41qTnPGlT7goQaylT+XudRTMgB1lQ
+        tAGW12P2kQX2laJFqK/KF1YGaUC7dTxPnRQg+qzfP3+omlx6kqt38YvVjoc1toYGo/Jc1GuEUQ++
+        HrarLzVUJvAzD22Q8fX0Tjp5EVezYhb/aSiqd7d7VLVHoukaYJxKJW3JKTVHI76+pyNv+HnTwlHC
+        gfY8DI6NekwtXEHf9W1XPaTMyFYyamWAsH5FeM1EyLh/bTmvoCNZtVx2UiUD1MbSnYO/KNGHcl74
+        6A92sFXhzSXdkxLCMEiHTD5LZ8SFJCh7b3LeTHsdRb6C3SlkPsji5mCbacy6femW9Q1RyPO08Td3
+        vZtPB4fambMXLTaVaSnT/+F8Vd/seGrGsfON1okSIz34M6kH9GzHtbeQV3BuO6YxIJqljAlM+I1u
+        ItcXKGwv5vtzmGFIRVBxmgkErtO+dWeocee/du3VPA8MyuIEumCKVTeiM5OOPPHDxdOxieKYqC01
+        T8TvLFuTSqQg008s2BcGCW3dsbOc8jyKg4tp8J7XnaCYv7toyB4A8fzc3fx+mquBmc1ehMQKJHN1
+        Cx3nVV//gEEbq2ZSNrhuEKw2D85rA1XZX1zwhHy1T5bGNgC4sAwmRszUSeCrUAlGMLxXv+Cu4G1j
+        U+kwvG+MuKuK4Z22lMAwm7mNEK1vi7wmuoFPWOolPVCoxvCIGGDT0eLjL3YmePCkifwYrbDgWmWB
+        OElG1E7LtpCYDqTgsBwo/Vp47l/RQFYRAcxishKjn5Bi4AURagaFdVrFI+7XyjG5ZYijy39uKWJN
+        lquP5yHg9wjMsYeBjDIfZhkPFMPUou2DDuI3VimnW6SETXkitY6knjPl8T9kVYEHiDj4n2hZxymj
+        sXCPjO673zK4IB887KoOUpmzaGkfA5Gqw1JkE/HK/ghEJQpnkBs+SMWSwY200+UJWWSCeVI0ZY0T
+        sihWT7cd/o3LdFDNNKok9qA6lpREOv3+5l23McBM7y6sxtjXL/+GwbN3XiTGNY5yjJ0+bVUob2E6
+        L9JRc2+3Jlcg9xAV9YCvdjd1LkPo0aRm+oZKFWCv4mgoATBlJGImkIp/HcukEeaiuCQplDLapk+a
+        6ZwV4YfpZluoSoMaXzGZEr+qFUAzhEJ/WXLBQI9qEkf5Lf9Kdh6iKSqnV8wordvu24rGynYkM3TO
+        Ni/8IjeZRCE2CqcQ9coAzXgSJdM1vC+1AJm0mpsvlHocHnJoF305OtFUALTFCHkrZMxqVGMq2DlX
+        cXw6KEEheVZGZs7QD5eYf47YcSFCGsSEhcP+syt0UgAi2p5Y8Ym8AFotTMT8opwJ9LwjaCwBMQkH
+        xKPwcSg7Q9SXb4NNTAL1nGxOU5ZNW0QRcwbJQzVfVTMwQ7nRtSjc/Qg3ST1fVuIiqsTSu2AL3bSn
+        24I3Zi8idaf69c2MNhc03UTgMNCh9T4QNVf7bSXznPl8hd9G3cekPuQY1b5YzB8DOU5cyD+pLuOa
+        43oQ6V0WVceUHe+Lw0aKelCI+6dYa7C8RerOTgOaDyuBxG+qouBk5LvxCNWLh7nMyTGB3zATBgkq
+        hkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAGwAcAAtADYANwBkAGYAZgA0ADIAOAAt
+        ADEAZQAxADEALQA0ADYAYwA5AC0AOABlADkAMgAtAGIAZQBmAGIANwAzAGUANAA4ADIAOAA1MGkG
+        CSsGAQQBgjcRATFcHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUA
+        bAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggPPBgkqhkiG
+        9w0BBwagggPAMIIDvAIBADCCA7UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECKd3W1PCnIYL
+        AgIH0ICCA4g+xQnikaqVknam03UPBunLcbc4vM5elTihZjvuQHjcQWOr/GeLDWSkIqJAf7f/6jRM
+        D8nlgx/YM1z6aZfYeU/kfY7T58yS5glTscFEY0sitH4Dt8bN6jGz9B5MG6afKYsIT3IcgM52EbzJ
+        1RiHU6KHSagaBmAvSv75npvg/gV+UpqSMmWyUm3Wq1vJcmm58dzYrxSMdvPtnDeFIvSK6GH1Okpz
+        8B63JDjPPUFCv/4cdZyRpDmz4RIlfM1fH89koQ0sX5tZHxFSZcy7RPlRfCAxo65AF78WGWPAHxIC
+        11OesbIlv6O/ZECZIxmRC02LdTUr4DAF2vVZy3x3Fn24d2KHAotykvn8ENpSvs9DTedGAjlKvEFO
+        hP5DJHqbK2WPacD8hrCQatxyWBRmMhC5/fvm6ACb/HSL+EDZgZ5Zr294RUH9QXJd+IPUJI5AQaqj
+        Br2u699hv0rlaf4j+NAbneDLn8M5M3wJHGD2rG3Q1xpNC30s9/v68rtKJFVKndtVXmzQi33GnC4P
+        EQU/FyL/Jwal+NnJO68aHQ2D9Ai3DMqsRvKNznpxXp9kiUuSgKWsdSbMoRzs/BfdbeCOIyzxV1BZ
+        UvWCzSZu4YE8UYGVxOIfrSILp7NFQD2rQSpdI831OPLeE9+QJHULiV8mzf6svCyTn+s0m0dIBIO0
+        K9oqUpdWcjDdbSHANOPRYlUWgZHwJ6Sh4ZCpKmvU3FeS4yL5en+jW/1JsvBNq1mWVQTIIM5q8onG
+        FloYvQpRxZb6QJ4sITLbk1rdlRMxDwzcUZYQeFZhQbFk8MSuiZKGfdSpij0UEIUbLjO4HDFcdw4j
+        FzKe3k4gNiwtN5KKR4fT2DaHJehXuOrzHWmkBhXbsSMItPUmaHbbILYrhNYS8lDgEBtzgCJo/kZh
+        jUdMfnL5SdHsHV05mWuDhvDjhzaSFIkPlPJ4xxNhuC6ecUemm51846uw6O/iFHl1WHE5kaxoLNfY
+        fU7xHeYkvovsZwKrwFKKFiVnlstG+XqCgul1v7jhPcAvc9nDmHVoPwXwZEhPXhx46j61/TSmZboU
+        35iV7s5brC67ChbRIJk2cq/odioWyxVoKjAIZmH+e08QYc6mZRRgce6VVbk8R9Lh9/wkd2u9IIbd
+        NP5hynCdo85eTjJ4RaF8LGJwK45Jkw3jIghcKePkLzQIN03OGKm2+YjQV18M3UtlB7cti4JwZJCL
+        MDswHzAHBgUrDgMCGgQUvUM7Kw/8NN+1PlObSrj4zZwINasEFNL9LO5HLwrmwm/xDlNMw1KASQOL
+        AgIH0A==";
+
+    public const string KeyRingXmlFileName = "key-9c15d488-4417-49ab-ae39-ed2f36a9ebe3.xml";
+    public const string KeyRingXmlContents = """
+        <?xml version="1.0" encoding="utf-8"?>
+        <key id="9c15d488-4417-49ab-ae39-ed2f36a9ebe3" version="1">
+          <creationDate>2023-05-04T19:16:30.3590154Z</creationDate>
+          <activationDate>2023-05-04T19:16:30.3487875Z</activationDate>
+          <expirationDate>2115-08-02T19:16:30.3487875Z</expirationDate>
+          <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection">
+            <descriptor>
+              <encryption algorithm="AES_256_CBC" />
+              <validation algorithm="HMACSHA256" />
+              <encryptedSecret decryptorType="Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor, Microsoft.AspNetCore.DataProtection" xmlns="http://schemas.asp.net/2015/03/dataProtection">
+                <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+                  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+                  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+                      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+                      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                        <X509Data>
+                          <X509Certificate>MIIDATCCAemgAwIBAgIQNH2CfRDvN5FK9yzBy/U8bTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMCAXDTE1MTAwNjA4NDQ0OFoYDzIxMTUxMDA2MDg0NDQ4WjAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSzpvCfj6B3MGJWDjUc+LlxZAF8Szz+tTiX9inLIdiEG1LfpJlHgrNXumnY8ZRph1BOMH8/XS28tlhz1iLSX/3EYNLwWhi/9YAT6mC+qmCJu4I+DAN0Xf/lDbRyhB/6iYgPxtuDA3yVGcrh1NQY5JibxGF7uPN8+SmMAff0rP3eseacroYsiis6SG7ItBg+2M78ZJMuPTwl+abiOSwBTtXog8/v87yk6U/VyGzaesygvHCS39tEBT8Uw6AjPEABQI3Rr95LpdbqguzQh/xzwdCp1YFlKiUHkavspg2PiI7qMIamI8H65rXh4emwlurTbTNq8anIbKuYUDbp6XEUeQIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCBLAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzx66AAJJ4/RjAJ5dqkeTGHUATFYwDQYJKoZIhvcNAQELBQADggEBADe2e7NytbwtvbuPxX+zm2xOfzf+f335DPxll3MFNZCKM7XThkZmZn49QLh2ltmRR6e/+FiG9nWILADXJvKJFOBl/Nm+ektVXGyCk6ftcAWJnQHgY96ih0dvtn+cTIdr9iYlgICyXDJKvexN15TypbXwsKe9jnuOYvDOn2FtEKi8ysnaHEkVimCMb2DkZZKNm2yQAW5DRxfDZGTsGqeB3R3Li/AQR0DSAOFHjKEHwqolay8Y+5+3XVFi/tK8opVMO39BcP7Ag56IfC20MpzNI8Ibc7OrSy0SMG7QnYd7XT483AAiaKQnhTzmEQwhlILxOiNyi6PGbKH5fshmHRRq1Q8=</X509Certificate>
+                        </X509Data>
+                      </KeyInfo>
+                      <CipherData>
+                        <CipherValue>ahdd65gng0TzxZ/6Nw1zLvqFi3lsvz4tvAF4pBz7BZCqTHbTzaRnK5rMWSP9wEk8fa0LN9CGw7y1QxKfuPneTooYogDPGdVc6T8IbmASGfQI1SZZy7yOkF4IcTz9txJ4wbcjf4hUXPvYeBb0l1QlvKLh0BpXquhZqeM8Gat4IXz1iQbTCB31regpmeDSGJz6ok1ZFhjn0v4K5YvXucofxTmh+0aONveMWyadp56dP4KJVM5x4z6UddiFdVlk4euuSX6qbVHI7eA4UGSdnu8lsbBa5aiypS0kRO8NGyab+nSY907hn8E7mUCc9MjyS/QwFSZyT3y88q0pb1bK8zL8tA==</CipherValue>
+                      </CipherData>
+                    </EncryptedKey>
+                  </KeyInfo>
+                  <CipherData>
+                    <CipherValue>YTcCujeLvS47fgVUWLUC9FaZJDp+MSMtuxAkUWfAh5xnbKI8i0dFulIftz+lykfx+/1dMmQ/GsFSbbqhjCG6GDUKz5/eBXEg/It9Vagu9y0UTlrfj0dLaSG7jaw+wNY9DXTsvRtIHkEI0XQHWr0HqkJYVDfiA4yRZu2Sfue9nSmIZFMhCZOP286hJ0JFsqX1+phX3sR6JX31mGKopltlAsIGgL8MRTXWp5tZxuk9W+sgoWfJziDYmrPP2P6eMn7AdX4T+TDbuAY7MtaExL8Itv8WeKN34lxXocT7hRIjHaZMfiqocDX6YcIjnYhgeKQ1XlFo4j4fZ/p4PwxMmXdhrr/yAhzPhhOt6kqncsNnfVWbPS6+dh+3XE6/K0Oa2B5avbYKOv21KU69mSaXc4EsPA==</CipherValue>
+                  </CipherData>
+                </EncryptedData>
+              </encryptedSecret>
+            </descriptor>
+          </descriptor>
+        </key>
+        """;
+}
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs
new file mode 100644
index 000000000000..dc3db71f6996
--- /dev/null
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs
@@ -0,0 +1,115 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.DataProtection;
+using System;
+using System.IO;
+using System.Security.Cryptography.X509Certificates;
+
+var keyDirectory = new DirectoryInfo(AppContext.BaseDirectory);
+File.WriteAllText(Path.Combine(keyDirectory.FullName, Constants.KeyRingXmlFileName), Constants.KeyRingXmlContents);
+
+var cert = new X509Certificate2(Convert.FromBase64String(Constants.Key), Constants.Password);
+var dpProvider = DataProtectionProvider.Create(keyDirectory, cert);
+var protector = dpProvider.CreateProtector(purpose: "Test trimming");
+
+var protectedSecret = @"CfDJ8IjUFZwXRKtJrjntLzap6-OgblGi63sK6HDtOtu-IVhtuoLSTJl4fIbwX4vCtc8fefqPrr41QzGjHXwP-1HaCi9qlJFjvaloQ5KFPxBO2s-s1cAK9I5kl-lfjhyYrEtJRNtvgawKREAp2cZ9udM_Kog";
+var unprotectedSecret = protector.Unprotect(protectedSecret);
+
+if (unprotectedSecret != "This is a secret.")
+{
+    return -1;
+}
+
+return 100;
+
+static class Constants
+{
+    public const string Password = "password";
+
+    public const string Key =
+      @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5
+        MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC
+        B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4
+        5j6PlwF8nLiANmvnNyr+tmnLLx8Fa8XGmi4ggs3YGPJEw6u41qTnPGlT7goQaylT+XudRTMgB1lQ
+        tAGW12P2kQX2laJFqK/KF1YGaUC7dTxPnRQg+qzfP3+omlx6kqt38YvVjoc1toYGo/Jc1GuEUQ++
+        HrarLzVUJvAzD22Q8fX0Tjp5EVezYhb/aSiqd7d7VLVHoukaYJxKJW3JKTVHI76+pyNv+HnTwlHC
+        gfY8DI6NekwtXEHf9W1XPaTMyFYyamWAsH5FeM1EyLh/bTmvoCNZtVx2UiUD1MbSnYO/KNGHcl74
+        6A92sFXhzSXdkxLCMEiHTD5LZ8SFJCh7b3LeTHsdRb6C3SlkPsji5mCbacy6femW9Q1RyPO08Td3
+        vZtPB4fambMXLTaVaSnT/+F8Vd/seGrGsfON1okSIz34M6kH9GzHtbeQV3BuO6YxIJqljAlM+I1u
+        ItcXKGwv5vtzmGFIRVBxmgkErtO+dWeocee/du3VPA8MyuIEumCKVTeiM5OOPPHDxdOxieKYqC01
+        T8TvLFuTSqQg008s2BcGCW3dsbOc8jyKg4tp8J7XnaCYv7toyB4A8fzc3fx+mquBmc1ehMQKJHN1
+        Cx3nVV//gEEbq2ZSNrhuEKw2D85rA1XZX1zwhHy1T5bGNgC4sAwmRszUSeCrUAlGMLxXv+Cu4G1j
+        U+kwvG+MuKuK4Z22lMAwm7mNEK1vi7wmuoFPWOolPVCoxvCIGGDT0eLjL3YmePCkifwYrbDgWmWB
+        OElG1E7LtpCYDqTgsBwo/Vp47l/RQFYRAcxishKjn5Bi4AURagaFdVrFI+7XyjG5ZYijy39uKWJN
+        lquP5yHg9wjMsYeBjDIfZhkPFMPUou2DDuI3VimnW6SETXkitY6knjPl8T9kVYEHiDj4n2hZxymj
+        sXCPjO673zK4IB887KoOUpmzaGkfA5Gqw1JkE/HK/ghEJQpnkBs+SMWSwY200+UJWWSCeVI0ZY0T
+        sihWT7cd/o3LdFDNNKok9qA6lpREOv3+5l23McBM7y6sxtjXL/+GwbN3XiTGNY5yjJ0+bVUob2E6
+        L9JRc2+3Jlcg9xAV9YCvdjd1LkPo0aRm+oZKFWCv4mgoATBlJGImkIp/HcukEeaiuCQplDLapk+a
+        6ZwV4YfpZluoSoMaXzGZEr+qFUAzhEJ/WXLBQI9qEkf5Lf9Kdh6iKSqnV8wordvu24rGynYkM3TO
+        Ni/8IjeZRCE2CqcQ9coAzXgSJdM1vC+1AJm0mpsvlHocHnJoF305OtFUALTFCHkrZMxqVGMq2DlX
+        cXw6KEEheVZGZs7QD5eYf47YcSFCGsSEhcP+syt0UgAi2p5Y8Ym8AFotTMT8opwJ9LwjaCwBMQkH
+        xKPwcSg7Q9SXb4NNTAL1nGxOU5ZNW0QRcwbJQzVfVTMwQ7nRtSjc/Qg3ST1fVuIiqsTSu2AL3bSn
+        24I3Zi8idaf69c2MNhc03UTgMNCh9T4QNVf7bSXznPl8hd9G3cekPuQY1b5YzB8DOU5cyD+pLuOa
+        43oQ6V0WVceUHe+Lw0aKelCI+6dYa7C8RerOTgOaDyuBxG+qouBk5LvxCNWLh7nMyTGB3zATBgkq
+        hkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAGwAcAAtADYANwBkAGYAZgA0ADIAOAAt
+        ADEAZQAxADEALQA0ADYAYwA5AC0AOABlADkAMgAtAGIAZQBmAGIANwAzAGUANAA4ADIAOAA1MGkG
+        CSsGAQQBgjcRATFcHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUA
+        bAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggPPBgkqhkiG
+        9w0BBwagggPAMIIDvAIBADCCA7UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECKd3W1PCnIYL
+        AgIH0ICCA4g+xQnikaqVknam03UPBunLcbc4vM5elTihZjvuQHjcQWOr/GeLDWSkIqJAf7f/6jRM
+        D8nlgx/YM1z6aZfYeU/kfY7T58yS5glTscFEY0sitH4Dt8bN6jGz9B5MG6afKYsIT3IcgM52EbzJ
+        1RiHU6KHSagaBmAvSv75npvg/gV+UpqSMmWyUm3Wq1vJcmm58dzYrxSMdvPtnDeFIvSK6GH1Okpz
+        8B63JDjPPUFCv/4cdZyRpDmz4RIlfM1fH89koQ0sX5tZHxFSZcy7RPlRfCAxo65AF78WGWPAHxIC
+        11OesbIlv6O/ZECZIxmRC02LdTUr4DAF2vVZy3x3Fn24d2KHAotykvn8ENpSvs9DTedGAjlKvEFO
+        hP5DJHqbK2WPacD8hrCQatxyWBRmMhC5/fvm6ACb/HSL+EDZgZ5Zr294RUH9QXJd+IPUJI5AQaqj
+        Br2u699hv0rlaf4j+NAbneDLn8M5M3wJHGD2rG3Q1xpNC30s9/v68rtKJFVKndtVXmzQi33GnC4P
+        EQU/FyL/Jwal+NnJO68aHQ2D9Ai3DMqsRvKNznpxXp9kiUuSgKWsdSbMoRzs/BfdbeCOIyzxV1BZ
+        UvWCzSZu4YE8UYGVxOIfrSILp7NFQD2rQSpdI831OPLeE9+QJHULiV8mzf6svCyTn+s0m0dIBIO0
+        K9oqUpdWcjDdbSHANOPRYlUWgZHwJ6Sh4ZCpKmvU3FeS4yL5en+jW/1JsvBNq1mWVQTIIM5q8onG
+        FloYvQpRxZb6QJ4sITLbk1rdlRMxDwzcUZYQeFZhQbFk8MSuiZKGfdSpij0UEIUbLjO4HDFcdw4j
+        FzKe3k4gNiwtN5KKR4fT2DaHJehXuOrzHWmkBhXbsSMItPUmaHbbILYrhNYS8lDgEBtzgCJo/kZh
+        jUdMfnL5SdHsHV05mWuDhvDjhzaSFIkPlPJ4xxNhuC6ecUemm51846uw6O/iFHl1WHE5kaxoLNfY
+        fU7xHeYkvovsZwKrwFKKFiVnlstG+XqCgul1v7jhPcAvc9nDmHVoPwXwZEhPXhx46j61/TSmZboU
+        35iV7s5brC67ChbRIJk2cq/odioWyxVoKjAIZmH+e08QYc6mZRRgce6VVbk8R9Lh9/wkd2u9IIbd
+        NP5hynCdo85eTjJ4RaF8LGJwK45Jkw3jIghcKePkLzQIN03OGKm2+YjQV18M3UtlB7cti4JwZJCL
+        MDswHzAHBgUrDgMCGgQUvUM7Kw/8NN+1PlObSrj4zZwINasEFNL9LO5HLwrmwm/xDlNMw1KASQOL
+        AgIH0A==";
+
+    public const string KeyRingXmlFileName = "key-9c15d488-4417-49ab-ae39-ed2f36a9ebe3.xml";
+    public const string KeyRingXmlContents = """
+        <?xml version="1.0" encoding="utf-8"?>
+        <key id="9c15d488-4417-49ab-ae39-ed2f36a9ebe3" version="1">
+          <creationDate>2023-05-04T19:16:30.3590154Z</creationDate>
+          <activationDate>2023-05-04T19:16:30.3487875Z</activationDate>
+          <expirationDate>2115-08-02T19:16:30.3487875Z</expirationDate>
+          <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection">
+            <descriptor>
+              <encryption algorithm="AES_256_CBC" />
+              <validation algorithm="HMACSHA256" />
+              <encryptedSecret decryptorType="Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor, Microsoft.AspNetCore.DataProtection" xmlns="http://schemas.asp.net/2015/03/dataProtection">
+                <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+                  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+                  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+                      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+                      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                        <X509Data>
+                          <X509Certificate>MIIDATCCAemgAwIBAgIQNH2CfRDvN5FK9yzBy/U8bTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMCAXDTE1MTAwNjA4NDQ0OFoYDzIxMTUxMDA2MDg0NDQ4WjAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSzpvCfj6B3MGJWDjUc+LlxZAF8Szz+tTiX9inLIdiEG1LfpJlHgrNXumnY8ZRph1BOMH8/XS28tlhz1iLSX/3EYNLwWhi/9YAT6mC+qmCJu4I+DAN0Xf/lDbRyhB/6iYgPxtuDA3yVGcrh1NQY5JibxGF7uPN8+SmMAff0rP3eseacroYsiis6SG7ItBg+2M78ZJMuPTwl+abiOSwBTtXog8/v87yk6U/VyGzaesygvHCS39tEBT8Uw6AjPEABQI3Rr95LpdbqguzQh/xzwdCp1YFlKiUHkavspg2PiI7qMIamI8H65rXh4emwlurTbTNq8anIbKuYUDbp6XEUeQIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCBLAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzx66AAJJ4/RjAJ5dqkeTGHUATFYwDQYJKoZIhvcNAQELBQADggEBADe2e7NytbwtvbuPxX+zm2xOfzf+f335DPxll3MFNZCKM7XThkZmZn49QLh2ltmRR6e/+FiG9nWILADXJvKJFOBl/Nm+ektVXGyCk6ftcAWJnQHgY96ih0dvtn+cTIdr9iYlgICyXDJKvexN15TypbXwsKe9jnuOYvDOn2FtEKi8ysnaHEkVimCMb2DkZZKNm2yQAW5DRxfDZGTsGqeB3R3Li/AQR0DSAOFHjKEHwqolay8Y+5+3XVFi/tK8opVMO39BcP7Ag56IfC20MpzNI8Ibc7OrSy0SMG7QnYd7XT483AAiaKQnhTzmEQwhlILxOiNyi6PGbKH5fshmHRRq1Q8=</X509Certificate>
+                        </X509Data>
+                      </KeyInfo>
+                      <CipherData>
+                        <CipherValue>ahdd65gng0TzxZ/6Nw1zLvqFi3lsvz4tvAF4pBz7BZCqTHbTzaRnK5rMWSP9wEk8fa0LN9CGw7y1QxKfuPneTooYogDPGdVc6T8IbmASGfQI1SZZy7yOkF4IcTz9txJ4wbcjf4hUXPvYeBb0l1QlvKLh0BpXquhZqeM8Gat4IXz1iQbTCB31regpmeDSGJz6ok1ZFhjn0v4K5YvXucofxTmh+0aONveMWyadp56dP4KJVM5x4z6UddiFdVlk4euuSX6qbVHI7eA4UGSdnu8lsbBa5aiypS0kRO8NGyab+nSY907hn8E7mUCc9MjyS/QwFSZyT3y88q0pb1bK8zL8tA==</CipherValue>
+                      </CipherData>
+                    </EncryptedKey>
+                  </KeyInfo>
+                  <CipherData>
+                    <CipherValue>YTcCujeLvS47fgVUWLUC9FaZJDp+MSMtuxAkUWfAh5xnbKI8i0dFulIftz+lykfx+/1dMmQ/GsFSbbqhjCG6GDUKz5/eBXEg/It9Vagu9y0UTlrfj0dLaSG7jaw+wNY9DXTsvRtIHkEI0XQHWr0HqkJYVDfiA4yRZu2Sfue9nSmIZFMhCZOP286hJ0JFsqX1+phX3sR6JX31mGKopltlAsIGgL8MRTXWp5tZxuk9W+sgoWfJziDYmrPP2P6eMn7AdX4T+TDbuAY7MtaExL8Itv8WeKN34lxXocT7hRIjHaZMfiqocDX6YcIjnYhgeKQ1XlFo4j4fZ/p4PwxMmXdhrr/yAhzPhhOt6kqncsNnfVWbPS6+dh+3XE6/K0Oa2B5avbYKOv21KU69mSaXc4EsPA==</CipherValue>
+                  </CipherData>
+                </EncryptedData>
+              </encryptedSecret>
+            </descriptor>
+          </descriptor>
+        </key>
+        """;
+}
diff --git a/src/Security/Authentication/Core/src/AuthenticationServiceCollectionExtensions.cs b/src/Security/Authentication/Core/src/AuthenticationServiceCollectionExtensions.cs
index bf9cbde3d744..b14b357e07ee 100644
--- a/src/Security/Authentication/Core/src/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Security/Authentication/Core/src/AuthenticationServiceCollectionExtensions.cs
@@ -1,7 +1,6 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 
@@ -17,7 +16,6 @@ public static class AuthenticationServiceCollectionExtensions
     /// </summary>
     /// <param name="services">The <see cref="IServiceCollection"/>.</param>
     /// <returns>A <see cref="AuthenticationBuilder"/> that can be used to further configure authentication.</returns>
-    [RequiresUnreferencedCode("Authentication middleware does not currently support native AOT.", Url = "https://aka.ms/aspnet/nativeaot")]
     public static AuthenticationBuilder AddAuthentication(this IServiceCollection services)
     {
         ArgumentNullException.ThrowIfNull(services);
@@ -41,7 +39,6 @@ public static AuthenticationBuilder AddAuthentication(this IServiceCollection se
     /// <param name="services">The <see cref="IServiceCollection"/>.</param>
     /// <param name="defaultScheme">The default scheme used as a fallback for all other schemes.</param>
     /// <returns>A <see cref="AuthenticationBuilder"/> that can be used to further configure authentication.</returns>
-    [RequiresUnreferencedCode("Authentication middleware does not currently support native AOT.", Url = "https://aka.ms/aspnet/nativeaot")]
     public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, string defaultScheme)
         => services.AddAuthentication(o => o.DefaultScheme = defaultScheme);
 
@@ -51,7 +48,6 @@ public static AuthenticationBuilder AddAuthentication(this IServiceCollection se
     /// <param name="services">The <see cref="IServiceCollection"/>.</param>
     /// <param name="configureOptions">A delegate to configure <see cref="AuthenticationOptions"/>.</param>
     /// <returns>A <see cref="AuthenticationBuilder"/> that can be used to further configure authentication.</returns>
-    [RequiresUnreferencedCode("Authentication middleware does not currently support native AOT.", Url = "https://aka.ms/aspnet/nativeaot")]
     public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, Action<AuthenticationOptions> configureOptions)
     {
         ArgumentNullException.ThrowIfNull(services);
diff --git a/src/Shared/TrimmingAttributes.cs b/src/Shared/TrimmingAttributes.cs
index 508d39dae9a7..aeb701d47b74 100644
--- a/src/Shared/TrimmingAttributes.cs
+++ b/src/Shared/TrimmingAttributes.cs
@@ -154,6 +154,153 @@ public UnconditionalSuppressMessageAttribute(string category, string checkId)
     public string? Justification { get; set; }
 }
 
+/// <summary>
+/// States a dependency that one member has on another.
+/// </summary>
+/// <remarks>
+/// This can be used to inform tooling of a dependency that is otherwise not evident purely from
+/// metadata and IL, for example a member relied on via reflection.
+/// </remarks>
+[AttributeUsage(
+    AttributeTargets.Constructor | AttributeTargets.Field | AttributeTargets.Method,
+    AllowMultiple = true, Inherited = false)]
+internal sealed class DynamicDependencyAttribute : Attribute
+{
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DynamicDependencyAttribute"/> class
+    /// with the specified signature of a member on the same type as the consumer.
+    /// </summary>
+    /// <param name="memberSignature">The signature of the member depended on.</param>
+    public DynamicDependencyAttribute(string memberSignature)
+    {
+        MemberSignature = memberSignature;
+    }
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DynamicDependencyAttribute"/> class
+    /// with the specified signature of a member on a <see cref="System.Type"/>.
+    /// </summary>
+    /// <param name="memberSignature">The signature of the member depended on.</param>
+    /// <param name="type">The <see cref="System.Type"/> containing <paramref name="memberSignature"/>.</param>
+    public DynamicDependencyAttribute(string memberSignature, Type type)
+    {
+        MemberSignature = memberSignature;
+        Type = type;
+    }
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DynamicDependencyAttribute"/> class
+    /// with the specified signature of a member on a type in an assembly.
+    /// </summary>
+    /// <param name="memberSignature">The signature of the member depended on.</param>
+    /// <param name="typeName">The full name of the type containing the specified member.</param>
+    /// <param name="assemblyName">The assembly name of the type containing the specified member.</param>
+    public DynamicDependencyAttribute(string memberSignature, string typeName, string assemblyName)
+    {
+        MemberSignature = memberSignature;
+        TypeName = typeName;
+        AssemblyName = assemblyName;
+    }
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DynamicDependencyAttribute"/> class
+    /// with the specified types of members on a <see cref="System.Type"/>.
+    /// </summary>
+    /// <param name="memberTypes">The types of members depended on.</param>
+    /// <param name="type">The <see cref="System.Type"/> containing the specified members.</param>
+    public DynamicDependencyAttribute(DynamicallyAccessedMemberTypes memberTypes, Type type)
+    {
+        MemberTypes = memberTypes;
+        Type = type;
+    }
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DynamicDependencyAttribute"/> class
+    /// with the specified types of members on a type in an assembly.
+    /// </summary>
+    /// <param name="memberTypes">The types of members depended on.</param>
+    /// <param name="typeName">The full name of the type containing the specified members.</param>
+    /// <param name="assemblyName">The assembly name of the type containing the specified members.</param>
+    public DynamicDependencyAttribute(DynamicallyAccessedMemberTypes memberTypes, string typeName, string assemblyName)
+    {
+        MemberTypes = memberTypes;
+        TypeName = typeName;
+        AssemblyName = assemblyName;
+    }
+
+    /// <summary>
+    /// Gets the signature of the member depended on.
+    /// </summary>
+    /// <remarks>
+    /// Either <see cref="MemberSignature"/> must be a valid string or <see cref="MemberTypes"/>
+    /// must not equal <see cref="DynamicallyAccessedMemberTypes.None"/>, but not both.
+    /// </remarks>
+    public string? MemberSignature { get; }
+
+    /// <summary>
+    /// Gets the <see cref="DynamicallyAccessedMemberTypes"/> which specifies the type
+    /// of members depended on.
+    /// </summary>
+    /// <remarks>
+    /// Either <see cref="MemberSignature"/> must be a valid string or <see cref="MemberTypes"/>
+    /// must not equal <see cref="DynamicallyAccessedMemberTypes.None"/>, but not both.
+    /// </remarks>
+    public DynamicallyAccessedMemberTypes MemberTypes { get; }
+
+    /// <summary>
+    /// Gets the <see cref="System.Type"/> containing the specified member.
+    /// </summary>
+    /// <remarks>
+    /// If neither <see cref="Type"/> nor <see cref="TypeName"/> are specified,
+    /// the type of the consumer is assumed.
+    /// </remarks>
+    public Type? Type { get; }
+
+    /// <summary>
+    /// Gets the full name of the type containing the specified member.
+    /// </summary>
+    /// <remarks>
+    /// If neither <see cref="Type"/> nor <see cref="TypeName"/> are specified,
+    /// the type of the consumer is assumed.
+    /// </remarks>
+    public string? TypeName { get; }
+
+    /// <summary>
+    /// Gets the assembly name of the specified type.
+    /// </summary>
+    /// <remarks>
+    /// <see cref="AssemblyName"/> is only valid when <see cref="TypeName"/> is specified.
+    /// </remarks>
+    public string? AssemblyName { get; }
+
+    /// <summary>
+    /// Gets or sets the condition in which the dependency is applicable, e.g. "DEBUG".
+    /// </summary>
+    public string? Condition { get; set; }
+}
+
+/// <summary>
+/// Indicates that certain members on a specified <see cref="Type"/> are accessed dynamically,
+/// for example through <see cref="System.Reflection"/>.
+/// </summary>
+/// <remarks>
+/// This allows tools to understand which members are being accessed during the execution
+/// of a program.
+///
+/// This attribute is valid on members whose type is <see cref="Type"/> or <see cref="string"/>.
+///
+/// When this attribute is applied to a location of type <see cref="string"/>, the assumption is
+/// that the string represents a fully qualified type name.
+///
+/// When this attribute is applied to a class, interface, or struct, the members specified
+/// can be accessed dynamically on <see cref="Type"/> instances returned from calling
+/// <see cref="object.GetType"/> on instances of that class, interface, or struct.
+///
+/// If the attribute is applied to a method it's treated as a special case and it implies
+/// the attribute should be applied to the "this" parameter of the method. As such the attribute
+/// should only be used on instance methods of types assignable to System.Type (or string, but no methods
+/// will use it there).
+/// </remarks>
 [AttributeUsage(
         AttributeTargets.Field | AttributeTargets.ReturnValue | AttributeTargets.GenericParameter |
         AttributeTargets.Parameter | AttributeTargets.Property | AttributeTargets.Method |

From 0b841c44eb583211cc4e8635ee53af2fe8820899 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Thu, 4 May 2023 19:31:15 -0500
Subject: [PATCH 2/7] De-duplicate cert constants

---
 .../Constants.cs                              | 93 +++++++++++++++++++
 ...pNetCore.DataProtection.TrimmingTests.proj |  6 +-
 .../TestCertificateXmlEncryptor.cs            | 91 ------------------
 .../TestUnprotectWorksWithX509Certificate.cs  | 91 ------------------
 4 files changed, 97 insertions(+), 184 deletions(-)
 create mode 100644 src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs

diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs
new file mode 100644
index 000000000000..a5879d9060c7
--- /dev/null
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs
@@ -0,0 +1,93 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+internal static class Constants
+{
+    public const string Password = "password";
+
+    public const string Key =
+      @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5
+        MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC
+        B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4
+        5j6PlwF8nLiANmvnNyr+tmnLLx8Fa8XGmi4ggs3YGPJEw6u41qTnPGlT7goQaylT+XudRTMgB1lQ
+        tAGW12P2kQX2laJFqK/KF1YGaUC7dTxPnRQg+qzfP3+omlx6kqt38YvVjoc1toYGo/Jc1GuEUQ++
+        HrarLzVUJvAzD22Q8fX0Tjp5EVezYhb/aSiqd7d7VLVHoukaYJxKJW3JKTVHI76+pyNv+HnTwlHC
+        gfY8DI6NekwtXEHf9W1XPaTMyFYyamWAsH5FeM1EyLh/bTmvoCNZtVx2UiUD1MbSnYO/KNGHcl74
+        6A92sFXhzSXdkxLCMEiHTD5LZ8SFJCh7b3LeTHsdRb6C3SlkPsji5mCbacy6femW9Q1RyPO08Td3
+        vZtPB4fambMXLTaVaSnT/+F8Vd/seGrGsfON1okSIz34M6kH9GzHtbeQV3BuO6YxIJqljAlM+I1u
+        ItcXKGwv5vtzmGFIRVBxmgkErtO+dWeocee/du3VPA8MyuIEumCKVTeiM5OOPPHDxdOxieKYqC01
+        T8TvLFuTSqQg008s2BcGCW3dsbOc8jyKg4tp8J7XnaCYv7toyB4A8fzc3fx+mquBmc1ehMQKJHN1
+        Cx3nVV//gEEbq2ZSNrhuEKw2D85rA1XZX1zwhHy1T5bGNgC4sAwmRszUSeCrUAlGMLxXv+Cu4G1j
+        U+kwvG+MuKuK4Z22lMAwm7mNEK1vi7wmuoFPWOolPVCoxvCIGGDT0eLjL3YmePCkifwYrbDgWmWB
+        OElG1E7LtpCYDqTgsBwo/Vp47l/RQFYRAcxishKjn5Bi4AURagaFdVrFI+7XyjG5ZYijy39uKWJN
+        lquP5yHg9wjMsYeBjDIfZhkPFMPUou2DDuI3VimnW6SETXkitY6knjPl8T9kVYEHiDj4n2hZxymj
+        sXCPjO673zK4IB887KoOUpmzaGkfA5Gqw1JkE/HK/ghEJQpnkBs+SMWSwY200+UJWWSCeVI0ZY0T
+        sihWT7cd/o3LdFDNNKok9qA6lpREOv3+5l23McBM7y6sxtjXL/+GwbN3XiTGNY5yjJ0+bVUob2E6
+        L9JRc2+3Jlcg9xAV9YCvdjd1LkPo0aRm+oZKFWCv4mgoATBlJGImkIp/HcukEeaiuCQplDLapk+a
+        6ZwV4YfpZluoSoMaXzGZEr+qFUAzhEJ/WXLBQI9qEkf5Lf9Kdh6iKSqnV8wordvu24rGynYkM3TO
+        Ni/8IjeZRCE2CqcQ9coAzXgSJdM1vC+1AJm0mpsvlHocHnJoF305OtFUALTFCHkrZMxqVGMq2DlX
+        cXw6KEEheVZGZs7QD5eYf47YcSFCGsSEhcP+syt0UgAi2p5Y8Ym8AFotTMT8opwJ9LwjaCwBMQkH
+        xKPwcSg7Q9SXb4NNTAL1nGxOU5ZNW0QRcwbJQzVfVTMwQ7nRtSjc/Qg3ST1fVuIiqsTSu2AL3bSn
+        24I3Zi8idaf69c2MNhc03UTgMNCh9T4QNVf7bSXznPl8hd9G3cekPuQY1b5YzB8DOU5cyD+pLuOa
+        43oQ6V0WVceUHe+Lw0aKelCI+6dYa7C8RerOTgOaDyuBxG+qouBk5LvxCNWLh7nMyTGB3zATBgkq
+        hkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAGwAcAAtADYANwBkAGYAZgA0ADIAOAAt
+        ADEAZQAxADEALQA0ADYAYwA5AC0AOABlADkAMgAtAGIAZQBmAGIANwAzAGUANAA4ADIAOAA1MGkG
+        CSsGAQQBgjcRATFcHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUA
+        bAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggPPBgkqhkiG
+        9w0BBwagggPAMIIDvAIBADCCA7UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECKd3W1PCnIYL
+        AgIH0ICCA4g+xQnikaqVknam03UPBunLcbc4vM5elTihZjvuQHjcQWOr/GeLDWSkIqJAf7f/6jRM
+        D8nlgx/YM1z6aZfYeU/kfY7T58yS5glTscFEY0sitH4Dt8bN6jGz9B5MG6afKYsIT3IcgM52EbzJ
+        1RiHU6KHSagaBmAvSv75npvg/gV+UpqSMmWyUm3Wq1vJcmm58dzYrxSMdvPtnDeFIvSK6GH1Okpz
+        8B63JDjPPUFCv/4cdZyRpDmz4RIlfM1fH89koQ0sX5tZHxFSZcy7RPlRfCAxo65AF78WGWPAHxIC
+        11OesbIlv6O/ZECZIxmRC02LdTUr4DAF2vVZy3x3Fn24d2KHAotykvn8ENpSvs9DTedGAjlKvEFO
+        hP5DJHqbK2WPacD8hrCQatxyWBRmMhC5/fvm6ACb/HSL+EDZgZ5Zr294RUH9QXJd+IPUJI5AQaqj
+        Br2u699hv0rlaf4j+NAbneDLn8M5M3wJHGD2rG3Q1xpNC30s9/v68rtKJFVKndtVXmzQi33GnC4P
+        EQU/FyL/Jwal+NnJO68aHQ2D9Ai3DMqsRvKNznpxXp9kiUuSgKWsdSbMoRzs/BfdbeCOIyzxV1BZ
+        UvWCzSZu4YE8UYGVxOIfrSILp7NFQD2rQSpdI831OPLeE9+QJHULiV8mzf6svCyTn+s0m0dIBIO0
+        K9oqUpdWcjDdbSHANOPRYlUWgZHwJ6Sh4ZCpKmvU3FeS4yL5en+jW/1JsvBNq1mWVQTIIM5q8onG
+        FloYvQpRxZb6QJ4sITLbk1rdlRMxDwzcUZYQeFZhQbFk8MSuiZKGfdSpij0UEIUbLjO4HDFcdw4j
+        FzKe3k4gNiwtN5KKR4fT2DaHJehXuOrzHWmkBhXbsSMItPUmaHbbILYrhNYS8lDgEBtzgCJo/kZh
+        jUdMfnL5SdHsHV05mWuDhvDjhzaSFIkPlPJ4xxNhuC6ecUemm51846uw6O/iFHl1WHE5kaxoLNfY
+        fU7xHeYkvovsZwKrwFKKFiVnlstG+XqCgul1v7jhPcAvc9nDmHVoPwXwZEhPXhx46j61/TSmZboU
+        35iV7s5brC67ChbRIJk2cq/odioWyxVoKjAIZmH+e08QYc6mZRRgce6VVbk8R9Lh9/wkd2u9IIbd
+        NP5hynCdo85eTjJ4RaF8LGJwK45Jkw3jIghcKePkLzQIN03OGKm2+YjQV18M3UtlB7cti4JwZJCL
+        MDswHzAHBgUrDgMCGgQUvUM7Kw/8NN+1PlObSrj4zZwINasEFNL9LO5HLwrmwm/xDlNMw1KASQOL
+        AgIH0A==";
+
+    public const string KeyRingXmlFileName = "key-9c15d488-4417-49ab-ae39-ed2f36a9ebe3.xml";
+    public const string KeyRingXmlContents = """
+        <?xml version="1.0" encoding="utf-8"?>
+        <key id="9c15d488-4417-49ab-ae39-ed2f36a9ebe3" version="1">
+          <creationDate>2023-05-04T19:16:30.3590154Z</creationDate>
+          <activationDate>2023-05-04T19:16:30.3487875Z</activationDate>
+          <expirationDate>2115-08-02T19:16:30.3487875Z</expirationDate>
+          <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection">
+            <descriptor>
+              <encryption algorithm="AES_256_CBC" />
+              <validation algorithm="HMACSHA256" />
+              <encryptedSecret decryptorType="Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor, Microsoft.AspNetCore.DataProtection" xmlns="http://schemas.asp.net/2015/03/dataProtection">
+                <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+                  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+                  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+                      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+                      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                        <X509Data>
+                          <X509Certificate>MIIDATCCAemgAwIBAgIQNH2CfRDvN5FK9yzBy/U8bTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMCAXDTE1MTAwNjA4NDQ0OFoYDzIxMTUxMDA2MDg0NDQ4WjAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSzpvCfj6B3MGJWDjUc+LlxZAF8Szz+tTiX9inLIdiEG1LfpJlHgrNXumnY8ZRph1BOMH8/XS28tlhz1iLSX/3EYNLwWhi/9YAT6mC+qmCJu4I+DAN0Xf/lDbRyhB/6iYgPxtuDA3yVGcrh1NQY5JibxGF7uPN8+SmMAff0rP3eseacroYsiis6SG7ItBg+2M78ZJMuPTwl+abiOSwBTtXog8/v87yk6U/VyGzaesygvHCS39tEBT8Uw6AjPEABQI3Rr95LpdbqguzQh/xzwdCp1YFlKiUHkavspg2PiI7qMIamI8H65rXh4emwlurTbTNq8anIbKuYUDbp6XEUeQIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCBLAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzx66AAJJ4/RjAJ5dqkeTGHUATFYwDQYJKoZIhvcNAQELBQADggEBADe2e7NytbwtvbuPxX+zm2xOfzf+f335DPxll3MFNZCKM7XThkZmZn49QLh2ltmRR6e/+FiG9nWILADXJvKJFOBl/Nm+ektVXGyCk6ftcAWJnQHgY96ih0dvtn+cTIdr9iYlgICyXDJKvexN15TypbXwsKe9jnuOYvDOn2FtEKi8ysnaHEkVimCMb2DkZZKNm2yQAW5DRxfDZGTsGqeB3R3Li/AQR0DSAOFHjKEHwqolay8Y+5+3XVFi/tK8opVMO39BcP7Ag56IfC20MpzNI8Ibc7OrSy0SMG7QnYd7XT483AAiaKQnhTzmEQwhlILxOiNyi6PGbKH5fshmHRRq1Q8=</X509Certificate>
+                        </X509Data>
+                      </KeyInfo>
+                      <CipherData>
+                        <CipherValue>ahdd65gng0TzxZ/6Nw1zLvqFi3lsvz4tvAF4pBz7BZCqTHbTzaRnK5rMWSP9wEk8fa0LN9CGw7y1QxKfuPneTooYogDPGdVc6T8IbmASGfQI1SZZy7yOkF4IcTz9txJ4wbcjf4hUXPvYeBb0l1QlvKLh0BpXquhZqeM8Gat4IXz1iQbTCB31regpmeDSGJz6ok1ZFhjn0v4K5YvXucofxTmh+0aONveMWyadp56dP4KJVM5x4z6UddiFdVlk4euuSX6qbVHI7eA4UGSdnu8lsbBa5aiypS0kRO8NGyab+nSY907hn8E7mUCc9MjyS/QwFSZyT3y88q0pb1bK8zL8tA==</CipherValue>
+                      </CipherData>
+                    </EncryptedKey>
+                  </KeyInfo>
+                  <CipherData>
+                    <CipherValue>YTcCujeLvS47fgVUWLUC9FaZJDp+MSMtuxAkUWfAh5xnbKI8i0dFulIftz+lykfx+/1dMmQ/GsFSbbqhjCG6GDUKz5/eBXEg/It9Vagu9y0UTlrfj0dLaSG7jaw+wNY9DXTsvRtIHkEI0XQHWr0HqkJYVDfiA4yRZu2Sfue9nSmIZFMhCZOP286hJ0JFsqX1+phX3sR6JX31mGKopltlAsIGgL8MRTXWp5tZxuk9W+sgoWfJziDYmrPP2P6eMn7AdX4T+TDbuAY7MtaExL8Itv8WeKN34lxXocT7hRIjHaZMfiqocDX6YcIjnYhgeKQ1XlFo4j4fZ/p4PwxMmXdhrr/yAhzPhhOt6kqncsNnfVWbPS6+dh+3XE6/K0Oa2B5avbYKOv21KU69mSaXc4EsPA==</CipherValue>
+                  </CipherData>
+                </EncryptedData>
+              </encryptedSecret>
+            </descriptor>
+          </descriptor>
+        </key>
+        """;
+}
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
index f27bbf5e3ce5..3ebeb871b885 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
@@ -1,8 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <ItemGroup>
-    <TestConsoleAppSourceFiles Include="TestCertificateXmlEncryptor.cs" />
-    <TestConsoleAppSourceFiles Include="TestUnprotectWorksWithX509Certificate.cs" />
+    <TestConsoleAppSourceFiles Include="TestCertificateXmlEncryptor.cs"
+                               AdditionalSourceFiles="Constants.cs" />
+    <TestConsoleAppSourceFiles Include="TestUnprotectWorksWithX509Certificate.cs"
+                               AdditionalSourceFiles="Constants.cs" />
   </ItemGroup>
 
 </Project>
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs
index 45167b94bf6d..4aef1f1ca8af 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestCertificateXmlEncryptor.cs
@@ -29,94 +29,3 @@
 }
 
 return 100;
-
-static class Constants
-{
-    public const string Password = "password";
-
-    public const string Key =
-      @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5
-        MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC
-        B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4
-        5j6PlwF8nLiANmvnNyr+tmnLLx8Fa8XGmi4ggs3YGPJEw6u41qTnPGlT7goQaylT+XudRTMgB1lQ
-        tAGW12P2kQX2laJFqK/KF1YGaUC7dTxPnRQg+qzfP3+omlx6kqt38YvVjoc1toYGo/Jc1GuEUQ++
-        HrarLzVUJvAzD22Q8fX0Tjp5EVezYhb/aSiqd7d7VLVHoukaYJxKJW3JKTVHI76+pyNv+HnTwlHC
-        gfY8DI6NekwtXEHf9W1XPaTMyFYyamWAsH5FeM1EyLh/bTmvoCNZtVx2UiUD1MbSnYO/KNGHcl74
-        6A92sFXhzSXdkxLCMEiHTD5LZ8SFJCh7b3LeTHsdRb6C3SlkPsji5mCbacy6femW9Q1RyPO08Td3
-        vZtPB4fambMXLTaVaSnT/+F8Vd/seGrGsfON1okSIz34M6kH9GzHtbeQV3BuO6YxIJqljAlM+I1u
-        ItcXKGwv5vtzmGFIRVBxmgkErtO+dWeocee/du3VPA8MyuIEumCKVTeiM5OOPPHDxdOxieKYqC01
-        T8TvLFuTSqQg008s2BcGCW3dsbOc8jyKg4tp8J7XnaCYv7toyB4A8fzc3fx+mquBmc1ehMQKJHN1
-        Cx3nVV//gEEbq2ZSNrhuEKw2D85rA1XZX1zwhHy1T5bGNgC4sAwmRszUSeCrUAlGMLxXv+Cu4G1j
-        U+kwvG+MuKuK4Z22lMAwm7mNEK1vi7wmuoFPWOolPVCoxvCIGGDT0eLjL3YmePCkifwYrbDgWmWB
-        OElG1E7LtpCYDqTgsBwo/Vp47l/RQFYRAcxishKjn5Bi4AURagaFdVrFI+7XyjG5ZYijy39uKWJN
-        lquP5yHg9wjMsYeBjDIfZhkPFMPUou2DDuI3VimnW6SETXkitY6knjPl8T9kVYEHiDj4n2hZxymj
-        sXCPjO673zK4IB887KoOUpmzaGkfA5Gqw1JkE/HK/ghEJQpnkBs+SMWSwY200+UJWWSCeVI0ZY0T
-        sihWT7cd/o3LdFDNNKok9qA6lpREOv3+5l23McBM7y6sxtjXL/+GwbN3XiTGNY5yjJ0+bVUob2E6
-        L9JRc2+3Jlcg9xAV9YCvdjd1LkPo0aRm+oZKFWCv4mgoATBlJGImkIp/HcukEeaiuCQplDLapk+a
-        6ZwV4YfpZluoSoMaXzGZEr+qFUAzhEJ/WXLBQI9qEkf5Lf9Kdh6iKSqnV8wordvu24rGynYkM3TO
-        Ni/8IjeZRCE2CqcQ9coAzXgSJdM1vC+1AJm0mpsvlHocHnJoF305OtFUALTFCHkrZMxqVGMq2DlX
-        cXw6KEEheVZGZs7QD5eYf47YcSFCGsSEhcP+syt0UgAi2p5Y8Ym8AFotTMT8opwJ9LwjaCwBMQkH
-        xKPwcSg7Q9SXb4NNTAL1nGxOU5ZNW0QRcwbJQzVfVTMwQ7nRtSjc/Qg3ST1fVuIiqsTSu2AL3bSn
-        24I3Zi8idaf69c2MNhc03UTgMNCh9T4QNVf7bSXznPl8hd9G3cekPuQY1b5YzB8DOU5cyD+pLuOa
-        43oQ6V0WVceUHe+Lw0aKelCI+6dYa7C8RerOTgOaDyuBxG+qouBk5LvxCNWLh7nMyTGB3zATBgkq
-        hkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAGwAcAAtADYANwBkAGYAZgA0ADIAOAAt
-        ADEAZQAxADEALQA0ADYAYwA5AC0AOABlADkAMgAtAGIAZQBmAGIANwAzAGUANAA4ADIAOAA1MGkG
-        CSsGAQQBgjcRATFcHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUA
-        bAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggPPBgkqhkiG
-        9w0BBwagggPAMIIDvAIBADCCA7UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECKd3W1PCnIYL
-        AgIH0ICCA4g+xQnikaqVknam03UPBunLcbc4vM5elTihZjvuQHjcQWOr/GeLDWSkIqJAf7f/6jRM
-        D8nlgx/YM1z6aZfYeU/kfY7T58yS5glTscFEY0sitH4Dt8bN6jGz9B5MG6afKYsIT3IcgM52EbzJ
-        1RiHU6KHSagaBmAvSv75npvg/gV+UpqSMmWyUm3Wq1vJcmm58dzYrxSMdvPtnDeFIvSK6GH1Okpz
-        8B63JDjPPUFCv/4cdZyRpDmz4RIlfM1fH89koQ0sX5tZHxFSZcy7RPlRfCAxo65AF78WGWPAHxIC
-        11OesbIlv6O/ZECZIxmRC02LdTUr4DAF2vVZy3x3Fn24d2KHAotykvn8ENpSvs9DTedGAjlKvEFO
-        hP5DJHqbK2WPacD8hrCQatxyWBRmMhC5/fvm6ACb/HSL+EDZgZ5Zr294RUH9QXJd+IPUJI5AQaqj
-        Br2u699hv0rlaf4j+NAbneDLn8M5M3wJHGD2rG3Q1xpNC30s9/v68rtKJFVKndtVXmzQi33GnC4P
-        EQU/FyL/Jwal+NnJO68aHQ2D9Ai3DMqsRvKNznpxXp9kiUuSgKWsdSbMoRzs/BfdbeCOIyzxV1BZ
-        UvWCzSZu4YE8UYGVxOIfrSILp7NFQD2rQSpdI831OPLeE9+QJHULiV8mzf6svCyTn+s0m0dIBIO0
-        K9oqUpdWcjDdbSHANOPRYlUWgZHwJ6Sh4ZCpKmvU3FeS4yL5en+jW/1JsvBNq1mWVQTIIM5q8onG
-        FloYvQpRxZb6QJ4sITLbk1rdlRMxDwzcUZYQeFZhQbFk8MSuiZKGfdSpij0UEIUbLjO4HDFcdw4j
-        FzKe3k4gNiwtN5KKR4fT2DaHJehXuOrzHWmkBhXbsSMItPUmaHbbILYrhNYS8lDgEBtzgCJo/kZh
-        jUdMfnL5SdHsHV05mWuDhvDjhzaSFIkPlPJ4xxNhuC6ecUemm51846uw6O/iFHl1WHE5kaxoLNfY
-        fU7xHeYkvovsZwKrwFKKFiVnlstG+XqCgul1v7jhPcAvc9nDmHVoPwXwZEhPXhx46j61/TSmZboU
-        35iV7s5brC67ChbRIJk2cq/odioWyxVoKjAIZmH+e08QYc6mZRRgce6VVbk8R9Lh9/wkd2u9IIbd
-        NP5hynCdo85eTjJ4RaF8LGJwK45Jkw3jIghcKePkLzQIN03OGKm2+YjQV18M3UtlB7cti4JwZJCL
-        MDswHzAHBgUrDgMCGgQUvUM7Kw/8NN+1PlObSrj4zZwINasEFNL9LO5HLwrmwm/xDlNMw1KASQOL
-        AgIH0A==";
-
-    public const string KeyRingXmlFileName = "key-9c15d488-4417-49ab-ae39-ed2f36a9ebe3.xml";
-    public const string KeyRingXmlContents = """
-        <?xml version="1.0" encoding="utf-8"?>
-        <key id="9c15d488-4417-49ab-ae39-ed2f36a9ebe3" version="1">
-          <creationDate>2023-05-04T19:16:30.3590154Z</creationDate>
-          <activationDate>2023-05-04T19:16:30.3487875Z</activationDate>
-          <expirationDate>2115-08-02T19:16:30.3487875Z</expirationDate>
-          <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection">
-            <descriptor>
-              <encryption algorithm="AES_256_CBC" />
-              <validation algorithm="HMACSHA256" />
-              <encryptedSecret decryptorType="Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor, Microsoft.AspNetCore.DataProtection" xmlns="http://schemas.asp.net/2015/03/dataProtection">
-                <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
-                  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
-                  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
-                    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
-                      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
-                      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
-                        <X509Data>
-                          <X509Certificate>MIIDATCCAemgAwIBAgIQNH2CfRDvN5FK9yzBy/U8bTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMCAXDTE1MTAwNjA4NDQ0OFoYDzIxMTUxMDA2MDg0NDQ4WjAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSzpvCfj6B3MGJWDjUc+LlxZAF8Szz+tTiX9inLIdiEG1LfpJlHgrNXumnY8ZRph1BOMH8/XS28tlhz1iLSX/3EYNLwWhi/9YAT6mC+qmCJu4I+DAN0Xf/lDbRyhB/6iYgPxtuDA3yVGcrh1NQY5JibxGF7uPN8+SmMAff0rP3eseacroYsiis6SG7ItBg+2M78ZJMuPTwl+abiOSwBTtXog8/v87yk6U/VyGzaesygvHCS39tEBT8Uw6AjPEABQI3Rr95LpdbqguzQh/xzwdCp1YFlKiUHkavspg2PiI7qMIamI8H65rXh4emwlurTbTNq8anIbKuYUDbp6XEUeQIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCBLAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzx66AAJJ4/RjAJ5dqkeTGHUATFYwDQYJKoZIhvcNAQELBQADggEBADe2e7NytbwtvbuPxX+zm2xOfzf+f335DPxll3MFNZCKM7XThkZmZn49QLh2ltmRR6e/+FiG9nWILADXJvKJFOBl/Nm+ektVXGyCk6ftcAWJnQHgY96ih0dvtn+cTIdr9iYlgICyXDJKvexN15TypbXwsKe9jnuOYvDOn2FtEKi8ysnaHEkVimCMb2DkZZKNm2yQAW5DRxfDZGTsGqeB3R3Li/AQR0DSAOFHjKEHwqolay8Y+5+3XVFi/tK8opVMO39BcP7Ag56IfC20MpzNI8Ibc7OrSy0SMG7QnYd7XT483AAiaKQnhTzmEQwhlILxOiNyi6PGbKH5fshmHRRq1Q8=</X509Certificate>
-                        </X509Data>
-                      </KeyInfo>
-                      <CipherData>
-                        <CipherValue>ahdd65gng0TzxZ/6Nw1zLvqFi3lsvz4tvAF4pBz7BZCqTHbTzaRnK5rMWSP9wEk8fa0LN9CGw7y1QxKfuPneTooYogDPGdVc6T8IbmASGfQI1SZZy7yOkF4IcTz9txJ4wbcjf4hUXPvYeBb0l1QlvKLh0BpXquhZqeM8Gat4IXz1iQbTCB31regpmeDSGJz6ok1ZFhjn0v4K5YvXucofxTmh+0aONveMWyadp56dP4KJVM5x4z6UddiFdVlk4euuSX6qbVHI7eA4UGSdnu8lsbBa5aiypS0kRO8NGyab+nSY907hn8E7mUCc9MjyS/QwFSZyT3y88q0pb1bK8zL8tA==</CipherValue>
-                      </CipherData>
-                    </EncryptedKey>
-                  </KeyInfo>
-                  <CipherData>
-                    <CipherValue>YTcCujeLvS47fgVUWLUC9FaZJDp+MSMtuxAkUWfAh5xnbKI8i0dFulIftz+lykfx+/1dMmQ/GsFSbbqhjCG6GDUKz5/eBXEg/It9Vagu9y0UTlrfj0dLaSG7jaw+wNY9DXTsvRtIHkEI0XQHWr0HqkJYVDfiA4yRZu2Sfue9nSmIZFMhCZOP286hJ0JFsqX1+phX3sR6JX31mGKopltlAsIGgL8MRTXWp5tZxuk9W+sgoWfJziDYmrPP2P6eMn7AdX4T+TDbuAY7MtaExL8Itv8WeKN34lxXocT7hRIjHaZMfiqocDX6YcIjnYhgeKQ1XlFo4j4fZ/p4PwxMmXdhrr/yAhzPhhOt6kqncsNnfVWbPS6+dh+3XE6/K0Oa2B5avbYKOv21KU69mSaXc4EsPA==</CipherValue>
-                  </CipherData>
-                </EncryptedData>
-              </encryptedSecret>
-            </descriptor>
-          </descriptor>
-        </key>
-        """;
-}
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs
index dc3db71f6996..317b9f62fc32 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestUnprotectWorksWithX509Certificate.cs
@@ -22,94 +22,3 @@
 }
 
 return 100;
-
-static class Constants
-{
-    public const string Password = "password";
-
-    public const string Key =
-      @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5
-        MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC
-        B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4
-        5j6PlwF8nLiANmvnNyr+tmnLLx8Fa8XGmi4ggs3YGPJEw6u41qTnPGlT7goQaylT+XudRTMgB1lQ
-        tAGW12P2kQX2laJFqK/KF1YGaUC7dTxPnRQg+qzfP3+omlx6kqt38YvVjoc1toYGo/Jc1GuEUQ++
-        HrarLzVUJvAzD22Q8fX0Tjp5EVezYhb/aSiqd7d7VLVHoukaYJxKJW3JKTVHI76+pyNv+HnTwlHC
-        gfY8DI6NekwtXEHf9W1XPaTMyFYyamWAsH5FeM1EyLh/bTmvoCNZtVx2UiUD1MbSnYO/KNGHcl74
-        6A92sFXhzSXdkxLCMEiHTD5LZ8SFJCh7b3LeTHsdRb6C3SlkPsji5mCbacy6femW9Q1RyPO08Td3
-        vZtPB4fambMXLTaVaSnT/+F8Vd/seGrGsfON1okSIz34M6kH9GzHtbeQV3BuO6YxIJqljAlM+I1u
-        ItcXKGwv5vtzmGFIRVBxmgkErtO+dWeocee/du3VPA8MyuIEumCKVTeiM5OOPPHDxdOxieKYqC01
-        T8TvLFuTSqQg008s2BcGCW3dsbOc8jyKg4tp8J7XnaCYv7toyB4A8fzc3fx+mquBmc1ehMQKJHN1
-        Cx3nVV//gEEbq2ZSNrhuEKw2D85rA1XZX1zwhHy1T5bGNgC4sAwmRszUSeCrUAlGMLxXv+Cu4G1j
-        U+kwvG+MuKuK4Z22lMAwm7mNEK1vi7wmuoFPWOolPVCoxvCIGGDT0eLjL3YmePCkifwYrbDgWmWB
-        OElG1E7LtpCYDqTgsBwo/Vp47l/RQFYRAcxishKjn5Bi4AURagaFdVrFI+7XyjG5ZYijy39uKWJN
-        lquP5yHg9wjMsYeBjDIfZhkPFMPUou2DDuI3VimnW6SETXkitY6knjPl8T9kVYEHiDj4n2hZxymj
-        sXCPjO673zK4IB887KoOUpmzaGkfA5Gqw1JkE/HK/ghEJQpnkBs+SMWSwY200+UJWWSCeVI0ZY0T
-        sihWT7cd/o3LdFDNNKok9qA6lpREOv3+5l23McBM7y6sxtjXL/+GwbN3XiTGNY5yjJ0+bVUob2E6
-        L9JRc2+3Jlcg9xAV9YCvdjd1LkPo0aRm+oZKFWCv4mgoATBlJGImkIp/HcukEeaiuCQplDLapk+a
-        6ZwV4YfpZluoSoMaXzGZEr+qFUAzhEJ/WXLBQI9qEkf5Lf9Kdh6iKSqnV8wordvu24rGynYkM3TO
-        Ni/8IjeZRCE2CqcQ9coAzXgSJdM1vC+1AJm0mpsvlHocHnJoF305OtFUALTFCHkrZMxqVGMq2DlX
-        cXw6KEEheVZGZs7QD5eYf47YcSFCGsSEhcP+syt0UgAi2p5Y8Ym8AFotTMT8opwJ9LwjaCwBMQkH
-        xKPwcSg7Q9SXb4NNTAL1nGxOU5ZNW0QRcwbJQzVfVTMwQ7nRtSjc/Qg3ST1fVuIiqsTSu2AL3bSn
-        24I3Zi8idaf69c2MNhc03UTgMNCh9T4QNVf7bSXznPl8hd9G3cekPuQY1b5YzB8DOU5cyD+pLuOa
-        43oQ6V0WVceUHe+Lw0aKelCI+6dYa7C8RerOTgOaDyuBxG+qouBk5LvxCNWLh7nMyTGB3zATBgkq
-        hkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAGwAcAAtADYANwBkAGYAZgA0ADIAOAAt
-        ADEAZQAxADEALQA0ADYAYwA5AC0AOABlADkAMgAtAGIAZQBmAGIANwAzAGUANAA4ADIAOAA1MGkG
-        CSsGAQQBgjcRATFcHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUA
-        bAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIwggPPBgkqhkiG
-        9w0BBwagggPAMIIDvAIBADCCA7UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECKd3W1PCnIYL
-        AgIH0ICCA4g+xQnikaqVknam03UPBunLcbc4vM5elTihZjvuQHjcQWOr/GeLDWSkIqJAf7f/6jRM
-        D8nlgx/YM1z6aZfYeU/kfY7T58yS5glTscFEY0sitH4Dt8bN6jGz9B5MG6afKYsIT3IcgM52EbzJ
-        1RiHU6KHSagaBmAvSv75npvg/gV+UpqSMmWyUm3Wq1vJcmm58dzYrxSMdvPtnDeFIvSK6GH1Okpz
-        8B63JDjPPUFCv/4cdZyRpDmz4RIlfM1fH89koQ0sX5tZHxFSZcy7RPlRfCAxo65AF78WGWPAHxIC
-        11OesbIlv6O/ZECZIxmRC02LdTUr4DAF2vVZy3x3Fn24d2KHAotykvn8ENpSvs9DTedGAjlKvEFO
-        hP5DJHqbK2WPacD8hrCQatxyWBRmMhC5/fvm6ACb/HSL+EDZgZ5Zr294RUH9QXJd+IPUJI5AQaqj
-        Br2u699hv0rlaf4j+NAbneDLn8M5M3wJHGD2rG3Q1xpNC30s9/v68rtKJFVKndtVXmzQi33GnC4P
-        EQU/FyL/Jwal+NnJO68aHQ2D9Ai3DMqsRvKNznpxXp9kiUuSgKWsdSbMoRzs/BfdbeCOIyzxV1BZ
-        UvWCzSZu4YE8UYGVxOIfrSILp7NFQD2rQSpdI831OPLeE9+QJHULiV8mzf6svCyTn+s0m0dIBIO0
-        K9oqUpdWcjDdbSHANOPRYlUWgZHwJ6Sh4ZCpKmvU3FeS4yL5en+jW/1JsvBNq1mWVQTIIM5q8onG
-        FloYvQpRxZb6QJ4sITLbk1rdlRMxDwzcUZYQeFZhQbFk8MSuiZKGfdSpij0UEIUbLjO4HDFcdw4j
-        FzKe3k4gNiwtN5KKR4fT2DaHJehXuOrzHWmkBhXbsSMItPUmaHbbILYrhNYS8lDgEBtzgCJo/kZh
-        jUdMfnL5SdHsHV05mWuDhvDjhzaSFIkPlPJ4xxNhuC6ecUemm51846uw6O/iFHl1WHE5kaxoLNfY
-        fU7xHeYkvovsZwKrwFKKFiVnlstG+XqCgul1v7jhPcAvc9nDmHVoPwXwZEhPXhx46j61/TSmZboU
-        35iV7s5brC67ChbRIJk2cq/odioWyxVoKjAIZmH+e08QYc6mZRRgce6VVbk8R9Lh9/wkd2u9IIbd
-        NP5hynCdo85eTjJ4RaF8LGJwK45Jkw3jIghcKePkLzQIN03OGKm2+YjQV18M3UtlB7cti4JwZJCL
-        MDswHzAHBgUrDgMCGgQUvUM7Kw/8NN+1PlObSrj4zZwINasEFNL9LO5HLwrmwm/xDlNMw1KASQOL
-        AgIH0A==";
-
-    public const string KeyRingXmlFileName = "key-9c15d488-4417-49ab-ae39-ed2f36a9ebe3.xml";
-    public const string KeyRingXmlContents = """
-        <?xml version="1.0" encoding="utf-8"?>
-        <key id="9c15d488-4417-49ab-ae39-ed2f36a9ebe3" version="1">
-          <creationDate>2023-05-04T19:16:30.3590154Z</creationDate>
-          <activationDate>2023-05-04T19:16:30.3487875Z</activationDate>
-          <expirationDate>2115-08-02T19:16:30.3487875Z</expirationDate>
-          <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection">
-            <descriptor>
-              <encryption algorithm="AES_256_CBC" />
-              <validation algorithm="HMACSHA256" />
-              <encryptedSecret decryptorType="Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor, Microsoft.AspNetCore.DataProtection" xmlns="http://schemas.asp.net/2015/03/dataProtection">
-                <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
-                  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
-                  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
-                    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
-                      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
-                      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
-                        <X509Data>
-                          <X509Certificate>MIIDATCCAemgAwIBAgIQNH2CfRDvN5FK9yzBy/U8bTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMCAXDTE1MTAwNjA4NDQ0OFoYDzIxMTUxMDA2MDg0NDQ4WjAbMRkwFwYDVQQDDBB1c2VyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSzpvCfj6B3MGJWDjUc+LlxZAF8Szz+tTiX9inLIdiEG1LfpJlHgrNXumnY8ZRph1BOMH8/XS28tlhz1iLSX/3EYNLwWhi/9YAT6mC+qmCJu4I+DAN0Xf/lDbRyhB/6iYgPxtuDA3yVGcrh1NQY5JibxGF7uPN8+SmMAff0rP3eseacroYsiis6SG7ItBg+2M78ZJMuPTwl+abiOSwBTtXog8/v87yk6U/VyGzaesygvHCS39tEBT8Uw6AjPEABQI3Rr95LpdbqguzQh/xzwdCp1YFlKiUHkavspg2PiI7qMIamI8H65rXh4emwlurTbTNq8anIbKuYUDbp6XEUeQIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCBLAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzx66AAJJ4/RjAJ5dqkeTGHUATFYwDQYJKoZIhvcNAQELBQADggEBADe2e7NytbwtvbuPxX+zm2xOfzf+f335DPxll3MFNZCKM7XThkZmZn49QLh2ltmRR6e/+FiG9nWILADXJvKJFOBl/Nm+ektVXGyCk6ftcAWJnQHgY96ih0dvtn+cTIdr9iYlgICyXDJKvexN15TypbXwsKe9jnuOYvDOn2FtEKi8ysnaHEkVimCMb2DkZZKNm2yQAW5DRxfDZGTsGqeB3R3Li/AQR0DSAOFHjKEHwqolay8Y+5+3XVFi/tK8opVMO39BcP7Ag56IfC20MpzNI8Ibc7OrSy0SMG7QnYd7XT483AAiaKQnhTzmEQwhlILxOiNyi6PGbKH5fshmHRRq1Q8=</X509Certificate>
-                        </X509Data>
-                      </KeyInfo>
-                      <CipherData>
-                        <CipherValue>ahdd65gng0TzxZ/6Nw1zLvqFi3lsvz4tvAF4pBz7BZCqTHbTzaRnK5rMWSP9wEk8fa0LN9CGw7y1QxKfuPneTooYogDPGdVc6T8IbmASGfQI1SZZy7yOkF4IcTz9txJ4wbcjf4hUXPvYeBb0l1QlvKLh0BpXquhZqeM8Gat4IXz1iQbTCB31regpmeDSGJz6ok1ZFhjn0v4K5YvXucofxTmh+0aONveMWyadp56dP4KJVM5x4z6UddiFdVlk4euuSX6qbVHI7eA4UGSdnu8lsbBa5aiypS0kRO8NGyab+nSY907hn8E7mUCc9MjyS/QwFSZyT3y88q0pb1bK8zL8tA==</CipherValue>
-                      </CipherData>
-                    </EncryptedKey>
-                  </KeyInfo>
-                  <CipherData>
-                    <CipherValue>YTcCujeLvS47fgVUWLUC9FaZJDp+MSMtuxAkUWfAh5xnbKI8i0dFulIftz+lykfx+/1dMmQ/GsFSbbqhjCG6GDUKz5/eBXEg/It9Vagu9y0UTlrfj0dLaSG7jaw+wNY9DXTsvRtIHkEI0XQHWr0HqkJYVDfiA4yRZu2Sfue9nSmIZFMhCZOP286hJ0JFsqX1+phX3sR6JX31mGKopltlAsIGgL8MRTXWp5tZxuk9W+sgoWfJziDYmrPP2P6eMn7AdX4T+TDbuAY7MtaExL8Itv8WeKN34lxXocT7hRIjHaZMfiqocDX6YcIjnYhgeKQ1XlFo4j4fZ/p4PwxMmXdhrr/yAhzPhhOt6kqncsNnfVWbPS6+dh+3XE6/K0Oa2B5avbYKOv21KU69mSaXc4EsPA==</CipherValue>
-                  </CipherData>
-                </EncryptedData>
-              </encryptedSecret>
-            </descriptor>
-          </descriptor>
-        </key>
-        """;
-}

From db4c1e851b7a755b4ba8b777722cba4dabd299a3 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Fri, 5 May 2023 14:53:43 -0500
Subject: [PATCH 3/7] Fix tests to be delay build

Add EncryptedXmlDecryptor test.

Add credscan suppression
---
 eng/RequiresDelayedBuildProjects.props        |  3 +-
 .../Constants.cs                              |  1 +
 ...pNetCore.DataProtection.TrimmingTests.proj |  2 +
 .../TestEncryptedXmlDecryptor.cs              | 41 +++++++++++++++++++
 4 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs

diff --git a/eng/RequiresDelayedBuildProjects.props b/eng/RequiresDelayedBuildProjects.props
index c976a7678498..0c8034c3865b 100644
--- a/eng/RequiresDelayedBuildProjects.props
+++ b/eng/RequiresDelayedBuildProjects.props
@@ -8,6 +8,8 @@
 -->
 <Project>
   <ItemGroup>
+    <RequiresDelayedBuild Include="$(RepoRoot)src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.TrimmingTests\Microsoft.AspNetCore.DataProtection.TrimmingTests.proj" />
+    <RequiresDelayedBuild Include="$(RepoRoot)src\DefaultBuilder\test\Microsoft.AspNetCore.NativeAotTests\Microsoft.AspNetCore.NativeAotTests.proj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\perf\Microsoft.AspNetCore.Grpc.Microbenchmarks\Microsoft.AspNetCore.Grpc.Microbenchmarks.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\src\Microsoft.AspNetCore.Grpc.JsonTranscoding\Microsoft.AspNetCore.Grpc.JsonTranscoding.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\src\Microsoft.AspNetCore.Grpc.Swagger\Microsoft.AspNetCore.Grpc.Swagger.csproj" />
@@ -17,6 +19,5 @@
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\test\testassets\IntegrationTestsWebsite\IntegrationTestsWebsite.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\test\testassets\Sandbox\Sandbox.csproj" />
     <RequiresDelayedBuild Include="$(RepoRoot)src\ProjectTemplates\test\Templates.Blazor.Tests\Templates.Blazor.Tests.csproj" />
-    <RequiresDelayedBuild Include="$(RepoRoot)src\DefaultBuilder\test\Microsoft.AspNetCore.NativeAotTests\Microsoft.AspNetCore.NativeAotTests.proj" />
   </ItemGroup>
 </Project>
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs
index a5879d9060c7..fc88b15680a8 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Constants.cs
@@ -6,6 +6,7 @@ internal static class Constants
     public const string Password = "password";
 
     public const string Key =
+      // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Suppression approved. Dummy certificate for testing.")]
       @"MIIKPgIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBgwGCSqGSIb3DQEHAaCCBf0EggX5
         MIIF9TCCBfEGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAijQh1kbOZOYQIC
         B9AEggTY+wDp3V31Lh7f8YrsqEsyGZ+GlYvFhLWvDASjisYJi5NlQ0ONbf0KOXHVSvBj3tVyuHm4
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
index 3ebeb871b885..1ebc8a1222b6 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/Microsoft.AspNetCore.DataProtection.TrimmingTests.proj
@@ -3,6 +3,8 @@
   <ItemGroup>
     <TestConsoleAppSourceFiles Include="TestCertificateXmlEncryptor.cs"
                                AdditionalSourceFiles="Constants.cs" />
+    <TestConsoleAppSourceFiles Include="TestEncryptedXmlDecryptor.cs"
+                               AdditionalSourceFiles="Constants.cs" />
     <TestConsoleAppSourceFiles Include="TestUnprotectWorksWithX509Certificate.cs"
                                AdditionalSourceFiles="Constants.cs" />
   </ItemGroup>
diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs
new file mode 100644
index 000000000000..18ceaa4c68f5
--- /dev/null
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs
@@ -0,0 +1,41 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.DataProtection.XmlEncryption;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+using System.Security.Cryptography.X509Certificates;
+using System.Xml.Linq;
+
+var cert = new X509Certificate2(Convert.FromBase64String(Constants.Key), Constants.Password);
+var encryptedData = XElement.Parse(Constants.KeyRingXmlContents)
+    .Element("descriptor")
+    .Element("descriptor")
+    .Element(XName.Get("encryptedSecret", "http://schemas.asp.net/2015/03/dataProtection"))
+    .Element(XName.Get("EncryptedData", "http://www.w3.org/2001/04/xmlenc#"));
+
+var services = new ServiceCollection();
+services.AddOptions();
+var dpBuilder = new DataProtectionBuilder(services);
+dpBuilder.UnprotectKeysWithAnyCertificate(cert);
+var decryptor = new EncryptedXmlDecryptor(services.BuildServiceProvider());
+
+var e = decryptor.Decrypt(encryptedData);
+
+if (e.Name != "masterKey")
+{
+    return -1;
+}
+if (e.Value != "HfIK4QgxlajUlAj2se0A90ZAtJmkI4zOLQrCwEl86WM77WlKbDQlXhnd/DYDZKHUW6t0pg0J054XFJeFZ4U6hg==")
+{
+    return -2;
+}
+
+return 100;
+
+internal class DataProtectionBuilder : IDataProtectionBuilder
+{
+    public DataProtectionBuilder(IServiceCollection services) => Services = services;
+    public IServiceCollection Services { get; }
+}

From da0ad1cb629f65f8b4c209677d6004bf23180868 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Fri, 5 May 2023 16:50:07 -0500
Subject: [PATCH 4/7] Fix up test build since it is a directory lower now.

---
 .../Microsoft.AspNetCore.DataProtection.Tests.csproj            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Microsoft.AspNetCore.DataProtection.Tests.csproj b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Microsoft.AspNetCore.DataProtection.Tests.csproj
index 512c6346142d..ca7b11a50c55 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Microsoft.AspNetCore.DataProtection.Tests.csproj
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Microsoft.AspNetCore.DataProtection.Tests.csproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <Compile Include="..\..\shared\test\*.cs" />
+    <Compile Include="..\..\..\shared\test\*.cs" />
     <Content Include="TestFiles\**" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
 

From fece6e592f9843b963fc8a9db64a6e244c5c926e Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Mon, 8 May 2023 10:05:41 -0500
Subject: [PATCH 5/7] Seal test class

---
 .../TestEncryptedXmlDecryptor.cs                                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs
index 18ceaa4c68f5..dd01f04b08fe 100644
--- a/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs
+++ b/src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.TrimmingTests/TestEncryptedXmlDecryptor.cs
@@ -34,7 +34,7 @@
 
 return 100;
 
-internal class DataProtectionBuilder : IDataProtectionBuilder
+internal sealed class DataProtectionBuilder : IDataProtectionBuilder
 {
     public DataProtectionBuilder(IServiceCollection services) => Services = services;
     public IServiceCollection Services { get; }

From 6950c9a7d8745b58c332c9733b04eb8a85955cf7 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Mon, 8 May 2023 14:03:41 -0500
Subject: [PATCH 6/7] Fix parallel build to not copy files to the same
 destination

---
 eng/testing/linker/trimmingTests.targets | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/eng/testing/linker/trimmingTests.targets b/eng/testing/linker/trimmingTests.targets
index 5f5fcb99736a..9fcf9f82510a 100644
--- a/eng/testing/linker/trimmingTests.targets
+++ b/eng/testing/linker/trimmingTests.targets
@@ -5,7 +5,7 @@
     <TestConsoleAppSourceFiles Condition="'@(TestConsoleAppSourceFiles)' == ''" Include="$(MSBuildProjectDirectory)\*.cs" />
 
     <TestSupportFiles Include="$(MSBuildThisFileDirectory)SupportFiles\Directory.Build.*">
-      <DestinationFolder>$(TrimmingTestDir)</DestinationFolder>
+      <DestinationFolder>$([MSBuild]::NormalizeDirectory('$(TrimmingTestProjectsDir)', '$(MSBuildProjectName)'))</DestinationFolder>
     </TestSupportFiles>
   </ItemGroup>
 
@@ -13,7 +13,9 @@
           Inputs="@(TestSupportFiles)"
           Outputs="@(TestSupportFiles->'%(DestinationFolder)\%(FileName)%(Extension)')">
     <MakeDir Directories="%(TestSupportFiles.DestinationFolder)" />
-    <Copy SourceFiles="@(TestSupportFiles)" DestinationFolder="%(TestSupportFiles.DestinationFolder)" />
+    <Copy SourceFiles="@(TestSupportFiles)"
+          DestinationFolder="%(TestSupportFiles.DestinationFolder)"
+          SkipUnchangedFiles="true" />
   </Target>
 
   <Target Name="GetTestConsoleApps">

From 7c3822c6c745119fb16ae990eefc96797cb9ced0 Mon Sep 17 00:00:00 2001
From: Eric Erhardt <eric.erhardt@microsoft.com>
Date: Fri, 12 May 2023 18:33:58 -0500
Subject: [PATCH 7/7] Respond to PR feedback

---
 .../src/XmlEncryption/CertificateXmlEncryptor.cs             | 5 ++---
 .../src/XmlEncryption/EncryptedXmlDecryptor.cs               | 2 ++
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs b/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs
index 9251dc7d4b23..be4bac814faa 100644
--- a/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs
+++ b/src/DataProtection/DataProtection/src/XmlEncryption/CertificateXmlEncryptor.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
-using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Cryptography.Xml;
 using System.Xml;
@@ -78,9 +77,9 @@ public EncryptedXmlInfo Encrypt(XElement plaintextElement)
     }
 
     [UnconditionalSuppressMessage("AOT", "IL2026:RequiresUnreferencedCode",
-        Justification = "This usage of EncryptedXml to encrypt an XElement using a X509Certificate2 does not require unreferenced code.")]
+        Justification = "This usage of EncryptedXml to encrypt an XElement using a X509Certificate2 does not use reflection.")]
     [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode",
-        Justification = "Only XSLTs require dynamic code. The usage of EncryptedXml doesn't use XSLTs.")]
+        Justification = "This usage of EncryptedXml to encrypt an XElement using a X509Certificate2 does not use XSLTs.")]
     private XElement EncryptElement(XElement plaintextElement)
     {
         // EncryptedXml works with XmlDocument, not XLinq. When we perform the conversion
diff --git a/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs b/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs
index cabacf142896..8e2d85364076 100644
--- a/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs
+++ b/src/DataProtection/DataProtection/src/XmlEncryption/EncryptedXmlDecryptor.cs
@@ -46,6 +46,8 @@ public EncryptedXmlDecryptor(IServiceProvider? services)
     /// <param name="encryptedElement">An encrypted XML element.</param>
     /// <returns>The decrypted form of <paramref name="encryptedElement"/>.</returns>
 #pragma warning disable SYSLIB0022 // Rijndael types are obsolete
+    // RijndaelManaged (aka AES) is used by default. If we find another important algorithm, we should add it here as well.
+    // In the meantime, a useful exception will be thrown in a trimmed app if the algorithm can't be found.
     [DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(RijndaelManaged))]
 #pragma warning restore SYSLIB0022
     [UnconditionalSuppressMessage("AOT", "IL2026:RequiresUnreferencedCode",