public async Task ExpectFullKeyManagerExplicitAwsStoreRetrieveToSucceed()
{
var config = new S3XmlRepositoryConfig(S3IntegrationTests.BucketName) { KeyPrefix = "RealXmlKeyManager1/" };
await s3Cleanup.ClearKeys(S3IntegrationTests.BucketName, config.KeyPrefix);
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection()
.PersistKeysToAwsS3(s3Client, config);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService<IOptions<KeyManagementOptions>>(),
serviceProvider.GetRequiredService<IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection<IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public async Task ExpectFullKeyManagerStoreRetrieveWithConfigToSucceed()
{
var section = fixture.Configuration.GetSection("s3ImplicitAwsTestCase");
// Just make sure config is what is actually expected - of course normally you'd not access the config like this directly
Assert.Equal(S3IntegrationTests.BucketName, section["bucket"]);
Assert.Equal("RealXmlKeyManager3/", section["keyPrefix"]);
await s3Cleanup.ClearKeys(S3IntegrationTests.BucketName, section["keyPrefix"]);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(s3Client);
serviceCollection.AddDataProtection()
.PersistKeysToAwsS3(section);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService<IOptions<KeyManagementOptions>>(),
serviceProvider.GetRequiredService<IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection<IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public void CreateNewKey_CallsInternalManager()
{
// Arrange
DateTimeOffset minCreationDate = DateTimeOffset.UtcNow;
DateTimeOffset?actualCreationDate = null;
DateTimeOffset activationDate = minCreationDate + TimeSpan.FromDays(7);
DateTimeOffset expirationDate = activationDate.AddMonths(1);
var mockInternalKeyManager = new Mock <IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.CreateNewKey(It.IsAny <Guid>(), It.IsAny <DateTimeOffset>(), activationDate, expirationDate))
.Callback <Guid, DateTimeOffset, DateTimeOffset, DateTimeOffset>((innerKeyId, innerCreationDate, innerActivationDate, innerExpirationDate) =>
{
actualCreationDate = innerCreationDate;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = new Mock <IXmlRepository>().Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance, mockInternalKeyManager.Object);
// Act
keyManager.CreateNewKey(activationDate, expirationDate);
// Assert
Assert.InRange(actualCreationDate.Value, minCreationDate, DateTimeOffset.UtcNow);
}
public void ExpectFullKeyManagerStoreRetrieveToSucceed()
{
var config = new KmsXmlEncryptorConfig(KmsIntegrationTests.KmsTestingKey);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.PersistKeysToEphemeral()
.ProtectKeysWithAwsKms(config);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IOptions <KeyManagementOptions> >(),
serviceProvider.GetRequiredService <IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public void ExpectFullKeyManagerExplicitAwsStoreRetrieveWithConfigToSucceed()
{
var section = fixture.Configuration.GetSection("kmsTestCase");
// Just make sure config is what is actually expected - of course normally you'd not access the config like this directly
Assert.Equal(KmsIntegrationTests.KmsTestingKey, section["keyId"]);
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection()
.PersistKeysToEphemeral()
.ProtectKeysWithAwsKms(kmsClient, section);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IOptions <KeyManagementOptions> >(),
serviceProvider.GetRequiredService <IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public void ExpectFullKeyManagerStoreRetrieveToSucceed()
{
var config = new KmsXmlEncryptorConfig(KmsIntegrationTests.ApplicationName, KmsIntegrationTests.KmsTestingKey);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.ProtectKeysWithAwsKms(config);
serviceCollection.AddSingleton <IXmlRepository, EphemeralXmlRepository>();
var serviceProvider = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IXmlRepository>(),
serviceProvider.GetRequiredService <IAuthenticatedEncryptorConfiguration>(),
serviceProvider);
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
}
public async Task ExpectFullKeyManagerStoreRetrieveToSucceed()
{
var s3Config = new S3XmlRepositoryConfig(S3IntegrationTests.BucketName)
{
KeyPrefix = "CombinedXmlKeyManager2/"
};
await s3Cleanup.ClearKeys(S3IntegrationTests.BucketName, s3Config.KeyPrefix);
var kmsConfig = new KmsXmlEncryptorConfig(KmsIntegrationTests.ApplicationName, KmsIntegrationTests.KmsTestingKey);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(s3Client);
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.PersistKeysToAwsS3(s3Config)
.ProtectKeysWithAwsKms(kmsConfig);
var serviceProvider = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IXmlRepository>(),
serviceProvider.GetRequiredService <IAuthenticatedEncryptorConfiguration>(),
serviceProvider);
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
}
public IKey CreateNewKey(DateTimeOffset activationDate, DateTimeOffset expirationDate) => _wrapped.CreateNewKey(activationDate, expirationDate);