public static async Task ClassInitialize(TestContext context)
{
EncryptionTests.client = EncryptionTests.GetClient();
EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString());
EncryptionTests.container = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400);
EncryptionTests.containerCore = (ContainerInlineCore)EncryptionTests.container;
EncryptionTests.dekProperties = await CreateDekAsync(EncryptionTests.databaseCore, EncryptionTests.dekId);
}
public async Task DecryptQueryResultDifferentDeksTest()
{
string dekId1 = "mydek1";
EncryptionTests.dekProperties = await CreateDekAsync(EncryptionTests.databaseCore, dekId1);
TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt);
TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, dekId1, TestDoc.PathsToEncrypt);
await ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.containerCore, testDoc1, testDoc2);
}
private static async Task <DataEncryptionKeyProperties> CreateDekAsync(DatabaseCore databaseCore, string dekId)
{
DataEncryptionKeyResponse dekResponse = await databaseCore.CreateDataEncryptionKeyAsync(
dekId,
CosmosEncryptionAlgorithm.AE_AES_256_CBC_HMAC_SHA_256_RANDOMIZED,
EncryptionTests.metadata1);
Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode);
Assert.IsTrue(dekResponse.RequestCharge > 0);
Assert.IsNotNull(dekResponse.ETag);
DataEncryptionKeyProperties dekProperties = dekResponse.Resource;
Assert.AreEqual(dekResponse.ETag, dekProperties.ETag);
Assert.AreEqual(dekId, dekProperties.Id);
return(dekProperties);
}
private static async Task <DataEncryptionKeyProperties> CreateDekAsync(CosmosDataEncryptionKeyProvider dekProvider, string dekId)
{
ItemResponse <DataEncryptionKeyProperties> dekResponse = await dekProvider.DataEncryptionKeyContainer.CreateDataEncryptionKeyAsync(
dekId,
CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized,
EncryptionTests.metadata1);
Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode);
Assert.IsTrue(dekResponse.RequestCharge > 0);
Assert.IsNotNull(dekResponse.ETag);
DataEncryptionKeyProperties dekProperties = dekResponse.Resource;
Assert.AreEqual(dekResponse.ETag, dekProperties.ETag);
Assert.AreEqual(dekId, dekProperties.Id);
return(dekProperties);
}
private static DataEncryptionKeyProperties VerifyDekResponse(
ItemResponse <DataEncryptionKeyProperties> dekResponse,
string dekId)
{
Assert.IsTrue(dekResponse.RequestCharge > 0);
Assert.IsNotNull(dekResponse.ETag);
DataEncryptionKeyProperties dekProperties = dekResponse.Resource;
Assert.IsNotNull(dekProperties);
Assert.AreEqual(dekResponse.ETag, dekProperties.ETag);
Assert.AreEqual(dekId, dekProperties.Id);
Assert.IsNotNull(dekProperties.SelfLink);
Assert.IsNotNull(dekProperties.CreatedTime);
Assert.IsNotNull(dekProperties.LastModified);
return(dekProperties);
}
public static async Task ClassInitialize(TestContext context)
{
EncryptionTests.dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider());
EncryptionTests.encryptor = new TestEncryptor(EncryptionTests.dekProvider);
EncryptionTests.client = EncryptionTests.GetClient();
EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString());
EncryptionTests.keyContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400);
await EncryptionTests.dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id);
EncryptionTests.itemContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400);
EncryptionTests.itemContainerCore = (ContainerInlineCore)EncryptionTests.itemContainer;
EncryptionTests.dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, EncryptionTests.dekId);
}
public async Task ClassInitialize(TestContext context)
{
EncryptionContainerTests.dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider());
EncryptionContainerTests.encryptor = new TestEncryptor(EncryptionContainerTests.dekProvider);
EncryptionContainerTests.client = TestCommon.CreateCosmosClient();
EncryptionContainerTests.database = await EncryptionContainerTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString());
EncryptionContainerTests.keyContainer = await EncryptionContainerTests.database.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400);
await EncryptionContainerTests.dekProvider.InitializeAsync(EncryptionContainerTests.database, EncryptionContainerTests.keyContainer.Id);
EncryptionContainerTests.itemContainer = await EncryptionContainerTests.database.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400);
EncryptionContainerTests.propertyEncryptionContainer = EncryptionContainerTests.itemContainer.WithPropertyEncryptor(encryptor, EncryptionContainerTests.PathsToEncrypt);
EncryptionContainerTests.pdekProperties = await EncryptionContainerTests.CreatePropertyDekAsync(EncryptionContainerTests.dekProvider, EncryptionContainerTests.pdekId);
EncryptionContainerTests.twoPropertyEncryptionContainer = EncryptionContainerTests.itemContainer.WithPropertyEncryptor(encryptor, EncryptionContainerTests.PathsToEncrypt3);
EncryptionContainerTests.twoPropertyOneDekEncryptionContainer = EncryptionContainerTests.itemContainer.WithPropertyEncryptor(encryptor, EncryptionContainerTests.PathsToEncrypt4);
}
public async Task EncryptionCreateDek()
{
string dekId = "anotherDek";
DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.databaseCore, dekId);
Assert.IsNotNull(dekProperties);
Assert.IsNotNull(dekProperties.CreatedTime);
Assert.IsNotNull(dekProperties.LastModified);
Assert.IsNotNull(dekProperties.SelfLink);
Assert.IsNotNull(dekProperties.ResourceId);
// Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime);
Assert.AreEqual(
new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix),
dekProperties.EncryptionKeyWrapMetadata);
// Use a different client instance to avoid (unintentional) cache impact
using (CosmosClient client = EncryptionTests.GetClient())
{
DataEncryptionKeyProperties readProperties =
await((DatabaseCore)(DatabaseInlineCore)client.GetDatabase(EncryptionTests.databaseCore.Id)).GetDataEncryptionKey(dekId).ReadAsync();
Assert.AreEqual(dekProperties, readProperties);
}
}
public async Task EncryptionCreateDek()
{
string dekId = "anotherDek";
DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId);
Assert.IsNotNull(dekProperties);
Assert.IsNotNull(dekProperties.CreatedTime);
Assert.IsNotNull(dekProperties.LastModified);
Assert.IsNotNull(dekProperties.SelfLink);
// Assert.IsNotNull(dekProperties.ResourceId);
// Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime);
Assert.AreEqual(
new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix),
dekProperties.EncryptionKeyWrapMetadata);
// Use different DEK provider to avoid (unintentional) cache impact
CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider());
await dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id);
DataEncryptionKeyProperties readProperties = await dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(dekId);
Assert.AreEqual(dekProperties, readProperties);
}
public async Task EncryptionResourceTokenAuthAllowed()
{
User keyManagerUser = EncryptionTests.databaseCore.GetUser(Guid.NewGuid().ToString());
await EncryptionTests.databaseCore.CreateUserAsync(keyManagerUser.Id);
PermissionProperties keyManagerUserPermission = await keyManagerUser.CreatePermissionAsync(
new PermissionProperties(Guid.NewGuid().ToString(), PermissionMode.All, EncryptionTests.keyContainer));
CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider());
TestEncryptor encryptor = new TestEncryptor(dekProvider);
(string endpoint, string _) = TestCommon.GetAccountInfo();
CosmosClient clientForKeyManagerUser = new CosmosClientBuilder(endpoint, keyManagerUserPermission.Token)
.WithEncryptor(encryptor)
.Build();
Database databaseForKeyManagerUser = clientForKeyManagerUser.GetDatabase(EncryptionTests.databaseCore.Id);
await dekProvider.InitializeAsync(databaseForKeyManagerUser, EncryptionTests.keyContainer.Id);
DataEncryptionKeyProperties readDekProperties = await dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(EncryptionTests.dekId);
Assert.AreEqual(EncryptionTests.dekProperties, readDekProperties);
}
