private static void ResumableUploadWithCustomerSuppliedEncryptionKeysTest_Common(StorageFixture fixture, SigningVersion signingVersion, [CallerMemberName] string caller = null)
{
var bucket = fixture.SingleVersionBucket;
var name = IdGenerator.FromGuid();
var requestTemplate = RequestTemplate
.FromBucket(bucket)
.WithObjectName(name)
.WithHttpMethod(ResumableHttpMethod)
.WithRequestHeaders(new Dictionary <string, IEnumerable <string> >
{
{ "x-goog-encryption-algorithm", new [] { "AES256" } }
});
var content = fixture.SmallContent;
string url = null;
EncryptionKey key = EncryptionKey.Generate();
fixture.RegisterDelayTest(
s_duration,
beforeDelay: async duration =>
{
url = fixture.UrlSigner.Sign(requestTemplate, Options.FromDuration(duration).WithSigningVersion(signingVersion));
// Verify that the URL works initially.
var uploader = SignedUrlResumableUpload.Create(
url,
new MemoryStream(content),
new ResumableUploadOptions {
ModifySessionInitiationRequest = key.ModifyRequest
});
var progress = await uploader.UploadAsync();
Assert.Null(progress.Exception);
Assert.Equal(UploadStatus.Completed, progress.Status);
// Make sure the encryption succeeded.
var downloadedData = new MemoryStream();
await Assert.ThrowsAsync <GoogleApiException>(
() => fixture.Client.DownloadObjectAsync(bucket, name, downloadedData));
await fixture.Client.DownloadObjectAsync(bucket, name, downloadedData, new DownloadObjectOptions {
EncryptionKey = key
});
AssertContentEqual(content, downloadedData.ToArray());
},
afterDelay: async() =>
{
var uploader = SignedUrlResumableUpload.Create(
url,
new MemoryStream(content),
new ResumableUploadOptions {
ModifySessionInitiationRequest = key.ModifyRequest
});
// Verify that the URL no longer works.
var progress = await uploader.UploadAsync();
Assert.Equal(UploadStatus.Failed, progress.Status);
Assert.IsType <GoogleApiException>(progress.Exception);
},
caller);
}
public string GenerateEncryptionKey()
{
var encryptionKey = EncryptionKey.Generate().Base64Key;
Console.WriteLine($"Generated Base64-encoded AES-256 encryption key: {encryptionKey}");
return(encryptionKey);
}
public void CustomerSuppliedEncryptionKeys()
{
var bucketName = _fixture.BucketName;
// Sample: CustomerSuppliedEncryptionKeys
// Use EncryptionKey.Create if you already have a key.
EncryptionKey key = EncryptionKey.Generate();
// This will affect all relevant object-based operations by default.
var client = StorageClient.Create(encryptionKey: key);
var content = Encoding.UTF8.GetBytes("hello, world");
client.UploadObject(bucketName, "encrypted.txt", "text/plain", new MemoryStream(content));
// When downloading, either use a client with the same key...
client.DownloadObject(bucketName, "encrypted.txt", new MemoryStream());
// Or specify a key just for that operation.
var client2 = StorageClient.Create();
client2.DownloadObject(bucketName, "encrypted.txt", new MemoryStream(),
new DownloadObjectOptions {
EncryptionKey = key
});
// End sample
}
private static void PutWithCustomerSuppliedEncryptionKeysTest_Common(StorageFixture fixture, SigningVersion signingVersion, [CallerMemberName] string caller = null)
{
var bucket = fixture.SingleVersionBucket;
var name = IdGenerator.FromGuid();
var content = fixture.SmallContent;
string url = null;
EncryptionKey key = EncryptionKey.Generate();
Func <HttpRequestMessage> createPutRequest = () =>
{
var request = new HttpRequestMessage
{
Method = HttpMethod.Put,
Content = new ByteArrayContent(content)
};
key.ModifyRequest(request);
return(request);
};
fixture.RegisterDelayTest(
s_duration,
beforeDelay: async duration =>
{
var request = createPutRequest();
var requestTemplate = RequestTemplate
.FromBucket(bucket)
.WithObjectName(name)
.WithHttpRequestMessage(request);
url = fixture.UrlSigner.Sign(requestTemplate, Options.FromDuration(duration).WithSigningVersion(signingVersion));
// Verify that the URL works initially.
request.RequestUri = new Uri(url);
var response = await fixture.HttpClient.SendAsync(request);
await VerifyResponseAsync(response);
// Make sure the encryption succeeded.
var downloadedContent = new MemoryStream();
await Assert.ThrowsAsync <GoogleApiException>(
() => fixture.Client.DownloadObjectAsync(bucket, name, downloadedContent));
await fixture.Client.DownloadObjectAsync(bucket, name, downloadedContent, new DownloadObjectOptions {
EncryptionKey = key
});
AssertContentEqual(content, downloadedContent.ToArray());
},
afterDelay: async() =>
{
// Verify that the URL no longer works.
var request = createPutRequest();
request.RequestUri = new Uri(url);
var response = await fixture.HttpClient.SendAsync(request);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
// Cleanup
await fixture.Client.DeleteObjectAsync(bucket, name);
},
caller);
}
private void ResumableUploadWithCustomerSuppliedEncryptionKeysTest_InitDelayTest()
{
var bucket = _fixture.SingleVersionBucket;
var name = GenerateName();
var data = _fixture.SmallContent;
string url = null;
EncryptionKey key = EncryptionKey.Generate();
_fixture.RegisterDelayTest(_duration,
beforeDelay: async duration =>
{
url = _fixture.UrlSigner.Sign(
bucket,
name,
duration,
UrlSigner.ResumableHttpMethod,
requestHeaders: new Dictionary <string, IEnumerable <string> > {
{ "x-goog-encryption-algorithm", new [] { "AES256" } }
});
// Verify that the URL works initially.
var uploader = SignedUrlResumableUpload.Create(
url,
new MemoryStream(data),
new ResumableUploadOptions {
ModifySessionInitiationRequest = key.ModifyRequest
});
var progress = await uploader.UploadAsync();
Assert.Null(progress.Exception);
Assert.Equal(UploadStatus.Completed, progress.Status);
// Make sure the encryption succeeded.
var downloadedData = new MemoryStream();
await Assert.ThrowsAsync <GoogleApiException>(
() => _fixture.Client.DownloadObjectAsync(bucket, name, downloadedData));
await _fixture.Client.DownloadObjectAsync(bucket, name, downloadedData, new DownloadObjectOptions {
EncryptionKey = key
});
Assert.Equal(data, downloadedData.ToArray());
},
afterDelay: async() =>
{
var uploader = SignedUrlResumableUpload.Create(
url,
new MemoryStream(data),
new ResumableUploadOptions {
ModifySessionInitiationRequest = key.ModifyRequest
});
// Verify that the URL no longer works.
var progress = await uploader.UploadAsync();
Assert.Equal(UploadStatus.Failed, progress.Status);
Assert.IsType(typeof(GoogleApiException), progress.Exception);
});
}
private static void GetWithCustomerSuppliedEncryptionKeysTest_Common(StorageFixture fixture, SigningVersion signingVersion, [CallerMemberName] string caller = null)
{
var bucket = fixture.SingleVersionBucket;
var name = IdGenerator.FromGuid();
var content = fixture.SmallContent;
string url = null;
EncryptionKey key = EncryptionKey.Generate();
Func <HttpRequestMessage> createGetRequest = () =>
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get
};
key.ModifyRequest(request);
return(request);
};
fixture.RegisterDelayTest(
s_duration,
beforeDelay: async duration =>
{
var encryptingClient = StorageClient.Create(encryptionKey: key);
encryptingClient.UploadObject(bucket, name, "application/octet-stream", new MemoryStream(content));
// We don't need to specify the encryption key headers explicitly in the signer template.
// The request message we are using in the template already has them set
// (by key.ModifyRequest(request)) and the signer will extract them from there.
var request = createGetRequest();
var requestTemplate = RequestTemplate
.FromBucket(bucket)
.WithObjectName(name)
.WithHttpRequestMessage(request);
url = fixture.UrlSigner.Sign(requestTemplate, Options.FromDuration(duration).WithSigningVersion(signingVersion));
request.RequestUri = new Uri(url);
// Verify that the URL works initially.
var response = await fixture.HttpClient.SendAsync(request);
var result = await response.Content.ReadAsByteArrayAsync();
AssertContentEqual(content, result);
},
afterDelay: async() =>
{
// Verify that the URL no longer works.
var request = createGetRequest();
request.RequestUri = new Uri(url);
var response = await fixture.HttpClient.SendAsync(request);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
// Cleanup
await fixture.Client.DeleteObjectAsync(bucket, name);
},
caller);
}
public void Generate()
{
EncryptionKey key1 = EncryptionKey.Generate();
EncryptionKey key2 = EncryptionKey.Generate();
Assert.NotNull(key1.Base64Key);
Assert.NotNull(key1.Base64Hash);
Assert.NotEqual(key1.Base64Key, key2.Base64Key);
Assert.NotEqual(key1.Base64Hash, key2.Base64Hash);
}
private void PutWithCustomerSuppliedEncryptionKeysTest_InitDelayTest()
{
var bucket = _fixture.SingleVersionBucket;
var name = GenerateName();
var data = _fixture.SmallContent;
string url = null;
EncryptionKey key = EncryptionKey.Generate();
Func <HttpRequestMessage> createPutRequest = () =>
{
var request = new HttpRequestMessage
{
Method = HttpMethod.Put,
Content = new ByteArrayContent(data)
};
key.ModifyRequest(request);
return(request);
};
_fixture.RegisterDelayTest(_duration,
beforeDelay: async duration =>
{
var request = createPutRequest();
url = _fixture.UrlSigner.Sign(bucket, name, duration, request);
// Verify that the URL works initially.
request.RequestUri = new Uri(url);
var response = await _fixture.HttpClient.SendAsync(request);
Assert.True(response.IsSuccessStatusCode);
// Make sure the encryption succeeded.
var downloadedData = new MemoryStream();
await Assert.ThrowsAsync <GoogleApiException>(
() => _fixture.Client.DownloadObjectAsync(bucket, name, downloadedData));
await _fixture.Client.DownloadObjectAsync(bucket, name, downloadedData, new DownloadObjectOptions {
EncryptionKey = key
});
Assert.Equal(data, downloadedData.ToArray());
},
afterDelay: async() =>
{
// Verify that the URL no longer works.
var request = createPutRequest();
request.RequestUri = new Uri(url);
var response = await _fixture.HttpClient.SendAsync(request);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
// Cleanup
await _fixture.Client.DeleteObjectAsync(bucket, name);
});
}
public void DownloadWithoutKey()
{
var bucket = _fixture.SingleVersionBucket;
var data = GenerateData(100);
var key = EncryptionKey.Generate();
var contentType = "application/octet-stream";
var client = StorageClient.Create();
var name = IdGenerator.FromGuid();
client.UploadObject(bucket, name, contentType, data, new UploadObjectOptions {
EncryptionKey = key
});
Assert.Throws <GoogleApiException>(() => client.DownloadObject(bucket, name, new MemoryStream()));
}
private static void GetWithCustomerSuppliedEncryptionKeysTest_Common(StorageFixture fixture, UrlSigner signer, [CallerMemberName] string caller = null)
{
var bucket = fixture.SingleVersionBucket;
var name = IdGenerator.FromGuid();
var content = fixture.SmallContent;
string url = null;
EncryptionKey key = EncryptionKey.Generate();
Func <HttpRequestMessage> createGetRequest = () =>
{
var request = new HttpRequestMessage {
Method = HttpMethod.Get
};
key.ModifyRequest(request);
return(request);
};
fixture.RegisterDelayTest(
s_duration,
beforeDelay: async duration =>
{
var encryptingClient = StorageClient.Create(encryptionKey: key);
encryptingClient.UploadObject(bucket, name, "application/octet-stream", new MemoryStream(content));
var request = createGetRequest();
url = signer.Sign(bucket, name, duration, request);
request.RequestUri = new Uri(url);
// Verify that the URL works initially.
var response = await fixture.HttpClient.SendAsync(request);
var result = await response.Content.ReadAsByteArrayAsync();
AssertContentEqual(content, result);
},
afterDelay: async() =>
{
// Verify that the URL no longer works.
var request = createGetRequest();
request.RequestUri = new Uri(url);
var response = await fixture.HttpClient.SendAsync(request);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
// Cleanup
await fixture.Client.DeleteObjectAsync(bucket, name);
},
caller);
}
public void NotNoneEquality()
{
var key1a = EncryptionKey.Generate();
var key1b = EncryptionKey.Create(Convert.FromBase64String(key1a.Base64Key));
var key2 = EncryptionKey.Generate();
Assert.True(key1a.Equals(key1b));
Assert.True(key1a.Equals((object)key1b));
Assert.Equal(key1a.GetHashCode(), key1b.GetHashCode());
Assert.False(key1a.Equals(key2));
Assert.False(key1a.Equals((object)key2));
Assert.NotEqual(key1a.GetHashCode(), key2.GetHashCode());
Assert.False(key1a.Equals(null));
Assert.False(key1a.Equals((object)null));
}
// Tworzy pod wskazaną ścieżką nowy plik archiwum i pozostawia go otwartym
public static FileArchive Create(string filepath, string password, bool compression)
{
if (File.Exists(filepath))
{
throw new Exception("Plik pod wskazaną ścieżką już istnieje");
}
EncryptionKey key = EncryptionKey.Generate(password);
FileArchive archive = new FileArchive();
archive.FilePath = filepath;
archive.ArchiveKey = key;
archive.IsCompressed = compression;
archive.CreateArchiveFile();
return(archive);
}
public void DownloadWithKey()
{
var bucket = _fixture.SingleVersionBucket;
var data = GenerateData(100);
var key = EncryptionKey.Generate();
var contentType = "application/octet-stream";
var client = StorageClient.Create(encryptionKey: key);
var name = IdGenerator.FromGuid();
client.UploadObject(bucket, name, contentType, data);
// Client default key
ValidateData(bucket, name, data, client);
// Overridden
ValidateData(bucket, name, data, null, new DownloadObjectOptions {
EncryptionKey = key
});
}
public void GetMetadata()
{
var bucket = _fixture.SingleVersionBucket;
var data = GenerateData(100);
var key = EncryptionKey.Generate();
var contentType = "application/octet-stream";
var client = StorageClient.Create();
var name = IdGenerator.FromGuid();
var uploaded = client.UploadObject(bucket, name, contentType, data, new UploadObjectOptions {
EncryptionKey = key
});
var fetchedWithoutKey = client.GetObject(bucket, name);
Assert.Null(fetchedWithoutKey.Md5Hash);
var fetchedWithKey = client.GetObject(bucket, name, new GetObjectOptions {
EncryptionKey = key
});
Assert.NotNull(fetchedWithKey.Md5Hash);
Assert.Equal(uploaded.Md5Hash, fetchedWithKey.Md5Hash);
}
public void RotateKeys()
{
var bucket = _fixture.SingleVersionBucket;
var data = GenerateData(100);
var key1 = EncryptionKey.Generate();
var key2 = EncryptionKey.Generate();
var contentType = "application/octet-stream";
var name = IdGenerator.FromGuid();
var client1 = StorageClient.Create(encryptionKey: key1);
client1.UploadObject(_fixture.SingleVersionBucket, name, contentType, data);
var client2 = StorageClient.Create(encryptionKey: key2);
// We're copying over the top of the original object. We don't have to, but that's
// probably typical for key rotation.
client2.CopyObject(bucket, name, bucket, name, new CopyObjectOptions {
SourceEncryptionKey = key1
});
ValidateData(bucket, name, data, client2);
}
static void Main(string[] args)
{
// step 1 create customer encryption key
var key = EncryptionKey.Generate().Base64Key;
var encryptionKey = EncryptionKey.Create(Convert.FromBase64String(key));
// step 2 get you service Acount cert for auth
string serviceAcountCert = "stackoverflow54387198-xxxxxxxx.json";
// step 3 get you service Acount cert for auth
string bucketName = "stackoverflow_54387198_bucket";
string localPath = "FileToUpload.txt";
string objectName = null;
// step 4 create a local text file to upload
File.WriteAllText(localPath, "test");
// step 5 Create Google Storage Client
var storage = StorageClient.Create(
GoogleCredential.FromJson(File.ReadAllText(serviceAcountCert)));
// step 6 upload the file with the customer encryption key from step 1
using (var f = File.OpenRead(localPath))
{
objectName = objectName ?? Path.GetFileName(localPath);
storage.UploadObject(bucketName, objectName, null, f,
new UploadObjectOptions()
{
EncryptionKey = encryptionKey
});
Console.WriteLine($"Uploaded {objectName}.");
}
// step 7 create a url
// step 7.1 create add x-goog-encryption-algorithm hear
//to tell google you are using customer encryption key
var requestHeaders = new Dictionary <string, IEnumerable <string> >
{
{
"x-goog-encryption-algorithm", new [] { "AES256" }
}
};
// step 7.2 set other parameters
var expireAfter = TimeSpan.FromHours(30.0);
var verb = HttpMethod.Get;
// step 7.3 create a Url Signer
var urlSigner = UrlSigner.FromServiceAccountPath(serviceAcountCert);
// step 7.4 create a secure url
var url = urlSigner.Sign(
bucketName,
objectName,
expireAfter,
verb,
requestHeaders);
// step 8 use the Your Url
// step 8.1 create HttpClient
var client = new HttpClient();
// step 8.1 add x-goog-encryption-algorithm header the same from step 7
client.DefaultRequestHeaders.Add("x-goog-encryption-algorithm", "AES256");
// step 8.2 add x-goog-encryption-key header with customer encryption key (Base64Hash)
client.DefaultRequestHeaders.Add("x-goog-encryption-key", encryptionKey.Base64Key);
// step 8.3 add x-goog-encryption-key header with customer encryption key (Base64Hash)
client.DefaultRequestHeaders.Add("x-goog-encryption-key-sha256", encryptionKey.Base64Hash);
// step 8.4 Download the file
Task.Run(async() =>
{
var response = await client.GetAsync(url);
var contents = await response.Content.ReadAsStringAsync();
// contents == "test"
Console.WriteLine($"contents=>{contents}");
}).GetAwaiter().GetResult();
Console.ReadLine();
}
// [END storage_generate_signed_url]
// [START storage_generate_encryption_key]
void GenerateEncryptionKey()
{
Console.Write(EncryptionKey.Generate().Base64Key);
}