private void RoundTripGeneric(string testData, AeadEnvelopeCrypto aeadEnvelopeCrypto)
{
CryptoPolicy cryptoPolicy = new DummyCryptoPolicy();
using (SecureCryptoKeyDictionary <DateTimeOffset> secureCryptoKeyDictionary =
new SecureCryptoKeyDictionary <DateTimeOffset>(cryptoPolicy.GetRevokeCheckPeriodMillis()))
{
IEnvelopeEncryption <JObject> envelopeEncryptionJsonImpl = new EnvelopeEncryptionJsonImpl(
partition,
metastore,
secureCryptoKeyDictionary,
new SecureCryptoKeyDictionary <DateTimeOffset>(cryptoPolicy.GetRevokeCheckPeriodMillis()),
aeadEnvelopeCrypto,
cryptoPolicy,
keyManagementService);
using (Session <JObject, JObject> sessionJsonImpl =
new SessionJsonImpl <JObject>(envelopeEncryptionJsonImpl))
{
Asherah.AppEncryption.Util.Json testJson = new Asherah.AppEncryption.Util.Json();
testJson.Put("Test", testData);
string persistenceKey = sessionJsonImpl.Store(testJson.ToJObject(), dataPersistence);
Option <JObject> testJson2 = sessionJsonImpl.Load(persistenceKey, dataPersistence);
Assert.True(testJson2.IsSome);
string resultData = ((JObject)testJson2)["Test"].ToObject <string>();
Assert.Equal(testData, resultData);
}
}
}
public CachedSession(
EnvelopeEncryptionJsonImpl envelopeEncryptionJsonImpl,
string key,
SessionFactory sessionFactory)
{
this.envelopeEncryptionJsonImpl = envelopeEncryptionJsonImpl;
this.key = key;
this.sessionFactory = sessionFactory;
}
private static object[] GenerateMocks(KeyState cacheIK, KeyState metaIK, KeyState cacheSK, KeyState metaSK)
{
AppEncryptionPartition appEncryptionPartition = new AppEncryptionPartition(
cacheIK + "CacheIK_" + metaIK + "MetaIK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() + "_" + Random.Next(),
cacheSK + "CacheSK_" + metaSK + "MetaSK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() + "_" + Random.Next(),
DefaultProductId);
// TODO Update to create KeyManagementService based on config/param once we plug in AWS KMS
KeyManagementService kms = new StaticKeyManagementServiceImpl(KeyManagementStaticMasterKey);
CryptoKeyHolder cryptoKeyHolder = CryptoKeyHolder.GenerateIKSK();
// TODO Pass Metastore type to enable spy generation once we plug in external metastore types
Mock <MemoryPersistenceImpl <JObject> > metastorePersistence = MetastoreMock.CreateMetastoreMock(appEncryptionPartition, kms, metaIK, metaSK, cryptoKeyHolder);
CacheMock cacheMock = CacheMock.CreateCacheMock(cacheIK, cacheSK, cryptoKeyHolder);
// Mimics (mostly) the old TimeBasedCryptoPolicyImpl settings
CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy.NewBuilder()
.WithKeyExpirationDays(KeyExpiryDays)
.WithRevokeCheckMinutes(int.MaxValue)
.WithCanCacheIntermediateKeys(false)
.WithCanCacheSystemKeys(false)
.Build();
SecureCryptoKeyDictionary <DateTimeOffset> intermediateKeyCache = cacheMock.IntermediateKeyCache;
SecureCryptoKeyDictionary <DateTimeOffset> systemKeyCache = cacheMock.SystemKeyCache;
EnvelopeEncryptionJsonImpl envelopeEncryptionJson = new EnvelopeEncryptionJsonImpl(
appEncryptionPartition,
metastorePersistence.Object,
systemKeyCache,
new FakeSecureCryptoKeyDictionaryFactory <DateTimeOffset>(intermediateKeyCache),
new BouncyAes256GcmCrypto(),
cryptoPolicy,
kms);
IEnvelopeEncryption <byte[]> envelopeEncryptionByteImpl = new EnvelopeEncryptionBytesImpl(envelopeEncryptionJson);
// Need to manually set a no-op metrics instance
IMetrics metrics = new MetricsBuilder()
.Configuration.Configure(options => options.Enabled = false)
.Build();
MetricsUtil.SetMetricsInstance(metrics);
return(new object[] { envelopeEncryptionByteImpl, metastorePersistence, cacheIK, metaIK, cacheSK, metaSK, appEncryptionPartition });
}
private object[] GenerateMocks(KeyState cacheIK, KeyState metaIK, KeyState cacheSK, KeyState metaSK)
{
Partition partition = new Partition(
cacheIK + "CacheIK_" + metaIK + "MetaIK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() +
"_" + Random.Next(),
cacheSK + "CacheSK_" + metaSK + "MetaSK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() + "_" + Random.Next(),
DefaultProductId);
KeyManagementService kms = configFixture.KeyManagementService;
CryptoKeyHolder cryptoKeyHolder = CryptoKeyHolder.GenerateIKSK();
Mock <IMetastore <JObject> > metastoreMock = MetastoreMock.CreateMetastoreMock(
partition, kms, metaIK, metaSK, cryptoKeyHolder, configFixture.Metastore);
CacheMock cacheMock = CacheMock.CreateCacheMock(cacheIK, cacheSK, cryptoKeyHolder);
// Mimics (mostly) the old TimeBasedCryptoPolicyImpl settings
CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy.NewBuilder()
.WithKeyExpirationDays(KeyExpiryDays)
.WithRevokeCheckMinutes(int.MaxValue)
.WithCanCacheIntermediateKeys(false)
.WithCanCacheSystemKeys(false)
.Build();
SecureCryptoKeyDictionary <DateTimeOffset> intermediateKeyCache = cacheMock.IntermediateKeyCache;
SecureCryptoKeyDictionary <DateTimeOffset> systemKeyCache = cacheMock.SystemKeyCache;
EnvelopeEncryptionJsonImpl envelopeEncryptionJson = new EnvelopeEncryptionJsonImpl(
partition,
metastoreMock.Object,
systemKeyCache,
new FakeSecureCryptoKeyDictionaryFactory <DateTimeOffset>(intermediateKeyCache),
new BouncyAes256GcmCrypto(),
cryptoPolicy,
kms);
IEnvelopeEncryption <byte[]> envelopeEncryptionByteImpl =
new EnvelopeEncryptionBytesImpl(envelopeEncryptionJson);
return(new object[]
{
envelopeEncryptionByteImpl, metastoreMock, cacheIK, metaIK, cacheSK, metaSK,
partition
});
}
