public async Task DuplicatePathToEncrypt() { TestDoc testDoc = TestDoc.Create(); EncryptionOptions encryptionOptionsWithDuplicatePathToEncrypt = new EncryptionOptions() { DataEncryptionKeyId = MdeEncryptionProcessorTests.dekId, EncryptionAlgorithm = CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, PathsToEncrypt = new List <string>() { "/SensitiveStr", "/SensitiveStr" } }; try { await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), MdeEncryptionProcessorTests.mockEncryptor.Object, encryptionOptionsWithDuplicatePathToEncrypt, new CosmosDiagnosticsContext(), CancellationToken.None); Assert.Fail("Duplicate paths in PathToEncrypt didn't result in exception."); } catch (InvalidOperationException ex) { Assert.AreEqual("Duplicate paths in PathsToEncrypt passed via EncryptionOptions.", ex.Message); } }
public async Task InvalidPathToEncrypt() { TestDoc testDoc = TestDoc.Create(); EncryptionOptions encryptionOptionsWithInvalidPathToEncrypt = new EncryptionOptions() { DataEncryptionKeyId = MdeEncryptionProcessorTests.dekId, EncryptionAlgorithm = CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, PathsToEncrypt = new List <string>() { "/SensitiveStr", "/Invalid" } }; try { await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), MdeEncryptionProcessorTests.mockEncryptor.Object, encryptionOptionsWithInvalidPathToEncrypt, new CosmosDiagnosticsContext(), CancellationToken.None); Assert.Fail("Invalid path to encrypt didn't result in exception."); } catch (ArgumentException ex) { Assert.AreEqual("PathsToEncrypt includes a path: '/Invalid' which was not found.", ex.Message); } }
public async Task ValidateDecryptStream() { TestDoc testDoc = TestDoc.Create(); Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), MdeEncryptionProcessorTests.mockEncryptor.Object, MdeEncryptionProcessorTests.encryptionOptions, new CosmosDiagnosticsContext(), CancellationToken.None); (Stream decryptedStream, DecryptionContext decryptionContext) = await EncryptionProcessor.DecryptAsync( encryptedStream, MdeEncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); JObject decryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(decryptedStream); MdeEncryptionProcessorTests.VerifyDecryptionSucceeded( decryptedDoc, testDoc, TestDoc.PathsToEncrypt.Count, decryptionContext); }
public async Task InvalidPathToEncrypt() { TestDoc testDoc = TestDoc.Create(); EncryptionOptions encryptionOptionsWithInvalidPathToEncrypt = new EncryptionOptions() { DataEncryptionKeyId = LegacyEncryptionProcessorTests.dekId, EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, PathsToEncrypt = new List <string>() { "/SensitiveStr", "/Invalid" } }; Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), LegacyEncryptionProcessorTests.mockEncryptor.Object, encryptionOptionsWithInvalidPathToEncrypt, new CosmosDiagnosticsContext(), CancellationToken.None); JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream); (JObject decryptedDoc, DecryptionContext decryptionContext) = await EncryptionProcessor.DecryptAsync( encryptedDoc, LegacyEncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); LegacyEncryptionProcessorTests.VerifyDecryptionSucceeded( decryptedDoc, testDoc, 1, decryptionContext, invalidPathsConfigured: true); }
private static async Task <JObject> VerifyEncryptionSucceeded(TestDoc testDoc) { Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), LegacyEncryptionProcessorTests.mockEncryptor.Object, LegacyEncryptionProcessorTests.encryptionOptions, new CosmosDiagnosticsContext(), CancellationToken.None); JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream); Assert.AreEqual(testDoc.Id, encryptedDoc.Property("id").Value.Value <string>()); Assert.AreEqual(testDoc.PK, encryptedDoc.Property(nameof(TestDoc.PK)).Value.Value <string>()); Assert.AreEqual(testDoc.NonSensitive, encryptedDoc.Property(nameof(TestDoc.NonSensitive)).Value.Value <string>()); Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveStr))); Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveInt))); JProperty eiJProp = encryptedDoc.Property(Constants.EncryptedInfo); Assert.IsNotNull(eiJProp); Assert.IsNotNull(eiJProp.Value); Assert.AreEqual(JTokenType.Object, eiJProp.Value.Type); EncryptionProperties encryptionProperties = ((JObject)eiJProp.Value).ToObject <EncryptionProperties>(); Assert.IsNotNull(encryptionProperties); Assert.AreEqual(LegacyEncryptionProcessorTests.dekId, encryptionProperties.DataEncryptionKeyId); Assert.AreEqual(2, encryptionProperties.EncryptionFormatVersion); Assert.IsNotNull(encryptionProperties.EncryptedData); return(encryptedDoc); }
private void btnEncrypt_Click(object sender, EventArgs e) { this.RefreshSettings(); EncryptionProcessor.SetupWorkingItems(WorkingDirectoryLocation, AESFilesLocation, LockedDataLocation, ClientRsaPublicKeyLocation, ClientRsaPrivateKeyLocation); EncryptionProcessor.LocateFilesAndEncrypt(TargetFilesDirectodry, AESFilesLocation, LockedDataLocation); EncryptionProcessor.LocateAESFilesAndEncrypt(ClientRsaPrivateKeyLocation, AESFilesLocation); EncryptionProcessor.LocateClientRSAPrivateKeyAndEncrypt(ClientRsaPrivateKeyLocation, ServerRsaPublicKeyLocation); }
public async Task DecryptStreamWithoutEncryptedProperty() { TestDoc testDoc = TestDoc.Create(); Stream docStream = testDoc.ToStream(); Stream decryptedStream = await EncryptionProcessor.DecryptAsync( docStream, EncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); Assert.IsTrue(decryptedStream.CanSeek); Assert.AreEqual(0, decryptedStream.Position); Assert.AreEqual(docStream.Length, decryptedStream.Length); }
public async Task ValidateEncryptDecryptDocument() { TestDoc testDoc = TestDoc.Create(); JObject encryptedDoc = await EncryptionProcessorTests.VerifyEncryptionSucceeded(testDoc); JObject decryptedDoc = await EncryptionProcessor.DecryptAsync( encryptedDoc, EncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); EncryptionProcessorTests.VerifyDecryptionSucceeded( decryptedDoc, testDoc); }
/// <summary> /// Plain text runs through an encryption algorithm to return encrypted code. /// The hash value of the password is used as part of the encryption algorithm. /// Password is also needed for decryption. /// </summary> /// <param name="plaintext"></param> /// <param name="password"></param> /// <returns></returns> private string EncryptText(string plaintext, string password) { try { if (string.IsNullOrEmpty(plaintext)) { return(null); } var encryptionProcessor = new EncryptionProcessor(plaintext, password); var encryptedText = encryptionProcessor.Encrypt(); return(encryptedText); } catch (Exception ex) { return(ex.Message); } }
public async Task EncryptDecryptPropertyWithNullValue() { TestDoc testDoc = TestDoc.Create(); testDoc.SensitiveStr = null; JObject encryptedDoc = await EncryptionProcessorTests.VerifyEncryptionSucceeded(testDoc); JObject decryptedDoc = await EncryptionProcessor.DecryptAsync( encryptedDoc, EncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); EncryptionProcessorTests.VerifyDecryptionSucceeded( decryptedDoc, testDoc); }
private static async Task <JObject> VerifyEncryptionSucceeded(TestDoc testDoc) { Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), MdeEncryptionProcessorTests.mockEncryptor.Object, MdeEncryptionProcessorTests.encryptionOptions, new CosmosDiagnosticsContext(), CancellationToken.None); JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream); Assert.AreEqual(testDoc.Id, encryptedDoc.Property("id").Value.Value <string>()); Assert.AreEqual(testDoc.PK, encryptedDoc.Property(nameof(TestDoc.PK)).Value.Value <string>()); Assert.AreEqual(testDoc.NonSensitive, encryptedDoc.Property(nameof(TestDoc.NonSensitive)).Value.Value <string>()); Assert.IsNotNull(encryptedDoc.Property(nameof(TestDoc.SensitiveInt)).Value.Value <string>()); Assert.AreNotEqual(testDoc.SensitiveInt, encryptedDoc.Property(nameof(TestDoc.SensitiveInt)).Value.Value <string>()); // not equal since value is encrypted JProperty eiJProp = encryptedDoc.Property(Constants.EncryptedInfo); Assert.IsNotNull(eiJProp); Assert.IsNotNull(eiJProp.Value); Assert.AreEqual(JTokenType.Object, eiJProp.Value.Type); EncryptionProperties encryptionProperties = ((JObject)eiJProp.Value).ToObject <EncryptionProperties>(); Assert.IsNotNull(encryptionProperties); Assert.AreEqual(MdeEncryptionProcessorTests.dekId, encryptionProperties.DataEncryptionKeyId); Assert.AreEqual(3, encryptionProperties.EncryptionFormatVersion); Assert.IsNull(encryptionProperties.EncryptedData); Assert.IsNotNull(encryptionProperties.EncryptedPaths); if (testDoc.SensitiveStr == null) { Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveStr)).Value.Value <string>()); // since null value is not encrypted Assert.AreEqual(TestDoc.PathsToEncrypt.Count - 1, encryptionProperties.EncryptedPaths.Count()); } else { Assert.IsNotNull(encryptedDoc.Property(nameof(TestDoc.SensitiveStr)).Value.Value <string>()); Assert.AreNotEqual(testDoc.SensitiveStr, encryptedDoc.Property(nameof(TestDoc.SensitiveStr)).Value.Value <string>()); // not equal since value is encrypted Assert.AreEqual(TestDoc.PathsToEncrypt.Count, encryptionProperties.EncryptedPaths.Count()); } return(encryptedDoc); }