Exemple #1
0
        private void RoundTripGeneric(string testData, AeadEnvelopeCrypto aeadEnvelopeCrypto)
        {
            CryptoPolicy cryptoPolicy = new DummyCryptoPolicy();

            using (SecureCryptoKeyDictionary <DateTimeOffset> secureCryptoKeyDictionary =
                       new SecureCryptoKeyDictionary <DateTimeOffset>(cryptoPolicy.GetRevokeCheckPeriodMillis()))
            {
                IEnvelopeEncryption <JObject> envelopeEncryptionJsonImpl = new EnvelopeEncryptionJsonImpl(
                    partition,
                    metastore,
                    secureCryptoKeyDictionary,
                    new SecureCryptoKeyDictionary <DateTimeOffset>(cryptoPolicy.GetRevokeCheckPeriodMillis()),
                    aeadEnvelopeCrypto,
                    cryptoPolicy,
                    keyManagementService);
                using (Session <JObject, JObject> sessionJsonImpl =
                           new SessionJsonImpl <JObject>(envelopeEncryptionJsonImpl))
                {
                    Asherah.AppEncryption.Util.Json testJson = new Asherah.AppEncryption.Util.Json();
                    testJson.Put("Test", testData);

                    string persistenceKey = sessionJsonImpl.Store(testJson.ToJObject(), dataPersistence);

                    Option <JObject> testJson2 = sessionJsonImpl.Load(persistenceKey, dataPersistence);
                    Assert.True(testJson2.IsSome);
                    string resultData = ((JObject)testJson2)["Test"].ToObject <string>();

                    Assert.Equal(testData, resultData);
                }
            }
        }
Exemple #2
0
 /// <summary>
 /// Initializes a new instance of the <see cref="EnvelopeEncryptionJsonImpl"/> class using the provided
 /// parameters. This is an implementation of <see cref="IEnvelopeEncryption{TD}"/> which uses
 /// <see cref="JObject"/> as the Data Row Record format.
 /// </summary>
 ///
 /// <param name="partition">A <see cref="GoDaddy.Asherah.AppEncryption.Partition"/> object.</param>
 /// <param name="metastore">A <see cref="IMetastore{T}"/> implementation used to store system & intermediate
 /// keys.</param>
 /// <param name="systemKeyCache">A <see cref="ConcurrentDictionary{TKey,TValue}"/> based implementation for
 /// caching system keys.</param>
 /// <param name="intermediateKeyCache">A <see cref="ConcurrentDictionary{TKey,TValue}"/> based implementation
 /// for caching intermediate keys.</param>
 /// <param name="aeadEnvelopeCrypto">An implementation of
 /// <see cref="GoDaddy.Asherah.Crypto.Envelope.AeadEnvelopeCrypto"/>, used to encrypt/decrypt keys and
 /// envelopes.</param>
 /// <param name="cryptoPolicy">A <see cref="GoDaddy.Asherah.Crypto.CryptoPolicy"/> implementation that dictates
 /// the various behaviors of Asherah.</param>
 /// <param name="keyManagementService">A <see cref="GoDaddy.Asherah.AppEncryption.Kms.KeyManagementService"/>
 /// implementation that generates the top level master key and encrypts the system keys using the master key.
 /// </param>
 public EnvelopeEncryptionJsonImpl(
     Partition partition,
     IMetastore <JObject> metastore,
     SecureCryptoKeyDictionary <DateTimeOffset> systemKeyCache,
     SecureCryptoKeyDictionary <DateTimeOffset> intermediateKeyCache,
     AeadEnvelopeCrypto aeadEnvelopeCrypto,
     CryptoPolicy cryptoPolicy,
     KeyManagementService keyManagementService)
 {
     this.partition            = partition;
     this.metastore            = metastore;
     this.systemKeyCache       = systemKeyCache;
     this.intermediateKeyCache = intermediateKeyCache;
     crypto                    = aeadEnvelopeCrypto;
     this.cryptoPolicy         = cryptoPolicy;
     this.keyManagementService = keyManagementService;
 }
Exemple #3
0
        internal AwsKeyManagementServiceImpl(
            Dictionary <string, string> regionToArnDictionary,
            string preferredRegion,
            AeadEnvelopeCrypto crypto,
            AwsKmsClientFactory awsKmsClientFactory)
        {
            regionPriorityComparator = (region1, region2) =>
            {
                // Give preferred region top priority and fall back to remaining priority
                if (region1.Equals(this.preferredRegion))
                {
                    return(-1);
                }

                if (region2.Equals(this.preferredRegion))
                {
                    return(1);
                }

                // Treat them as equal for now
                // TODO consider adding logic to prefer geo/adjacent regions
                return(0);
            };
            this.preferredRegion           = preferredRegion;
            this.crypto                    = crypto;
            this.awsKmsClientFactory       = awsKmsClientFactory;
            RegionToArnAndClientDictionary = new OrderedDictionary();

            List <KeyValuePair <string, string> > regionToArnList = regionToArnDictionary.ToList();

            regionToArnList.Sort((regionToArn1, regionToArn2) =>
                                 regionPriorityComparator(regionToArn1.Key, regionToArn2.Key));

            regionToArnList.ForEach(regionToArn =>
            {
                RegionToArnAndClientDictionary.Add(
                    regionToArn.Key,
                    new AwsKmsArnClient(regionToArn.Value, this.awsKmsClientFactory.CreateAwsKmsClient(regionToArn.Key)));
            });
        }
Exemple #4
0
 protected GenericAeadCryptoTest()
 {
     crypto = GetCryptoInstance();
     random = RandomNumberGenerator.Create();
 }