public void CacheEncryptionKeyCorrectlyWhenCallingGetOrCreate()
{
byte[] plaintextKey1 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 };
byte[] plaintextKey2 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 };
byte[] plaintextKey3 = { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
DataEncryptionKey encryptionkey1 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey2 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
Assert.Same(encryptionkey1, encryptionkey2);
DataEncryptionKey encryptionkey3 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey4 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey2);
Assert.Same(encryptionkey3, encryptionkey4);
DataEncryptionKey encryptionkey5 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey6 = PlaintextDataEncryptionKey.GetOrCreate("Not_EK", plaintextKey1);
Assert.NotSame(encryptionkey5, encryptionkey6);
DataEncryptionKey encryptionkey7 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1);
DataEncryptionKey encryptionkey8 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey3);
Assert.NotSame(encryptionkey7, encryptionkey8);
}
public void CacheEncryptionKeyCorrectlyWhenCallingGetOrCreate()
{
KeyEncryptionKey masterKey1 = new KeyEncryptionKey("MK", keyEncryptionKeyPath, azureKeyProvider);
KeyEncryptionKey masterKey2 = new KeyEncryptionKey("MK", keyEncryptionKeyPath, azureKeyProvider);
KeyEncryptionKey masterKey3 = new KeyEncryptionKey("Not_MK", keyEncryptionKeyPath, azureKeyProvider);
byte[] EncryptedKey1 = { 1, 206, 0, 0, 1, 104, 0, 116, 0, 116, 0, 112, 0, 115, 0, 58, 0, 47, 0, 47, 0, 106, 0, 101, 0, 116, 0, 114, 0, 105, 0, 109, 0, 109, 0, 101, 0, 45, 0, 107, 0, 101, 0, 121, 0, 45, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 122, 0, 117, 0, 114, 0, 101, 0, 46, 0, 110, 0, 101, 0, 116, 0, 47, 0, 107, 0, 101, 0, 121, 0, 115, 0, 47, 0, 97, 0, 108, 0, 119, 0, 97, 0, 121, 0, 115, 0, 45, 0, 101, 0, 110, 0, 99, 0, 114, 0, 121, 0, 112, 0, 116, 0, 101, 0, 100, 0, 45, 0, 97, 0, 117, 0, 116, 0, 111, 0, 49, 0, 47, 0, 97, 0, 55, 0, 100, 0, 53, 0, 99, 0, 57, 0, 56, 0, 57, 0, 100, 0, 53, 0, 97, 0, 48, 0, 52, 0, 50, 0, 51, 0, 102, 0, 56, 0, 100, 0, 51, 0, 53, 0, 54, 0, 102, 0, 49, 0, 57, 0, 53, 0, 53, 0, 51, 0, 54, 0, 101, 0, 53, 0, 57, 0, 48, 0, 146, 197, 248, 185, 212, 19, 214, 85, 165, 169, 226, 123, 111, 175, 36, 125, 232, 11, 157, 149, 159, 59, 85, 94, 205, 149, 132, 235, 77, 85, 113, 234, 252, 191, 31, 138, 176, 171, 34, 177, 99, 108, 122, 127, 250, 60, 198, 101, 237, 238, 73, 109, 146, 56, 227, 101, 159, 141, 193, 102, 165, 82, 221, 233, 169, 55, 13, 102, 135, 162, 19, 133, 126, 147, 117, 254, 79, 128, 38, 251, 104, 60, 175, 40, 37, 73, 207, 66, 93, 25, 252, 150, 234, 122, 54, 166, 133, 208, 122, 221, 80, 139, 226, 186, 112, 158, 75, 154, 11, 61, 116, 18, 241, 187, 130, 251, 38, 222, 19, 179, 227, 115, 88, 194, 56, 28, 231, 94, 34, 153, 136, 26, 241, 109, 193, 150, 165, 91, 209, 210, 157, 196, 45, 171, 180, 10, 51, 130, 115, 100, 132, 54, 167, 192, 1, 41, 26, 99, 161, 206, 83, 172, 231, 44, 249, 232, 29, 25, 193, 12, 28, 133, 193, 7, 86, 78, 41, 151, 56, 13, 159, 8, 167, 226, 242, 31, 14, 51, 196, 36, 94, 109, 12, 181, 103, 126, 84, 208, 18, 134, 183, 74, 74, 209, 55, 40, 206, 187, 162, 159, 94, 208, 114, 188, 254, 25, 31, 79, 88, 126, 163, 167, 38, 245, 45, 217, 133, 149, 21, 141, 124, 34, 176, 39, 61, 177, 2, 124, 160, 138, 170, 65, 7, 61, 203, 40, 32, 57, 228, 172, 10, 193, 162, 30, 51, 121, 1, 185, 3, 43, 189, 28, 36, 109, 14, 153, 209, 17, 165, 201, 245, 18, 86, 215, 86, 104, 206, 109, 227, 78, 207, 14, 112, 148, 130, 136, 144, 115, 212, 4, 144, 194, 150, 234, 6, 53, 123, 51, 220, 126, 21, 75, 64, 186, 145, 208, 96, 176, 46, 249, 242, 10, 177, 18, 158, 131, 92, 76, 203, 28, 123, 218, 121, 112, 75, 215, 187, 226, 247, 116, 159, 244, 229, 30, 115, 206, 227, 175, 72, 80, 229, 117, 198, 184, 28, 35, 86, 185, 226, 192, 99, 178, 40, 153, 98, 155, 219, 43, 111, 190, 58, 183, 241, 234, 139, 155, 252, 109, 207, 237, 56, 222, 212, 163, 216, 35, 55, 57, 106, 60, 145, 102, 163, 132, 65, 128, 149, 48, 187, 174, 75, 62, 157, 31, 162, 38, 239, 43, 88, 140, 203, 221, 181, 244, 200, 182, 237, 36, 224, 241, 89, 40, 232, 107, 65, 64, 15, 164, 110, 21, 121, 183, 36, 200, 20, 223, 45, 238, 209, 43, 88, 123, 108, 252, 219, 75, 80, 197, 173, 244, 130, 193, 11, 96, 143, 7, 23, 250, 60, 21, 168, 69, 108, 168, 85, 8, 96, 78, 156, 122, 45, 202, 82, 180, 135, 200, 131, 220, 248, 42, 210, 234, 132, 100, 88, 80, 93, 212, 145, 253, 45, 117, 51, 163, 214, 134, 42, 167, 0, 120, 40, 165, 171, 114, 252, 151, 74, 0, 157, 190, 250, 132, 22, 141, 14, 146, 34, 155, 39, 103, 58, 226 };
byte[] EncryptedKey2 = { 1, 206, 0, 0, 1, 104, 0, 116, 0, 116, 0, 112, 0, 115, 0, 58, 0, 47, 0, 47, 0, 106, 0, 101, 0, 116, 0, 114, 0, 105, 0, 109, 0, 109, 0, 101, 0, 45, 0, 107, 0, 101, 0, 121, 0, 45, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 118, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 122, 0, 117, 0, 114, 0, 101, 0, 46, 0, 110, 0, 101, 0, 116, 0, 47, 0, 107, 0, 101, 0, 121, 0, 115, 0, 47, 0, 97, 0, 108, 0, 119, 0, 97, 0, 121, 0, 115, 0, 45, 0, 101, 0, 110, 0, 99, 0, 114, 0, 121, 0, 112, 0, 116, 0, 101, 0, 100, 0, 45, 0, 97, 0, 117, 0, 116, 0, 111, 0, 49, 0, 47, 0, 97, 0, 55, 0, 100, 0, 53, 0, 99, 0, 57, 0, 56, 0, 57, 0, 100, 0, 53, 0, 97, 0, 48, 0, 52, 0, 50, 0, 51, 0, 102, 0, 56, 0, 100, 0, 51, 0, 53, 0, 54, 0, 102, 0, 49, 0, 57, 0, 53, 0, 53, 0, 51, 0, 54, 0, 101, 0, 53, 0, 57, 0, 48, 0, 146, 197, 248, 185, 212, 19, 214, 85, 165, 169, 226, 123, 111, 175, 36, 125, 232, 11, 157, 149, 159, 59, 85, 94, 205, 149, 132, 235, 77, 85, 113, 234, 252, 191, 31, 138, 176, 171, 34, 177, 99, 108, 122, 127, 250, 60, 198, 101, 237, 238, 73, 109, 146, 56, 227, 101, 159, 141, 193, 102, 165, 82, 221, 233, 169, 55, 13, 102, 135, 162, 19, 133, 126, 147, 117, 254, 79, 128, 38, 251, 104, 60, 175, 40, 37, 73, 207, 66, 93, 25, 252, 150, 234, 122, 54, 166, 133, 208, 122, 221, 80, 139, 226, 186, 112, 158, 75, 154, 11, 61, 116, 18, 241, 187, 130, 251, 38, 222, 19, 179, 227, 115, 88, 194, 56, 28, 231, 94, 34, 153, 136, 26, 241, 109, 193, 150, 165, 91, 209, 210, 157, 196, 45, 171, 180, 10, 51, 130, 115, 100, 132, 54, 167, 192, 1, 41, 26, 99, 161, 206, 83, 172, 231, 44, 249, 232, 29, 25, 193, 12, 28, 133, 193, 7, 86, 78, 41, 151, 56, 13, 159, 8, 167, 226, 242, 31, 14, 51, 196, 36, 94, 109, 12, 181, 103, 126, 84, 208, 18, 134, 183, 74, 74, 209, 55, 40, 206, 187, 162, 159, 94, 208, 114, 188, 254, 25, 31, 79, 88, 126, 163, 167, 38, 245, 45, 217, 133, 149, 21, 141, 124, 34, 176, 39, 61, 177, 2, 124, 160, 138, 170, 65, 7, 61, 203, 40, 32, 57, 228, 172, 10, 193, 162, 30, 51, 121, 1, 185, 3, 43, 189, 28, 36, 109, 14, 153, 209, 17, 165, 201, 245, 18, 86, 215, 86, 104, 206, 109, 227, 78, 207, 14, 112, 148, 130, 136, 144, 115, 212, 4, 144, 194, 150, 234, 6, 53, 123, 51, 220, 126, 21, 75, 64, 186, 145, 208, 96, 176, 46, 249, 242, 10, 177, 18, 158, 131, 92, 76, 203, 28, 123, 218, 121, 112, 75, 215, 187, 226, 247, 116, 159, 244, 229, 30, 115, 206, 227, 175, 72, 80, 229, 117, 198, 184, 28, 35, 86, 185, 226, 192, 99, 178, 40, 153, 98, 155, 219, 43, 111, 190, 58, 183, 241, 234, 139, 155, 252, 109, 207, 237, 56, 222, 212, 163, 216, 35, 55, 57, 106, 60, 145, 102, 163, 132, 65, 128, 149, 48, 187, 174, 75, 62, 157, 31, 162, 38, 239, 43, 88, 140, 203, 221, 181, 244, 200, 182, 237, 36, 224, 241, 89, 40, 232, 107, 65, 64, 15, 164, 110, 21, 121, 183, 36, 200, 20, 223, 45, 238, 209, 43, 88, 123, 108, 252, 219, 75, 80, 197, 173, 244, 130, 193, 11, 96, 143, 7, 23, 250, 60, 21, 168, 69, 108, 168, 85, 8, 96, 78, 156, 122, 45, 202, 82, 180, 135, 200, 131, 220, 248, 42, 210, 234, 132, 100, 88, 80, 93, 212, 145, 253, 45, 117, 51, 163, 214, 134, 42, 167, 0, 120, 40, 165, 171, 114, 252, 151, 74, 0, 157, 190, 250, 132, 22, 141, 14, 146, 34, 155, 39, 103, 58, 226 };
DataEncryptionKey encryptionkey1 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
DataEncryptionKey encryptionkey2 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey2, EncryptedKey1);
Assert.Same(encryptionkey1, encryptionkey2);
DataEncryptionKey encryptionkey3 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
DataEncryptionKey encryptionkey4 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey3, EncryptedKey1);
Assert.NotSame(encryptionkey3, encryptionkey4);
DataEncryptionKey encryptionkey5 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
DataEncryptionKey encryptionkey6 = ProtectedDataEncryptionKey.GetOrCreate("Not_EK", masterKey1, EncryptedKey1);
Assert.NotSame(encryptionkey5, encryptionkey6);
DataEncryptionKey encryptionkey7 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey1);
DataEncryptionKey encryptionkey8 = ProtectedDataEncryptionKey.GetOrCreate("EK", masterKey1, EncryptedKey2);
Assert.Same(encryptionkey7, encryptionkey8);
}
/// <summary>Sends client SASL negotiation if required.</summary>
/// <remarks>
/// Sends client SASL negotiation if required. Determines the correct type of
/// SASL handshake based on configuration.
/// </remarks>
/// <param name="addr">connection address</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKey">for an encrypted SASL handshake</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
private IOStreamPair Send(IPAddress addr, OutputStream underlyingOut, InputStream
underlyingIn, DataEncryptionKey encryptionKey, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
if (encryptionKey != null)
{
Log.Debug("SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
addr, datanodeId);
return(GetEncryptedStreams(underlyingOut, underlyingIn, encryptionKey));
}
else
{
if (!UserGroupInformation.IsSecurityEnabled())
{
Log.Debug("SASL client skipping handshake in unsecured configuration for " + "addr = {}, datanodeId = {}"
, addr, datanodeId);
return(null);
}
else
{
if (SecurityUtil.IsPrivilegedPort(datanodeId.GetXferPort()))
{
Log.Debug("SASL client skipping handshake in secured configuration with " + "privileged port for addr = {}, datanodeId = {}"
, addr, datanodeId);
return(null);
}
else
{
if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.Get())
{
Log.Debug("SASL client skipping handshake in secured configuration with " + "unsecured cluster for addr = {}, datanodeId = {}"
, addr, datanodeId);
return(null);
}
else
{
if (saslPropsResolver != null)
{
Log.Debug("SASL client doing general handshake for addr = {}, datanodeId = {}", addr
, datanodeId);
return(GetSaslStreams(addr, underlyingOut, underlyingIn, accessToken, datanodeId));
}
else
{
// It's a secured cluster using non-privileged ports, but no SASL. The
// only way this can happen is if the DataNode has
// ignore.secure.ports.for.testing configured, so this is a rare edge case.
Log.Debug("SASL client skipping handshake in secured configuration with no SASL "
+ "protection configured for addr = {}, datanodeId = {}", addr, datanodeId);
return(null);
}
}
}
}
}
}
/// <summary>Sends client SASL negotiation for a newly allocated socket if required.</summary>
/// <param name="socket">connection socket</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKeyFactory">for creation of an encryption key</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
public virtual IOStreamPair NewSocketSend(Socket socket, OutputStream underlyingOut
, InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
// The encryption key factory only returns a key if encryption is enabled.
DataEncryptionKey encryptionKey = !trustedChannelResolver.IsTrusted() ? encryptionKeyFactory
.NewDataEncryptionKey() : null;
IOStreamPair ios = Send(socket.GetInetAddress(), underlyingOut, underlyingIn, encryptionKey
, accessToken, datanodeId);
return(ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut));
}
public override async Task <byte[]> EncryptAsync(
byte[] plainText,
string dataEncryptionKeyId,
string encryptionAlgorithm,
CancellationToken cancellationToken = default)
{
DataEncryptionKey dek = await this.DataEncryptionKeyProvider.FetchDataEncryptionKeyAsync(
dataEncryptionKeyId,
encryptionAlgorithm,
cancellationToken);
return(dek.EncryptData(plainText));
}
public void EncryptToSameCiphertextWhenDeterministicEncryptionTypeSelected(DataEncryptionKey encryptionKey)
{
EncryptionType encryptionType = EncryptionType.Deterministic;
byte[] serializedPlaintext = new byte[] { 1, 2, 3, 4, 5 };
AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType);
byte[] ciphertext1 = encryptionAlgorithm.Encrypt(serializedPlaintext);
byte[] ciphertext2 = encryptionAlgorithm.Encrypt(serializedPlaintext);
byte[] ciphertext3 = encryptionAlgorithm.Encrypt(serializedPlaintext);
Assert.Equal(ciphertext1, ciphertext2);
Assert.Equal(ciphertext2, ciphertext3);
Assert.Equal(ciphertext1, ciphertext3);
}
public void EncryptToDifferentCiphertextWhenRandomizedEncryptionTypeSelected(DataEncryptionKey encryptionKey)
{
EncryptionType encryptionType = EncryptionType.Randomized;
byte[] serializedPlaintext = new byte[] { 1, 2, 3, 4, 5 };
AeadAes256CbcHmac256EncryptionAlgorithm encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, encryptionType);
byte[] ciphertext1 = encryptionAlgorithm.Encrypt(serializedPlaintext);
byte[] ciphertext2 = encryptionAlgorithm.Encrypt(serializedPlaintext);
byte[] ciphertext3 = encryptionAlgorithm.Encrypt(serializedPlaintext);
Assert.NotEqual(ciphertext1, ciphertext2);
Assert.NotEqual(ciphertext2, ciphertext3);
Assert.NotEqual(ciphertext1, ciphertext3);
}
public virtual DataEncryptionKey NewDataEncryptionKey()
{
if (encryptDataTransfer)
{
lock (this)
{
if (encryptionKey == null)
{
encryptionKey = blockTokenSecretManager.GenerateDataEncryptionKey();
}
return(encryptionKey);
}
}
else
{
return(null);
}
}
public override async Task <byte[]> DecryptAsync(
byte[] cipherText,
string dataEncryptionKeyId,
string encryptionAlgorithm,
CancellationToken cancellationToken = default)
{
DataEncryptionKey dek = await this.DataEncryptionKeyProvider.FetchDataEncryptionKeyAsync(
dataEncryptionKeyId,
encryptionAlgorithm,
cancellationToken);
if (dek == null)
{
throw new InvalidOperationException($"Null {nameof(DataEncryptionKey)} returned from {nameof(this.DataEncryptionKeyProvider.FetchDataEncryptionKeyAsync)}.");
}
return(dek.DecryptData(cipherText));
}
/// <summary>Sends client SASL negotiation for specialized encrypted handshake.</summary>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKey">for an encrypted SASL handshake</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
private IOStreamPair GetEncryptedStreams(OutputStream underlyingOut, InputStream
underlyingIn, DataEncryptionKey encryptionKey)
{
IDictionary <string, string> saslProps = DataTransferSaslUtil.CreateSaslPropertiesForEncryption
(encryptionKey.encryptionAlgorithm);
Log.Debug("Client using encryption algorithm {}", encryptionKey.encryptionAlgorithm
);
string userName = GetUserNameFromEncryptionKey(encryptionKey);
char[] password = DataTransferSaslUtil.EncryptionKeyToPassword(encryptionKey.encryptionKey
);
CallbackHandler callbackHandler = new SaslDataTransferClient.SaslClientCallbackHandler
(userName, password);
return(DoSaslHandshake(underlyingOut, underlyingIn, userName, saslProps, callbackHandler
));
}
/// <summary>
/// Checks if an address is already trusted and then sends client SASL
/// negotiation if required.
/// </summary>
/// <param name="addr">connection address</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKeyFactory">for creation of an encryption key</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
private IOStreamPair CheckTrustAndSend(IPAddress addr, OutputStream underlyingOut
, InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
if (!trustedChannelResolver.IsTrusted() && !trustedChannelResolver.IsTrusted(addr
))
{
// The encryption key factory only returns a key if encryption is enabled.
DataEncryptionKey encryptionKey = encryptionKeyFactory.NewDataEncryptionKey();
return(Send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken, datanodeId
));
}
else
{
Log.Debug("SASL client skipping handshake on trusted connection for addr = {}, "
+ "datanodeId = {}", addr, datanodeId);
return(null);
}
}
/// <summary>
/// The SASL username for an encrypted handshake consists of the keyId,
/// blockPoolId, and nonce with the first two encoded as Strings, and the third
/// encoded using Base64.
/// </summary>
/// <remarks>
/// The SASL username for an encrypted handshake consists of the keyId,
/// blockPoolId, and nonce with the first two encoded as Strings, and the third
/// encoded using Base64. The fields are each separated by a single space.
/// </remarks>
/// <param name="encryptionKey">the encryption key to encode as a SASL username.</param>
/// <returns>encoded username containing keyId, blockPoolId, and nonce</returns>
private static string GetUserNameFromEncryptionKey(DataEncryptionKey encryptionKey
)
{
return(encryptionKey.keyId + NameDelimiter + encryptionKey.blockPoolId + NameDelimiter
+ new string(Base64.EncodeBase64(encryptionKey.nonce, false), Charsets.Utf8));
}
