public async Task InvalidPathToEncrypt()
{
TestDoc testDoc = TestDoc.Create();
List <EncryptionOptions> propertyEncryptionOptionsWithInvalidPath = new List <EncryptionOptions>();
propertyEncryptionOptionsWithInvalidPath.Add(
new EncryptionOptions()
{
DataEncryptionKeyId = PropertyEncryptionProcessorTests.pdekId,
EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256,
PathsToEncrypt = new List <string>()
{
"/Name", "/Invalid"
}
});
try
{
await PropertyEncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
PropertyEncryptionProcessorTests.mockEncryptor.Object,
propertyEncryptionOptionsWithInvalidPath,
new CosmosDiagnosticsContext(),
CancellationToken.None);
Assert.Fail("Invalid path to encrypt didn't result in exception.");
}
catch (ArgumentException ex)
{
Assert.AreEqual("PathsToEncrypt includes a path: '/Invalid' which was not found.", ex.Message);
}
}
public async Task CreateStreamItemWithPropertyEncr()
{
TestDoc testDoc = TestDoc.Create();
Stream testStream = testDoc.ToStream();
await EncryptionContainerTests.propertyEncryptionContainer.CreateItemStreamAsync(
testStream, new PartitionKey(testDoc.PK));
await EncryptionContainerTests.VerifyItemByReadAsync(EncryptionContainerTests.propertyEncryptionContainer, testDoc);
await EncryptionContainerTests.VerifyItemByReadStreamAsync(EncryptionContainerTests.propertyEncryptionContainer, testDoc);
}
private static async Task <JObject> VerifyEncryptionSucceeded(TestDoc testDoc)
{
Stream encryptedStream = await PropertyEncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
PropertyEncryptionProcessorTests.mockEncryptor.Object,
PropertyEncryptionProcessorTests.propertyEncryptionOptions,
new CosmosDiagnosticsContext(),
CancellationToken.None);
JObject encryptedDoc = PropertyEncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream);
Assert.AreEqual(testDoc.Id, encryptedDoc.Property("id").Value.Value <string>());
Assert.AreEqual(testDoc.PK, encryptedDoc.Property(nameof(TestDoc.PK)).Value.Value <string>());
Assert.AreEqual(testDoc.SSN, encryptedDoc.Property(nameof(TestDoc.SSN)).Value.Value <int>());
Assert.AreNotEqual(testDoc.Name, encryptedDoc.Property(nameof(TestDoc.Name)).Value.Value <string>());
JProperty encrProp = encryptedDoc.Property(nameof(TestDoc.Name));//.Value.Value<string>();
Assert.IsNotNull(encrProp);
Assert.IsNotNull(encrProp.Value.Value <string>());
return(encryptedDoc);
}
public async Task ValidateDecryptStream()
{
TestDoc testDoc = TestDoc.Create();
Stream encryptedStream = await PropertyEncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
PropertyEncryptionProcessorTests.mockEncryptor.Object,
PropertyEncryptionProcessorTests.propertyEncryptionOptions,
new CosmosDiagnosticsContext(),
CancellationToken.None);
Stream decryptedStream = await PropertyEncryptionProcessor.DecryptAsync(
encryptedStream,
PropertyEncryptionProcessorTests.mockEncryptor.Object,
new CosmosDiagnosticsContext(),
PropertyEncryptionProcessorTests.PathsToEncrypt,
CancellationToken.None);
JObject decryptedDoc = PropertyEncryptionProcessor.BaseSerializer.FromStream <JObject>(decryptedStream);
PropertyEncryptionProcessorTests.VerifyDecryptionSucceeded(
decryptedDoc,
testDoc);
}
public async Task EncryptionTransactionBatchCrud()
{
string partitionKey = "thePK";
string dek1 = EncryptionTests.dekId;
string dek2 = "dek2Forbatch";
await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dek2);
TestDoc doc1ToCreate = TestDoc.Create(partitionKey);
TestDoc doc2ToCreate = TestDoc.Create(partitionKey);
TestDoc doc3ToCreate = TestDoc.Create(partitionKey);
ItemResponse <TestDoc> doc1ToReplaceCreateResponse = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey);
TestDoc doc1ToReplace = doc1ToReplaceCreateResponse.Resource;
doc1ToReplace.NonSensitive = Guid.NewGuid().ToString();
doc1ToReplace.Sensitive = Guid.NewGuid().ToString();
TestDoc doc2ToReplace = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey);
doc2ToReplace.NonSensitive = Guid.NewGuid().ToString();
doc2ToReplace.Sensitive = Guid.NewGuid().ToString();
TestDoc doc1ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey);
doc1ToUpsert.NonSensitive = Guid.NewGuid().ToString();
doc1ToUpsert.Sensitive = Guid.NewGuid().ToString();
TestDoc doc2ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey);
doc2ToUpsert.NonSensitive = Guid.NewGuid().ToString();
doc2ToUpsert.Sensitive = Guid.NewGuid().ToString();
TestDoc docToDelete = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey);
TransactionalBatchResponse batchResponse = await EncryptionTests.itemContainer.CreateTransactionalBatch(new Cosmos.PartitionKey(partitionKey))
.CreateItem(doc1ToCreate, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt))
.CreateItemStream(doc2ToCreate.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt))
.ReplaceItem(doc1ToReplace.Id, doc1ToReplace, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, doc1ToReplaceCreateResponse.ETag))
.CreateItem(doc3ToCreate)
.ReplaceItemStream(doc2ToReplace.Id, doc2ToReplace.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt))
.UpsertItem(doc1ToUpsert, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt))
.DeleteItem(docToDelete.Id)
.UpsertItemStream(doc2ToUpsert.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt))
.ExecuteAsync();
Assert.AreEqual(HttpStatusCode.OK, batchResponse.StatusCode);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToCreate);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToCreate);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc3ToCreate);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToReplace);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToReplace);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToUpsert);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToUpsert);
ResponseMessage readResponseMessage = await EncryptionTests.itemContainer.ReadItemStreamAsync(docToDelete.Id, new PartitionKey(docToDelete.PK));
Assert.AreEqual(HttpStatusCode.NotFound, readResponseMessage.StatusCode);
}