internal static Mock <MemoryPersistenceImpl <JObject> > CreateMetastoreMock( AppEncryptionPartition appEncryptionPartition, KeyManagementService kms, KeyState metaIK, KeyState metaSK, CryptoKeyHolder cryptoKeyHolder) { // TODO Change this to generate a mock dynamically based on the Metastore type Mock <MemoryPersistenceImpl <JObject> > metastorePersistenceSpy = new Mock <MemoryPersistenceImpl <JObject> > { CallBase = true }; CryptoKey systemKey = cryptoKeyHolder.SystemKey; if (metaSK != KeyState.Empty) { if (metaSK == KeyState.Retired) { // We create a revoked copy of the same key DateTimeOffset created = systemKey.GetCreated(); systemKey = systemKey .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true)); } EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord( systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked()); metastorePersistenceSpy.Object.Store( appEncryptionPartition.SystemKeyId, systemKeyRecord.Created, systemKeyRecord.ToJson()); } if (metaIK != KeyState.Empty) { CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey; if (metaIK == KeyState.Retired) { // We create a revoked copy of the same key DateTimeOffset created = intermediateKey.GetCreated(); intermediateKey = intermediateKey .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true)); } EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord( intermediateKey.GetCreated(), new KeyMeta(appEncryptionPartition.SystemKeyId, systemKey.GetCreated()), Crypto.EncryptKey(intermediateKey, systemKey), intermediateKey.IsRevoked()); metastorePersistenceSpy.Object.Store( appEncryptionPartition.IntermediateKeyId, intermediateKeyRecord.Created, intermediateKeyRecord.ToJson()); } metastorePersistenceSpy.Reset(); return(metastorePersistenceSpy); }
private void TestConstructorRegularWithNullParentKeyMetaAndNullRevokedShouldBeOptionalEmpty() { EnvelopeKeyRecord record = new EnvelopeKeyRecord(created, null, encryptedKey, null); Assert.NotNull(record); Assert.Equal(created, record.Created); Assert.Equal(Option <KeyMeta> .None, record.ParentKeyMeta); Assert.Equal(encryptedKey, record.EncryptedKey); Assert.Equal(Option <bool> .None, record.Revoked); }
private void TestConstructorRegularWithParentKeyMetaAndRevoked() { EnvelopeKeyRecord record = new EnvelopeKeyRecord(created, parentKeyMeta, encryptedKey, Revoked); Assert.NotNull(record); Assert.Equal(created, record.Created); Assert.Equal(Option <KeyMeta> .Some(parentKeyMeta), record.ParentKeyMeta); Assert.Equal(encryptedKey, record.EncryptedKey); Assert.Equal(Option <bool> .Some(Revoked), record.Revoked); }
private void TestToJsonWithNullParentKeyMetaAndNullRevokedShouldBeNull() { EnvelopeKeyRecord envelopeKeyRecord = new EnvelopeKeyRecord(created, null, encryptedKey); JObject recordJson = envelopeKeyRecord.ToJson(); Assert.Equal(created.ToUnixTimeSeconds(), recordJson.GetValue("Created").ToObject <long>()); Assert.Null(recordJson["ParentKeyMeta"]); Assert.Equal(encryptedKey, Convert.FromBase64String(recordJson["Key"].ToString())); Assert.Null(recordJson["Revoked"]); }
private void TestToJsonWithParentKeyMetaAndRevoked() { EnvelopeKeyRecord envelopeKeyRecord = new EnvelopeKeyRecord(created, parentKeyMeta, encryptedKey, Revoked); JObject recordJson = envelopeKeyRecord.ToJson(); Assert.Equal(created.ToUnixTimeSeconds(), recordJson.GetValue("Created").ToObject <long>()); Assert.Equal(parentCreated.ToUnixTimeSeconds(), recordJson["ParentKeyMeta"]["Created"].ToObject <long>()); Assert.Equal(ParentKey, recordJson["ParentKeyMeta"]["KeyId"].ToObject <string>()); Assert.Equal(encryptedKey, Convert.FromBase64String(recordJson["Key"].ToString())); Assert.Equal(Revoked, recordJson["Revoked"].ToObject <bool>()); }
private void TestConstructorJsonWithNullParentKeyMetaAndNullRevokedShouldBeOptionalEmptyAndFalse() { Asherah.AppEncryption.Util.Json envelopeKeyRecordJson = new Asherah.AppEncryption.Util.Json(); envelopeKeyRecordJson.Put("Created", created); envelopeKeyRecordJson.Put("Key", encryptedKey); EnvelopeKeyRecord record = new EnvelopeKeyRecord(envelopeKeyRecordJson); Assert.NotNull(record); Assert.Equal(created, record.Created); Assert.Equal(Option <KeyMeta> .None, record.ParentKeyMeta); Assert.Equal(encryptedKey, record.EncryptedKey); Assert.Equal(Option <bool> .None, record.Revoked); }
private void TestConstructorJsonWithParentKeyMetaAndRevoked() { Asherah.AppEncryption.Util.Json parentKeyMetaJson = new Asherah.AppEncryption.Util.Json(); parentKeyMetaJson.Put("KeyId", ParentKey); parentKeyMetaJson.Put("Created", parentCreated); Asherah.AppEncryption.Util.Json envelopeKeyRecordJson = new Asherah.AppEncryption.Util.Json(); envelopeKeyRecordJson.Put("Created", created); envelopeKeyRecordJson.Put("ParentKeyMeta", parentKeyMetaJson); envelopeKeyRecordJson.Put("Key", encryptedKey); envelopeKeyRecordJson.Put("Revoked", Revoked); EnvelopeKeyRecord record = new EnvelopeKeyRecord(envelopeKeyRecordJson); Assert.NotNull(record); Assert.Equal(created, record.Created); Assert.Equal(Option <KeyMeta> .Some(parentKeyMeta), record.ParentKeyMeta); Assert.Equal(encryptedKey, record.EncryptedKey); Assert.Equal(Option <bool> .Some(Revoked), record.Revoked); }
public AppJsonEncryptionImplTest() { partition = new Partition("PARTITION", "SYSTEM", "PRODUCT"); Dictionary <string, JObject> memoryPersistence = new Dictionary <string, JObject>(); dataPersistence = new AdhocPersistence <JObject>( key => memoryPersistence.TryGetValue(key, out JObject result) ? result : Option <JObject> .None, (key, jsonObject) => memoryPersistence.Add(key, jsonObject)); metastore = new InMemoryMetastoreImpl <JObject>(); keyManagementService = new DummyKeyManagementService(); AeadEnvelopeCrypto aeadEnvelopeCrypto = new BouncyAes256GcmCrypto(); // Generate a dummy systemKey document CryptoKey systemKey = aeadEnvelopeCrypto.GenerateKey(); byte[] encryptedSystemKey = keyManagementService.EncryptKey(systemKey); EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(DateTimeOffset.UtcNow, null, encryptedSystemKey); // Write out the dummy systemKey record memoryPersistence.TryAdd(partition.SystemKeyId, systemKeyRecord.ToJson()); }
internal static Mock <IMetastore <JObject> > CreateMetastoreMock( Partition partition, KeyManagementService kms, KeyState metaIK, KeyState metaSK, CryptoKeyHolder cryptoKeyHolder, IMetastore <JObject> metastore) { CryptoKey systemKey = cryptoKeyHolder.SystemKey; Mock <IMetastore <JObject> > metastoreSpy = new Mock <IMetastore <JObject> >(); metastoreSpy .Setup(x => x.Load(It.IsAny <string>(), It.IsAny <DateTimeOffset>())) .Returns <string, DateTimeOffset>(metastore.Load); metastoreSpy .Setup(x => x.LoadLatest(It.IsAny <string>())) .Returns <string>(metastore.LoadLatest); metastoreSpy .Setup(x => x.Store(It.IsAny <string>(), It.IsAny <DateTimeOffset>(), It.IsAny <JObject>())) .Returns <string, DateTimeOffset, JObject>(metastore.Store); if (metaSK != KeyState.Empty) { if (metaSK == KeyState.Retired) { // We create a revoked copy of the same key DateTimeOffset created = systemKey.GetCreated(); systemKey = systemKey .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true)); } EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord( systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked()); metastore.Store( partition.SystemKeyId, systemKeyRecord.Created, systemKeyRecord.ToJson()); } if (metaIK != KeyState.Empty) { CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey; if (metaIK == KeyState.Retired) { // We create a revoked copy of the same key DateTimeOffset created = intermediateKey.GetCreated(); intermediateKey = intermediateKey .WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true)); } EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord( intermediateKey.GetCreated(), new KeyMeta(partition.SystemKeyId, systemKey.GetCreated()), Crypto.EncryptKey(intermediateKey, systemKey), intermediateKey.IsRevoked()); metastore.Store( partition.IntermediateKeyId, intermediateKeyRecord.Created, intermediateKeyRecord.ToJson()); } return(metastoreSpy); }