Ejemplo n.º 1
0
        public void Encrypt_should_throw_on_cert_not_found()
        {
            var resolverMock = new Mock <Microsoft.AspNetCore.DataProtection.XmlEncryption.ICertificateResolver>();
            var sut          = new CertificateXmlEncryptor("test", resolverMock.Object, NullLoggerFactory.Instance);

            Assert.Throws <InvalidOperationException>(() => sut.Encrypt(new XElement("test")));
        }
Ejemplo n.º 2
0
        public void Encrypt_should_throw_on_argument_null()
        {
#pragma warning disable SYSLIB0026 // Type or member is obsolete
            var sut = new CertificateXmlEncryptor(new X509Certificate2(), NullLoggerFactory.Instance);
#pragma warning restore SYSLIB0026 // Type or member is obsolete

            Assert.Throws <ArgumentNullException>(() => sut.Encrypt(null));
        }
Ejemplo n.º 3
0
        public void Encrypt_retreive_cert_from_thumbrint()
        {
            var cert         = SigningKeysLoader.LoadFromFile("TestCert1.pfx", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet);
            var resolverMock = new Mock <Microsoft.AspNetCore.DataProtection.XmlEncryption.ICertificateResolver>();

            resolverMock.Setup(m => m.ResolveCertificate(It.IsAny <string>())).Returns(cert);
            var sut = new CertificateXmlEncryptor(cert.Thumbprint, resolverMock.Object, NullLoggerFactory.Instance);

            var result = sut.Encrypt(new XElement("test"));

            Assert.NotNull(result);
        }
    public void ThrowsIfCannotDecrypt()
    {
        var testCert1    = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password");
        var encryptor    = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance);
        var data         = new XElement("SampleData", "Lorem ipsum");
        var encryptedXml = encryptor.Encrypt(data);
        var decryptor    = new EncryptedXmlDecryptor();

        var ex = Assert.Throws <CryptographicException>(() =>
                                                        decryptor.Decrypt(encryptedXml.EncryptedElement));

        Assert.Equal("Unable to retrieve the decryption key.", ex.Message);
    }
Ejemplo n.º 5
0
    public void Encrypt_Decrypt_RoundTrips()
    {
        // Arrange
        var symmetricAlgorithm = TripleDES.Create();

        symmetricAlgorithm.GenerateKey();

        var mockInternalEncryptor = new Mock <IInternalCertificateXmlEncryptor>();

        mockInternalEncryptor.Setup(o => o.PerformEncryption(It.IsAny <EncryptedXml>(), It.IsAny <XmlElement>()))
        .Returns <EncryptedXml, XmlElement>((encryptedXml, element) =>
        {
            encryptedXml.AddKeyNameMapping("theKey", symmetricAlgorithm);     // use symmetric encryption
            return(encryptedXml.Encrypt(element, "theKey"));
        });

        var mockInternalDecryptor = new Mock <IInternalEncryptedXmlDecryptor>();

        mockInternalDecryptor.Setup(o => o.PerformPreDecryptionSetup(It.IsAny <EncryptedXml>()))
        .Callback <EncryptedXml>(encryptedXml =>
        {
            encryptedXml.AddKeyNameMapping("theKey", symmetricAlgorithm);     // use symmetric encryption
        });

        var serviceCollection = new ServiceCollection();

        serviceCollection.AddSingleton <IInternalEncryptedXmlDecryptor>(mockInternalDecryptor.Object);

        var services  = serviceCollection.BuildServiceProvider();
        var encryptor = new CertificateXmlEncryptor(NullLoggerFactory.Instance, mockInternalEncryptor.Object);
        var decryptor = new EncryptedXmlDecryptor(services);

        var originalXml = XElement.Parse(@"<mySecret value='265ee4ea-ade2-43b1-b706-09b259e58b6b' />");

        // Act & assert - run through encryptor and make sure we get back <EncryptedData> element
        var encryptedXmlInfo = encryptor.Encrypt(originalXml);

        Assert.Equal(typeof(EncryptedXmlDecryptor), encryptedXmlInfo.DecryptorType);
        Assert.Equal(XName.Get("EncryptedData", "http://www.w3.org/2001/04/xmlenc#"), encryptedXmlInfo.EncryptedElement.Name);
        Assert.Equal("http://www.w3.org/2001/04/xmlenc#Element", (string)encryptedXmlInfo.EncryptedElement.Attribute("Type"));
        Assert.DoesNotContain("265ee4ea-ade2-43b1-b706-09b259e58b6b", encryptedXmlInfo.EncryptedElement.ToString(), StringComparison.OrdinalIgnoreCase);

        // Act & assert - run through decryptor and make sure we get back the original value
        var roundTrippedElement = decryptor.Decrypt(encryptedXmlInfo.EncryptedElement);

        XmlAssert.Equal(originalXml, roundTrippedElement);
    }
    public void ThrowsIfProvidedCertificateDoesHavePrivateKey()
    {
        var fullCert      = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password");
        var publicKeyOnly = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.PublicKeyOnly.cer"), "");
        var services      = new ServiceCollection()
                            .Configure <XmlKeyDecryptionOptions>(o => o.AddKeyDecryptionCertificate(publicKeyOnly))
                            .BuildServiceProvider();
        var encryptor    = new CertificateXmlEncryptor(fullCert, NullLoggerFactory.Instance);
        var data         = new XElement("SampleData", "Lorem ipsum");
        var encryptedXml = encryptor.Encrypt(data);
        var decryptor    = new EncryptedXmlDecryptor(services);

        var ex = Assert.Throws <CryptographicException>(() =>
                                                        decryptor.Decrypt(encryptedXml.EncryptedElement));

        Assert.Equal("Unable to retrieve the decryption key.", ex.Message);
    }
Ejemplo n.º 7
0
        public void ThrowsIfProvidedCertificateDoesNotMatch()
        {
            var testCert1 = new X509Certificate2("TestCert1.pfx", "password");
            var testCert2 = new X509Certificate2("TestCert2.pfx", "password");
            var services  = new ServiceCollection()
                            .Configure <XmlKeyDecryptionOptions>(o => o.AddKeyDecryptionCertificate(testCert2))
                            .BuildServiceProvider();
            var encryptor    = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance);
            var data         = new XElement("SampleData", "Lorem ipsum");
            var encryptedXml = encryptor.Encrypt(data);
            var decryptor    = new EncryptedXmlDecryptor(services);

            var ex = Assert.Throws <CryptographicException>(() =>
                                                            decryptor.Decrypt(encryptedXml.EncryptedElement));

            Assert.Equal("Unable to retrieve the decryption key.", ex.Message);
        }
    public void XmlCanRoundTrip()
    {
        var testCert1 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password");
        var testCert2 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert2.pfx"), "password");
        var services  = new ServiceCollection()
                        .Configure <XmlKeyDecryptionOptions>(o =>
        {
            o.AddKeyDecryptionCertificate(testCert1);
            o.AddKeyDecryptionCertificate(testCert2);
        })
                        .BuildServiceProvider();
        var encryptor    = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance);
        var data         = new XElement("SampleData", "Lorem ipsum");
        var encryptedXml = encryptor.Encrypt(data);
        var decryptor    = new EncryptedXmlDecryptor(services);

        var decrypted = decryptor.Decrypt(encryptedXml.EncryptedElement);

        Assert.Equal("SampleData", decrypted.Name);
        Assert.Equal("Lorem ipsum", decrypted.Value);
    }
Ejemplo n.º 9
0
        public void Encrypt_should_throw_on_argument_null()
        {
            var sut = new CertificateXmlEncryptor(new X509Certificate2(), NullLoggerFactory.Instance);

            Assert.Throws <ArgumentNullException>(() => sut.Encrypt(null));
        }