public async Task <string> EncryptAsync(string initializationVector, string plainText)
{
var request = new EncryptRequest
{
Plaintext = Encoding.UTF8.GetBytes(plainText),
InitializationVector = Encoding.UTF8.GetBytes(initializationVector)
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.workloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.workloadUri)
};
EncryptResponse result = await this.Execute(() => edgeletHttpClient.EncryptAsync(this.apiVersion, this.moduleId, this.moduleGenerationId, request), "Encrypt");
return(Convert.ToBase64String(result.Ciphertext));
}
}
public byte[] EncryptSymmetric(
string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string keyId = "my-key",
string message = "Sample message")
{
// Create the client.
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
// Build the key name.
CryptoKeyName keyName = new CryptoKeyName(projectId, locationId, keyRingId, keyId);
// Convert the message into bytes. Cryptographic plaintexts and
// ciphertexts are always byte arrays.
byte[] plaintext = Encoding.UTF8.GetBytes(message);
// Call the API.
EncryptResponse result = client.Encrypt(keyName, ByteString.CopyFrom(plaintext));
// Return the ciphertext.
return(result.Ciphertext.ToByteArray());
}
private void TestEncryptKeyAndBuildResult()
{
byte[] encryptedKey = { 0, 1 };
EncryptResponse encryptResponse = new EncryptResponse
{
CiphertextBlob = new MemoryStream(encryptedKey)
};
byte[] dataKeyPlainText = { 2, 3 };
amazonKeyManagementServiceClientMock
.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), It.IsAny <CancellationToken>()))
.Returns(Task.FromResult(encryptResponse));
Option <JObject> actualResult = awsKeyManagementServiceImplSpy.Object.EncryptKeyAndBuildResult(
amazonKeyManagementServiceClientMock.Object, preferredRegion, ArnUsWest1, dataKeyPlainText);
Assert.Equal(preferredRegion, ((JObject)actualResult).GetValue(RegionKey).ToString());
Assert.Equal(ArnUsWest1, ((JObject)actualResult).GetValue(ArnKey).ToString());
Assert.Equal(encryptedKey, Convert.FromBase64String(((JObject)actualResult).GetValue(EncryptedKek).ToString()));
}
private static async Task <string> Encrypt(KmsCryptoClient kmsCryptoClient, string keyId)
{
logger.Info("Encrypt");
string plainText = "I love .NET SDK!";
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
EncryptDataDetails encryptDataDetails = new EncryptDataDetails
{
KeyId = keyId,
Plaintext = System.Convert.ToBase64String(plainTextBytes),
LoggingContext = GetSampleLoggingContext()
};
EncryptRequest encryptRequest = new EncryptRequest
{
EncryptDataDetails = encryptDataDetails
};
EncryptResponse encryptResponse = await kmsCryptoClient.Encrypt(encryptRequest);
logger.Info($"PlainText: {plainText}");
logger.Info($"CipherText: {encryptResponse.EncryptedData.Ciphertext}");
return(encryptResponse.EncryptedData.Ciphertext);
}
public void ExpectEncryptToSucceed()
{
var myInputXml = new XElement(ElementName, "input");
byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted");
var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData);
using (var encryptedResponseStream = new MemoryStream())
{
encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length);
encryptedResponseStream.Seek(0, SeekOrigin.Begin);
var encryptResponse = new EncryptResponse
{
KeyId = KeyId,
CiphertextBlob = encryptedResponseStream
};
encryptConfig.Setup(x => x.EncryptionContext).Returns(encryptionContext);
encryptConfig.Setup(x => x.GrantTokens).Returns(grantTokens);
encryptConfig.Setup(x => x.KeyId).Returns(KeyId);
kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None))
.ReturnsAsync(encryptResponse)
.Callback <EncryptRequest, CancellationToken>((er, ct) =>
{
Assert.Same(encryptionContext, er.EncryptionContext);
Assert.Same(grantTokens, er.GrantTokens);
var body = XElement.Load(er.Plaintext);
Assert.True(XNode.DeepEquals(myInputXml, body));
});
var encryptedXml = encryptor.Encrypt(myInputXml);
Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType);
var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value");
Assert.Equal(myBase64EncryptedData, encryptedBlob);
}
}
public override GenerateTokenResponse Query(GenerateTokenRequest request, IServiceRouter router, RequestContext context)
{
List <Token> tokens = new List <Token>();
foreach (var token in request.Tokens)
{
DateTime issued = _clock.GetCurrentInstant().ToDateTimeUtc();
string composite = $"prin:{token.PrincipalId : N}|issued:{issued : yyyyMMddHHmmss}|expire:{token.Expiration: yyyyMMddHHmmss}|type:{token.Type : G}";
byte[] bytes = Encoding.ASCII.GetBytes(composite);
EncryptResponse response = router.Query <EncryptRequest, EncryptResponse>(new EncryptRequest()
{
Algorithm = request.Algorithm,
ClearText = bytes,
Key = request.Key
});
Token newToken = new Token()
{
Data = Convert.ToBase64String(response.CipherText),
Type = token.Type,
Expiration = token.Expiration,
Issued = issued,
PrincipalId = token.PrincipalId
};
tokens.Add(newToken);
}
return(new GenerateTokenResponse()
{
Tokens = tokens
});
}
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId)
{
var myInputXml = new XElement(ElementName, "input");
byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted");
var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData);
using (var encryptedResponseStream = new MemoryStream())
{
encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length);
encryptedResponseStream.Seek(0, SeekOrigin.Begin);
var encryptResponse = new EncryptResponse
{
KeyId = KeyId,
CiphertextBlob = encryptedResponseStream
};
var actualConfig = new KmsXmlEncryptorConfig
{
EncryptionContext = encryptionContext,
GrantTokens = grantTokens,
KeyId = KeyId,
DiscriminatorAsContext = useAppId,
HashDiscriminatorContext = hashAppId
};
var actualOptions = new DataProtectionOptions
{
ApplicationDiscriminator = appId
};
encryptConfig.Setup(x => x.Value).Returns(actualConfig);
dpOptions.Setup(x => x.Value).Returns(actualOptions);
kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None))
.ReturnsAsync(encryptResponse)
.Callback <EncryptRequest, CancellationToken>((er, ct) =>
{
if (appId != null && useAppId)
{
Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, er.EncryptionContext.Keys);
Assert.Equal(expectedAppId, er.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]);
}
else
{
Assert.Same(encryptionContext, er.EncryptionContext);
}
Assert.Same(grantTokens, er.GrantTokens);
var body = XElement.Load(er.Plaintext);
Assert.True(XNode.DeepEquals(myInputXml, body));
});
var encryptedXml = encryptor.Encrypt(myInputXml);
Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType);
var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value");
Assert.Equal(myBase64EncryptedData, encryptedBlob);
}
}
