public async Task EncryptionUTRewrapDekWithoutEncryptionSerializer()
{
string dekId = "mydek";
EncryptionTestHandler testHandler = new EncryptionTestHandler();
// Create a DEK using a properly setup client first
Container container = this.GetContainerWithMockSetup(testHandler);
DatabaseCore databaseWithSerializer = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database;
DataEncryptionKeyResponse dekResponse = await databaseWithSerializer.CreateDataEncryptionKeyAsync(dekId, EncryptionUnitTests.Algo, this.metadata1);
Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode);
// Clear the handler pipeline that would have got setup
testHandler.InnerHandler = null;
// Ensure rewrap for this key fails on improperly configured client
try
{
DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)this.GetContainer(testHandler)).Database;
DataEncryptionKey dek = database.GetDataEncryptionKey(dekId);
await dek.RewrapAsync(this.metadata2);
Assert.Fail();
}
catch (ArgumentException ex)
{
Assert.AreEqual(ClientResources.EncryptionKeyWrapProviderNotConfigured, ex.Message);
}
}
public async Task EncryptionUTRewrapDek()
{
Container container = this.GetContainerWithMockSetup();
DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database;
string dekId = "mydek";
DataEncryptionKeyResponse createResponse = await database.CreateDataEncryptionKeyAsync(dekId, EncryptionUnitTests.Algo, this.metadata1);
DataEncryptionKeyProperties createdProperties = createResponse.Resource;
Assert.AreEqual(HttpStatusCode.Created, createResponse.StatusCode);
this.VerifyWrap(this.dek, this.metadata1);
DataEncryptionKey dek = database.GetDataEncryptionKey(dekId);
DataEncryptionKeyResponse rewrapResponse = await dek.RewrapAsync(this.metadata2);
DataEncryptionKeyProperties rewrappedProperties = rewrapResponse.Resource;
Assert.IsNotNull(rewrappedProperties);
Assert.AreEqual(dekId, rewrappedProperties.Id);
Assert.AreEqual(createdProperties.CreatedTime, rewrappedProperties.CreatedTime);
Assert.IsNotNull(rewrappedProperties.LastModified);
Assert.AreEqual(createdProperties.ResourceId, rewrappedProperties.ResourceId);
Assert.AreEqual(createdProperties.SelfLink, rewrappedProperties.SelfLink);
IEnumerable <byte> expectedRewrappedKey = this.dek.Select(b => (byte)(b + 2));
Assert.IsTrue(expectedRewrappedKey.SequenceEqual(rewrappedProperties.WrappedDataEncryptionKey));
Assert.AreEqual(new EncryptionKeyWrapMetadata(this.metadata2.Value + this.metadataUpdateSuffix), rewrappedProperties.EncryptionKeyWrapMetadata);
Assert.AreEqual(2, this.testHandler.Received.Count);
RequestMessage rewrapRequestMessage = this.testHandler.Received[1];
Assert.AreEqual(ResourceType.ClientEncryptionKey, rewrapRequestMessage.ResourceType);
Assert.AreEqual(OperationType.Replace, rewrapRequestMessage.OperationType);
Assert.AreEqual(createResponse.ETag, rewrapRequestMessage.Headers[HttpConstants.HttpHeaders.IfMatch]);
Assert.IsTrue(this.testHandler.Deks.ContainsKey(dekId));
DataEncryptionKeyProperties serverDekProperties = this.testHandler.Deks[dekId];
Assert.IsTrue(serverDekProperties.Equals(rewrappedProperties));
this.VerifyWrap(this.dek, this.metadata2);
this.mockKeyWrapProvider.VerifyNoOtherCalls();
}
