public static async Task ClassInitialize(TestContext context) { EncryptionTests.client = EncryptionTests.GetClient(); EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); EncryptionTests.container = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); EncryptionTests.containerCore = (ContainerInlineCore)EncryptionTests.container; EncryptionTests.dekProperties = await CreateDekAsync(EncryptionTests.databaseCore, EncryptionTests.dekId); }
public async Task DecryptQueryResultDifferentDeksTest() { string dekId1 = "mydek1"; EncryptionTests.dekProperties = await CreateDekAsync(EncryptionTests.databaseCore, dekId1); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, dekId1, TestDoc.PathsToEncrypt); await ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.containerCore, testDoc1, testDoc2); }
private static async Task <DataEncryptionKeyProperties> CreateDekAsync(DatabaseCore databaseCore, string dekId) { DataEncryptionKeyResponse dekResponse = await databaseCore.CreateDataEncryptionKeyAsync( dekId, CosmosEncryptionAlgorithm.AE_AES_256_CBC_HMAC_SHA_256_RANDOMIZED, EncryptionTests.metadata1); Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode); Assert.IsTrue(dekResponse.RequestCharge > 0); Assert.IsNotNull(dekResponse.ETag); DataEncryptionKeyProperties dekProperties = dekResponse.Resource; Assert.AreEqual(dekResponse.ETag, dekProperties.ETag); Assert.AreEqual(dekId, dekProperties.Id); return(dekProperties); }
private static async Task <DataEncryptionKeyProperties> CreateDekAsync(CosmosDataEncryptionKeyProvider dekProvider, string dekId) { ItemResponse <DataEncryptionKeyProperties> dekResponse = await dekProvider.DataEncryptionKeyContainer.CreateDataEncryptionKeyAsync( dekId, CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, EncryptionTests.metadata1); Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode); Assert.IsTrue(dekResponse.RequestCharge > 0); Assert.IsNotNull(dekResponse.ETag); DataEncryptionKeyProperties dekProperties = dekResponse.Resource; Assert.AreEqual(dekResponse.ETag, dekProperties.ETag); Assert.AreEqual(dekId, dekProperties.Id); return(dekProperties); }
private static DataEncryptionKeyProperties VerifyDekResponse( ItemResponse <DataEncryptionKeyProperties> dekResponse, string dekId) { Assert.IsTrue(dekResponse.RequestCharge > 0); Assert.IsNotNull(dekResponse.ETag); DataEncryptionKeyProperties dekProperties = dekResponse.Resource; Assert.IsNotNull(dekProperties); Assert.AreEqual(dekResponse.ETag, dekProperties.ETag); Assert.AreEqual(dekId, dekProperties.Id); Assert.IsNotNull(dekProperties.SelfLink); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); return(dekProperties); }
public static async Task ClassInitialize(TestContext context) { EncryptionTests.dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); EncryptionTests.encryptor = new TestEncryptor(EncryptionTests.dekProvider); EncryptionTests.client = EncryptionTests.GetClient(); EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); EncryptionTests.keyContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400); await EncryptionTests.dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id); EncryptionTests.itemContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); EncryptionTests.itemContainerCore = (ContainerInlineCore)EncryptionTests.itemContainer; EncryptionTests.dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, EncryptionTests.dekId); }
public async Task ClassInitialize(TestContext context) { EncryptionContainerTests.dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); EncryptionContainerTests.encryptor = new TestEncryptor(EncryptionContainerTests.dekProvider); EncryptionContainerTests.client = TestCommon.CreateCosmosClient(); EncryptionContainerTests.database = await EncryptionContainerTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); EncryptionContainerTests.keyContainer = await EncryptionContainerTests.database.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400); await EncryptionContainerTests.dekProvider.InitializeAsync(EncryptionContainerTests.database, EncryptionContainerTests.keyContainer.Id); EncryptionContainerTests.itemContainer = await EncryptionContainerTests.database.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); EncryptionContainerTests.propertyEncryptionContainer = EncryptionContainerTests.itemContainer.WithPropertyEncryptor(encryptor, EncryptionContainerTests.PathsToEncrypt); EncryptionContainerTests.pdekProperties = await EncryptionContainerTests.CreatePropertyDekAsync(EncryptionContainerTests.dekProvider, EncryptionContainerTests.pdekId); EncryptionContainerTests.twoPropertyEncryptionContainer = EncryptionContainerTests.itemContainer.WithPropertyEncryptor(encryptor, EncryptionContainerTests.PathsToEncrypt3); EncryptionContainerTests.twoPropertyOneDekEncryptionContainer = EncryptionContainerTests.itemContainer.WithPropertyEncryptor(encryptor, EncryptionContainerTests.PathsToEncrypt4); }
public async Task EncryptionCreateDek() { string dekId = "anotherDek"; DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.databaseCore, dekId); Assert.IsNotNull(dekProperties); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); Assert.IsNotNull(dekProperties.SelfLink); Assert.IsNotNull(dekProperties.ResourceId); // Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime); Assert.AreEqual( new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix), dekProperties.EncryptionKeyWrapMetadata); // Use a different client instance to avoid (unintentional) cache impact using (CosmosClient client = EncryptionTests.GetClient()) { DataEncryptionKeyProperties readProperties = await((DatabaseCore)(DatabaseInlineCore)client.GetDatabase(EncryptionTests.databaseCore.Id)).GetDataEncryptionKey(dekId).ReadAsync(); Assert.AreEqual(dekProperties, readProperties); } }
public async Task EncryptionCreateDek() { string dekId = "anotherDek"; DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId); Assert.IsNotNull(dekProperties); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); Assert.IsNotNull(dekProperties.SelfLink); // Assert.IsNotNull(dekProperties.ResourceId); // Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime); Assert.AreEqual( new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix), dekProperties.EncryptionKeyWrapMetadata); // Use different DEK provider to avoid (unintentional) cache impact CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); await dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id); DataEncryptionKeyProperties readProperties = await dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(dekId); Assert.AreEqual(dekProperties, readProperties); }
public async Task EncryptionResourceTokenAuthAllowed() { User keyManagerUser = EncryptionTests.databaseCore.GetUser(Guid.NewGuid().ToString()); await EncryptionTests.databaseCore.CreateUserAsync(keyManagerUser.Id); PermissionProperties keyManagerUserPermission = await keyManagerUser.CreatePermissionAsync( new PermissionProperties(Guid.NewGuid().ToString(), PermissionMode.All, EncryptionTests.keyContainer)); CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); TestEncryptor encryptor = new TestEncryptor(dekProvider); (string endpoint, string _) = TestCommon.GetAccountInfo(); CosmosClient clientForKeyManagerUser = new CosmosClientBuilder(endpoint, keyManagerUserPermission.Token) .WithEncryptor(encryptor) .Build(); Database databaseForKeyManagerUser = clientForKeyManagerUser.GetDatabase(EncryptionTests.databaseCore.Id); await dekProvider.InitializeAsync(databaseForKeyManagerUser, EncryptionTests.keyContainer.Id); DataEncryptionKeyProperties readDekProperties = await dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(EncryptionTests.dekId); Assert.AreEqual(EncryptionTests.dekProperties, readDekProperties); }