public async Task EncryptionBulkCrud()
{
TestDoc docToReplace = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt);
docToReplace.NonSensitive = Guid.NewGuid().ToString();
docToReplace.Sensitive = Guid.NewGuid().ToString();
TestDoc docToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt);
docToUpsert.NonSensitive = Guid.NewGuid().ToString();
docToUpsert.Sensitive = Guid.NewGuid().ToString();
TestDoc docToDelete = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt);
(string endpoint, string authKey) = TestCommon.GetAccountInfo();
CosmosClient clientWithBulk = new CosmosClientBuilder(endpoint, authKey)
.WithEncryptionKeyWrapProvider(new TestKeyWrapProvider())
.WithBulkExecution(true)
.Build();
DatabaseCore databaseWithBulk = (DatabaseInlineCore)clientWithBulk.GetDatabase(EncryptionTests.databaseCore.Id);
ContainerCore containerWithBulk = (ContainerInlineCore)databaseWithBulk.GetContainer(EncryptionTests.container.Id);
List <Task> tasks = new List <Task>();
tasks.Add(EncryptionTests.CreateItemAsync(containerWithBulk, EncryptionTests.dekId, TestDoc.PathsToEncrypt));
tasks.Add(EncryptionTests.UpsertItemAsync(containerWithBulk, TestDoc.Create(), EncryptionTests.dekId, TestDoc.PathsToEncrypt, HttpStatusCode.Created));
tasks.Add(EncryptionTests.ReplaceItemAsync(containerWithBulk, docToReplace, EncryptionTests.dekId, TestDoc.PathsToEncrypt));
tasks.Add(EncryptionTests.UpsertItemAsync(containerWithBulk, docToUpsert, EncryptionTests.dekId, TestDoc.PathsToEncrypt, HttpStatusCode.OK));
tasks.Add(EncryptionTests.DeleteItemAsync(containerWithBulk, docToDelete));
await Task.WhenAll(tasks);
}
public async Task InvalidPathToEncrypt()
{
TestDoc testDoc = TestDoc.Create();
List <EncryptionOptions> propertyEncryptionOptionsWithInvalidPath = new List <EncryptionOptions>();
propertyEncryptionOptionsWithInvalidPath.Add(
new EncryptionOptions()
{
DataEncryptionKeyId = PropertyEncryptionProcessorTests.pdekId,
EncryptionAlgorithm = CosmosEncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256,
PathsToEncrypt = new List <string>()
{
"/Name", "/Invalid"
}
});
try
{
await PropertyEncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
PropertyEncryptionProcessorTests.mockEncryptor.Object,
propertyEncryptionOptionsWithInvalidPath,
new CosmosDiagnosticsContext(),
CancellationToken.None);
Assert.Fail("Invalid path to encrypt didn't result in exception.");
}
catch (ArgumentException ex)
{
Assert.AreEqual("PathsToEncrypt includes a path: '/Invalid' which was not found.", ex.Message);
}
}
public async Task GetItemQuery()
{
TestDoc testDoc = TestDoc.Create();
ItemResponse <TestDoc> createResponseb = await EncryptionContainerTests.propertyEncryptionContainer.CreateItemAsync(
testDoc, new PartitionKey(testDoc.PK));
TestDoc expectedDoc = new TestDoc(testDoc);
await EncryptionContainerTests.ValidateQueryResultsAsync(
EncryptionContainerTests.propertyEncryptionContainer,
"SELECT * FROM c",
expectedDoc);
await EncryptionContainerTests.ValidateQueryResultsAsync(
EncryptionContainerTests.propertyEncryptionContainer,
string.Format(
"SELECT * FROM c where c.Name = {0}",
expectedDoc.Name),
expectedDoc);
await EncryptionContainerTests.ValidateQueryResultsAsync(
EncryptionContainerTests.propertyEncryptionContainer,
queryDefinition : new QueryDefinition(
"select * from c where c.Name = @Name")
.WithParameter("@Name", expectedDoc.Name),
expectedDoc : expectedDoc);
}
public async Task EncryptionCreateItemWithoutEncryptionOptions()
{
TestDoc testDoc = TestDoc.Create();
ItemResponse <TestDoc> createResponse = await EncryptionTests.containerCore.CreateItemAsync(
testDoc,
new PartitionKey(testDoc.PK));
Assert.AreEqual(HttpStatusCode.Created, createResponse.StatusCode);
Assert.AreEqual(testDoc, createResponse.Resource);
}
public async Task CreateItemWith2Property1DekEncr()
{
TestDoc testDoc = TestDoc.Create();
ItemResponse <TestDoc> createResponse = await EncryptionContainerTests.twoPropertyOneDekEncryptionContainer.CreateItemAsync(
testDoc, new PartitionKey(testDoc.PK));
await EncryptionContainerTests.VerifyItemByReadAsync(EncryptionContainerTests.twoPropertyOneDekEncryptionContainer, testDoc);
await EncryptionContainerTests.VerifyItemByReadStreamAsync(EncryptionContainerTests.twoPropertyOneDekEncryptionContainer, testDoc);
}
public async Task CreateStreamItemWithPropertyEncr()
{
TestDoc testDoc = TestDoc.Create();
Stream testStream = testDoc.ToStream();
await EncryptionContainerTests.propertyEncryptionContainer.CreateItemStreamAsync(
testStream, new PartitionKey(testDoc.PK));
await EncryptionContainerTests.VerifyItemByReadAsync(EncryptionContainerTests.propertyEncryptionContainer, testDoc);
await EncryptionContainerTests.VerifyItemByReadStreamAsync(EncryptionContainerTests.propertyEncryptionContainer, testDoc);
}
public async Task CreateItemWithPropertyEncr()
{
TestDoc testDoc = TestDoc.Create();
ItemResponse <TestDoc> createResponse = await EncryptionContainerTests.propertyEncryptionContainer.CreateItemAsync(
testDoc, new PartitionKey(testDoc.PK));
await EncryptionContainerTests.VerifyItemByReadAsync(EncryptionContainerTests.propertyEncryptionContainer, testDoc);
await EncryptionContainerTests.VerifyItemByReadStreamAsync(EncryptionContainerTests.propertyEncryptionContainer, testDoc);
Assert.AreNotEqual(createResponse.Resource.Name, testDoc.Name);
}
private static async Task <ItemResponse <TestDoc> > CreateItemAsync(
ContainerCore containerCore,
string dekId,
List <string> pathsToEncrypt)
{
TestDoc testDoc = TestDoc.Create();
ItemResponse <TestDoc> createResponse = await containerCore.CreateItemAsync(
testDoc,
new PartitionKey(testDoc.PK),
EncryptionTests.GetRequestOptions(containerCore, dekId, pathsToEncrypt));
Assert.AreEqual(HttpStatusCode.Created, createResponse.StatusCode);
Assert.AreEqual(testDoc, createResponse.Resource);
return(createResponse);
}
public async Task EncryptDecryptPropertyWithNullValue()
{
TestDoc testDoc = TestDoc.Create();
JObject encryptedDoc = await PropertyEncryptionProcessorTests.VerifyEncryptionSucceeded(testDoc);
JObject decryptedDoc = await PropertyEncryptionProcessor.DecryptAsync(
encryptedDoc,
PropertyEncryptionProcessorTests.mockEncryptor.Object,
new CosmosDiagnosticsContext(),
PathsToEncrypt,
CancellationToken.None);
PropertyEncryptionProcessorTests.VerifyDecryptionSucceeded(
decryptedDoc,
testDoc);
}
public async Task EncryptionRudItem()
{
TestDoc testDoc = await EncryptionTests.UpsertItemAsync(
EncryptionTests.containerCore,
TestDoc.Create(),
EncryptionTests.dekId,
TestDoc.PathsToEncrypt,
HttpStatusCode.Created);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, testDoc);
testDoc.NonSensitive = Guid.NewGuid().ToString();
testDoc.Sensitive = Guid.NewGuid().ToString();
ItemResponse <TestDoc> upsertResponse = await EncryptionTests.UpsertItemAsync(
EncryptionTests.containerCore,
testDoc,
EncryptionTests.dekId,
TestDoc.PathsToEncrypt,
HttpStatusCode.OK);
TestDoc updatedDoc = upsertResponse.Resource;
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, updatedDoc);
updatedDoc.NonSensitive = Guid.NewGuid().ToString();
updatedDoc.Sensitive = Guid.NewGuid().ToString();
TestDoc replacedDoc = await EncryptionTests.ReplaceItemAsync(
EncryptionTests.containerCore,
updatedDoc,
EncryptionTests.dekId,
TestDoc.PathsToEncrypt,
upsertResponse.ETag);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, replacedDoc);
await EncryptionTests.DeleteItemAsync(EncryptionTests.containerCore, replacedDoc);
}
public async Task EncryptionRestrictedProperties()
{
TestDoc testDoc = TestDoc.Create();
try
{
await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, new List <string>() { "/id" });
Assert.Fail("Expected item creation with id specified to be encrypted to fail.");
}
catch (CosmosException ex) when(ex.StatusCode == HttpStatusCode.BadRequest)
{
}
try
{
await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, new List <string>() { "/PK" });
Assert.Fail("Expected item creation with PK specified to be encrypted to fail.");
}
catch (CosmosException ex) when(ex.StatusCode == HttpStatusCode.BadRequest)
{
}
}
public async Task ValidateDecryptStream()
{
TestDoc testDoc = TestDoc.Create();
Stream encryptedStream = await PropertyEncryptionProcessor.EncryptAsync(
testDoc.ToStream(),
PropertyEncryptionProcessorTests.mockEncryptor.Object,
PropertyEncryptionProcessorTests.propertyEncryptionOptions,
new CosmosDiagnosticsContext(),
CancellationToken.None);
Stream decryptedStream = await PropertyEncryptionProcessor.DecryptAsync(
encryptedStream,
PropertyEncryptionProcessorTests.mockEncryptor.Object,
new CosmosDiagnosticsContext(),
PropertyEncryptionProcessorTests.PathsToEncrypt,
CancellationToken.None);
JObject decryptedDoc = PropertyEncryptionProcessor.BaseSerializer.FromStream <JObject>(decryptedStream);
PropertyEncryptionProcessorTests.VerifyDecryptionSucceeded(
decryptedDoc,
testDoc);
}
public async Task EncryptionTransactionBatchCrud()
{
string partitionKey = "thePK";
string dek1 = EncryptionTests.dekId;
string dek2 = "dek2Forbatch";
await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dek2);
TestDoc doc1ToCreate = TestDoc.Create(partitionKey);
TestDoc doc2ToCreate = TestDoc.Create(partitionKey);
TestDoc doc3ToCreate = TestDoc.Create(partitionKey);
ItemResponse <TestDoc> doc1ToReplaceCreateResponse = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey);
TestDoc doc1ToReplace = doc1ToReplaceCreateResponse.Resource;
doc1ToReplace.NonSensitive = Guid.NewGuid().ToString();
doc1ToReplace.Sensitive = Guid.NewGuid().ToString();
TestDoc doc2ToReplace = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey);
doc2ToReplace.NonSensitive = Guid.NewGuid().ToString();
doc2ToReplace.Sensitive = Guid.NewGuid().ToString();
TestDoc doc1ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey);
doc1ToUpsert.NonSensitive = Guid.NewGuid().ToString();
doc1ToUpsert.Sensitive = Guid.NewGuid().ToString();
TestDoc doc2ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey);
doc2ToUpsert.NonSensitive = Guid.NewGuid().ToString();
doc2ToUpsert.Sensitive = Guid.NewGuid().ToString();
TestDoc docToDelete = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey);
TransactionalBatchResponse batchResponse = await EncryptionTests.itemContainer.CreateTransactionalBatch(new Cosmos.PartitionKey(partitionKey))
.CreateItem(doc1ToCreate, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt))
.CreateItemStream(doc2ToCreate.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt))
.ReplaceItem(doc1ToReplace.Id, doc1ToReplace, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, doc1ToReplaceCreateResponse.ETag))
.CreateItem(doc3ToCreate)
.ReplaceItemStream(doc2ToReplace.Id, doc2ToReplace.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt))
.UpsertItem(doc1ToUpsert, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt))
.DeleteItem(docToDelete.Id)
.UpsertItemStream(doc2ToUpsert.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt))
.ExecuteAsync();
Assert.AreEqual(HttpStatusCode.OK, batchResponse.StatusCode);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToCreate);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToCreate);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc3ToCreate);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToReplace);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToReplace);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToUpsert);
await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToUpsert);
ResponseMessage readResponseMessage = await EncryptionTests.itemContainer.ReadItemStreamAsync(docToDelete.Id, new PartitionKey(docToDelete.PK));
Assert.AreEqual(HttpStatusCode.NotFound, readResponseMessage.StatusCode);
}