public void TableQueryProjectionEncryptionNoSelect() { // Insert Entity EncryptedBaseEntity ent1 = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() }; ent1.Populate(); EncryptedBaseEntity ent2 = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() }; ent2.Populate(); // Create the Key to be used for wrapping. SymmetricKey aesKey = new SymmetricKey("symencryptionkey"); TableRequestOptions options = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(aesKey, null) }; currentTable.Execute(TableOperation.Insert(ent1), options, null); currentTable.Execute(TableOperation.Insert(ent2), options, null); tableClient.DefaultRequestOptions.PayloadFormat = TablePayloadFormat.Json; // Create the resolver to be used for unwrapping. DictionaryKeyResolver resolver = new DictionaryKeyResolver(); resolver.Add(aesKey); TableEncryptionPolicy encryptionPolicy = new TableEncryptionPolicy(null, resolver); IEnumerable<EncryptedBaseEntity> entities = null; CloudTableClient encryptingTableClient = new CloudTableClient(this.tableClient.StorageUri, this.tableClient.Credentials); encryptingTableClient.DefaultRequestOptions.EncryptionPolicy = encryptionPolicy; encryptingTableClient.DefaultRequestOptions.RequireEncryption = true; entities = encryptingTableClient.GetTableReference(currentTable.Name).CreateQuery<EncryptedBaseEntity>().Select(ent => ent); foreach (EncryptedBaseEntity ent in entities) { ent.Validate(); } }
public void TableQueryPOCOProjectionEncryption() { // Insert Entity EncryptedBaseEntity ent1 = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() }; ent1.Populate(); EncryptedBaseEntity ent2 = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() }; ent2.Populate(); // Create the Key to be used for wrapping. SymmetricKey aesKey = new SymmetricKey("symencryptionkey"); TableRequestOptions options = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(aesKey, null) }; currentTable.Execute(TableOperation.Insert(ent1), options, null); currentTable.Execute(TableOperation.Insert(ent2), options, null); // Query with different payload formats. DoTableQueryPOCOProjectionEncryption(TablePayloadFormat.Json, aesKey); DoTableQueryPOCOProjectionEncryption(TablePayloadFormat.JsonNoMetadata, aesKey); DoTableQueryPOCOProjectionEncryption(TablePayloadFormat.JsonFullMetadata, aesKey); DoTableQueryPOCOProjectionEncryption(TablePayloadFormat.AtomPub, aesKey); }
private void DoInsertPOCOEntityEncryptionWithAttributes(TablePayloadFormat format) { tableClient.DefaultRequestOptions.PayloadFormat = format; // Insert Entity EncryptedBaseEntity ent = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() + format}; ent.Populate(); // Create the Key to be used for wrapping. SymmetricKey aesKey = new SymmetricKey("symencryptionkey"); // Create the resolver to be used for unwrapping. DictionaryKeyResolver resolver = new DictionaryKeyResolver(); resolver.Add(aesKey); TableRequestOptions insertOptions = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(aesKey, null) }; currentTable.Execute(TableOperation.Insert(ent), insertOptions, null); // Retrieve Entity // No need for an encryption resolver while retrieving the entity. TableRequestOptions retrieveOptions = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(null, resolver) }; TableOperation operation = TableOperation.Retrieve<EncryptedBaseEntity>(ent.PartitionKey, ent.RowKey); Assert.IsFalse(operation.IsTableEntity); TableResult result = currentTable.Execute(operation, retrieveOptions, null); EncryptedBaseEntity retrievedEntity = result.Result as EncryptedBaseEntity; Assert.IsNotNull(retrievedEntity); Assert.AreEqual(ent.PartitionKey, retrievedEntity.PartitionKey); Assert.AreEqual(ent.RowKey, retrievedEntity.RowKey); retrievedEntity.Validate(); }
private void DoInsertPOCOEntityEncryptionWithAttributesAndResolver(TablePayloadFormat format) { tableClient.DefaultRequestOptions.PayloadFormat = format; // Insert Entity EncryptedBaseEntity ent = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() + format }; ent.Populate(); // Create the Key to be used for wrapping. SymmetricKey aesKey = new SymmetricKey("symencryptionkey"); // Create the resolver to be used for unwrapping. DictionaryKeyResolver resolver = new DictionaryKeyResolver(); resolver.Add(aesKey); TableRequestOptions insertOptions = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(aesKey, null), EncryptionResolver = (pk, rk, propName) => { if (propName == "B") { return true; } return false; } }; // Since we have specified attributes and resolver, properties A, B and foo will be encrypted. currentTable.Execute(TableOperation.Insert(ent), insertOptions, null); // Retrieve entity without decryption and confirm that all 3 properties were encrypted. // No need for an encryption resolver while retrieving the entity. TableOperation operation = TableOperation.Retrieve<EncryptedBaseEntity>(ent.PartitionKey, ent.RowKey); Assert.IsFalse(operation.IsTableEntity); TableResult result = currentTable.Execute(operation, null, null); EncryptedBaseEntity retrievedEntity = result.Result as EncryptedBaseEntity; Assert.IsNotNull(retrievedEntity); Assert.AreEqual(ent.PartitionKey, retrievedEntity.PartitionKey); Assert.AreEqual(ent.RowKey, retrievedEntity.RowKey); // Since we store encrypted properties as byte arrays, if a POCO entity is being read as-is, odata will not assign the binary // values to strings. In JSON no metadata, the service does not return the types and the client lib does the parsing and reads the // base64 encoded string as-is. if (format == TablePayloadFormat.JsonNoMetadata) { Assert.IsNotNull(retrievedEntity.foo); Assert.IsNotNull(retrievedEntity.A); Assert.IsNotNull(retrievedEntity.B); Assert.AreEqual(ent.foo.GetType(), retrievedEntity.foo.GetType()); Assert.AreEqual(ent.A.GetType(), retrievedEntity.A.GetType()); Assert.AreEqual(ent.B.GetType(), retrievedEntity.B.GetType()); } else { Assert.IsNull(retrievedEntity.foo); Assert.IsNull(retrievedEntity.A); Assert.IsNull(retrievedEntity.B); } // Retrieve entity without decryption and confirm that all 3 properties were encrypted. // No need for an encryption resolver while retrieving the entity. operation = TableOperation.Retrieve<DynamicTableEntity>(ent.PartitionKey, ent.RowKey); Assert.IsFalse(operation.IsTableEntity); result = currentTable.Execute(operation, null, null); DynamicTableEntity retrievedDynamicEntity = result.Result as DynamicTableEntity; Assert.IsNotNull(retrievedEntity); Assert.AreEqual(ent.PartitionKey, retrievedDynamicEntity.PartitionKey); Assert.AreEqual(ent.RowKey, retrievedDynamicEntity.RowKey); if (format == TablePayloadFormat.JsonNoMetadata) { Assert.AreEqual(EdmType.String, retrievedDynamicEntity.Properties["foo"].PropertyType); Assert.AreEqual(EdmType.String, retrievedDynamicEntity.Properties["A"].PropertyType); Assert.AreEqual(EdmType.String, retrievedDynamicEntity.Properties["B"].PropertyType); } else { Assert.AreEqual(EdmType.Binary, retrievedDynamicEntity.Properties["foo"].PropertyType); Assert.AreEqual(EdmType.Binary, retrievedDynamicEntity.Properties["A"].PropertyType); Assert.AreEqual(EdmType.Binary, retrievedDynamicEntity.Properties["B"].PropertyType); } // Retrieve entity and decrypt. TableRequestOptions retrieveOptions = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(null, resolver) }; operation = TableOperation.Retrieve<EncryptedBaseEntity>(ent.PartitionKey, ent.RowKey); Assert.IsFalse(operation.IsTableEntity); result = currentTable.Execute(operation, retrieveOptions, null); retrievedEntity = result.Result as EncryptedBaseEntity; Assert.IsNotNull(retrievedEntity); Assert.AreEqual(ent.PartitionKey, retrievedEntity.PartitionKey); Assert.AreEqual(ent.RowKey, retrievedEntity.RowKey); retrievedEntity.Validate(); }
public void TableQueryEncryptionMixedMode() { // Insert Entity EncryptedBaseEntity ent1 = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() }; ent1.Populate(); EncryptedBaseEntity ent2 = new EncryptedBaseEntity() { PartitionKey = Guid.NewGuid().ToString(), RowKey = DateTime.Now.Ticks.ToString() }; ent2.Populate(); // Create the Key to be used for wrapping. SymmetricKey aesKey = new SymmetricKey("symencryptionkey"); TableRequestOptions options = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(aesKey, null) }; // Insert an encrypted entity. currentTable.Execute(TableOperation.Insert(ent1), options, null); // Insert a non-encrypted entity. currentTable.Execute(TableOperation.Insert(ent2), null, null); // Create the resolver to be used for unwrapping. DictionaryKeyResolver resolver = new DictionaryKeyResolver(); resolver.Add(aesKey); options = new TableRequestOptions() { EncryptionPolicy = new TableEncryptionPolicy(null, resolver) }; // Set RequireEncryption to false and query. This will succeed. options.RequireEncryption = false; TableQuery<EncryptedBaseEntity> query = new TableQuery<EncryptedBaseEntity>(); currentTable.ExecuteQuery(query, options).ToList(); // Set RequireEncryption to true and query. This will fail because it can't find the metadata for the second enctity on the server. options.RequireEncryption = true; TestHelper.ExpectedException<StorageException>( () => currentTable.ExecuteQuery(query, options).ToList(), "All entities retrieved should be encrypted when RequireEncryption is set to true."); }