internal async Task <(byte[], EncryptionKeyWrapMetadata, InMemoryRawDek)> WrapAsync( string id, byte[] key, string encryptionAlgorithm, EncryptionKeyWrapMetadata metadata, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { EncryptionKeyWrapResult keyWrapResponse; using (diagnosticsContext.CreateScope("WrapDataEncryptionKey")) { keyWrapResponse = await this.DekProvider.EncryptionKeyWrapProvider.WrapKeyAsync(key, metadata, cancellationToken); } // Verify DataEncryptionKeyProperties tempDekProperties = new DataEncryptionKeyProperties(id, encryptionAlgorithm, keyWrapResponse.WrappedDataEncryptionKey, keyWrapResponse.EncryptionKeyWrapMetadata, DateTime.UtcNow); InMemoryRawDek roundTripResponse = await this.UnwrapAsync(tempDekProperties, diagnosticsContext, cancellationToken); if (!roundTripResponse.DataEncryptionKey.RawKey.SequenceEqual(key)) { throw new InvalidOperationException("The key wrapping provider configured was unable to unwrap the wrapped key correctly."); } return(keyWrapResponse.WrappedDataEncryptionKey, keyWrapResponse.EncryptionKeyWrapMetadata, roundTripResponse); }
internal async Task <(DataEncryptionKeyProperties, InMemoryRawDek)> FetchUnwrappedAsync( string id, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { try { DataEncryptionKeyProperties dekProperties = await this.DekProvider.DekCache.GetOrAddDekPropertiesAsync( id, this.ReadResourceAsync, diagnosticsContext, cancellationToken); InMemoryRawDek inMemoryRawDek = await this.DekProvider.DekCache.GetOrAddRawDekAsync( dekProperties, this.UnwrapAsync, diagnosticsContext, cancellationToken); return(dekProperties, inMemoryRawDek); } catch (CosmosException exception) { throw EncryptionExceptionFactory.EncryptionKeyNotFoundException( $"Failed to retrieve Data Encryption Key with id: '{id}'.", exception); } }
internal async Task <(DataEncryptionKeyProperties, InMemoryRawDek)> FetchUnwrappedAsync( string id, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { DataEncryptionKeyProperties dekProperties = await this.DekProvider.DekCache.GetOrAddDekPropertiesAsync( id, this.ReadResourceAsync, diagnosticsContext, cancellationToken); InMemoryRawDek inMemoryRawDek = await this.DekProvider.DekCache.GetOrAddRawDekAsync( dekProperties, this.UnwrapAsync, diagnosticsContext, cancellationToken); return(dekProperties, inMemoryRawDek); }
public async Task <InMemoryRawDek> GetOrAddRawDekAsync( DataEncryptionKeyProperties dekProperties, Func <DataEncryptionKeyProperties, CosmosDiagnosticsContext, CancellationToken, Task <InMemoryRawDek> > unwrapper, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { InMemoryRawDek inMemoryRawDek = await this.RawDekCache.GetAsync( dekProperties.SelfLink, null, () => unwrapper(dekProperties, diagnosticsContext, cancellationToken), cancellationToken); if (inMemoryRawDek.RawDekExpiry <= DateTime.UtcNow) { inMemoryRawDek = await this.RawDekCache.GetAsync( dekProperties.SelfLink, null, () => unwrapper(dekProperties, diagnosticsContext, cancellationToken), cancellationToken, forceRefresh : true); } return(inMemoryRawDek); }
public void SetRawDek(string dekId, InMemoryRawDek inMemoryRawDek) { this.RawDekCache.Set(dekId, inMemoryRawDek); }