public void RevokeKey_CallsInternalManager()
{
// Arrange
var keyToRevoke = new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932");
DateTimeOffset minRevocationDate = DateTimeOffset.UtcNow;
DateTimeOffset?actualRevocationDate = null;
var mockInternalKeyManager = new Mock <IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.RevokeSingleKey(keyToRevoke, It.IsAny <DateTimeOffset>(), "Here's some reason text."))
.Callback <Guid, DateTimeOffset, string>((innerKeyId, innerRevocationDate, innerReason) =>
{
actualRevocationDate = innerRevocationDate;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = new Mock <IXmlRepository>().Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance, mockInternalKeyManager.Object);
// Act
keyManager.RevokeKey(keyToRevoke, "Here's some reason text.");
// Assert
Assert.InRange(actualRevocationDate.Value, minRevocationDate, DateTimeOffset.UtcNow);
}
public void CreateNewKey_CallsInternalManager()
{
// Arrange
DateTimeOffset minCreationDate = DateTimeOffset.UtcNow;
DateTimeOffset?actualCreationDate = null;
DateTimeOffset activationDate = minCreationDate + TimeSpan.FromDays(7);
DateTimeOffset expirationDate = activationDate.AddMonths(1);
var mockInternalKeyManager = new Mock <IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.CreateNewKey(It.IsAny <Guid>(), It.IsAny <DateTimeOffset>(), activationDate, expirationDate))
.Callback <Guid, DateTimeOffset, DateTimeOffset, DateTimeOffset>((innerKeyId, innerCreationDate, innerActivationDate, innerExpirationDate) =>
{
actualCreationDate = innerCreationDate;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = new Mock <IXmlRepository>().Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance, mockInternalKeyManager.Object);
// Act
keyManager.CreateNewKey(activationDate, expirationDate);
// Assert
Assert.InRange(actualCreationDate.Value, minCreationDate, DateTimeOffset.UtcNow);
}
public void CreateNewKey_CallsInternalManager()
{
// Arrange - mocks
DateTimeOffset minCreationDate = DateTimeOffset.UtcNow;
DateTimeOffset?actualCreationDate = null;
DateTimeOffset activationDate = minCreationDate + TimeSpan.FromDays(7);
DateTimeOffset expirationDate = activationDate.AddMonths(1);
var mockInternalKeyManager = new Mock <IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.CreateNewKey(It.IsAny <Guid>(), It.IsAny <DateTimeOffset>(), activationDate, expirationDate))
.Callback <Guid, DateTimeOffset, DateTimeOffset, DateTimeOffset>((innerKeyId, innerCreationDate, innerActivationDate, innerExpirationDate) =>
{
actualCreationDate = innerCreationDate;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IXmlRepository>(new Mock <IXmlRepository>().Object);
serviceCollection.AddSingleton <IAuthenticatedEncryptorConfiguration>(new Mock <IAuthenticatedEncryptorConfiguration>().Object);
serviceCollection.AddSingleton <IInternalXmlKeyManager>(mockInternalKeyManager.Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act
keyManager.CreateNewKey(activationDate, expirationDate);
// Assert
Assert.InRange(actualCreationDate.Value, minCreationDate, DateTimeOffset.UtcNow);
}
public void RevokeKey_CallsInternalManager()
{
// Arrange - mocks
var keyToRevoke = new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932");
DateTimeOffset minRevocationDate = DateTimeOffset.UtcNow;
DateTimeOffset?actualRevocationDate = null;
var mockInternalKeyManager = new Mock <IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.RevokeSingleKey(keyToRevoke, It.IsAny <DateTimeOffset>(), "Here's some reason text."))
.Callback <Guid, DateTimeOffset, string>((innerKeyId, innerRevocationDate, innerReason) =>
{
actualRevocationDate = innerRevocationDate;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IXmlRepository>(new Mock <IXmlRepository>().Object);
serviceCollection.AddSingleton <IAuthenticatedEncryptorConfiguration>(new Mock <IAuthenticatedEncryptorConfiguration>().Object);
serviceCollection.AddSingleton <IInternalXmlKeyManager>(mockInternalKeyManager.Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act
keyManager.RevokeKey(keyToRevoke, "Here's some reason text.");
// Assert
Assert.InRange(actualRevocationDate.Value, minRevocationDate, DateTimeOffset.UtcNow);
}
public void CreateNewKey_CallsInternalManager()
{
// Arrange - mocks
DateTimeOffset minCreationDate = DateTimeOffset.UtcNow;
DateTimeOffset? actualCreationDate = null;
DateTimeOffset activationDate = minCreationDate + TimeSpan.FromDays(7);
DateTimeOffset expirationDate = activationDate.AddMonths(1);
var mockInternalKeyManager = new Mock<IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.CreateNewKey(It.IsAny<Guid>(), It.IsAny<DateTimeOffset>(), activationDate, expirationDate))
.Callback<Guid, DateTimeOffset, DateTimeOffset, DateTimeOffset>((innerKeyId, innerCreationDate, innerActivationDate, innerExpirationDate) =>
{
actualCreationDate = innerCreationDate;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IXmlRepository>(new Mock<IXmlRepository>().Object);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(new Mock<IAuthenticatedEncryptorConfiguration>().Object);
serviceCollection.AddSingleton<IInternalXmlKeyManager>(mockInternalKeyManager.Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act
keyManager.CreateNewKey(activationDate, expirationDate);
// Assert
Assert.InRange(actualCreationDate.Value, minCreationDate, DateTimeOffset.UtcNow);
}
public void RevokeSingleKey_Internal()
{
// Arrange - mocks
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
var revocationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeKey, the first CT should be fired,
// and we should've gotten a new CT.
((IInternalXmlKeyManager)keyManager).RevokeSingleKey(
keyId: new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932"),
revocationDate: revocationDate,
reason: "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
var expectedRepositoryXml = string.Format(
CultureInfo.InvariantCulture,
@"
<revocation version='1'>
{0}
<key id='a11f35fc-1fed-4bd4-b727-056a63b70932' />
<reason>Here's some reason text.</reason>
</revocation>",
new XElement("revocationDate", revocationDate));
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-a11f35fc-1fed-4bd4-b727-056a63b70932", friendlyNameStoredInRepository);
}
public void RevokeSingleKey_Internal()
{
// Arrange - mocks
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton <IAuthenticatedEncryptorConfiguration>(new Mock <IAuthenticatedEncryptorConfiguration>().Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
var revocationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeKey, the first CT should be fired,
// and we should've gotten a new CT.
((IInternalXmlKeyManager)keyManager).RevokeSingleKey(
keyId: new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932"),
revocationDate: revocationDate,
reason: "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
var expectedRepositoryXml = string.Format(@"
<revocation version='1'>
{0}
<key id='a11f35fc-1fed-4bd4-b727-056a63b70932' />
<reason>Here's some reason text.</reason>
</revocation>",
new XElement("revocationDate", revocationDate));
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-a11f35fc-1fed-4bd4-b727-056a63b70932", friendlyNameStoredInRepository);
}
public void RevokeAllKeys()
{
// Arrange
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
var revocationDate = XmlConvert.ToDateTimeOffset("2015-03-01T19:13:19.7573854-08:00");
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeAllKeys, the first CT should be fired,
// and we should've gotten a new CT.
keyManager.RevokeAllKeys(revocationDate, "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
const string expectedRepositoryXml = @"
<revocation version='1'>
<revocationDate>2015-03-01T19:13:19.7573854-08:00</revocationDate>
<!--All keys created before the revocation date are revoked.-->
<key id='*' />
<reason>Here's some reason text.</reason>
</revocation>";
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-20150302T0313197573854Z", friendlyNameStoredInRepository);
}
private static IReadOnlyCollection <IKey> RunGetAllKeysCore(string xml, IActivator activator, ILoggerFactory loggerFactory = null)
{
// Arrange
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository.Setup(o => o.GetAllElements()).Returns(XElement.Parse(xml).Elements().ToArray());
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, activator, loggerFactory ?? NullLoggerFactory.Instance);
// Act
return(keyManager.GetAllKeys());
}
public void Ctor_WithoutEncryptorOrRepository_UsesFallback()
{
// Arrange
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = null,
XmlEncryptor = null
});
// Act
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
// Assert
Assert.NotNull(keyManager.KeyRepository);
if (OSVersionUtil.IsWindows())
{
Assert.NotNull(keyManager.KeyEncryptor);
}
}
private static IReadOnlyCollection <IKey> RunGetAllKeysCore(string xml, IActivator activator, ILoggerFactory loggerFactory = null)
{
// Arrange - mocks
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository.Setup(o => o.GetAllElements()).Returns(XElement.Parse(xml).Elements().ToArray());
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton <IActivator>(activator);
serviceCollection.AddSingleton <IAuthenticatedEncryptorConfiguration>(new Mock <IAuthenticatedEncryptorConfiguration>().Object);
if (loggerFactory != null)
{
serviceCollection.AddSingleton <ILoggerFactory>(loggerFactory);
}
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act
return(keyManager.GetAllKeys());
}
public void Ctor_WithoutEncryptorOrRepository_UsesFallback()
{
// Arrange
var expectedEncryptor = new Mock <IXmlEncryptor>().Object;
var expectedRepository = new Mock <IXmlRepository>().Object;
var mockFallback = new Mock <IDefaultKeyServices>();
mockFallback.Setup(o => o.GetKeyEncryptor()).Returns(expectedEncryptor);
mockFallback.Setup(o => o.GetKeyRepository()).Returns(expectedRepository);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IDefaultKeyServices>(mockFallback.Object);
serviceCollection.AddSingleton <IAuthenticatedEncryptorConfiguration>(new Mock <IAuthenticatedEncryptorConfiguration>().Object);
var services = serviceCollection.BuildServiceProvider();
// Act
var keyManager = new XmlKeyManager(services);
// Assert
Assert.Same(expectedEncryptor, keyManager.KeyEncryptor);
Assert.Same(expectedRepository, keyManager.KeyRepository);
}
public void CreateNewKey_Internal_NoEscrowOrEncryption()
{
// Constants
var creationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
var activationDate = new DateTimeOffset(2014, 02, 01, 0, 0, 0, TimeSpan.Zero);
var expirationDate = new DateTimeOffset(2014, 03, 01, 0, 0, 0, TimeSpan.Zero);
var keyId = new Guid("3d6d01fd-c0e7-44ae-82dd-013b996b4093");
// Arrange - mocks
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var expectedAuthenticatedEncryptor = new Mock<IAuthenticatedEncryptor>().Object;
var mockDescriptor = new Mock<IAuthenticatedEncryptorDescriptor>();
mockDescriptor.Setup(o => o.ExportToXml()).Returns(new XmlSerializedDescriptorInfo(serializedDescriptor, typeof(MyDeserializer)));
mockDescriptor.Setup(o => o.CreateEncryptorInstance()).Returns(expectedAuthenticatedEncryptor);
var mockConfiguration = new Mock<IAuthenticatedEncryptorConfiguration>();
mockConfiguration.Setup(o => o.CreateNewDescriptor()).Returns(mockDescriptor.Object);
var mockXmlRepository = new Mock<IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny<XElement>(), It.IsAny<string>()))
.Callback<XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(mockConfiguration.Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to CreateNewKey, the first CT should be fired,
// and we should've gotten a new CT.
var newKey = ((IInternalXmlKeyManager)keyManager).CreateNewKey(
keyId: keyId,
creationDate: creationDate,
activationDate: activationDate,
expirationDate: expirationDate);
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Does the IKey have the properties we requested?
Assert.Equal(keyId, newKey.KeyId);
Assert.Equal(creationDate, newKey.CreationDate);
Assert.Equal(activationDate, newKey.ActivationDate);
Assert.Equal(expirationDate, newKey.ExpirationDate);
Assert.False(newKey.IsRevoked);
Assert.Same(expectedAuthenticatedEncryptor, newKey.CreateEncryptorInstance());
// Finally, was the correct element stored in the repository?
string expectedXml = String.Format(@"
<key id='3d6d01fd-c0e7-44ae-82dd-013b996b4093' version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
{1}
{2}
{3}
<descriptor deserializerType='{0}'>
<theElement>
<secret enc:requiresEncryption='true'>
<![CDATA[This is a secret value.]]>
</secret>
</theElement>
</descriptor>
</key>",
typeof(MyDeserializer).AssemblyQualifiedName,
new XElement("creationDate", creationDate),
new XElement("activationDate", activationDate),
new XElement("expirationDate", expirationDate));
XmlAssert.Equal(expectedXml, elementStoredInRepository);
Assert.Equal("key-3d6d01fd-c0e7-44ae-82dd-013b996b4093", friendlyNameStoredInRepository);
}
private static IReadOnlyCollection<IKey> RunGetAllKeysCore(string xml, IActivator activator, ILoggerFactory loggerFactory = null)
{
// Arrange - mocks
var mockXmlRepository = new Mock<IXmlRepository>();
mockXmlRepository.Setup(o => o.GetAllElements()).Returns(XElement.Parse(xml).Elements().ToArray());
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton<IActivator>(activator);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(new Mock<IAuthenticatedEncryptorConfiguration>().Object);
if (loggerFactory != null)
{
serviceCollection.AddSingleton<ILoggerFactory>(loggerFactory);
}
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act
return keyManager.GetAllKeys();
}
public void RevokeSingleKey_Internal()
{
// Arrange - mocks
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock<IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny<XElement>(), It.IsAny<string>()))
.Callback<XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(new Mock<IAuthenticatedEncryptorConfiguration>().Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
var revocationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeKey, the first CT should be fired,
// and we should've gotten a new CT.
((IInternalXmlKeyManager)keyManager).RevokeSingleKey(
keyId: new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932"),
revocationDate: revocationDate,
reason: "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
var expectedRepositoryXml = string.Format(@"
<revocation version='1'>
{0}
<key id='a11f35fc-1fed-4bd4-b727-056a63b70932' />
<reason>Here's some reason text.</reason>
</revocation>",
new XElement("revocationDate", revocationDate));
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-a11f35fc-1fed-4bd4-b727-056a63b70932", friendlyNameStoredInRepository);
}
public void Ctor_WithoutEncryptorOrRepository_UsesFallback()
{
// Arrange
var expectedEncryptor = new Mock<IXmlEncryptor>().Object;
var expectedRepository = new Mock<IXmlRepository>().Object;
var mockFallback = new Mock<IDefaultKeyServices>();
mockFallback.Setup(o => o.GetKeyEncryptor()).Returns(expectedEncryptor);
mockFallback.Setup(o => o.GetKeyRepository()).Returns(expectedRepository);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IDefaultKeyServices>(mockFallback.Object);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(new Mock<IAuthenticatedEncryptorConfiguration>().Object);
var services = serviceCollection.BuildServiceProvider();
// Act
var keyManager = new XmlKeyManager(services);
// Assert
Assert.Same(expectedEncryptor, keyManager.KeyEncryptor);
Assert.Same(expectedRepository, keyManager.KeyRepository);
}
public void RevokeAllKeys()
{
// Arrange - mocks
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var mockXmlRepository = new Mock<IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny<XElement>(), It.IsAny<string>()))
.Callback<XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(new Mock<IAuthenticatedEncryptorConfiguration>().Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
var revocationDate = XmlConvert.ToDateTimeOffset("2015-03-01T19:13:19.7573854-08:00");
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to RevokeAllKeys, the first CT should be fired,
// and we should've gotten a new CT.
keyManager.RevokeAllKeys(revocationDate, "Here's some reason text.");
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Was the correct element stored in the repository?
const string expectedRepositoryXml = @"
<revocation version='1'>
<revocationDate>2015-03-01T19:13:19.7573854-08:00</revocationDate>
<!--All keys created before the revocation date are revoked.-->
<key id='*' />
<reason>Here's some reason text.</reason>
</revocation>";
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("revocation-20150302T0313197573854Z", friendlyNameStoredInRepository);
}
public void RevokeKey_CallsInternalManager()
{
// Arrange - mocks
var keyToRevoke = new Guid("a11f35fc-1fed-4bd4-b727-056a63b70932");
DateTimeOffset minRevocationDate = DateTimeOffset.UtcNow;
DateTimeOffset? actualRevocationDate = null;
var mockInternalKeyManager = new Mock<IInternalXmlKeyManager>();
mockInternalKeyManager
.Setup(o => o.RevokeSingleKey(keyToRevoke, It.IsAny<DateTimeOffset>(), "Here's some reason text."))
.Callback<Guid, DateTimeOffset, string>((innerKeyId, innerRevocationDate, innerReason) =>
{
actualRevocationDate = innerRevocationDate;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton<IXmlRepository>(new Mock<IXmlRepository>().Object);
serviceCollection.AddSingleton<IAuthenticatedEncryptorConfiguration>(new Mock<IAuthenticatedEncryptorConfiguration>().Object);
serviceCollection.AddSingleton<IInternalXmlKeyManager>(mockInternalKeyManager.Object);
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act
keyManager.RevokeKey(keyToRevoke, "Here's some reason text.");
// Assert
Assert.InRange(actualRevocationDate.Value, minRevocationDate, DateTimeOffset.UtcNow);
}
public void CreateNewKey_Internal_NoEscrowOrEncryption()
{
// Constants
var creationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
var activationDate = new DateTimeOffset(2014, 02, 01, 0, 0, 0, TimeSpan.Zero);
var expirationDate = new DateTimeOffset(2014, 03, 01, 0, 0, 0, TimeSpan.Zero);
var keyId = new Guid("3d6d01fd-c0e7-44ae-82dd-013b996b4093");
// Arrange
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var expectedAuthenticatedEncryptor = new Mock <IAuthenticatedEncryptor>().Object;
var mockDescriptor = new Mock <IAuthenticatedEncryptorDescriptor>();
mockDescriptor.Setup(o => o.ExportToXml()).Returns(new XmlSerializedDescriptorInfo(serializedDescriptor, typeof(MyDeserializer)));
var expectedDescriptor = mockDescriptor.Object;
var testEncryptorFactory = new TestEncryptorFactory(expectedDescriptor, expectedAuthenticatedEncryptor);
var mockConfiguration = new Mock <AlgorithmConfiguration>();
mockConfiguration.Setup(o => o.CreateNewDescriptor()).Returns(expectedDescriptor);
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = mockConfiguration.Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
options.Value.AuthenticatedEncryptorFactories.Add(testEncryptorFactory);
var keyManager = new XmlKeyManager(options, SimpleActivator.DefaultWithoutServices, NullLoggerFactory.Instance);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to CreateNewKey, the first CT should be fired,
// and we should've gotten a new CT.
var newKey = ((IInternalXmlKeyManager)keyManager).CreateNewKey(
keyId: keyId,
creationDate: creationDate,
activationDate: activationDate,
expirationDate: expirationDate);
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Does the IKey have the properties we requested?
Assert.Equal(keyId, newKey.KeyId);
Assert.Equal(creationDate, newKey.CreationDate);
Assert.Equal(activationDate, newKey.ActivationDate);
Assert.Equal(expirationDate, newKey.ExpirationDate);
Assert.Same(expectedDescriptor, newKey.Descriptor);
Assert.False(newKey.IsRevoked);
Assert.Same(expectedAuthenticatedEncryptor, testEncryptorFactory.CreateEncryptorInstance(newKey));
// Finally, was the correct element stored in the repository?
string expectedXml = string.Format(@"
<key id='3d6d01fd-c0e7-44ae-82dd-013b996b4093' version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
{1}
{2}
{3}
<descriptor deserializerType='{0}'>
<theElement>
<secret enc:requiresEncryption='true'>
<![CDATA[This is a secret value.]]>
</secret>
</theElement>
</descriptor>
</key>",
typeof(MyDeserializer).AssemblyQualifiedName,
new XElement("creationDate", creationDate),
new XElement("activationDate", activationDate),
new XElement("expirationDate", expirationDate));
XmlAssert.Equal(expectedXml, elementStoredInRepository);
Assert.Equal("key-3d6d01fd-c0e7-44ae-82dd-013b996b4093", friendlyNameStoredInRepository);
}
public void CreateNewKey_Internal_WithEscrowAndEncryption()
{
// Constants
var creationDate = new DateTimeOffset(2014, 01, 01, 0, 0, 0, TimeSpan.Zero);
var activationDate = new DateTimeOffset(2014, 02, 01, 0, 0, 0, TimeSpan.Zero);
var expirationDate = new DateTimeOffset(2014, 03, 01, 0, 0, 0, TimeSpan.Zero);
var keyId = new Guid("3d6d01fd-c0e7-44ae-82dd-013b996b4093");
// Arrange - mocks
XElement elementStoredInEscrow = null;
Guid? keyIdStoredInEscrow = null;
XElement elementStoredInRepository = null;
string friendlyNameStoredInRepository = null;
var expectedAuthenticatedEncryptor = new Mock <IAuthenticatedEncryptor>().Object;
var mockDescriptor = new Mock <IAuthenticatedEncryptorDescriptor>();
mockDescriptor.Setup(o => o.ExportToXml()).Returns(new XmlSerializedDescriptorInfo(serializedDescriptor, typeof(MyDeserializer)));
mockDescriptor.Setup(o => o.CreateEncryptorInstance()).Returns(expectedAuthenticatedEncryptor);
var mockConfiguration = new Mock <IAuthenticatedEncryptorConfiguration>();
mockConfiguration.Setup(o => o.CreateNewDescriptor()).Returns(mockDescriptor.Object);
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository
.Setup(o => o.StoreElement(It.IsAny <XElement>(), It.IsAny <string>()))
.Callback <XElement, string>((el, friendlyName) =>
{
elementStoredInRepository = el;
friendlyNameStoredInRepository = friendlyName;
});
var mockKeyEscrow = new Mock <IKeyEscrowSink>();
mockKeyEscrow
.Setup(o => o.Store(It.IsAny <Guid>(), It.IsAny <XElement>()))
.Callback <Guid, XElement>((innerKeyId, el) =>
{
keyIdStoredInEscrow = innerKeyId;
elementStoredInEscrow = el;
});
// Arrange - services
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IXmlRepository>(mockXmlRepository.Object);
serviceCollection.AddSingleton <IAuthenticatedEncryptorConfiguration>(mockConfiguration.Object);
serviceCollection.AddSingleton <IKeyEscrowSink>(mockKeyEscrow.Object);
serviceCollection.AddSingleton <IXmlEncryptor, NullXmlEncryptor>();
var services = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(services);
// Act & assert
// The cancellation token should not already be fired
var firstCancellationToken = keyManager.GetCacheExpirationToken();
Assert.False(firstCancellationToken.IsCancellationRequested);
// After the call to CreateNewKey, the first CT should be fired,
// and we should've gotten a new CT.
var newKey = ((IInternalXmlKeyManager)keyManager).CreateNewKey(
keyId: keyId,
creationDate: creationDate,
activationDate: activationDate,
expirationDate: expirationDate);
var secondCancellationToken = keyManager.GetCacheExpirationToken();
Assert.True(firstCancellationToken.IsCancellationRequested);
Assert.False(secondCancellationToken.IsCancellationRequested);
// Does the IKey have the properties we requested?
Assert.Equal(keyId, newKey.KeyId);
Assert.Equal(creationDate, newKey.CreationDate);
Assert.Equal(activationDate, newKey.ActivationDate);
Assert.Equal(expirationDate, newKey.ExpirationDate);
Assert.False(newKey.IsRevoked);
Assert.Same(expectedAuthenticatedEncryptor, newKey.CreateEncryptorInstance());
// Was the correct element stored in escrow?
// This should not have gone through the encryptor.
string expectedEscrowXml = String.Format(@"
<key id='3d6d01fd-c0e7-44ae-82dd-013b996b4093' version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
{1}
{2}
{3}
<descriptor deserializerType='{0}'>
<theElement>
<secret enc:requiresEncryption='true'>
<![CDATA[This is a secret value.]]>
</secret>
</theElement>
</descriptor>
</key>",
typeof(MyDeserializer).AssemblyQualifiedName,
new XElement("creationDate", creationDate),
new XElement("activationDate", activationDate),
new XElement("expirationDate", expirationDate));
XmlAssert.Equal(expectedEscrowXml, elementStoredInEscrow);
Assert.Equal(keyId, keyIdStoredInEscrow.Value);
// Finally, was the correct element stored in the repository?
// This should have gone through the encryptor (which we set to be the null encryptor in this test)
string expectedRepositoryXml = String.Format(@"
<key id='3d6d01fd-c0e7-44ae-82dd-013b996b4093' version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
{2}
{3}
{4}
<descriptor deserializerType='{0}'>
<theElement>
<enc:encryptedSecret decryptorType='{1}'>
<unencryptedKey>
<secret enc:requiresEncryption='true'>
<![CDATA[This is a secret value.]]>
</secret>
</unencryptedKey>
</enc:encryptedSecret>
</theElement>
</descriptor>
</key>",
typeof(MyDeserializer).AssemblyQualifiedName,
typeof(NullXmlDecryptor).AssemblyQualifiedName,
new XElement("creationDate", creationDate),
new XElement("activationDate", activationDate),
new XElement("expirationDate", expirationDate));
XmlAssert.Equal(expectedRepositoryXml, elementStoredInRepository);
Assert.Equal("key-3d6d01fd-c0e7-44ae-82dd-013b996b4093", friendlyNameStoredInRepository);
}
