public void ThrowsIfCannotDecrypt() { var testCert1 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password"); var encryptor = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance); var data = new XElement("SampleData", "Lorem ipsum"); var encryptedXml = encryptor.Encrypt(data); var decryptor = new EncryptedXmlDecryptor(); var ex = Assert.Throws <CryptographicException>(() => decryptor.Decrypt(encryptedXml.EncryptedElement)); Assert.Equal("Unable to retrieve the decryption key.", ex.Message); }
public void Encrypt_Decrypt_RoundTrips() { // Arrange var symmetricAlgorithm = TripleDES.Create(); symmetricAlgorithm.GenerateKey(); var mockInternalEncryptor = new Mock <IInternalCertificateXmlEncryptor>(); mockInternalEncryptor.Setup(o => o.PerformEncryption(It.IsAny <EncryptedXml>(), It.IsAny <XmlElement>())) .Returns <EncryptedXml, XmlElement>((encryptedXml, element) => { encryptedXml.AddKeyNameMapping("theKey", symmetricAlgorithm); // use symmetric encryption return(encryptedXml.Encrypt(element, "theKey")); }); var mockInternalDecryptor = new Mock <IInternalEncryptedXmlDecryptor>(); mockInternalDecryptor.Setup(o => o.PerformPreDecryptionSetup(It.IsAny <EncryptedXml>())) .Callback <EncryptedXml>(encryptedXml => { encryptedXml.AddKeyNameMapping("theKey", symmetricAlgorithm); // use symmetric encryption }); var serviceCollection = new ServiceCollection(); serviceCollection.AddSingleton <IInternalEncryptedXmlDecryptor>(mockInternalDecryptor.Object); var services = serviceCollection.BuildServiceProvider(); var encryptor = new CertificateXmlEncryptor(NullLoggerFactory.Instance, mockInternalEncryptor.Object); var decryptor = new EncryptedXmlDecryptor(services); var originalXml = XElement.Parse(@"<mySecret value='265ee4ea-ade2-43b1-b706-09b259e58b6b' />"); // Act & assert - run through encryptor and make sure we get back <EncryptedData> element var encryptedXmlInfo = encryptor.Encrypt(originalXml); Assert.Equal(typeof(EncryptedXmlDecryptor), encryptedXmlInfo.DecryptorType); Assert.Equal(XName.Get("EncryptedData", "http://www.w3.org/2001/04/xmlenc#"), encryptedXmlInfo.EncryptedElement.Name); Assert.Equal("http://www.w3.org/2001/04/xmlenc#Element", (string)encryptedXmlInfo.EncryptedElement.Attribute("Type")); Assert.DoesNotContain("265ee4ea-ade2-43b1-b706-09b259e58b6b", encryptedXmlInfo.EncryptedElement.ToString(), StringComparison.OrdinalIgnoreCase); // Act & assert - run through decryptor and make sure we get back the original value var roundTrippedElement = decryptor.Decrypt(encryptedXmlInfo.EncryptedElement); XmlAssert.Equal(originalXml, roundTrippedElement); }
public void ThrowsIfProvidedCertificateDoesHavePrivateKey() { var fullCert = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password"); var publicKeyOnly = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.PublicKeyOnly.cer"), ""); var services = new ServiceCollection() .Configure <XmlKeyDecryptionOptions>(o => o.AddKeyDecryptionCertificate(publicKeyOnly)) .BuildServiceProvider(); var encryptor = new CertificateXmlEncryptor(fullCert, NullLoggerFactory.Instance); var data = new XElement("SampleData", "Lorem ipsum"); var encryptedXml = encryptor.Encrypt(data); var decryptor = new EncryptedXmlDecryptor(services); var ex = Assert.Throws <CryptographicException>(() => decryptor.Decrypt(encryptedXml.EncryptedElement)); Assert.Equal("Unable to retrieve the decryption key.", ex.Message); }
public void ThrowsIfProvidedCertificateDoesNotMatch() { var testCert1 = new X509Certificate2("TestCert1.pfx", "password"); var testCert2 = new X509Certificate2("TestCert2.pfx", "password"); var services = new ServiceCollection() .Configure <XmlKeyDecryptionOptions>(o => o.AddKeyDecryptionCertificate(testCert2)) .BuildServiceProvider(); var encryptor = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance); var data = new XElement("SampleData", "Lorem ipsum"); var encryptedXml = encryptor.Encrypt(data); var decryptor = new EncryptedXmlDecryptor(services); var ex = Assert.Throws <CryptographicException>(() => decryptor.Decrypt(encryptedXml.EncryptedElement)); Assert.Equal("Unable to retrieve the decryption key.", ex.Message); }
public void XmlCanRoundTrip() { var testCert1 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password"); var testCert2 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert2.pfx"), "password"); var services = new ServiceCollection() .Configure <XmlKeyDecryptionOptions>(o => { o.AddKeyDecryptionCertificate(testCert1); o.AddKeyDecryptionCertificate(testCert2); }) .BuildServiceProvider(); var encryptor = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance); var data = new XElement("SampleData", "Lorem ipsum"); var encryptedXml = encryptor.Encrypt(data); var decryptor = new EncryptedXmlDecryptor(services); var decrypted = decryptor.Decrypt(encryptedXml.EncryptedElement); Assert.Equal("SampleData", decrypted.Name); Assert.Equal("Lorem ipsum", decrypted.Value); }
public void Decrypt_should_throw_on_argument_null() { var sut = new EncryptedXmlDecryptor(); Assert.Throws <ArgumentNullException>(() => sut.Decrypt(null)); }