public override int Run(string[] remainingArguments)
{
using (var keySet = new MutableKeySet(_location))
{
var status = keySet.Revoke(_version);
if (!status)
{
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotRevoke, _version);
return(-1);
}
try
{
if (keySet.Save(new FileSystemKeySetWriter(_location, overwrite: true)))
{
Console.WriteLine("{0} {1}.", Localized.MsgRevokedVersion, _version);
return(0);
}
}
catch
{
Console.WriteLine("{0} {1}.", Localized.MsgCouldNotWrite, _location);
}
return(-1);
}
}
public void TestRevoke()
{
using (var reader = new MutableKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary"))){
var status = reader.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Inactive));
var re = reader.Revoke(1);
Expect(re, Is.True);
Expect(reader.Metadata.Versions.Any(), Is.False);
}
}
public void RevokeOverwrite()
{
var testPath = "revoke-override";
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 origCipherText = null;
WebBase64 origKeyId = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
origCipherText = encrypter.Encrypt(Input);
origKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var status2 = ks.Demote(1);
Expect(status2, Is.EqualTo(KeyStatus.Inactive));
var revoked = ks.Revoke(1);
Expect(revoked, Is.True);
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 newCipherText = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
newCipherText = encrypter.Encrypt(Input);
}
using (var ks = StorageKeySet.Create(GetClientCred(), DefaultContainer, testPath)())
{
var newKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
var prefix = new byte[KeyczarConst.KeyHashLength];
Array.Copy(newCipherText.ToBytes(), 1, prefix, 0, prefix.Length);
Expect(prefix, Is.Not.EqualTo(origKeyId.ToBytes()));
Expect(prefix, Is.EqualTo(newKeyId.ToBytes()));
}
}