public void Should_encrypt_and_decrypt_for_expired_key()
{
var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
var encryptionIV = Encoding.ASCII.GetBytes("GaoKtfQo87igiaks");
var service1 = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new[]
{
encryptionKey1
})
{
EncryptionIV = encryptionIV
};
var encryptedValue = service1.Encrypt("string to encrypt", null);
Assert.AreNotEqual("string to encrypt", encryptedValue.EncryptedBase64Value);
var encryptionKey2 = Encoding.ASCII.GetBytes("vznkynwuvateefgduvsqjsufqfrrfcya");
var service2 = new TestableAesEncryptionService("encryptionKey2", encryptionKey2, new List <byte[]>
{
encryptionKey2,
encryptionKey1
});
var decryptedValue = service2.Decrypt(encryptedValue, null);
Assert.AreEqual("string to encrypt", decryptedValue);
}
public void Should_throw_when_decrypt_with_wrong_key()
{
var usedKey = Encoding.ASCII.GetBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
var service1 = new TestableAesEncryptionService("should-be-ignored-in-next-arrange", usedKey, new List <byte[]>());
var encryptedValue = service1.Encrypt("string to encrypt", null);
Assert.AreNotEqual("string to encrypt", encryptedValue.EncryptedBase64Value);
var unusedExpiredKeys = new List <byte[]>
{
Encoding.ASCII.GetBytes("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"),
Encoding.ASCII.GetBytes("cccccccccccccccccccccccccccccccc")
};
var service2 = new TestableAesEncryptionService("should-be-ignored", usedKey, unusedExpiredKeys);
var exception = Assert.Throws <AggregateException>(() => service2.Decrypt(encryptedValue, null));
Assert.AreEqual("Could not decrypt message. Tried 2 keys.", exception.Message);
Assert.AreEqual(2, exception.InnerExceptions.Count);
foreach (var inner in exception.InnerExceptions)
{
Assert.IsInstanceOf <CryptographicException>(inner);
}
}
public void Encrypt_must_set_header()
{
var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
var service1 = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new List <byte[]>());
Assert.AreEqual(false, service1.OutgoingKeyIdentifierSet);
service1.Encrypt("string to encrypt", null);
Assert.AreEqual(true, service1.OutgoingKeyIdentifierSet);
}
public void Should_encrypt_and_decrypt()
{
var encryptionKey = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
var service = new TestableAesEncryptionService("encryptionKey", encryptionKey, new[]
{
encryptionKey
});
var encryptedValue = service.Encrypt("string to encrypt", null);
Assert.AreNotEqual("string to encrypt", encryptedValue.EncryptedBase64Value);
var decryptedValue = service.Decrypt(encryptedValue, null);
Assert.AreEqual("string to encrypt", decryptedValue);
}
public void Should_throw_informative_exception_when_decryption_fails_with_key_identifier()
{
var keyIdentifier = "encryptionKey1";
var key1 = Encoding.ASCII.GetBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
var service1 = new TestableAesEncryptionService(keyIdentifier, key1, new List <byte[]>());
var encryptedValue = service1.Encrypt("string to encrypt", null);
var key2 = Encoding.ASCII.GetBytes("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
var service2 = new TestableAesEncryptionService(keyIdentifier, key2, new List <byte[]>())
{
IncomingKeyIdentifier = "encryptionKey1"
};
Assert.Catch <InvalidOperationException>(() => { service2.Decrypt(encryptedValue, null); }, "Unable to decrypt property using configured decryption key specified in key identifier header.");
}
public void Decrypt_using_missing_key_identifier_must_throw()
{
var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
var service1 = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new List <byte[]>());
var encryptedValue = service1.Encrypt("string to encrypt", null);
var encryptionKey2 = Encoding.ASCII.GetBytes("vznkynwuvateefgduvsqjsufqfrrfcya");
var expiredKeys = new List <byte[]>
{
Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6")
};
var service2 = new TestableAesEncryptionService("encryptionKey1", encryptionKey2, expiredKeys)
{
IncomingKeyIdentifier = "missingKey"
};
Assert.Catch <InvalidOperationException>(() => { service2.Decrypt(encryptedValue, null); }, "Decryption key not available for key identifier 'missingKey'. Add this key to the rijndael encryption service configuration. Key identifiers are case sensitive.");
}
public void Decrypt_using_key_identifier()
{
var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
var service1 = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new List <byte[]>());
var encryptedValue = service1.Encrypt("string to encrypt", null);
var expiredKeys = new List <byte[]>
{
Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6")
};
var service2 = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, expiredKeys)
{
IncomingKeyIdentifier = "encryptionKey1"
};
var decryptedValue = service2.Decrypt(encryptedValue, null);
Assert.AreEqual("string to encrypt", decryptedValue);
}