public async Task InvalidPathToEncrypt()
{
TestDoc testDoc = TestDoc.Create();
EncryptionOptions encryptionOptionsWithInvalidPathToEncrypt = new EncryptionOptions()
{
DataEncryptionKeyId = EncryptionProcessorTests.dekId,
EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized,
PathsToEncrypt = new List <string>()
{
"/SensitiveStr", "/Invalid"
}
};
try
{
await EncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
EncryptionProcessorTests.mockEncryptor.Object,
encryptionOptionsWithInvalidPathToEncrypt,
new CosmosDiagnosticsContext(),
CancellationToken.None);
Assert.Fail("Invalid path to encrypt didn't result in exception.");
}
catch (ArgumentException ex)
{
Assert.AreEqual("PathsToEncrypt includes a path: '/Invalid' which was not found.", ex.Message);
}
}
private static async Task <JObject> VerifyEncryptionSucceeded(TestDoc testDoc)
{
Stream encryptedStream = await EncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
EncryptionProcessorTests.mockEncryptor.Object,
EncryptionProcessorTests.encryptionOptions,
new CosmosDiagnosticsContext(),
CancellationToken.None);
JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream);
Assert.AreEqual(testDoc.Id, encryptedDoc.Property("id").Value.Value <string>());
Assert.AreEqual(testDoc.PK, encryptedDoc.Property(nameof(TestDoc.PK)).Value.Value <string>());
Assert.AreEqual(testDoc.NonSensitive, encryptedDoc.Property(nameof(TestDoc.NonSensitive)).Value.Value <string>());
Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveStr)));
Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveInt)));
JProperty eiJProp = encryptedDoc.Property(Constants.EncryptedInfo);
Assert.IsNotNull(eiJProp);
Assert.IsNotNull(eiJProp.Value);
Assert.AreEqual(JTokenType.Object, eiJProp.Value.Type);
EncryptionProperties encryptionProperties = ((JObject)eiJProp.Value).ToObject <EncryptionProperties>();
Assert.IsNotNull(encryptionProperties);
Assert.AreEqual(EncryptionProcessorTests.dekId, encryptionProperties.DataEncryptionKeyId);
Assert.AreEqual(2, encryptionProperties.EncryptionFormatVersion);
Assert.IsNotNull(encryptionProperties.EncryptedData);
return(encryptedDoc);
}
public async Task ValidateDecryptStream()
{
TestDoc testDoc = TestDoc.Create();
Stream encryptedStream = await EncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
MdeEncryptionProcessorTests.mockEncryptor.Object,
MdeEncryptionProcessorTests.encryptionOptions,
new CosmosDiagnosticsContext(),
CancellationToken.None);
(Stream decryptedStream, DecryptionContext decryptionContext) = await EncryptionProcessor.DecryptAsync(
encryptedStream,
MdeEncryptionProcessorTests.mockEncryptor.Object,
new CosmosDiagnosticsContext(),
CancellationToken.None);
JObject decryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(decryptedStream);
MdeEncryptionProcessorTests.VerifyDecryptionSucceeded(
decryptedDoc,
testDoc,
TestDoc.PathsToEncrypt.Count,
decryptionContext);
}
public async Task DuplicatePathToEncrypt()
{
TestDoc testDoc = TestDoc.Create();
EncryptionOptions encryptionOptionsWithDuplicatePathToEncrypt = new EncryptionOptions()
{
DataEncryptionKeyId = MdeEncryptionProcessorTests.dekId,
EncryptionAlgorithm = CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized,
PathsToEncrypt = new List <string>()
{
"/SensitiveStr", "/SensitiveStr"
}
};
try
{
await EncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
MdeEncryptionProcessorTests.mockEncryptor.Object,
encryptionOptionsWithDuplicatePathToEncrypt,
new CosmosDiagnosticsContext(),
CancellationToken.None);
Assert.Fail("Duplicate paths in PathToEncrypt didn't result in exception.");
}
catch (InvalidOperationException ex)
{
Assert.AreEqual("Duplicate paths in PathsToEncrypt passed via EncryptionOptions.", ex.Message);
}
}
public async Task InvalidPathToEncrypt()
{
TestDoc testDoc = TestDoc.Create();
EncryptionOptions encryptionOptionsWithInvalidPathToEncrypt = new EncryptionOptions()
{
DataEncryptionKeyId = LegacyEncryptionProcessorTests.dekId,
EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized,
PathsToEncrypt = new List <string>()
{
"/SensitiveStr", "/Invalid"
}
};
Stream encryptedStream = await EncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
LegacyEncryptionProcessorTests.mockEncryptor.Object,
encryptionOptionsWithInvalidPathToEncrypt,
new CosmosDiagnosticsContext(),
CancellationToken.None);
JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream);
(JObject decryptedDoc, DecryptionContext decryptionContext) = await EncryptionProcessor.DecryptAsync(
encryptedDoc,
LegacyEncryptionProcessorTests.mockEncryptor.Object,
new CosmosDiagnosticsContext(),
CancellationToken.None);
LegacyEncryptionProcessorTests.VerifyDecryptionSucceeded(
decryptedDoc,
testDoc,
1,
decryptionContext,
invalidPathsConfigured: true);
}