private void JsonEncryptDecrypt()
{
byte[] dataRowRecord = appEncryptionJson.Encrypt(payload);
JObject decryptedPayload = appEncryptionJson.Decrypt(dataRowRecord);
Assert.Equal(payload, decryptedPayload);
}
private void BytesEncryptDecrypt()
{
byte[] dataRowRecord = appEncryptionBytes.Encrypt(payload);
byte[] decryptedPayload = appEncryptionBytes.Decrypt(dataRowRecord);
Assert.Equal(payload, decryptedPayload);
}
public void AppEncryptionEncryptMultipleThreads()
{
Logger.LogInformation("Running AppEncryptionEncryptMultipleThreads test with {numThreads} threads", NumThreads);
// Get the current settings and try to force minWorkers
ThreadPool.GetMinThreads(out _, out var currentMinIOC);
Assert.True(ThreadPool.SetMinThreads(NumThreads, currentMinIOC));
long completedTasks = 0;
Parallel.ForEach(Enumerable.Range(0, NumThreads), i =>
{
try
{
byte[] drr = appEncryptionJson.Encrypt(payload);
Assert.Equal(payload, appEncryptionJson.Decrypt(drr));
Interlocked.Increment(ref completedTasks);
}
catch (ThreadInterruptedException e)
{
Logger.LogError(e, "Unexpected error during call: ");
throw;
}
});
// Wait for all threads to complete
Assert.Equal(NumThreads, completedTasks);
}
private void RunEncryptDecryptTest(int testIterations, string partitionId, int payloadSizeBytesBase)
{
try
{
using (AppEncryption <JObject, byte[]> partition =
appEncryptionSessionFactory.GetAppEncryptionJson(partitionId))
{
Dictionary <string, byte[]> dataStore = new Dictionary <string, byte[]>();
string partitionPart = "partition-" + partitionId + "-";
for (int i = 0; i < testIterations; i++)
{
// Note the size will be slightly larger since we're adding extra unique meta
JObject jsonObject = PayloadGenerator.CreateRandomJsonPayload(payloadSizeBytesBase);
string keyPart = $"iteration-{i}";
jsonObject.Add("payload", partitionPart + keyPart);
dataStore.Add(keyPart, partition.Encrypt(jsonObject));
}
foreach (KeyValuePair <string, byte[]> keyValuePair in dataStore)
{
JObject decryptedObject = partition.Decrypt(keyValuePair.Value);
Assert.Equal(partitionPart + keyValuePair.Key, decryptedObject.GetValue("payload").ToObject <string>());
}
}
}
catch (Exception e)
{
Logger.LogError(e, "unexpected error during call");
throw;
}
}
private void RunPartitionTest(int testIterations, string partitionId, int payloadSizeBytesBase)
{
try
{
using (AppEncryptionSessionFactory factory =
SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(
configFixture.KeyManagementService,
configFixture.MetastorePersistence))
{
using (AppEncryption <JObject, byte[]> partition = factory.GetAppEncryptionJson(partitionId))
{
Dictionary <string, byte[]> dataStore = new Dictionary <string, byte[]>();
string partitionPart = $"partition-{partitionId}-";
for (int i = 0; i < testIterations; i++)
{
// Note the size will be slightly larger since we're adding extra unique meta
JObject jObject = PayloadGenerator.CreateRandomJsonPayload(payloadSizeBytesBase);
string keyPart = $"iteration-{i}";
jObject["payload"] = partitionPart + keyPart;
dataStore.Add(keyPart, partition.Encrypt(jObject));
}
foreach (KeyValuePair <string, byte[]> keyValuePair in dataStore)
{
JObject decryptedObject = partition.Decrypt(keyValuePair.Value);
Assert.Equal(partitionPart + keyValuePair.Key, decryptedObject["payload"].ToObject <string>());
}
}
}
}
catch (Exception e)
{
Logger.LogError(e, "Unexpected error during call");
throw;
}
}
private static async void App(Options options)
{
IMetastorePersistence <JObject> metastorePersistence = null;
KeyManagementService keyManagementService = null;
if (options.MetaStore == MetaStore.ADO)
{
if (options.AdoConnectionString != null)
{
logger.LogInformation("using ADO-based metastore...");
metastorePersistence = AdoMetastorePersistenceImpl
.NewBuilder(MySqlClientFactory.Instance, options.AdoConnectionString)
.Build();
}
else
{
logger.LogError("ADO connection string is a mandatory parameter with MetaStore Type: ADO");
Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
return;
}
}
else if (options.MetaStore == MetaStore.DYNAMODB)
{
logger.LogInformation("using DynamoDB-based metastore...");
AWSConfigs.AWSRegion = "us-west-2";
metastorePersistence = DynamoDbMetastorePersistenceImpl.NewBuilder().Build();
}
else
{
logger.LogInformation("using in-memory metastore...");
metastorePersistence = new MemoryPersistenceImpl <JObject>();
}
if (options.Kms == Kms.AWS)
{
if (options.PreferredRegion != null && options.RegionToArnTuples != null)
{
Dictionary <string, string> regionToArnDictionary = new Dictionary <string, string>();
foreach (string regionArnPair in options.RegionToArnTuples)
{
string[] regionArnArray = regionArnPair.Split("=");
regionToArnDictionary.Add(regionArnArray[0], regionArnArray[1]);
}
logger.LogInformation("using AWS KMS...");
keyManagementService = AwsKeyManagementServiceImpl
.NewBuilder(regionToArnDictionary, options.PreferredRegion).Build();
}
else
{
logger.LogError("Preferred region and <region>=<arn> tuples are mandatory with KMS Type: AWS");
Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
return;
}
}
else
{
logger.LogInformation("using static KMS...");
keyManagementService = new StaticKeyManagementServiceImpl("secretmasterkey!");
}
CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy
.NewBuilder()
.WithKeyExpirationDays(KeyExpirationDays)
.WithRevokeCheckMinutes(CacheCheckMinutes)
.Build();
// Setup metrics reporters and always include console.
IMetricsBuilder metricsBuilder = new MetricsBuilder()
.Report.ToConsole(consoleOptions => consoleOptions.FlushInterval = TimeSpan.FromSeconds(60));
// CloudWatch metrics generation
if (options.EnableCloudWatch)
{
// Fill in when we open source our App.Metrics cloudwatch reporter separately
}
IMetrics metrics = metricsBuilder.Build();
// Create a session factory for this app. Normally this would be done upon app startup and the
// same factory would be used anytime a new session is needed for a partition (e.g., shopper).
// We've split it out into multiple using blocks to underscore this point.
using (AppEncryptionSessionFactory appEncryptionSessionFactory = AppEncryptionSessionFactory
.NewBuilder("productId", "reference_app")
.WithMetaStorePersistence(metastorePersistence)
.WithCryptoPolicy(cryptoPolicy)
.WithKeyManagementService(keyManagementService)
.WithMetrics(metrics)
.Build())
{
// Now create an actual session for a partition (which in our case is a pretend shopper id). This session is used
// for a transaction and is disposed automatically after use due to the IDisposable implementation.
using (AppEncryption <byte[], byte[]> appEncryptionBytes =
appEncryptionSessionFactory.GetAppEncryptionBytes("shopper123"))
{
const string originalPayloadString = "mysupersecretpayload";
foreach (int i in Enumerable.Range(0, options.Iterations))
{
string dataRowString;
// If we get a DRR as a command line argument, we want to directly decrypt it
if (options.Drr != null)
{
dataRowString = options.Drr;
}
else
{
// Encrypt the payload
byte[] dataRowRecordBytes =
appEncryptionBytes.Encrypt(Encoding.UTF8.GetBytes(originalPayloadString));
// Consider this us "persisting" the DRR
dataRowString = Convert.ToBase64String(dataRowRecordBytes);
}
logger.LogInformation("dataRowRecord as string = {dataRow}", dataRowString);
byte[] newDataRowRecordBytes = Convert.FromBase64String(dataRowString);
// Decrypt the payload
string decryptedPayloadString =
Encoding.UTF8.GetString(appEncryptionBytes.Decrypt(newDataRowRecordBytes));
logger.LogInformation("decryptedPayloadString = {payload}", decryptedPayloadString);
logger.LogInformation("matches = {result}", originalPayloadString.Equals(decryptedPayloadString));
}
}
}
// Force final publish of metrics
await Task.WhenAll(((IMetricsRoot)metrics).ReportRunner.RunAllAsync());
}