Esempio n. 1
        private void JsonEncryptDecrypt()
            byte[]  dataRowRecord    = appEncryptionJson.Encrypt(payload);
            JObject decryptedPayload = appEncryptionJson.Decrypt(dataRowRecord);

            Assert.Equal(payload, decryptedPayload);
Esempio n. 2
        private void BytesEncryptDecrypt()
            byte[] dataRowRecord    = appEncryptionBytes.Encrypt(payload);
            byte[] decryptedPayload = appEncryptionBytes.Decrypt(dataRowRecord);

            Assert.Equal(payload, decryptedPayload);
        public void AppEncryptionEncryptMultipleThreads()
            Logger.LogInformation("Running AppEncryptionEncryptMultipleThreads test with {numThreads} threads", NumThreads);

            // Get the current settings and try to force minWorkers
            ThreadPool.GetMinThreads(out _, out var currentMinIOC);
            Assert.True(ThreadPool.SetMinThreads(NumThreads, currentMinIOC));

            long completedTasks = 0;

            Parallel.ForEach(Enumerable.Range(0, NumThreads), i =>
                    byte[] drr = appEncryptionJson.Encrypt(payload);

                    Assert.Equal(payload, appEncryptionJson.Decrypt(drr));
                    Interlocked.Increment(ref completedTasks);
                catch (ThreadInterruptedException e)
                    Logger.LogError(e, "Unexpected error during call: ");

            // Wait for all threads to complete
            Assert.Equal(NumThreads, completedTasks);
Esempio n. 4
        private void RunEncryptDecryptTest(int testIterations, string partitionId, int payloadSizeBytesBase)
                using (AppEncryption <JObject, byte[]> partition =
                    Dictionary <string, byte[]> dataStore = new Dictionary <string, byte[]>();

                    string partitionPart = "partition-" + partitionId + "-";

                    for (int i = 0; i < testIterations; i++)
                        // Note the size will be slightly larger since we're adding extra unique meta
                        JObject jsonObject = PayloadGenerator.CreateRandomJsonPayload(payloadSizeBytesBase);
                        string  keyPart    = $"iteration-{i}";
                        jsonObject.Add("payload", partitionPart + keyPart);

                        dataStore.Add(keyPart, partition.Encrypt(jsonObject));

                    foreach (KeyValuePair <string, byte[]> keyValuePair in dataStore)
                        JObject decryptedObject = partition.Decrypt(keyValuePair.Value);
                        Assert.Equal(partitionPart + keyValuePair.Key, decryptedObject.GetValue("payload").ToObject <string>());
            catch (Exception e)
                Logger.LogError(e, "unexpected error during call");
Esempio n. 5
        private void BytesEncryptDecryptWithDifferentSession()
            byte[] dataRowRecord = appEncryptionBytes.Encrypt(payload);

            using (AppEncryption <byte[], byte[]> appEncryptionBytesNew = appEncryptionSessionFactory.GetAppEncryptionBytes(partitionId))
                byte[] decryptedPayload = appEncryptionBytesNew.Decrypt(dataRowRecord);
                Assert.Equal(payload, decryptedPayload);
Esempio n. 6
        private void RunPartitionTest(int testIterations, string partitionId, int payloadSizeBytesBase)
                using (AppEncryptionSessionFactory factory =
                    using (AppEncryption <JObject, byte[]> partition = factory.GetAppEncryptionJson(partitionId))
                        Dictionary <string, byte[]> dataStore = new Dictionary <string, byte[]>();

                        string partitionPart = $"partition-{partitionId}-";

                        for (int i = 0; i < testIterations; i++)
                            // Note the size will be slightly larger since we're adding extra unique meta
                            JObject jObject = PayloadGenerator.CreateRandomJsonPayload(payloadSizeBytesBase);
                            string  keyPart = $"iteration-{i}";
                            jObject["payload"] = partitionPart + keyPart;

                            dataStore.Add(keyPart, partition.Encrypt(jObject));

                        foreach (KeyValuePair <string, byte[]> keyValuePair in dataStore)
                            JObject decryptedObject = partition.Decrypt(keyValuePair.Value);
                            Assert.Equal(partitionPart + keyValuePair.Key, decryptedObject["payload"].ToObject <string>());
            catch (Exception e)
                Logger.LogError(e, "Unexpected error during call");
Esempio n. 7
        private static async void App(Options options)
            IMetastorePersistence <JObject> metastorePersistence = null;
            KeyManagementService            keyManagementService = null;

            if (options.MetaStore == MetaStore.ADO)
                if (options.AdoConnectionString != null)
                    logger.LogInformation("using ADO-based metastore...");
                    metastorePersistence = AdoMetastorePersistenceImpl
                                           .NewBuilder(MySqlClientFactory.Instance, options.AdoConnectionString)
                    logger.LogError("ADO connection string is a mandatory parameter with MetaStore Type: ADO");
                    Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
            else if (options.MetaStore == MetaStore.DYNAMODB)
                logger.LogInformation("using DynamoDB-based metastore...");
                AWSConfigs.AWSRegion = "us-west-2";
                metastorePersistence = DynamoDbMetastorePersistenceImpl.NewBuilder().Build();
                logger.LogInformation("using in-memory metastore...");
                metastorePersistence = new MemoryPersistenceImpl <JObject>();

            if (options.Kms == Kms.AWS)
                if (options.PreferredRegion != null && options.RegionToArnTuples != null)
                    Dictionary <string, string> regionToArnDictionary = new Dictionary <string, string>();
                    foreach (string regionArnPair in options.RegionToArnTuples)
                        string[] regionArnArray = regionArnPair.Split("=");
                        regionToArnDictionary.Add(regionArnArray[0], regionArnArray[1]);

                    logger.LogInformation("using AWS KMS...");
                    keyManagementService = AwsKeyManagementServiceImpl
                                           .NewBuilder(regionToArnDictionary, options.PreferredRegion).Build();
                    logger.LogError("Preferred region and <region>=<arn> tuples are mandatory with  KMS Type: AWS");
                    Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
                logger.LogInformation("using static KMS...");
                keyManagementService = new StaticKeyManagementServiceImpl("secretmasterkey!");

            CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy

            // Setup metrics reporters and always include console.
            IMetricsBuilder metricsBuilder = new MetricsBuilder()
                                             .Report.ToConsole(consoleOptions => consoleOptions.FlushInterval = TimeSpan.FromSeconds(60));

            // CloudWatch metrics generation
            if (options.EnableCloudWatch)
                // Fill in when we open source our App.Metrics cloudwatch reporter separately

            IMetrics metrics = metricsBuilder.Build();

            // Create a session factory for this app. Normally this would be done upon app startup and the
            // same factory would be used anytime a new session is needed for a partition (e.g., shopper).
            // We've split it out into multiple using blocks to underscore this point.
            using (AppEncryptionSessionFactory appEncryptionSessionFactory = AppEncryptionSessionFactory
                                                                             .NewBuilder("productId", "reference_app")
                // Now create an actual session for a partition (which in our case is a pretend shopper id). This session is used
                // for a transaction and is disposed automatically after use due to the IDisposable implementation.
                using (AppEncryption <byte[], byte[]> appEncryptionBytes =
                    const string originalPayloadString = "mysupersecretpayload";
                    foreach (int i in Enumerable.Range(0, options.Iterations))
                        string dataRowString;

                        // If we get a DRR as a command line argument, we want to directly decrypt it
                        if (options.Drr != null)
                            dataRowString = options.Drr;
                            // Encrypt the payload
                            byte[] dataRowRecordBytes =

                            // Consider this us "persisting" the DRR
                            dataRowString = Convert.ToBase64String(dataRowRecordBytes);

                        logger.LogInformation("dataRowRecord as string = {dataRow}", dataRowString);

                        byte[] newDataRowRecordBytes = Convert.FromBase64String(dataRowString);

                        // Decrypt the payload
                        string decryptedPayloadString =

                        logger.LogInformation("decryptedPayloadString = {payload}", decryptedPayloadString);
                        logger.LogInformation("matches = {result}", originalPayloadString.Equals(decryptedPayloadString));

            // Force final publish of metrics
            await Task.WhenAll(((IMetricsRoot)metrics).ReportRunner.RunAllAsync());