public void RevokeSingleKey_Internal()
{
// Arrange - mocks
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
var revocationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeKey, the first CT should be fired,
// and we should've gotten a new CT.
((IInternalXmlKeyManager)keyManager).RevokeSingleKey(
keyId: new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932"),
revocationDate: revocationDate,
reason: "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
var expectedRepositoryXml = string.Format(
CultureInfo.InvariantCulture,
@"
<revocation version='1'>
{0}
<key id='a11f35fc-1fed-4bd4-b727-056a63b70932' />
<reason>Here's some reason text.</reason>
</revocation>",
new XElement("revocationDate", revocationDate));
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-a11f35fc-1fed-4bd4-b727-056a63b70932", friendlyNameStoredInRepository);
}
public void RevokeAllKeys()
{
// Arrange
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
var revocationDate = XmlConvert.ToDateTimeOffset("2015-03-01T19:13:19.7573854-08:00");
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeAllKeys, the first CT should be fired,
// and we should've gotten a new CT.
keyManager.RevokeAllKeys(revocationDate, "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
const string expectedRepositoryXml = @"
<revocation version='1'>
<revocationDate>2015-03-01T19:13:19.7573854-08:00</revocationDate>
<!--All keys created before the revocation date are revoked.-->
<key id='*' />
<reason>Here's some reason text.</reason>
</revocation>";
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-20150302T0313197573854Z", friendlyNameStoredInRepository);
}
public CancellationToken GetCacheExpirationToken() => _wrapped.GetCacheExpirationToken();
public void CreateNewKey_Internal_NoEscrowOrEncryption()
{
// Constants
var creationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
var activationDate = new DateTimeOffset(2014, 02, 01, 0, 0, 0, TimeSpan.Zero);
var expirationDate = new DateTimeOffset(2014, 03, 01, 0, 0, 0, TimeSpan.Zero);
var keyId = new Guid("3d6d01fd-c0e7-44ae-82dd-013b996b4093");
// Arrange
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var expectedAuthenticatedEncryptor = new Mock <IAuthenticatedEncryptor>().Object;
var mockDescriptor = new Mock <IAuthenticatedEncryptorDescriptor>();
mockDescriptor.Setup(o => o.ExportToXml()).Returns(new XmlSerializedDescriptorInfo(serializedDescriptor, typeof(MyDeserializer)));
var expectedDescriptor = mockDescriptor.Object;
var testEncryptorFactory = new TestEncryptorFactory(expectedDescriptor, expectedAuthenticatedEncryptor);
var mockConfiguration = new Mock <AlgorithmConfiguration>();
mockConfiguration.Setup(o => o.CreateNewDescriptor()).Returns(expectedDescriptor);
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = mockConfiguration.Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
options.Value.AuthenticatedEncryptorFactories.Add(testEncryptorFactory);
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to CreateNewKey, the first CT should be fired,
// and we should've gotten a new CT.
var newKey = ((IInternalXmlKeyManager)keyManager).CreateNewKey(
keyId: keyId,
creationDate: creationDate,
activationDate: activationDate,
expirationDate: expirationDate);
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Does the IKey have the properties we requested?
Assert.Equal(keyId, newKey.KeyId);
Assert.Equal(creationDate, newKey.CreationDate);
Assert.Equal(activationDate, newKey.ActivationDate);
Assert.Equal(expirationDate, newKey.ExpirationDate);
Assert.Same(expectedDescriptor, newKey.Descriptor);
Assert.False(newKey.IsRevoked);
Assert.Same(expectedAuthenticatedEncryptor, testEncryptorFactory.CreateEncryptorInstance(newKey));
// Finally, was the correct element stored in the repository?
string expectedXml = string.Format(
CultureInfo.InvariantCulture,
@"
<key id='3d6d01fd-c0e7-44ae-82dd-013b996b4093' version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
{1}
{2}
{3}
<descriptor deserializerType='{0}'>
<theElement>
<secret enc:requiresEncryption='true'>
<![CDATA[This is a secret value.]]>
</secret>
</theElement>
</descriptor>
</key>",
typeof(MyDeserializer).AssemblyQualifiedName,
new XElement("creationDate", creationDate),
new XElement("activationDate", activationDate),
new XElement("expirationDate", expirationDate));
XmlAssert.Equal(expectedXml, elementStoredInRepository);
Assert.Equal("key-3d6d01fd-c0e7-44ae-82dd-013b996b4093", friendlyNameStoredInRepository);
}
