public void ExpectApplicationIsolationToThrow(string app1, string app2, bool throws) { var config = new KmsXmlEncryptorConfig(KmsIntegrationTests.KmsTestingKey); var sharedStorage = new EphemeralXmlRepository(); var plaintext = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 }; byte[] encrypted; { var serviceCollection = new ServiceCollection(); serviceCollection.AddSingleton(kmsClient); serviceCollection.AddDataProtection() .SetApplicationName(app1) .PersistKeysToEphemeral(sharedStorage) .ProtectKeysWithAwsKms(config); using (var serviceProvider = serviceCollection.BuildServiceProvider()) { var prov = serviceProvider.GetRequiredService <IDataProtectionProvider>().CreateProtector("bob"); encrypted = prov.Protect(plaintext); } } { var serviceCollection = new ServiceCollection(); serviceCollection.AddSingleton(kmsClient); serviceCollection.AddDataProtection() .SetApplicationName(app2) .PersistKeysToEphemeral(sharedStorage) .ProtectKeysWithAwsKms(config); using (var serviceProvider = serviceCollection.BuildServiceProvider()) { var prov = serviceProvider.GetRequiredService <IDataProtectionProvider>().CreateProtector("bob"); if (throws) { Assert.Throws <CryptographicException>(() => prov.Unprotect(encrypted)); } else { Assert.NotNull(prov.Unprotect(encrypted)); } } } }
public static IDataProtectionBuilder PersistKeysToEphemeral(this IDataProtectionBuilder builder, EphemeralXmlRepository existing) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (existing == null) { throw new ArgumentNullException(nameof(existing)); } builder.Services.Configure <KeyManagementOptions>(options => { options.XmlRepository = existing; }); return(builder); }