Exemple #1
0
        internal static Mock <MemoryPersistenceImpl <JObject> > CreateMetastoreMock(
            AppEncryptionPartition appEncryptionPartition,
            KeyManagementService kms,
            KeyState metaIK,
            KeyState metaSK,
            CryptoKeyHolder cryptoKeyHolder)
        {
            // TODO Change this to generate a mock dynamically based on the Metastore type
            Mock <MemoryPersistenceImpl <JObject> > metastorePersistenceSpy = new Mock <MemoryPersistenceImpl <JObject> > {
                CallBase = true
            };
            CryptoKey systemKey = cryptoKeyHolder.SystemKey;

            if (metaSK != KeyState.Empty)
            {
                if (metaSK == KeyState.Retired)
                {
                    // We create a revoked copy of the same key
                    DateTimeOffset created = systemKey.GetCreated();
                    systemKey = systemKey
                                .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
                }

                EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(
                    systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked());
                metastorePersistenceSpy.Object.Store(
                    appEncryptionPartition.SystemKeyId,
                    systemKeyRecord.Created,
                    systemKeyRecord.ToJson());
            }

            if (metaIK != KeyState.Empty)
            {
                CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey;
                if (metaIK == KeyState.Retired)
                {
                    // We create a revoked copy of the same key
                    DateTimeOffset created = intermediateKey.GetCreated();
                    intermediateKey = intermediateKey
                                      .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
                }

                EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord(
                    intermediateKey.GetCreated(),
                    new KeyMeta(appEncryptionPartition.SystemKeyId, systemKey.GetCreated()),
                    Crypto.EncryptKey(intermediateKey, systemKey),
                    intermediateKey.IsRevoked());
                metastorePersistenceSpy.Object.Store(
                    appEncryptionPartition.IntermediateKeyId,
                    intermediateKeyRecord.Created,
                    intermediateKeyRecord.ToJson());
            }

            metastorePersistenceSpy.Reset();
            return(metastorePersistenceSpy);
        }
Exemple #2
0
        private void TestConstructorRegularWithNullParentKeyMetaAndNullRevokedShouldBeOptionalEmpty()
        {
            EnvelopeKeyRecord record = new EnvelopeKeyRecord(created, null, encryptedKey, null);

            Assert.NotNull(record);
            Assert.Equal(created, record.Created);
            Assert.Equal(Option <KeyMeta> .None, record.ParentKeyMeta);
            Assert.Equal(encryptedKey, record.EncryptedKey);
            Assert.Equal(Option <bool> .None, record.Revoked);
        }
Exemple #3
0
        private void TestConstructorRegularWithParentKeyMetaAndRevoked()
        {
            EnvelopeKeyRecord record = new EnvelopeKeyRecord(created, parentKeyMeta, encryptedKey, Revoked);

            Assert.NotNull(record);
            Assert.Equal(created, record.Created);
            Assert.Equal(Option <KeyMeta> .Some(parentKeyMeta), record.ParentKeyMeta);
            Assert.Equal(encryptedKey, record.EncryptedKey);
            Assert.Equal(Option <bool> .Some(Revoked), record.Revoked);
        }
Exemple #4
0
        private void TestToJsonWithNullParentKeyMetaAndNullRevokedShouldBeNull()
        {
            EnvelopeKeyRecord envelopeKeyRecord = new EnvelopeKeyRecord(created, null, encryptedKey);

            JObject recordJson = envelopeKeyRecord.ToJson();

            Assert.Equal(created.ToUnixTimeSeconds(), recordJson.GetValue("Created").ToObject <long>());
            Assert.Null(recordJson["ParentKeyMeta"]);
            Assert.Equal(encryptedKey, Convert.FromBase64String(recordJson["Key"].ToString()));
            Assert.Null(recordJson["Revoked"]);
        }
Exemple #5
0
        private void TestToJsonWithParentKeyMetaAndRevoked()
        {
            EnvelopeKeyRecord envelopeKeyRecord = new EnvelopeKeyRecord(created, parentKeyMeta, encryptedKey, Revoked);

            JObject recordJson = envelopeKeyRecord.ToJson();

            Assert.Equal(created.ToUnixTimeSeconds(), recordJson.GetValue("Created").ToObject <long>());
            Assert.Equal(parentCreated.ToUnixTimeSeconds(), recordJson["ParentKeyMeta"]["Created"].ToObject <long>());
            Assert.Equal(ParentKey, recordJson["ParentKeyMeta"]["KeyId"].ToObject <string>());
            Assert.Equal(encryptedKey, Convert.FromBase64String(recordJson["Key"].ToString()));
            Assert.Equal(Revoked, recordJson["Revoked"].ToObject <bool>());
        }
Exemple #6
0
        private void TestConstructorJsonWithNullParentKeyMetaAndNullRevokedShouldBeOptionalEmptyAndFalse()
        {
            Asherah.AppEncryption.Util.Json envelopeKeyRecordJson = new Asherah.AppEncryption.Util.Json();
            envelopeKeyRecordJson.Put("Created", created);
            envelopeKeyRecordJson.Put("Key", encryptedKey);

            EnvelopeKeyRecord record = new EnvelopeKeyRecord(envelopeKeyRecordJson);

            Assert.NotNull(record);
            Assert.Equal(created, record.Created);
            Assert.Equal(Option <KeyMeta> .None, record.ParentKeyMeta);
            Assert.Equal(encryptedKey, record.EncryptedKey);
            Assert.Equal(Option <bool> .None, record.Revoked);
        }
Exemple #7
0
        private void TestConstructorJsonWithParentKeyMetaAndRevoked()
        {
            Asherah.AppEncryption.Util.Json parentKeyMetaJson = new Asherah.AppEncryption.Util.Json();
            parentKeyMetaJson.Put("KeyId", ParentKey);
            parentKeyMetaJson.Put("Created", parentCreated);

            Asherah.AppEncryption.Util.Json envelopeKeyRecordJson = new Asherah.AppEncryption.Util.Json();
            envelopeKeyRecordJson.Put("Created", created);
            envelopeKeyRecordJson.Put("ParentKeyMeta", parentKeyMetaJson);
            envelopeKeyRecordJson.Put("Key", encryptedKey);
            envelopeKeyRecordJson.Put("Revoked", Revoked);

            EnvelopeKeyRecord record = new EnvelopeKeyRecord(envelopeKeyRecordJson);

            Assert.NotNull(record);
            Assert.Equal(created, record.Created);
            Assert.Equal(Option <KeyMeta> .Some(parentKeyMeta), record.ParentKeyMeta);
            Assert.Equal(encryptedKey, record.EncryptedKey);
            Assert.Equal(Option <bool> .Some(Revoked), record.Revoked);
        }
Exemple #8
0
        public AppJsonEncryptionImplTest()
        {
            partition = new Partition("PARTITION", "SYSTEM", "PRODUCT");
            Dictionary <string, JObject> memoryPersistence = new Dictionary <string, JObject>();

            dataPersistence = new AdhocPersistence <JObject>(
                key => memoryPersistence.TryGetValue(key, out JObject result) ? result : Option <JObject> .None,
                (key, jsonObject) => memoryPersistence.Add(key, jsonObject));

            metastore            = new InMemoryMetastoreImpl <JObject>();
            keyManagementService = new DummyKeyManagementService();

            AeadEnvelopeCrypto aeadEnvelopeCrypto = new BouncyAes256GcmCrypto();

            // Generate a dummy systemKey document
            CryptoKey systemKey = aeadEnvelopeCrypto.GenerateKey();

            byte[] encryptedSystemKey = keyManagementService.EncryptKey(systemKey);

            EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(DateTimeOffset.UtcNow, null, encryptedSystemKey);

            // Write out the dummy systemKey record
            memoryPersistence.TryAdd(partition.SystemKeyId, systemKeyRecord.ToJson());
        }
Exemple #9
0
        internal static Mock <IMetastore <JObject> > CreateMetastoreMock(
            Partition partition,
            KeyManagementService kms,
            KeyState metaIK,
            KeyState metaSK,
            CryptoKeyHolder cryptoKeyHolder,
            IMetastore <JObject> metastore)
        {
            CryptoKey systemKey = cryptoKeyHolder.SystemKey;

            Mock <IMetastore <JObject> > metastoreSpy = new Mock <IMetastore <JObject> >();

            metastoreSpy
            .Setup(x => x.Load(It.IsAny <string>(), It.IsAny <DateTimeOffset>()))
            .Returns <string, DateTimeOffset>(metastore.Load);
            metastoreSpy
            .Setup(x => x.LoadLatest(It.IsAny <string>()))
            .Returns <string>(metastore.LoadLatest);
            metastoreSpy
            .Setup(x => x.Store(It.IsAny <string>(), It.IsAny <DateTimeOffset>(), It.IsAny <JObject>()))
            .Returns <string, DateTimeOffset, JObject>(metastore.Store);

            if (metaSK != KeyState.Empty)
            {
                if (metaSK == KeyState.Retired)
                {
                    // We create a revoked copy of the same key
                    DateTimeOffset created = systemKey.GetCreated();
                    systemKey = systemKey
                                .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
                }

                EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(
                    systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked());
                metastore.Store(
                    partition.SystemKeyId,
                    systemKeyRecord.Created,
                    systemKeyRecord.ToJson());
            }

            if (metaIK != KeyState.Empty)
            {
                CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey;
                if (metaIK == KeyState.Retired)
                {
                    // We create a revoked copy of the same key
                    DateTimeOffset created = intermediateKey.GetCreated();
                    intermediateKey = intermediateKey
                                      .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
                }

                EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord(
                    intermediateKey.GetCreated(),
                    new KeyMeta(partition.SystemKeyId, systemKey.GetCreated()),
                    Crypto.EncryptKey(intermediateKey, systemKey),
                    intermediateKey.IsRevoked());
                metastore.Store(
                    partition.IntermediateKeyId,
                    intermediateKeyRecord.Created,
                    intermediateKeyRecord.ToJson());
            }

            return(metastoreSpy);
        }