public void ValidateCipherTest()
{
var cipher1 = new CipherStub("cipherStub1");
var cipher2 = new CipherStub("cipherStub2");
var cipher3 = new FernetCipher("Fernet cipher");
using var provider = new CryptoProvider(cipher1);
provider.RegisterCipher(cipher2)
.RegisterCipher(cipher3);
var customEncryptionKey =
new CustomEncryptionKey(1, Encoding.UTF8.GetBytes("Custom Encryption Key 32 symbols"));
provider.ValidateCustomCiphers(new SecretsData(new List <Secret> {
customEncryptionKey
},
customEncryptionKey));
Assert.IsNotNull(provider);
var encryptionSecret = new EncryptionSecret(2, Encoding.UTF8.GetBytes("EncryptionSecret"));
provider.ValidateCustomCiphers(new SecretsData(new List <Secret> {
customEncryptionKey, encryptionSecret
},
encryptionSecret));
Assert.IsNotNull(provider);
}
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey)
{
var secretBytes = secretKey?.GetSecretBytes();
try
{
return(SimpleFernet.Encrypt(secretBytes, textBytes));
}
finally
{
SecretKeyFactory.ShuffleSecretKey(secretBytes);
}
}
private static IStorage InitStorageWithCustomCipher()
{
var cipher = new FernetCipher("Fernet cipher demo");
using var provider = new CryptoProvider(cipher);
var key = new CustomEncryptionKey(7, Encoding.UTF8.GetBytes("Custom Encryption Key 32 symbols"));
var secretData = new SecretsData(new List <Secret> {
key
}, key);
var config = CredentialsHelper.GetConfigWithOauth();
config.CryptoProvider = provider;
config.SecretKeyAccessor = () => secretData;
return(Storage.NewStorage(config));
}
public void SecretsToStringTest()
{
var encryptionSecret = new EncryptionSecret(1, Guid.NewGuid().ToByteArray());
Assert.IsTrue(Regex.IsMatch(encryptionSecret.ToString(),
"EncryptionSecret\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}"));
var customEncryptionKey = new CustomEncryptionKey(1, Guid.NewGuid().ToByteArray());
Assert.IsTrue(Regex.IsMatch(customEncryptionKey.ToString(),
"CustomEncryptionKey\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}"));
var encryptionKey = new EncryptionKey(1, Encoding.UTF8.GetBytes("123456789012345678901234567890Ab"));
Assert.IsTrue(Regex.IsMatch(encryptionKey.ToString(),
"EncryptionKey\\{SecretBytes\\=HASH\\[(-)?(\\d)+\\], Version=1\\}"));
}
public void EncryptWithCustomCipherNegativeTest()
{
var cipher = new CipherWithException("some cipher");
const string exceptionMessage = "some exception message";
#pragma warning disable CA1303
var anotherCipher = new CipherWithException("another cipher", new StorageCryptoException(exceptionMessage));
#pragma warning restore CA1303
using var provider = new CryptoProvider(cipher);
provider.RegisterCipher(anotherCipher);
var key = new CustomEncryptionKey(1, Encoding.UTF8.GetBytes("Custom Encryption Key 32 symbols"));
var secretData = new SecretsData(new List <Secret> {
key
}, key);
var exception = Assert.Throws <StorageCryptoException>(() =>
provider.Decrypt("c" + Guid.NewGuid() + ":123", secretData, 1));
Assert.AreEqual("Unknown cipher format", exception.Message);
exception = Assert.Throws <StorageCryptoException>(() =>
provider.Decrypt("z" + Guid.NewGuid() + ":123", secretData, 1));
Assert.AreEqual("Unknown cipher format", exception.Message);
exception = Assert.Throws <StorageCryptoException>(() =>
provider.Encrypt(Guid.NewGuid().ToString(), secretData));
Assert.AreEqual("Unexpected exception during encryption", exception.Message);
Assert.NotNull(exception.InnerException);
exception = Assert.Throws <StorageCryptoException>(() =>
provider.Decrypt("cc29tZSBjaXBoZXI=:c29tZSBjaXBoZXI=", secretData, 1));
Assert.AreEqual("Unexpected error", exception.Message);
Assert.IsNotNull(exception.InnerException);
exception = Assert.Throws <StorageCryptoException>(() =>
provider.Decrypt("cYW5vdGhlciBjaXBoZXI=:YW5vdGhlciBjaXBoZXI=", secretData, 1));
Assert.AreEqual(exceptionMessage, exception.Message);
using var anotherProvider = new CryptoProvider(anotherCipher);
exception = Assert.Throws <StorageCryptoException>(() =>
anotherProvider.Encrypt(Guid.NewGuid().ToString(), secretData));
Assert.AreEqual(exceptionMessage, exception.Message);
}
public void ValidateCipherNegativeTest()
{
var cipher1 = new CipherStub("cipherStub1");
var cipher2 = new WrongCipher("WrongCipher");
using var provider = new CryptoProvider(cipher1);
provider.RegisterCipher(cipher2);
var customEncryptionKey = new CustomEncryptionKey(1, Encoding.UTF8.GetBytes("CustomEncryptionKey"));
var exception = Assert.Throws <StorageClientException>(() =>
{
provider.ValidateCustomCiphers(new SecretsData(new List <Secret> {
customEncryptionKey
},
customEncryptionKey));
});
Assert.AreEqual("Validation failed for custom cipher with version 'WrongCipher'", exception.Message);
provider.UnregisterCipher(cipher2);
var cipher3 = new CipherWithException("CipherWithException");
provider.RegisterCipher(cipher3);
exception = Assert.Throws <StorageClientException>(() =>
{
provider.ValidateCustomCiphers(new SecretsData(new List <Secret> {
customEncryptionKey
},
customEncryptionKey));
});
Assert.AreEqual("Validation failed for custom cipher with version 'CipherWithException'",
exception.Message);
Assert.NotNull(exception.InnerException);
Assert.IsInstanceOf <NotImplementedException>(exception.InnerException);
var secretData = SecretsDataGenerator.FromPassword("password");
exception = Assert.Throws <StorageClientException>(() => provider.ValidateCustomCiphers(secretData));
Assert.AreEqual("There is no custom encryption key for the custom ciphers", exception.Message);
}
public void EncryptWithCustomCipherTest()
{
var cipher = new FernetCipher("Fernet cipher");
using var provider = new CryptoProvider(cipher);
const int version = 5;
var key = new CustomEncryptionKey(version, Encoding.UTF8.GetBytes("Custom Encryption Key 32 symbols"));
var secretData = new SecretsData(new List <Secret> {
key
}, key);
var message = "{'private_data':'" + Guid.NewGuid() + "'}";
var cipheredData = provider.Encrypt(message, secretData);
Assert.NotNull(cipheredData);
Assert.AreEqual(version, cipheredData.KeyVersion);
Assert.NotNull(cipheredData.Data);
Assert.AreNotEqual(message, cipheredData.Data);
Assert.IsTrue(cipheredData.Data.StartsWith("c", StringComparison.InvariantCulture));
var decryptedText = provider.Decrypt(cipheredData.Data, secretData, cipheredData.KeyVersion);
Assert.AreEqual(message, decryptedText);
}
private void ValidateCipher(AbstractCipher cipher, CustomEncryptionKey encryptionKey)
{
try
{
var encryptedText = cipher.Encrypt(_encoding.GetBytes(s_validationText), encryptionKey);
var decryptedText = cipher.Decrypt(_encoding.GetBytes(encryptedText), encryptionKey);
var wrongDecryption = !s_validationText.Equals(decryptedText, StringComparison.InvariantCulture);
s_helper.Check <StorageClientException>(wrongDecryption,
Messages.CryptoProvider.s_errIncorrectCustomCrypto, cipher.Name);
}
catch (StorageException)
{
throw;
}
catch (System.Exception ex)
{
var message = string.Format(CultureInfo.InvariantCulture,
Messages.CryptoProvider.s_errIncorrectCustomCrypto,
cipher.Name);
s_log.Error(ex, message);
throw new StorageClientException(message, ex);
}
}
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey)
{
throw _exception ?? new NotImplementedException();
}
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey)
{
return(Guid.NewGuid().ToString());
}
