public AppEncryptionJsonMultiThreadedTest() { payload = PayloadGenerator.CreateDefaultRandomJsonPayload(); appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(); partitionId = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset(); appEncryptionJson = appEncryptionSessionFactory.GetAppEncryptionJson(partitionId); }
private void TestBuilderPathWithSpecifiedInterfaces() { AppEncryptionSessionFactory.IMetastoreStep metastoreStep = AppEncryptionSessionFactory.NewBuilder(TestProductId, TestSystemId); Assert.NotNull(metastoreStep); IMetastorePersistence <JObject> metastorePersistence = new MemoryPersistenceImpl <JObject>(); AppEncryptionSessionFactory.ICryptoPolicyStep cryptoPolicyStep = metastoreStep.WithMetaStorePersistence(metastorePersistence); Assert.NotNull(cryptoPolicyStep); CryptoPolicy cryptoPolicy = new NeverExpiredCryptoPolicy(); AppEncryptionSessionFactory.IKeyManagementServiceStep keyManagementServiceStep = cryptoPolicyStep.WithCryptoPolicy(cryptoPolicy); Assert.NotNull(keyManagementServiceStep); KeyManagementService keyManagementService = new StaticKeyManagementServiceImpl(TestMasterKey); AppEncryptionSessionFactory.IBuildStep buildStep = keyManagementServiceStep.WithKeyManagementService(keyManagementService); Assert.NotNull(buildStep); AppEncryptionSessionFactory sessionFactory = buildStep.Build(); Assert.NotNull(sessionFactory); }
public AppEncryptionBytesTest() { payload = PayloadGenerator.CreateDefaultRandomBytePayload(); appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(); partitionId = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset(); appEncryptionBytes = appEncryptionSessionFactory.GetAppEncryptionBytes(partitionId); }
public static AppEncryptionSessionFactory CreateDefaultAppEncryptionSessionFactory(string productId, string systemId) { return(AppEncryptionSessionFactory.NewBuilder(productId, systemId) .WithMemoryPersistence() .WithNeverExpiredCryptoPolicy() .WithStaticKeyManagementService(KeyManagementStaticMasterKey) .Build()); }
public AppEncryptionJsonMultiThreadedTest(ConfigFixture configFixture) { payload = PayloadGenerator.CreateDefaultRandomJsonPayload(); appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory( configFixture.KeyManagementService, configFixture.MetastorePersistence); partitionId = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset(); appEncryptionJson = appEncryptionSessionFactory.GetAppEncryptionJson(partitionId); }
private static AppEncryptionSessionFactory CreateDefaultAppEncryptionSessionFactory( string productId, string systemId, KeyManagementService keyManagementService, IMetastorePersistence <JObject> metastorePersistence) { return(AppEncryptionSessionFactory.NewBuilder(productId, systemId) .WithMetaStorePersistence(metastorePersistence) .WithNeverExpiredCryptoPolicy() .WithKeyManagementService(keyManagementService) .Build()); }
private void TestConstructor() { AppEncryptionSessionFactory appEncryptionSessionFactory = new AppEncryptionSessionFactory( TestProductId, TestSystemId, metastorePersistenceMock.Object, secureCryptoKeyDictionaryFactoryMock.Object, cryptoPolicyMock.Object, keyManagementServiceMock.Object); Assert.NotNull(appEncryptionSessionFactory); }
private void TestBuilderPathWithMetricsDisabled() { AppEncryptionSessionFactory.NewBuilder(TestProductId, TestSystemId) .WithMemoryPersistence() .WithNeverExpiredCryptoPolicy() .WithStaticKeyManagementService(TestMasterKey) .Build(); MetricsUtil.MetricsInstance.Measure.Meter.Mark(new MeterOptions { Name = "should.not.record" }, 1); // Verify no metrics were recorded Assert.Empty(MetricsUtil.MetricsInstance.Snapshot.Get().Contexts); }
public AppEncryptionSessionFactoryTest() { metastorePersistenceMock = new Mock <IMetastorePersistence <JObject> >(); cryptoPolicyMock = new Mock <CryptoPolicy>(); keyManagementServiceMock = new Mock <KeyManagementService>(); secureCryptoKeyDictionaryFactoryMock = new Mock <SecureCryptoKeyDictionaryFactory <DateTimeOffset> >(cryptoPolicyMock.Object); systemKeyCacheMock = new Mock <SecureCryptoKeyDictionary <DateTimeOffset> >(1); secureCryptoKeyDictionaryFactoryMock.Setup(x => x.CreateSecureCryptoKeyDictionary()) .Returns(systemKeyCacheMock.Object); appEncryptionSessionFactory = new AppEncryptionSessionFactory( TestProductId, TestSystemId, metastorePersistenceMock.Object, secureCryptoKeyDictionaryFactoryMock.Object, cryptoPolicyMock.Object, keyManagementServiceMock.Object); }
private void TestBuilderPathWithPrebuiltInterfaces() { AppEncryptionSessionFactory.IMetastoreStep metastoreStep = AppEncryptionSessionFactory.NewBuilder(TestProductId, TestSystemId); Assert.NotNull(metastoreStep); AppEncryptionSessionFactory.ICryptoPolicyStep cryptoPolicyStep = metastoreStep.WithMemoryPersistence(); Assert.NotNull(cryptoPolicyStep); AppEncryptionSessionFactory.IKeyManagementServiceStep keyManagementServiceStep = cryptoPolicyStep.WithNeverExpiredCryptoPolicy(); Assert.NotNull(keyManagementServiceStep); AppEncryptionSessionFactory.IBuildStep buildStep = keyManagementServiceStep.WithStaticKeyManagementService(TestMasterKey); Assert.NotNull(buildStep); AppEncryptionSessionFactory sessionFactory = buildStep.Build(); Assert.NotNull(sessionFactory); }
private void RunPartitionTest(int testIterations, string partitionId, int payloadSizeBytesBase) { try { using (AppEncryptionSessionFactory factory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory( configFixture.KeyManagementService, configFixture.MetastorePersistence)) { using (AppEncryption <JObject, byte[]> partition = factory.GetAppEncryptionJson(partitionId)) { Dictionary <string, byte[]> dataStore = new Dictionary <string, byte[]>(); string partitionPart = $"partition-{partitionId}-"; for (int i = 0; i < testIterations; i++) { // Note the size will be slightly larger since we're adding extra unique meta JObject jObject = PayloadGenerator.CreateRandomJsonPayload(payloadSizeBytesBase); string keyPart = $"iteration-{i}"; jObject["payload"] = partitionPart + keyPart; dataStore.Add(keyPart, partition.Encrypt(jObject)); } foreach (KeyValuePair <string, byte[]> keyValuePair in dataStore) { JObject decryptedObject = partition.Decrypt(keyValuePair.Value); Assert.Equal(partitionPart + keyValuePair.Key, decryptedObject["payload"].ToObject <string>()); } } } } catch (Exception e) { Logger.LogError(e, "Unexpected error during call"); throw; } }
public MultiPartitionMultiThreadedTest(ConfigFixture configFixture) { appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory( configFixture.KeyManagementService, configFixture.MetastorePersistence); }
public MultiPartitionMultiThreadedTest() { appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(); }
private static async void App(Options options) { IMetastorePersistence <JObject> metastorePersistence = null; KeyManagementService keyManagementService = null; if (options.MetaStore == MetaStore.ADO) { if (options.AdoConnectionString != null) { logger.LogInformation("using ADO-based metastore..."); metastorePersistence = AdoMetastorePersistenceImpl .NewBuilder(MySqlClientFactory.Instance, options.AdoConnectionString) .Build(); } else { logger.LogError("ADO connection string is a mandatory parameter with MetaStore Type: ADO"); Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null)); return; } } else if (options.MetaStore == MetaStore.DYNAMODB) { logger.LogInformation("using DynamoDB-based metastore..."); AWSConfigs.AWSRegion = "us-west-2"; metastorePersistence = DynamoDbMetastorePersistenceImpl.NewBuilder().Build(); } else { logger.LogInformation("using in-memory metastore..."); metastorePersistence = new MemoryPersistenceImpl <JObject>(); } if (options.Kms == Kms.AWS) { if (options.PreferredRegion != null && options.RegionToArnTuples != null) { Dictionary <string, string> regionToArnDictionary = new Dictionary <string, string>(); foreach (string regionArnPair in options.RegionToArnTuples) { string[] regionArnArray = regionArnPair.Split("="); regionToArnDictionary.Add(regionArnArray[0], regionArnArray[1]); } logger.LogInformation("using AWS KMS..."); keyManagementService = AwsKeyManagementServiceImpl .NewBuilder(regionToArnDictionary, options.PreferredRegion).Build(); } else { logger.LogError("Preferred region and <region>=<arn> tuples are mandatory with KMS Type: AWS"); Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null)); return; } } else { logger.LogInformation("using static KMS..."); keyManagementService = new StaticKeyManagementServiceImpl("secretmasterkey!"); } CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy .NewBuilder() .WithKeyExpirationDays(KeyExpirationDays) .WithRevokeCheckMinutes(CacheCheckMinutes) .Build(); // Setup metrics reporters and always include console. IMetricsBuilder metricsBuilder = new MetricsBuilder() .Report.ToConsole(consoleOptions => consoleOptions.FlushInterval = TimeSpan.FromSeconds(60)); // CloudWatch metrics generation if (options.EnableCloudWatch) { // Fill in when we open source our App.Metrics cloudwatch reporter separately } IMetrics metrics = metricsBuilder.Build(); // Create a session factory for this app. Normally this would be done upon app startup and the // same factory would be used anytime a new session is needed for a partition (e.g., shopper). // We've split it out into multiple using blocks to underscore this point. using (AppEncryptionSessionFactory appEncryptionSessionFactory = AppEncryptionSessionFactory .NewBuilder("productId", "reference_app") .WithMetaStorePersistence(metastorePersistence) .WithCryptoPolicy(cryptoPolicy) .WithKeyManagementService(keyManagementService) .WithMetrics(metrics) .Build()) { // Now create an actual session for a partition (which in our case is a pretend shopper id). This session is used // for a transaction and is disposed automatically after use due to the IDisposable implementation. using (AppEncryption <byte[], byte[]> appEncryptionBytes = appEncryptionSessionFactory.GetAppEncryptionBytes("shopper123")) { const string originalPayloadString = "mysupersecretpayload"; foreach (int i in Enumerable.Range(0, options.Iterations)) { string dataRowString; // If we get a DRR as a command line argument, we want to directly decrypt it if (options.Drr != null) { dataRowString = options.Drr; } else { // Encrypt the payload byte[] dataRowRecordBytes = appEncryptionBytes.Encrypt(Encoding.UTF8.GetBytes(originalPayloadString)); // Consider this us "persisting" the DRR dataRowString = Convert.ToBase64String(dataRowRecordBytes); } logger.LogInformation("dataRowRecord as string = {dataRow}", dataRowString); byte[] newDataRowRecordBytes = Convert.FromBase64String(dataRowString); // Decrypt the payload string decryptedPayloadString = Encoding.UTF8.GetString(appEncryptionBytes.Decrypt(newDataRowRecordBytes)); logger.LogInformation("decryptedPayloadString = {payload}", decryptedPayloadString); logger.LogInformation("matches = {result}", originalPayloadString.Equals(decryptedPayloadString)); } } } // Force final publish of metrics await Task.WhenAll(((IMetricsRoot)metrics).ReportRunner.RunAllAsync()); }