//Downloads and decrypts client side encrypted blob, then reuploads blob with server side encryption using a customer provided key private static void EncryptWithCustomerProvidedKey( string connectionString, string containerName, string blobName, string blobNameAfterMigration, string filePath, ClientSideEncryptionOptions clientSideOption, byte[] keyBytes) { //Download and decrypt Client Side Encrypted blob using BlobClient with Client Side Encryption Options string downloadFilePath = filePath + "download"; BlobClient blobClient = new BlobClient( connectionString, containerName, blobName).WithClientSideEncryptionOptions(clientSideOption); blobClient.DownloadTo(downloadFilePath); //Set Blob Client Options with the given Customer Provided Key CustomerProvidedKey customerProvidedKey = new CustomerProvidedKey(keyBytes); BlobClientOptions blobClientOptions = new BlobClientOptions() { CustomerProvidedKey = customerProvidedKey, }; //Reupload Blob with Server Side Encryption blobClient = new BlobClient( connectionString, containerName, blobNameAfterMigration, blobClientOptions); blobClient.Upload(downloadFilePath, true); }
public async Task AppendBlockFromUriAsync_CPK() { await using DisposingContainer test = await GetTestContainerAsync(); // Arrange await test.Container.SetAccessPolicyAsync(PublicAccessType.BlobContainer); var data = GetRandomBuffer(Constants.KB); using (var stream = new MemoryStream(data)) { AppendBlobClient sourceBlob = InstrumentClient(test.Container.GetAppendBlobClient(GetNewBlobName())); await sourceBlob.CreateAsync(); await sourceBlob.AppendBlockAsync(stream); AppendBlobClient destBlob = InstrumentClient(test.Container.GetAppendBlobClient(GetNewBlobName())); CustomerProvidedKey customerProvidedKey = GetCustomerProvidedKey(); destBlob = InstrumentClient(destBlob.WithCustomerProvidedKey(customerProvidedKey)); await destBlob.CreateAsync(); // Act Response <BlobAppendInfo> response = await destBlob.AppendBlockFromUriAsync( sourceBlob.Uri, new HttpRange(0, Constants.KB)); Assert.AreEqual(customerProvidedKey.EncryptionKeyHash, response.Value.EncryptionKeySha256); } }
public static PageBlobClient WithCustomerProvidedKey( this PageBlobClient blob, CustomerProvidedKey customerProvidedKey) => new PageBlobClient( ToHttps(blob.Uri), blob.Pipeline, blob.ClientDiagnostics, customerProvidedKey);
public static BlockBlobClient WithCustomerProvidedKey( this BlockBlobClient blob, CustomerProvidedKey customerProvidedKey) => new BlockBlobClient( ToHttps(blob.Uri), blob.Pipeline, blob.Version, blob.ClientDiagnostics, customerProvidedKey);
private static BlobClientConfiguration BuildClientConfigurationWithCpk( BlobClientConfiguration clientConfiguration, CustomerProvidedKey customerProvidedKey) => new BlobClientConfiguration( pipeline: clientConfiguration.Pipeline, sharedKeyCredential: clientConfiguration.SharedKeyCredential, clientDiagnostics: clientConfiguration.ClientDiagnostics, version: clientConfiguration.Version, customerProvidedKey: customerProvidedKey, encryptionScope: null);
public static AppendBlobClient WithCustomerProvidedKey( this AppendBlobClient blob, CustomerProvidedKey customerProvidedKey) => new AppendBlobClient( ToHttps(blob.Uri), blob.Pipeline, blob.Version, blob.ClientDiagnostics, customerProvidedKey, null);
public static PageBlobClient WithCustomerProvidedKey( this PageBlobClient blob, CustomerProvidedKey customerProvidedKey) => new PageBlobClient( ToHttps(blob.Uri), blob.Pipeline, blob.SharedKeyCredential, blob.Version, blob.ClientDiagnostics, customerProvidedKey, null);
/// <summary> /// Creates a new instance of the <see cref="AppendBlobClient"/> class /// with an identical <see cref="Uri"/> source but the specified /// <paramref name="customerProvidedKey"/> customer provided key. /// </summary> /// <param name="customerProvidedKey"> /// The customer provided key to be used by the service to encrypt data. /// </param> /// <returns>A new <see cref="AppendBlobClient"/> instance.</returns> protected sealed override BlobBaseClient WithCustomerProvidedKeyCore(CustomerProvidedKey customerProvidedKey) { var uriBuilder = new UriBuilder(Uri) { Scheme = Constants.Blob.Https, Port = Constants.Blob.HttpsPort }; return(new AppendBlobClient( uriBuilder.Uri, Pipeline, new BlobClientOptions(customerProvidedKey: customerProvidedKey))); }
public void Ctor_CPK_Http() { // Arrange CustomerProvidedKey customerProvidedKey = GetCustomerProvidedKey(); BlobClientOptions blobClientOptions = new BlobClientOptions() { CustomerProvidedKey = customerProvidedKey }; Uri httpUri = new Uri(TestConfigDefault.BlobServiceEndpoint).ToHttp(); // Act TestHelper.AssertExpectedException( () => new AppendBlobClient(httpUri, blobClientOptions), new ArgumentException("Cannot use client-provided key without HTTPS.")); }
public void Ctor_CPK_EncryptionScope() { // Arrange CustomerProvidedKey customerProvidedKey = GetCustomerProvidedKey(); BlobClientOptions blobClientOptions = new BlobClientOptions { CustomerProvidedKey = customerProvidedKey, EncryptionScope = TestConfigDefault.EncryptionScope }; // Act TestHelper.AssertExpectedException( () => new BlobServiceClient(new Uri(TestConfigDefault.BlobServiceEndpoint), blobClientOptions), new ArgumentException("CustomerProvidedKey and EncryptionScope cannot both be set")); }
public async Task CreateAsync_CPK() { await using DisposingContainer test = await GetTestContainerAsync(); // Arrange var blobName = GetNewBlobName(); AppendBlobClient blob = InstrumentClient(test.Container.GetAppendBlobClient(blobName)); CustomerProvidedKey customerProvidedKey = GetCustomerProvidedKey(); blob = InstrumentClient(blob.WithCustomerProvidedKey(customerProvidedKey)); // Act Response <BlobContentInfo> response = await blob.CreateAsync(); // Assert Assert.AreEqual(customerProvidedKey.EncryptionKeyHash, response.Value.EncryptionKeySha256); }
public async Task AppendBlockAsync_CPK() { await using DisposingContainer test = await GetTestContainerAsync(); // Arrange var blobName = GetNewBlobName(); AppendBlobClient blob = InstrumentClient(test.Container.GetAppendBlobClient(blobName)); CustomerProvidedKey customerProvidedKey = GetCustomerProvidedKey(); blob = InstrumentClient(blob.WithCustomerProvidedKey(customerProvidedKey)); var data = GetRandomBuffer(Constants.KB); await blob.CreateAsync(); // Act using var stream = new MemoryStream(data); Response <BlobAppendInfo> response = await blob.AppendBlockAsync( content : stream); // Assert Assert.AreEqual(customerProvidedKey.EncryptionKeyHash, response.Value.EncryptionKeySha256); }
/// <summary> /// Initializes a new instance of the <see cref="AppendBlobClient"/> /// class with an identical <see cref="Uri"/> source but the specified /// <paramref name="customerProvidedKey"/> customer provided key. /// </summary> /// <param name="customerProvidedKey"> /// The customer provided key to be used by the service to encrypt data. /// </param> /// <returns>A new <see cref="AppendBlobClient"/> instance.</returns> public new AppendBlobClient WithCustomerProvidedKey(CustomerProvidedKey customerProvidedKey) => (AppendBlobClient)WithCustomerProvidedKeyCore(customerProvidedKey);
public static PageBlobClient WithCustomerProvidedKey( this PageBlobClient blob, CustomerProvidedKey customerProvidedKey) => new PageBlobClient( ToHttps(blob.Uri), BuildClientConfigurationWithCpk(blob.ClientConfiguration, customerProvidedKey));