public void TearDown()
{
keysTable = new SymmetricKeyStore(CloudStorageAccount.DevelopmentStorageAccount);
//Clear out any leftover test keys
List<SymmetricKey> keys = keysTable.GetAllKeys();
SymmetricKey existingKey = keys.FirstOrDefault(k => k.Version == KEYGEN_TESTS_ENCRYPTION_VERSION);
if (existingKey != null)
{
{
keysTable.DeleteSymmetricKey(existingKey);
keysTable = new SymmetricKeyStore(CloudStorageAccount.DevelopmentStorageAccount);
}
}
}
/// <summary>
/// Create a new symmetric key, encrypt it with the X509Certificate already supplied, and upload it to the SymmetricKeys table in the specified StorageAccount.
/// Note you should be careful to not call this frequently - it is intended for offline/manual use or occasional testing.
/// </summary>
/// <param name="storageAccount"></param>
/// <param name="versionNumber"></param>
public void CreateNewKey(CloudStorageAccount storageAccount, int versionNumber)
{
//Create the key
SymmetricKey newKeySet = CreateNewAESSymmetricKeyset();
newKeySet.Version = versionNumber;
//Create the table
(new SymmetricKeyStore(storageAccount)).Create();
//Save the new row
SymmetricKeyStore ctx = new SymmetricKeyStore(storageAccount);
ctx.SaveSymmetricKey(newKeySet);
AzureTableCrypto.ReloadKeyStore(storageAccount);
}
internal AzureTableCryptoKeyStore(CloudStorageAccount acct)
{
this.KeyStoreAccount = acct;
SymmetricKeyStore keyTable = new SymmetricKeyStore(acct);
List<SymmetricKey> allKeys = null;
try
{
allKeys = keyTable.GetAllKeys();
}
catch (DataServiceQueryException dsq)
{
if (dsq.Response.StatusCode == (int)HttpStatusCode.NotFound)
{
//Table hasn't been created, so there aren't any keys. Guess we'll just go with it.
allKeys = new List<SymmetricKey>(0);
}
else
{
throw new AzureTableCryptoInitializationException("Failed to load encryption keys from storage", dsq);
}
}
catch (DataServiceClientException dsce)
{
if (dsce.StatusCode == (int)HttpStatusCode.NotFound)
{
//Table hasn't been created, so there aren't any keys. Guess we'll just go with it.
allKeys = new List<SymmetricKey>(0);
}
else
{
throw new AzureTableCryptoInitializationException("Failed to load encryption keys from storage", dsce);
}
}
catch (Exception ex)
{
throw new AzureTableCryptoInitializationException("Could not load encryption keys table", ex);
}
foreach (var key in allKeys)
{
try
{
X509Certificate2 certificate = CertificateHelper.GetCertificateByThumbprint(key.CertificateThumbprint);
if (certificate == null)
{
//Can't find the cert for this key, just continue
continue;
}
RSACryptoServiceProvider RSA;
try
{
RSA = (RSACryptoServiceProvider)certificate.PrivateKey;
}
catch (CryptographicException)
{
throw new AzureTableCryptoPrivateKeyNotAccessibleException(key.Version, key.CertificateThumbprint);
}
byte[] symmetricCryptoKey = RSA.Decrypt(key.Key, true);
AesManaged algorithm = new AesManaged();
algorithm.IV = key.iv;
algorithm.Key = symmetricCryptoKey;
keyCache[key.Version] = algorithm;
}
catch (AzureTableCryptoException)
{
//Just rethrow these
throw;
}
catch (Exception ex)
{
throw new AzureTableCryptoInitializationException("Error initializing crypto key version " + key.Version, ex);
}
}
}
public void Setup()
{
keysTable = new SymmetricKeyStore(CloudStorageAccount.DevelopmentStorageAccount);
keyGen = new AzureTableKeyGenerator(SetupFixture.TEST_CERT_THUMBPRINT);
}
