public async Task InvalidPathToEncrypt() { TestDoc testDoc = TestDoc.Create(); EncryptionOptions encryptionOptionsWithInvalidPathToEncrypt = new EncryptionOptions() { DataEncryptionKeyId = EncryptionProcessorTests.dekId, EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, PathsToEncrypt = new List <string>() { "/SensitiveStr", "/Invalid" } }; try { await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), EncryptionProcessorTests.mockEncryptor.Object, encryptionOptionsWithInvalidPathToEncrypt, new CosmosDiagnosticsContext(), CancellationToken.None); Assert.Fail("Invalid path to encrypt didn't result in exception."); } catch (ArgumentException ex) { Assert.AreEqual("PathsToEncrypt includes a path: '/Invalid' which was not found.", ex.Message); } }
private static async Task <JObject> VerifyEncryptionSucceeded(TestDoc testDoc) { Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), EncryptionProcessorTests.mockEncryptor.Object, EncryptionProcessorTests.encryptionOptions, new CosmosDiagnosticsContext(), CancellationToken.None); JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream); Assert.AreEqual(testDoc.Id, encryptedDoc.Property("id").Value.Value <string>()); Assert.AreEqual(testDoc.PK, encryptedDoc.Property(nameof(TestDoc.PK)).Value.Value <string>()); Assert.AreEqual(testDoc.NonSensitive, encryptedDoc.Property(nameof(TestDoc.NonSensitive)).Value.Value <string>()); Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveStr))); Assert.IsNull(encryptedDoc.Property(nameof(TestDoc.SensitiveInt))); JProperty eiJProp = encryptedDoc.Property(Constants.EncryptedInfo); Assert.IsNotNull(eiJProp); Assert.IsNotNull(eiJProp.Value); Assert.AreEqual(JTokenType.Object, eiJProp.Value.Type); EncryptionProperties encryptionProperties = ((JObject)eiJProp.Value).ToObject <EncryptionProperties>(); Assert.IsNotNull(encryptionProperties); Assert.AreEqual(EncryptionProcessorTests.dekId, encryptionProperties.DataEncryptionKeyId); Assert.AreEqual(2, encryptionProperties.EncryptionFormatVersion); Assert.IsNotNull(encryptionProperties.EncryptedData); return(encryptedDoc); }
public async Task ValidateDecryptStream() { TestDoc testDoc = TestDoc.Create(); Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), MdeEncryptionProcessorTests.mockEncryptor.Object, MdeEncryptionProcessorTests.encryptionOptions, new CosmosDiagnosticsContext(), CancellationToken.None); (Stream decryptedStream, DecryptionContext decryptionContext) = await EncryptionProcessor.DecryptAsync( encryptedStream, MdeEncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); JObject decryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(decryptedStream); MdeEncryptionProcessorTests.VerifyDecryptionSucceeded( decryptedDoc, testDoc, TestDoc.PathsToEncrypt.Count, decryptionContext); }
public async Task DuplicatePathToEncrypt() { TestDoc testDoc = TestDoc.Create(); EncryptionOptions encryptionOptionsWithDuplicatePathToEncrypt = new EncryptionOptions() { DataEncryptionKeyId = MdeEncryptionProcessorTests.dekId, EncryptionAlgorithm = CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, PathsToEncrypt = new List <string>() { "/SensitiveStr", "/SensitiveStr" } }; try { await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), MdeEncryptionProcessorTests.mockEncryptor.Object, encryptionOptionsWithDuplicatePathToEncrypt, new CosmosDiagnosticsContext(), CancellationToken.None); Assert.Fail("Duplicate paths in PathToEncrypt didn't result in exception."); } catch (InvalidOperationException ex) { Assert.AreEqual("Duplicate paths in PathsToEncrypt passed via EncryptionOptions.", ex.Message); } }
public async Task InvalidPathToEncrypt() { TestDoc testDoc = TestDoc.Create(); EncryptionOptions encryptionOptionsWithInvalidPathToEncrypt = new EncryptionOptions() { DataEncryptionKeyId = LegacyEncryptionProcessorTests.dekId, EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized, PathsToEncrypt = new List <string>() { "/SensitiveStr", "/Invalid" } }; Stream encryptedStream = await EncryptionProcessor.EncryptAsync( testDoc.ToStream(), LegacyEncryptionProcessorTests.mockEncryptor.Object, encryptionOptionsWithInvalidPathToEncrypt, new CosmosDiagnosticsContext(), CancellationToken.None); JObject encryptedDoc = EncryptionProcessor.BaseSerializer.FromStream <JObject>(encryptedStream); (JObject decryptedDoc, DecryptionContext decryptionContext) = await EncryptionProcessor.DecryptAsync( encryptedDoc, LegacyEncryptionProcessorTests.mockEncryptor.Object, new CosmosDiagnosticsContext(), CancellationToken.None); LegacyEncryptionProcessorTests.VerifyDecryptionSucceeded( decryptedDoc, testDoc, 1, decryptionContext, invalidPathsConfigured: true); }