public void Protect_NoExpiration_UsesDateTimeOffsetMaxValue()
{
// Should pass DateTimeOffset.MaxValue (utc ticks = 0x2bca2875f4373fff) if no expiration date specified
// Arrange
Mock <IDataProtector> innerProtectorMock = new Mock <IDataProtector>();
innerProtectorMock.Setup(o => o.Protect(new byte[] { 0x2b, 0xca, 0x28, 0x75, 0xf4, 0x37, 0x3f, 0xff, 0x01, 0x02, 0x03, 0x04, 0x05 })).Returns(new byte[] { 0x10, 0x11 });
// Act
var timeLimitedProtector = new TimeLimitedDataProtector(innerProtectorMock.Object);
var protectedPayload = timeLimitedProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 });
// Assert
Assert.Equal(new byte[] { 0x10, 0x11 }, protectedPayload);
}
public void Unprotect_UnprotectOperationFails_HomogenizesExceptionToCryptographicException()
{
// Arrange
// 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
var mockInnerProtector = new Mock <IDataProtector>();
mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Throws(new Exception("How exceptional!"));
var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
// Act & assert
var ex = Assert.Throws <CryptographicException>(()
=> timeLimitedProtector.Unprotect(new byte[] { 0x10, 0x11 }, out var _));
// Assert
Assert.Equal(Resources.CryptCommon_GenericError, ex.Message);
Assert.Equal("How exceptional!", ex.InnerException.Message);
}
public void Unprotect_ProtectedDataMalformed_Fails()
{
// Arrange
// 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
var mockInnerProtector = new Mock <IDataProtector>();
mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Returns(
new byte[] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 /* header too short */
});
var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
// Act & assert
var ex = Assert.Throws <CryptographicException>(()
=> timeLimitedProtector.Unprotect(new byte[] { 0x10, 0x11 }, out var _));
// Assert
Assert.Equal(ExtResources.TimeLimitedDataProtector_PayloadInvalid, ex.Message);
}
public void CreateProtector_And_Protect()
{
// Arrange
// 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
DateTimeOffset expiration = new DateTimeOffset(new DateTime(2000, 1, 1, 0, 0, 0, DateTimeKind.Utc));
Mock <IDataProtector> innerProtectorMock = new Mock <IDataProtector>();
innerProtectorMock.Setup(o => o.Protect(new byte[] { 0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 })).Returns(new byte[] { 0x10, 0x11 });
Mock <IDataProtector> outerProtectorMock = new Mock <IDataProtector>();
outerProtectorMock.Setup(p => p.CreateProtector("new purpose")).Returns(innerProtectorMock.Object);
// Act
var timeLimitedProtector = new TimeLimitedDataProtector(outerProtectorMock.Object);
var subProtector = timeLimitedProtector.CreateProtector("new purpose");
var protectedPayload = subProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 }, expiration);
// Assert
Assert.Equal(new byte[] { 0x10, 0x11 }, protectedPayload);
}
public void RoundTrip_ProtectedData()
{
// Arrange
var ephemeralProtector = new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("my purpose");
var timeLimitedProtector = new TimeLimitedDataProtector(ephemeralProtector);
var expectedExpiration = StringToDateTime("2020-01-01 00:00:00Z");
// Act
byte[] ephemeralProtectedPayload = ephemeralProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04 });
byte[] timeLimitedProtectedPayload = timeLimitedProtector.Protect(new byte[] { 0x11, 0x22, 0x33, 0x44 }, expectedExpiration);
// Assert
Assert.Equal(
new byte[] { 0x11, 0x22, 0x33, 0x44 },
timeLimitedProtector.UnprotectCore(timeLimitedProtectedPayload, StringToDateTime("2010-01-01 00:00:00Z"), out var actualExpiration));
Assert.Equal(expectedExpiration, actualExpiration);
// the two providers shouldn't be able to talk to one another (due to the purpose chaining)
Assert.Throws <CryptographicException>(() => ephemeralProtector.Unprotect(timeLimitedProtectedPayload));
Assert.Throws <CryptographicException>(() => timeLimitedProtector.Unprotect(ephemeralProtectedPayload, out actualExpiration));
}
public void Protect_LifetimeNotSpecified_UsesInfiniteLifetime()
{
// Arrange
// 0x2bca2875f4373fff is the representation of DateTimeOffset.MaxValue.
DateTimeOffset expiration = StringToDateTime("2000-01-01 00:00:00Z");
var mockInnerProtector = new Mock <IDataProtector>();
mockInnerProtector.Setup(o => o.CreateProtector("new purpose").CreateProtector(TimeLimitedPurposeString).Protect(
new byte[] {
0x2b, 0xca, 0x28, 0x75, 0xf4, 0x37, 0x3f, 0xff, /* header */
0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
})).Returns(new byte[] { 0x10, 0x11 });
var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
// Act
var subProtector = timeLimitedProtector.CreateProtector("new purpose");
var protectedPayload = subProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 });
// Assert
Assert.Equal(new byte[] { 0x10, 0x11 }, protectedPayload);
}
public void Protect_LifetimeSpecified()
{
// Arrange
// 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
DateTimeOffset expiration = StringToDateTime("2000-01-01 00:00:00Z");
var mockInnerProtector = new Mock <IDataProtector>();
mockInnerProtector.Setup(o => o.CreateProtector("new purpose").CreateProtector(TimeLimitedPurposeString).Protect(
new byte[] {
0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, /* header */
0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
})).Returns(new byte[] { 0x10, 0x11 });
var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
// Act
var subProtector = timeLimitedProtector.CreateProtector("new purpose");
var protectedPayload = subProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 }, expiration);
// Assert
Assert.Equal(new byte[] { 0x10, 0x11 }, protectedPayload);
}
public void Unprotect_PayloadHasExpired_Fails()
{
// Arrange
// 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
DateTimeOffset expectedExpiration = StringToDateTime("2000-01-01 00:00:00Z");
DateTimeOffset now = StringToDateTime("2001-01-01 00:00:00Z");
var mockInnerProtector = new Mock <IDataProtector>();
mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Returns(
new byte[] {
0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, /* header */
0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
});
var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
// Act & assert
var ex = Assert.Throws <CryptographicException>(()
=> timeLimitedProtector.UnprotectCore(new byte[] { 0x10, 0x11 }, now, out var _));
// Assert
Assert.Equal(ExtResources.FormatTimeLimitedDataProtector_PayloadExpired(expectedExpiration), ex.Message);
}
public void Unprotect_WithinPayloadValidityPeriod_Success()
{
// Arrange
// 0x08c1220247e44000 is the representation of midnight 2000-01-01 UTC.
DateTimeOffset expectedExpiration = StringToDateTime("2000-01-01 00:00:00Z");
DateTimeOffset now = StringToDateTime("1999-01-01 00:00:00Z");
var mockInnerProtector = new Mock <IDataProtector>();
mockInnerProtector.Setup(o => o.CreateProtector(TimeLimitedPurposeString).Unprotect(new byte[] { 0x10, 0x11 })).Returns(
new byte[] {
0x08, 0xc1, 0x22, 0x02, 0x47, 0xe4, 0x40, 0x00, /* header */
0x01, 0x02, 0x03, 0x04, 0x05 /* payload */
});
var timeLimitedProtector = new TimeLimitedDataProtector(mockInnerProtector.Object);
// Act
var retVal = timeLimitedProtector.UnprotectCore(new byte[] { 0x10, 0x11 }, now, out var actualExpiration);
// Assert
Assert.Equal(expectedExpiration, actualExpiration);
Assert.Equal(new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 }, retVal);
}