static void TestDecryptedS3(EncryptionMaterials encryptionMaterials) { string bucket_Name = null; AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials); bucket_Name = TdwUtils.rootBucketName + "encrypted-content"; bucket_Name = TdwUtils.CreateBucket(s3Client, bucket_Name); GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucket_Name, Key = TdwUtils.keyName }; string data = null; using (GetObjectResponse getObjectResponse = s3Client.GetObject(getObjectRequest)) { using (var stream = getObjectResponse.ResponseStream) using (var reader = new StreamReader(stream)) { data = reader.ReadToEnd(); } Console.WriteLine("===============>TestDecryptedS3 START<==============="); Console.WriteLine("Encryption method was:"); Console.WriteLine(getObjectResponse.ServerSideEncryptionMethod); Console.WriteLine("===============> <==============="); } Console.WriteLine(data); Console.WriteLine("===============>TestDecryptedS3 END<==============="); }
//private static AmazonS3EncryptionClient s3EncryptionClientFileMode; static void Main(string[] args) { EncryptionMaterials encryptionMaterials = new EncryptionMaterials(TdwUtils.CreateAsymmetricProvider()); //S3demo testS3 = new S3demo(encryptionMaterials); CloudFormationDemo cfDemo = new CloudFormationDemo(args); //KinesisDemo KinesisDemo = new KinesisDemo(args); }
static void TestEncryptedS3(EncryptionMaterials encryptionMaterials) { string bucket_Name = null; AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials); bucket_Name = TdwUtils.rootBucketName + "encrypted-content"; try { AmazonS3Util.DeleteS3BucketWithObjects(s3Client, bucket_Name); } catch (Exception ex) { ex = null; } bucket_Name = TdwUtils.CreateBucket(s3Client, bucket_Name); string dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPath); byte[] dataBytes = TdwUtils.FileToArray(dataPath); PutObjectRequest request = new PutObjectRequest() { BucketName = bucket_Name, Key = TdwUtils.keyName, InputStream = new MemoryStream(dataBytes) }; PutObjectResponse response = s3Client.PutObject(request); Console.WriteLine("===============>TestEncryptedS3 START<==============="); Console.WriteLine("Encryption method was:"); Console.WriteLine(response.ServerSideEncryptionMethod); Console.WriteLine("===============>TestEncryptedS3 END<==============="); }
protected async Task <string> UploadIkek(string objectKeyName, byte[] ikek) { logger.Info($"encrypt I-KEK using {KmsCmkId}"); logger.Info($"upload I-KEK to {objectKeyName}"); using (var algorithm = new KMSAlgorithm(new AmazonKeyManagementServiceClient(AwsRegion), KmsCmkId)) { var materials = new EncryptionMaterials(algorithm); using (var s3Client = GetS3EncryptionClient(materials, new AmazonS3CryptoConfiguration { RegionEndpoint = AwsRegion })) { var putRequest = new PutObjectRequest { BucketName = BucketName, Key = objectKeyName, InputStream = new MemoryStream(ikek), ContentType = "application/octet-stream", ServerSideEncryptionKeyManagementServiceKeyId = KmsCmkId, ServerSideEncryptionMethod = ServerSideEncryptionMethod.AWSKMS }; var putResult = await s3Client.PutObjectAsync(putRequest); logger.Info($"uploaded I-KEK to {objectKeyName}"); return(putResult.VersionId); } } }
static async Task <GetObjectResponse> MyPutObjectAsync(EncryptionMaterials materials, string bucketName, string keyName) { // CryptoStorageMode.ObjectMetadata is required for KMS EncryptionMaterials var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(config, materials); // encrypt and put object var putRequest = new PutObjectRequest { BucketName = bucketName, Key = keyName, ContentBody = "object content" }; await s3Client.PutObjectAsync(putRequest); // get object and decrypt var getRequest = new GetObjectRequest { BucketName = bucketName, Key = keyName }; GetObjectResponse response = await s3Client.GetObjectAsync(getRequest); return(response); }
public void Initialize() { kmsClient = new AmazonKeyManagementServiceClient(RegionEndpoint.USEast1); s3Client = new AmazonS3Client(RegionEndpoint.USEast1); // Create a bucket to store objects related to this test. bucketName = GetOrCreateBucket(s3Client); // Create a KMS key, and an S3 object with the KMSKeyID. kmsKeyID = GetOrCreateKMSKey(s3Client, kmsClient, bucketName); // Create an S3 object with a symmetric key used for testing. symmetricAlgorithm = GetOrCreateSymmetricAlgorithm(s3Client, bucketName); var encryptionMaterials = new EncryptionMaterials(symmetricAlgorithm); var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataMode); s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileMode); s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMS); s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMS); }
protected async Task <byte[]> DownloadIkek(string objectKeyName, string versionId) { logger.Info($"download I-KEK from {objectKeyName} versionId={versionId}"); var getObject = new GetObjectRequest { BucketName = BucketName, Key = objectKeyName }; if (!string.IsNullOrEmpty(versionId)) { getObject.VersionId = versionId; } using (var algorithm = new KMSAlgorithm(new AmazonKeyManagementServiceClient(AwsRegion), KmsCmkId)) { var materials = new EncryptionMaterials(algorithm); using (var s3Client = GetS3EncryptionClient(materials, new AmazonS3CryptoConfiguration { RegionEndpoint = AwsRegion })) { var s3Object = await s3Client.GetObjectAsync(getObject); using (var reader = new StreamReader(s3Object.ResponseStream)) { var fileContents = await reader.ReadToEndAsync(); return(ASCIIEncoding.UTF8.GetBytes(fileContents)); } } } }
public S3Storage() { const string filename = "keyxml.pk"; var path = WebServerPathUtils.GetPathTo(Path.Combine("bin", filename)); var f = new FileInfo(path); if (f.Exists) { using (var file = f.OpenRead()) { var keyString = new StreamReader(file).ReadToEnd(); _algorithm = RSA.Create(); _algorithm.FromXmlString(keyString); var encryptionMaterials = new EncryptionMaterials(_algorithm); try { _client = new AmazonS3EncryptionClient(encryptionMaterials); var bucket = new S3DirectoryInfo(_client, PdfDocumentsBucketName); if (!bucket.Exists) { bucket.Create(); } } catch (Exception ex) { Console.WriteLine("Unable to initialize S3 client\n" + ex); } } } }
public static void Main(string[] args) { if (args.Length < 3) { Console.WriteLine("You must supply a Region, bucket name, and item name:"); Console.WriteLine("Usage: KmsS3Encryption REGION BUCKET ITEM"); return; } string regionName = args[0]; string bucketName = args[1]; string itemName = args[2]; Task <CreateKeyResponse> response = MyCreateKeyAsync(regionName); KeyMetadata keyMetadata = response.Result.KeyMetadata; string kmsKeyId = keyMetadata.KeyId; // An object that contains information about the CMK created by this operation. EncryptionMaterials kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyId); Task <GetObjectResponse> goResponse = MyPutObjectAsync(kmsEncryptionMaterials, bucketName, itemName); Stream stream = goResponse.Result.ResponseStream; StreamReader reader = new StreamReader(stream); Console.WriteLine(reader.ReadToEnd()); Console.WriteLine("Press any key to continue..."); Console.ReadKey(); }
public EncryptionTests() { using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = CallAsyncTask( kmsClient.CreateKeyAsync(new CreateKeyRequest { Description = "Key for .NET integration tests.", Origin = OriginType.AWS_KMS, KeyUsage = KeyUsageType.ENCRYPT_DECRYPT })); kmsKeyID = response.KeyMetadata.KeyId; } var encryptionMaterials = new EncryptionMaterials(RSA.Create()); var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials); s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials); using (StreamWriter writer = File.CreateText(filePath)) { writer.Write(sampleContent); } bucketName = CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileMode, GetType().Name)); }
//private static AmazonS3EncryptionClient s3EncryptionClientFileMode; public CloudFormationDemo(string[] args) { EncryptionMaterials encryptionMaterials = new EncryptionMaterials(TdwUtils.CreateAsymmetricProvider()); //CopyTemplatesToS3(encryptionMaterials); //TestParentChildTemplates(); //TestCfStack(encryptionMaterials); ApplyCloudFormationChangeSetExample(); }
public EncryptionTestsV1NInteropV2(KmsKeyIdProvider kmsKeyIdProvider) : base(kmsKeyIdProvider) { kmsKeyID = _kmsKeyIdProvider.GetKmsIdAsync().GetAwaiter().GetResult(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; var asymmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(rsa, AsymmetricAlgorithmType.RsaOaepSha1); var symmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm); var kmsEncryptionMaterialsV2 = new EncryptionMaterialsV2(kmsKeyID, KmsType.KmsContext, new Dictionary <string, string>()); metadataConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.ObjectMetadata, }; fileConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.InstructionFile, }; #pragma warning disable 0618 s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); #pragma warning restore 0618 s3EncryptionClientMetadataModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientFileModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientFileModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeKMSV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, kmsEncryptionMaterialsV2); s3EncryptionClientFileModeKMSV2 = new AmazonS3EncryptionClientV2(fileConfigV2, kmsEncryptionMaterialsV2); using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = EncryptionTestsUtils.CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileModeAsymmetricWrapV1N)); }
public static void Main(string[] args) { string kmsKeyID = null; using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = kmsClient.CreateKey(new CreateKeyRequest()); kmsKeyID = response.KeyMetadata.KeyId; var keyMetadata = response.KeyMetadata; // An object that contains information about the CMK created by this operation. var bucketName = "<s3bucket>"; var objectKey = "key"; var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); // CryptoStorageMode.ObjectMetadata is required for KMS EncryptionMaterials var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials)) { // encrypt and put object var putRequest = new PutObjectRequest { BucketName = bucketName, Key = objectKey, ContentBody = "object content" }; s3Client.PutObject(putRequest); // get object and decrypt var getRequest = new GetObjectRequest { BucketName = bucketName, Key = objectKey }; using (var getResponse = s3Client.GetObject(getRequest)) using (var stream = getResponse.ResponseStream) using (var reader = new StreamReader(stream)) { Console.WriteLine(reader.ReadToEnd()); } } } Console.WriteLine("Press any key to continue..."); Console.ReadKey(); }
#pragma warning restore 0618 public EncryptionTestsV1InteropV1N(KmsKeyIdProvider kmsKeyIdProvider) : base(kmsKeyIdProvider) { kmsKeyID = _kmsKeyIdProvider.GetKmsIdAsync().GetAwaiter().GetResult(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(rsa); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(aes); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(kmsKeyID); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1 = new Amazon.S3.Encryption.AmazonS3CryptoConfiguration() { StorageMode = Amazon.S3.Encryption.CryptoStorageMode.InstructionFile }; var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1); s3EncryptionClientFileModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, asymmetricEncryptionMaterialsV1); s3EncryptionClientMetadataModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1); s3EncryptionClientFileModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, symmetricEncryptionMaterialsV1); s3EncryptionClientMetadataModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(kmsEncryptionMaterialsV1); s3EncryptionClientFileModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, kmsEncryptionMaterialsV1); #pragma warning disable 0618 s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); #pragma warning restore 0618 using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = EncryptionTestsUtils.CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileModeAsymmetricWrapV1)); }
public static void Initialize(TestContext a) { EncryptionMaterials encryptionMaterials = new EncryptionMaterials(generateAsymmetricProvider()); s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); using (StreamWriter writer = File.CreateText(fileName)) { writer.Write(sampleContent); } bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode); }
public static void Initialize(TestContext a) { using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = kmsClient.CreateKey(new CreateKeyRequest { Description = "Key for .NET integration tests.", Origin = OriginType.AWS_KMS, KeyUsage = KeyUsageType.ENCRYPT_DECRYPT }); kmsKeyID = response.KeyMetadata.KeyId; } var encryptionMaterials = new EncryptionMaterials(RSA.Create()); var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataMode); s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileMode); s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMS); s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMS); using (StreamWriter writer = File.CreateText(filePath)) { writer.Write(sampleContent); } bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode); }
public async Task <string> ReadValue(string key) { using (var kmsClient = new AmazonKeyManagementServiceClient()) { string kmsKeyID = null; var response = await kmsClient.CreateKeyAsync(new CreateKeyRequest()); kmsKeyID = response.KeyMetadata.KeyId; var keyMetadata = response.KeyMetadata; var bucketName = "<your S3 bucket name>"; var objectKey = key; var kmsEncryptionMaterials = new EncryptionMaterials(key); var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials)) { var getRequest = new GetObjectRequest { BucketName = bucketName, Key = objectKey }; using (var getResponse = await s3Client.GetObjectAsync(getRequest)) using (var stream = getResponse.ResponseStream) using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } } } }
public async Task <bool> WriteValue(string key, string value) { using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = await kmsClient.CreateKeyAsync(new CreateKeyRequest()); string kmsKeyID = response.KeyMetadata.KeyId; var keyMetadata = response.KeyMetadata; var bucketName = "<your S3 bucket name>"; var objectKey = key; var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials)) { var putRequest = new PutObjectRequest { BucketName = bucketName, Key = objectKey, ContentBody = value }; var obj = await s3Client.PutObjectAsync(putRequest); if (obj.HttpStatusCode == HttpStatusCode.OK) { return(true); } } } return(false); }
public EncryptionTestsV1NInteropV2() : base(KmsKeyIdProvider.Instance) { kmsKeyID = _kmsKeyIdProvider.GetKmsId(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; var asymmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(rsa, AsymmetricAlgorithmType.RsaOaepSha1); var symmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm); var kmsEncryptionMaterialsV2 = new EncryptionMaterialsV2(kmsKeyID, KmsType.KmsContext, new Dictionary <string, string>()); fileConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.InstructionFile, }; metadataConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.ObjectMetadata, }; s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); s3EncryptionClientMetadataModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientFileModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientFileModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeKMSV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, kmsEncryptionMaterialsV2); s3EncryptionClientFileModeKMSV2 = new AmazonS3EncryptionClientV2(fileConfigV2, kmsEncryptionMaterialsV2); using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = S3TestUtils.CreateBucketWithWait(s3EncryptionClientFileModeAsymmetricWrapV1N); }
static void TestCfStack(EncryptionMaterials encryptionMaterials) { string bucket_Name = QSS3BucketName; string templateName = QSS3KeyPrefix + TdwUtils.cfClassPathBastion.Replace("tdw_cf_template\\", ""); string stack_name = templateName.Replace("-", ""); stack_name = stack_name.Replace(".template", ""); //AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials); AmazonS3Client s3Client = new AmazonS3Client(); GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucket_Name, Key = templateName, }; string data = null; using (GetObjectResponse getObjectResponse = s3Client.GetObject(getObjectRequest)) { using (var stream = getObjectResponse.ResponseStream) using (var reader = new StreamReader(stream)) { data = reader.ReadToEnd(); } } Amazon.CloudFormation.AmazonCloudFormationClient cfClient = new AmazonCloudFormationClient(); ValidateTemplateResponse templateResponse = cfClient.ValidateTemplate(new ValidateTemplateRequest() { TemplateBody = data }); List <string> capabilities = templateResponse.Capabilities; string capabilitiesReason = templateResponse.CapabilitiesReason; string description = templateResponse.Description; List <TemplateParameter> parameters = templateResponse.Parameters; if (parameters.Any()) { Console.WriteLine(" Parameters:"); foreach (var p in parameters) { Console.WriteLine(" {0} = {1}", p.ParameterKey, p.Description); } } //try //{ // DeleteStackRequest deleteRequest = new DeleteStackRequest() { StackName = stack_name }; // cfClient.DeleteStack(deleteRequest); //} //catch (Exception ex) //{ // ex = null; //} DescribeStacksResponse testForStackDescResp = new DescribeStacksResponse(); try { testForStackDescResp = cfClient.DescribeStacks(new DescribeStacksRequest() { StackName = stack_name }); } catch (Exception ex) { testForStackDescResp = null; } if (testForStackDescResp == null) { List <string> CfCapabilities = new List <string>(); CfCapabilities.Add("CAPABILITY_IAM"); CreateStackRequest stackRequest = new CreateStackRequest() { StackName = stack_name, TemplateBody = data, Capabilities = CfCapabilities }; //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pDBPassword", ParameterValue = "LiverpoolFC" } ); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pNotifyEmail", ParameterValue = "*****@*****.**" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pEC2KeyPairBastion", ParameterValue = "BastionSshKvp" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pEC2KeyPair", ParameterValue = "Ec2SshKvp" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pSupportsConfig", ParameterValue = "Yes" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pAvailabilityZoneA", ParameterValue = "eu-west-1a" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pAvailabilityZoneB", ParameterValue = "eu-west-1b" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "pVPCTenancy", ParameterValue = "default" }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "QSS3BucketName", ParameterValue = QSS3BucketName }); //stackRequest.Parameters.Add(new Parameter() { ParameterKey = "QSS3KeyPrefix", ParameterValue = QSS3KeyPrefix }); templateResponse = cfClient.ValidateTemplate(new ValidateTemplateRequest() { TemplateBody = data }); CreateStackResponse stackResponse = cfClient.CreateStack(stackRequest); } testForStackDescResp = cfClient.DescribeStacks(new DescribeStacksRequest()); foreach (var stack in testForStackDescResp.Stacks) { Console.WriteLine("stack: {0}", stack.StackName); Console.WriteLine(" status: {0}", stack.StackStatus); Console.WriteLine(" created: {0}", stack.CreationTime); var ps = stack.Parameters; if (ps.Any()) { Console.WriteLine(" parameters:"); foreach (var p in ps) { Console.WriteLine(" {0} = {1}", p.ParameterKey, p.ParameterValue); } } } }
private AmazonS3EncryptionClient GetS3EncryptionClient(EncryptionMaterials materials, AmazonS3CryptoConfiguration cryptoConfig) { return(new AmazonS3EncryptionClient(GetAwsCredentials(), cryptoConfig, materials)); }
static void CopyTemplatesToS3(EncryptionMaterials encryptionMaterials) { string bucket_Name = null; string dataPath = null; byte[] dataBytes = null; PutObjectRequest request = null; PutObjectResponse response = null; //AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials); AmazonS3Client s3Client = new AmazonS3Client(); try { TdwUtils.TearDownS3BucketByPrefix(s3Client, "tdwcftdev"); AmazonS3Util.DeleteS3BucketWithObjects(s3Client, QSS3BucketName); } catch (Exception ex) { ex = null; } bucket_Name = TdwUtils.CreateBucket(s3Client, QSS3BucketName); ///Cross stack communication, Parent dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathParentSubnet); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathParentSubnet.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Cross stack communication, first child dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathChildSubnetProducer); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathChildSubnetProducer.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Cross stack communication, second child dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathChildSubnet); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathChildSubnet.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Application Template dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathApplication); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathApplication.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); //Config Rules dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathConfigRules); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathConfigRules.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Iam Template dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathIam); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathIam.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); //Kinesis dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathKinesis); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathKinesis.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Logging Template dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathLogging); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathLogging.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Main Bastion Template dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathBastion); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathBastion.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Management Vpc Template dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathManagementVpc); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathManagementVpc.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///Prod Vpc Template dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathProductionVpc); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathProductionVpc.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); ///ChangeSet Template for main bastion dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPathBastionChangeSet); dataBytes = TdwUtils.FileToArray(dataPath); request = new PutObjectRequest() { BucketName = QSS3BucketName, Key = QSS3KeyPrefix + TdwUtils.cfClassPathBastionChangeSet.Replace("tdw_cf_template\\", ""), InputStream = new MemoryStream(dataBytes) }; response = s3Client.PutObject(request); }
#pragma warning restore 0618 public EncryptionTestsV1InteropV1N() : base(KmsKeyIdProvider.Instance) { filePath = Path.Combine(Path.GetTempPath(), $"EncryptionPutObjectFile-{Guid.NewGuid()}.txt"); kmsKeyID = _kmsKeyIdProvider.GetKmsId(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(rsa); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(aes); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(kmsKeyID); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1 = new Amazon.S3.Encryption.AmazonS3CryptoConfiguration() { StorageMode = Amazon.S3.Encryption.CryptoStorageMode.InstructionFile }; var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeAsymmetricWrapV1); s3EncryptionClientFileModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, asymmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeAsymmetricWrapV1); s3EncryptionClientMetadataModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeSymmetricWrapV1); s3EncryptionClientFileModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, symmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeSymmetricWrapV1); s3EncryptionClientMetadataModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(kmsEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMSV1); s3EncryptionClientFileModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, kmsEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMSV1); s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeAsymmetricWrapV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeAsymmetricWrapV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeSymmetricWrapV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeSymmetricWrapV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMSV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMSV1N); using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = S3TestUtils.CreateBucketWithWait(s3EncryptionClientFileModeAsymmetricWrapV1); }
public S3demo(EncryptionMaterials encryptionMaterials) { TestS3(); TestEncryptedS3(encryptionMaterials); TestDecryptedS3(encryptionMaterials); }
static void UploadFileWithClientSideEncryption(string filePath) { string kmsKeyID = null; var objectKey = System.IO.Path.GetFileName(filePath); using (var kmsClient = new AmazonKeyManagementServiceClient(defaultEndpoint)) { // var response = kmsClient.CreateKeyAsync(new CreateKeyRequest()).GetAwaiter().GetResult(); kmsKeyID = GetKeyByAlias(keyName, kmsClient); // var keyMetadata = keyData?.KeyMetadata; // An object that contains information about the CMK created by this operation. var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); //set encryption context using (var s3Client = new AmazonS3EncryptionClient(defaultEndpoint, kmsEncryptionMaterials)) { // encrypt and put object var putRequest = new PutObjectRequest { BucketName = bucketName, Key = objectKey, FilePath = filePath }; putRequest.Metadata.Add("x-amz-meta-moo", "This is a test"); // putRequest.Headers["x-amz-matdesc"] = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(jsonStringEncryptionContext)); putRequest.Headers["x-amz-server-side-encryption"] = "aws:kms"; putRequest.Headers["x-amz-server-side-encryption-aws-kms-key-id"] = kmsKeyID; putRequest.Headers["x-amz-server-side-encryption-context"] = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(jsonStringEncryptionContext)); s3Client.PutObjectAsync(putRequest).GetAwaiter().GetResult(); } // The KeyID is actually embedded in the metadata of the object and the encryptionclient automatically looks it up so you don't actually have to do that yourself var kem2 = new EncryptionMaterials("1111111-11111-11111111-11111111"); using (var s3Client2 = new AmazonS3EncryptionClient(defaultEndpoint, kem2)) { // get object and decrypt var getRequest = new GetObjectRequest { BucketName = bucketName, Key = objectKey }; string fPath2 = System.IO.Path.Combine(System.IO.Path.GetDirectoryName(filePath), System.IO.Path.GetFileNameWithoutExtension(filePath) + "_" + new Random().Next(0, 1000).ToString() + System.IO.Path.GetExtension(filePath)); using (var getResponse = s3Client2.GetObjectAsync(getRequest).GetAwaiter().GetResult()) using (var stream = getResponse.ResponseStream) using (var reader = new StreamReader(stream)) { using (var fileStream = new FileStream(fPath2, FileMode.Create, FileAccess.Write)) { stream.CopyTo(fileStream); fileStream.Flush(); fileStream.Close(); } } Console.WriteLine($"Object written to {fPath2}"); } } Console.WriteLine("Press any key to continue..."); Console.ReadKey(); }