public void TestRoundTripWithCSPAndCertStoreProvider()
{
const string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
string providerType = "24";
string certificateName = string.Format(@"AETest - {0}", providerName);
CertificateUtilityWin.CreateCertificate(certificateName, StoreLocation.CurrentUser.ToString(), providerName, providerType);
try
{
X509Certificate2 cert = CertificateUtilityWin.GetCertificate(certificateName, StoreLocation.CurrentUser);
string cspPath = CertificateUtilityWin.GetCspPathFromCertificate(cert);
string certificatePath = String.Concat(@"CurrentUser/my/", cert.Thumbprint);
SqlColumnEncryptionCertificateStoreProvider certProvider = new SqlColumnEncryptionCertificateStoreProvider();
SqlColumnEncryptionCspProvider cspProvider = new SqlColumnEncryptionCspProvider();
byte[] columnEncryptionKey = DatabaseHelper.GenerateRandomBytes(32);
byte[] encryptedColumnEncryptionKeyUsingCert = certProvider.EncryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", columnEncryptionKey);
byte[] columnEncryptionKeyReturnedCert2CSP = cspProvider.DecryptColumnEncryptionKey(cspPath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCert);
Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCert2CSP));
byte[] encryptedColumnEncryptionKeyUsingCSP = cspProvider.EncryptColumnEncryptionKey(cspPath, @"RSA_OAEP", columnEncryptionKey);
byte[] columnEncryptionKeyReturnedCSP2Cert = certProvider.DecryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCSP);
Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCSP2Cert));
}
finally
{
CertificateUtilityWin.RemoveCertificate(certificateName, StoreLocation.CurrentUser);
}
}
public void AcceptEncryptionAlgorithmRegardlessOfCase(string algorithm)
{
var provider = new SqlColumnEncryptionCspProvider();
byte[] ciphertext = provider.EncryptColumnEncryptionKey(MASTER_KEY_PATH, algorithm, new byte[] { 1, 2, 3, 4, 5 });
Assert.NotNull(ciphertext);
}
public void ThrowExceptionWithInvalidParameterWhileEncryptingColumnEncryptionKey(string errorMsg, Type exceptionType, string masterKeyPath, string encryptionAlgorithm, byte[] bytes)
{
var provider = new SqlColumnEncryptionCspProvider();
Exception ex = Assert.Throws(exceptionType, () => provider.EncryptColumnEncryptionKey(masterKeyPath, encryptionAlgorithm, bytes));
Assert.Matches(errorMsg, ex.Message);
}
public void ThrowPlatformNotSupportedExceptionInUnix()
{
var provider = new SqlColumnEncryptionCspProvider();
Assert.Throws <PlatformNotSupportedException>(() => provider.EncryptColumnEncryptionKey("", "", new byte[] { }));
Assert.Throws <PlatformNotSupportedException>(() => provider.DecryptColumnEncryptionKey("", "", new byte[] { }));
Assert.Throws <PlatformNotSupportedException>(() => provider.SignColumnMasterKeyMetadata("", false));
Assert.Throws <PlatformNotSupportedException>(() => provider.VerifyColumnMasterKeyMetadata("", false, new byte[] { }));
}
public void EncryptKeyAndThenDecryptItSuccessfully(int dataSize)
{
var provider = new SqlColumnEncryptionCspProvider();
var columnEncryptionKey = new byte[dataSize];
var randomNumberGenerator = new Random();
randomNumberGenerator.NextBytes(columnEncryptionKey);
byte[] encryptedData = provider.EncryptColumnEncryptionKey(MASTER_KEY_PATH, ENCRYPTION_ALGORITHM, columnEncryptionKey);
byte[] decryptedData = provider.DecryptColumnEncryptionKey(MASTER_KEY_PATH, ENCRYPTION_ALGORITHM, encryptedData);
Assert.Equal(columnEncryptionKey, decryptedData);
}
public SQLSetupStrategyCspExt(string cspKeyPath) : base(cspKeyPath)
{
keyStoreProvider = new SqlColumnEncryptionCspProvider();
this.SetupDatabase();
}
public void ThrowNotSupportedExceptionWhenCallingVerifyColumnMasterKeyMetadata()
{
var provider = new SqlColumnEncryptionCspProvider();
Assert.Throws <NotSupportedException>(() => provider.VerifyColumnMasterKeyMetadata(MASTER_KEY_PATH, true, GenerateTestEncryptedBytes(1, 0, 256, 256)));
}
public void ThrowNotSupportedExceptionWhenCallingSignColumnMasterKeyMetadata()
{
var provider = new SqlColumnEncryptionCspProvider();
Assert.Throws <NotSupportedException>(() => provider.SignColumnMasterKeyMetadata(MASTER_KEY_PATH, true));
}