public async Task ExpectFullKeyManagerExplicitAwsStoreRetrieveToSucceed()
{
var config = new S3XmlRepositoryConfig(S3IntegrationTests.BucketName) { KeyPrefix = "RealXmlKeyManager1/" };
await s3Cleanup.ClearKeys(S3IntegrationTests.BucketName, config.KeyPrefix);
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection()
.PersistKeysToAwsS3(s3Client, config);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService<IOptions<KeyManagementOptions>>(),
serviceProvider.GetRequiredService<IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection<IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public async Task ExpectFullKeyManagerStoreRetrieveWithConfigToSucceed()
{
var section = fixture.Configuration.GetSection("s3ImplicitAwsTestCase");
// Just make sure config is what is actually expected - of course normally you'd not access the config like this directly
Assert.Equal(S3IntegrationTests.BucketName, section["bucket"]);
Assert.Equal("RealXmlKeyManager3/", section["keyPrefix"]);
await s3Cleanup.ClearKeys(S3IntegrationTests.BucketName, section["keyPrefix"]);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(s3Client);
serviceCollection.AddDataProtection()
.PersistKeysToAwsS3(section);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService<IOptions<KeyManagementOptions>>(),
serviceProvider.GetRequiredService<IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection<IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public void ExpectFullKeyManagerStoreRetrieveToSucceed()
{
var config = new KmsXmlEncryptorConfig(KmsIntegrationTests.KmsTestingKey);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.PersistKeysToEphemeral()
.ProtectKeysWithAwsKms(config);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IOptions <KeyManagementOptions> >(),
serviceProvider.GetRequiredService <IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public void ExpectFullKeyManagerExplicitAwsStoreRetrieveWithConfigToSucceed()
{
var section = fixture.Configuration.GetSection("kmsTestCase");
// Just make sure config is what is actually expected - of course normally you'd not access the config like this directly
Assert.Equal(KmsIntegrationTests.KmsTestingKey, section["keyId"]);
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection()
.PersistKeysToEphemeral()
.ProtectKeysWithAwsKms(kmsClient, section);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IOptions <KeyManagementOptions> >(),
serviceProvider.GetRequiredService <IActivator>());
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
Assert.NotNull(keys.Single().Descriptor);
}
}
public void ExpectFullKeyManagerStoreRetrieveToSucceed()
{
var config = new KmsXmlEncryptorConfig(KmsIntegrationTests.ApplicationName, KmsIntegrationTests.KmsTestingKey);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.ProtectKeysWithAwsKms(config);
serviceCollection.AddSingleton <IXmlRepository, EphemeralXmlRepository>();
var serviceProvider = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IXmlRepository>(),
serviceProvider.GetRequiredService <IAuthenticatedEncryptorConfiguration>(),
serviceProvider);
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
}
public async Task ExpectFullKeyManagerStoreRetrieveToSucceed()
{
var s3Config = new S3XmlRepositoryConfig(S3IntegrationTests.BucketName)
{
KeyPrefix = "CombinedXmlKeyManager2/"
};
await s3Cleanup.ClearKeys(S3IntegrationTests.BucketName, s3Config.KeyPrefix);
var kmsConfig = new KmsXmlEncryptorConfig(KmsIntegrationTests.ApplicationName, KmsIntegrationTests.KmsTestingKey);
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(s3Client);
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.PersistKeysToAwsS3(s3Config)
.ProtectKeysWithAwsKms(kmsConfig);
var serviceProvider = serviceCollection.BuildServiceProvider();
var keyManager = new XmlKeyManager(serviceProvider.GetRequiredService <IXmlRepository>(),
serviceProvider.GetRequiredService <IAuthenticatedEncryptorConfiguration>(),
serviceProvider);
var activationDate = new DateTimeOffset(new DateTime(1980, 1, 1));
var expirationDate = new DateTimeOffset(new DateTime(1980, 6, 1));
keyManager.CreateNewKey(activationDate, expirationDate);
IReadOnlyCollection <IKey> keys = keyManager.GetAllKeys();
Assert.Equal(1, keys.Count);
Assert.Equal(activationDate, keys.Single().ActivationDate);
Assert.Equal(expirationDate, keys.Single().ExpirationDate);
}
private static IReadOnlyCollection <IKey> RunGetAllKeysCore(string xml, IActivator activator, ILoggerFactory loggerFactory = null)
{
// Arrange
var mockXmlRepository = new Mock <IXmlRepository>();
mockXmlRepository.Setup(o => o.GetAllElements()).Returns(XElement.Parse(xml).Elements().ToArray());
var options = Options.Create(new KeyManagementOptions()
{
AuthenticatedEncryptorConfiguration = new Mock <AlgorithmConfiguration>().Object,
XmlRepository = mockXmlRepository.Object,
XmlEncryptor = null
});
var keyManager = new XmlKeyManager(options, activator, loggerFactory ?? NullLoggerFactory.Instance);
// Act
return(keyManager.GetAllKeys());
}
public IReadOnlyCollection <IKey> GetAllKeys() => _wrapped.GetAllKeys();