public async Task EncryptionUTRewrapDekWithoutEncryptionSerializer() { string dekId = "mydek"; EncryptionTestHandler testHandler = new EncryptionTestHandler(); // Create a DEK using a properly setup client first Container container = this.GetContainerWithMockSetup(testHandler); DatabaseCore databaseWithSerializer = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database; DataEncryptionKeyResponse dekResponse = await databaseWithSerializer.CreateDataEncryptionKeyAsync(dekId, EncryptionUnitTests.Algo, this.metadata1); Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode); // Clear the handler pipeline that would have got setup testHandler.InnerHandler = null; // Ensure rewrap for this key fails on improperly configured client try { DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)this.GetContainer(testHandler)).Database; DataEncryptionKey dek = database.GetDataEncryptionKey(dekId); await dek.RewrapAsync(this.metadata2); Assert.Fail(); } catch (ArgumentException ex) { Assert.AreEqual(ClientResources.EncryptionKeyWrapProviderNotConfigured, ex.Message); } }
public async Task EncryptionUTRewrapDek() { Container container = this.GetContainerWithMockSetup(); DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database; string dekId = "mydek"; DataEncryptionKeyResponse createResponse = await database.CreateDataEncryptionKeyAsync(dekId, EncryptionUnitTests.Algo, this.metadata1); DataEncryptionKeyProperties createdProperties = createResponse.Resource; Assert.AreEqual(HttpStatusCode.Created, createResponse.StatusCode); this.VerifyWrap(this.dek, this.metadata1); DataEncryptionKey dek = database.GetDataEncryptionKey(dekId); DataEncryptionKeyResponse rewrapResponse = await dek.RewrapAsync(this.metadata2); DataEncryptionKeyProperties rewrappedProperties = rewrapResponse.Resource; Assert.IsNotNull(rewrappedProperties); Assert.AreEqual(dekId, rewrappedProperties.Id); Assert.AreEqual(createdProperties.CreatedTime, rewrappedProperties.CreatedTime); Assert.IsNotNull(rewrappedProperties.LastModified); Assert.AreEqual(createdProperties.ResourceId, rewrappedProperties.ResourceId); Assert.AreEqual(createdProperties.SelfLink, rewrappedProperties.SelfLink); IEnumerable <byte> expectedRewrappedKey = this.dek.Select(b => (byte)(b + 2)); Assert.IsTrue(expectedRewrappedKey.SequenceEqual(rewrappedProperties.WrappedDataEncryptionKey)); Assert.AreEqual(new EncryptionKeyWrapMetadata(this.metadata2.Value + this.metadataUpdateSuffix), rewrappedProperties.EncryptionKeyWrapMetadata); Assert.AreEqual(2, this.testHandler.Received.Count); RequestMessage rewrapRequestMessage = this.testHandler.Received[1]; Assert.AreEqual(ResourceType.ClientEncryptionKey, rewrapRequestMessage.ResourceType); Assert.AreEqual(OperationType.Replace, rewrapRequestMessage.OperationType); Assert.AreEqual(createResponse.ETag, rewrapRequestMessage.Headers[HttpConstants.HttpHeaders.IfMatch]); Assert.IsTrue(this.testHandler.Deks.ContainsKey(dekId)); DataEncryptionKeyProperties serverDekProperties = this.testHandler.Deks[dekId]; Assert.IsTrue(serverDekProperties.Equals(rewrappedProperties)); this.VerifyWrap(this.dek, this.metadata2); this.mockKeyWrapProvider.VerifyNoOtherCalls(); }