Client Encryption : Adds integration with latest Cryptography package…

… and removes caching of AeadAes256CbcHmac256EncryptionAlgorithm object (Azure#2345)

1. This PR removes the caching of AeadAes256CbcHmac256EncryptionAlgorithm object which was done earlier and now completely relies on MDE layer for caching.
2. Upgrades to latest "Microsoft.Data.Encryption.Cryptography" Version="0.2.0-pre"

Microsoft.Azure.Cosmos.Encryption/src/Custom/CosmosDataEncryptionKeyProvider.cs

@@ -23,7 +23,7 @@ public sealed class CosmosDataEncryptionKeyProvider : DataEncryptionKeyProvider
 
         internal DekCache DekCache { get; }
 
-        /* MDE's Protected Data Encryption key Cache TTL*/
+        // MDE's Protected Data Encryption key Cache TTL.
         internal TimeSpan? PdekCacheTimeToLive { get; }
 
         internal Container Container
@@ -75,40 +75,58 @@ public CosmosDataEncryptionKeyProvider(
         /// Initializes a new instance of the <see cref="CosmosDataEncryptionKeyProvider"/> class.
         /// </summary>
         /// <param name="encryptionKeyStoreProvider"> MDE EncryptionKeyStoreProvider for Wrapping/UnWrapping services. </param>
-        /// <param name="cacheTimeToLive">Time to live for EncryptionKeyStoreProvider's ProtectedDataEncryptionKey before having to refresh. 0 results in no Caching.</param>
         /// <param name="dekPropertiesTimeToLive">Time to live for DEK properties before having to refresh.</param>
         public CosmosDataEncryptionKeyProvider(
             EncryptionKeyStoreProvider encryptionKeyStoreProvider,
-            TimeSpan? cacheTimeToLive = null,
             TimeSpan? dekPropertiesTimeToLive = null)
         {
             this.EncryptionKeyStoreProvider = encryptionKeyStoreProvider ?? throw new ArgumentNullException(nameof(encryptionKeyStoreProvider));
             this.MdeKeyWrapProvider = new MdeKeyWrapProvider(encryptionKeyStoreProvider);
             this.dataEncryptionKeyContainerCore = new DataEncryptionKeyContainerCore(this);
             this.DekCache = new DekCache(dekPropertiesTimeToLive);
-            this.PdekCacheTimeToLive = cacheTimeToLive;
+            this.PdekCacheTimeToLive = this.EncryptionKeyStoreProvider.DataEncryptionKeyCacheTimeToLive;
+            if (this.PdekCacheTimeToLive.HasValue)
+            {
+                // set the TTL for Protected Data Encryption.
+                ProtectedDataEncryptionKey.TimeToLive = this.PdekCacheTimeToLive.Value;
+            }
+            else
+            {
+                // If null is passed to DataEncryptionKeyCacheTimeToLive it results in forever caching hence setting
+                // arbitrarily large caching period. ProtectedDataEncryptionKey does not seem to handle TimeSpan.MaxValue.
+                ProtectedDataEncryptionKey.TimeToLive = TimeSpan.FromDays(36500);
+            }
         }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="CosmosDataEncryptionKeyProvider"/> class.
         /// </summary>
         /// <param name="encryptionKeyWrapProvider">A provider that will be used to wrap (encrypt) and unwrap (decrypt) data encryption keys for envelope based encryption</param>
         /// <param name="encryptionKeyStoreProvider"> MDE EncryptionKeyStoreProvider for Wrapping/UnWrapping services. </param>
-        /// <param name="cacheTimeToLive">Time to live for EncryptionKeyStoreProvider ProtectedDataEncryptionKey before having to refresh. 0 results in no Caching.</param>
         /// <param name="dekPropertiesTimeToLive">Time to live for DEK properties before having to refresh.</param>
         [Obsolete("Please use the constructor with EncryptionKeyStoreProvider only.")]
         public CosmosDataEncryptionKeyProvider(
             EncryptionKeyWrapProvider encryptionKeyWrapProvider,
             EncryptionKeyStoreProvider encryptionKeyStoreProvider,
-            TimeSpan? cacheTimeToLive = null,
             TimeSpan? dekPropertiesTimeToLive = null)
         {
             this.EncryptionKeyWrapProvider = encryptionKeyWrapProvider ?? throw new ArgumentNullException(nameof(encryptionKeyWrapProvider));
             this.EncryptionKeyStoreProvider = encryptionKeyStoreProvider ?? throw new ArgumentNullException(nameof(encryptionKeyStoreProvider));
             this.MdeKeyWrapProvider = new MdeKeyWrapProvider(encryptionKeyStoreProvider);
             this.dataEncryptionKeyContainerCore = new DataEncryptionKeyContainerCore(this);
             this.DekCache = new DekCache(dekPropertiesTimeToLive);
-            this.PdekCacheTimeToLive = cacheTimeToLive;
+            this.PdekCacheTimeToLive = this.EncryptionKeyStoreProvider.DataEncryptionKeyCacheTimeToLive;
+            if (this.PdekCacheTimeToLive.HasValue)
+            {
+                // set the TTL for Protected Data Encryption.
+                ProtectedDataEncryptionKey.TimeToLive = this.PdekCacheTimeToLive.Value;
+            }
+            else
+            {
+                // If null is passed to DataEncryptionKeyCacheTimeToLive it results in forever caching hence setting
+                // arbitrarily large caching period. ProtectedDataEncryptionKey does not seem to handle TimeSpan.MaxValue.
+                ProtectedDataEncryptionKey.TimeToLive = TimeSpan.FromDays(36500);
+            }
         }
 
         /// <summary>

Microsoft.Azure.Cosmos.Encryption/src/Custom/MdeServices/MdeEncryptionAlgorithm.cs

@@ -66,8 +66,6 @@ public MdeEncryptionAlgorithm(
                        dekProperties.Id,
                        keyEncryptionKey,
                        dekProperties.WrappedDataEncryptionKey);
-
-                    protectedDataEncryptionKey.TimeToLive = cacheTimeToLive.Value;
                 }
             }
             else

Microsoft.Azure.Cosmos.Encryption/src/EncryptionCosmosClientExtensions.cs

@@ -32,6 +32,18 @@ public static CosmosClient WithEncryption(
                 throw new ArgumentNullException(nameof(cosmosClient));
             }
 
+            // set the TTL for ProtectedDataEncryption at the Encryption CosmosClient Init so that we have a uniform expiry of the KeyStoreProvider and ProtectedDataEncryption cache items.
+            if (encryptionKeyStoreProvider.DataEncryptionKeyCacheTimeToLive.HasValue)
+            {
+                ProtectedDataEncryptionKey.TimeToLive = encryptionKeyStoreProvider.DataEncryptionKeyCacheTimeToLive.Value;
+            }
+            else
+            {
+                // If null is passed to DataEncryptionKeyCacheTimeToLive it results in forever caching hence setting
+                // arbitrarily large caching period. ProtectedDataEncryptionKey does not seem to handle TimeSpan.MaxValue.
+                ProtectedDataEncryptionKey.TimeToLive = TimeSpan.FromDays(36500);
+            }
+
             return new EncryptionCosmosClient(cosmosClient, encryptionKeyStoreProvider);
         }
     }

Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs

@@ -85,6 +85,12 @@ public static async Task<ClientEncryptionKeyResponse> CreateClientEncryptionKeyA
 
             byte[] wrappedDataEncryptionKey = protectedDataEncryptionKey.EncryptedValue;
 
+            // cache it.
+            ProtectedDataEncryptionKey.GetOrCreate(
+                   clientEncryptionKeyId,
+                   keyEncryptionKey,
+                   wrappedDataEncryptionKey);
+
             ClientEncryptionKeyProperties clientEncryptionKeyProperties = new ClientEncryptionKeyProperties(
                 clientEncryptionKeyId,
                 encryptionAlgorithm,