public void Should_throw_for_no_key_in_config() { var config = new EncryptionServiceConfig(); var exception = Assert.Throws <Exception>(() => ConfigureAesEncryptionService.ConvertConfigToAesService(config)); Assert.AreEqual("The EncryptionServiceConfig has an empty 'Key' property.", exception.Message); }
internal static void ValidateConfigSection(EncryptionServiceConfig section) { if (section == null) { throw new Exception("No EncryptionServiceConfig defined. Specify a valid 'EncryptionServiceConfig' in the application's configuration file."); } if (section.ExpiredKeys == null) { throw new Exception("EncryptionServiceConfig.ExpiredKeys is null."); } if (string.IsNullOrWhiteSpace(section.Key)) { throw new Exception("The EncryptionServiceConfig has an empty 'Key' property."); } if (EncryptionServiceConfigValidations.ExpiredKeysHaveWhiteSpace(section)) { throw new Exception("The EncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no 'Key' property set."); } if (EncryptionServiceConfigValidations.OneOrMoreExpiredKeysHaveNoKeyIdentifier(section)) { Log.Warn("The EncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no 'KeyIdentifier' property value. Verify if this is intentional."); } if (EncryptionServiceConfigValidations.EncryptionKeyListedInExpiredKeys(section)) { throw new Exception("The EncryptionServiceConfig has a 'Key' that is also defined inside the 'ExpiredKeys'."); } if (EncryptionServiceConfigValidations.ExpiredKeysHaveDuplicateKeys(section)) { throw new Exception("The EncryptionServiceConfig has overlapping ExpiredKeys defined. Ensure that no keys overlap in the 'ExpiredKeys' property."); } if (EncryptionServiceConfigValidations.ConfigurationHasDuplicateKeyIdentifiers(section)) { throw new Exception("The EncryptionServiceConfig has duplicate KeyIdentifiers defined with the same key identifier. Key identifiers must be unique in the complete configuration section."); } }
public static bool ExpiredKeysHaveWhiteSpace(EncryptionServiceConfig section) { return(section .ExpiredKeys .Cast <ExpiredKey>() .Any(x => string.IsNullOrWhiteSpace(x.Key))); }
public void Should_correctly_convert_base64_key() { byte[] key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; var base64 = Convert.ToBase64String(key); var section = new EncryptionServiceConfig() { Key = base64, KeyFormat = KeyFormat.Base64, KeyIdentifier = "1", ExpiredKeys = { new ExpiredKey { KeyIdentifier = "2", Key = base64, KeyFormat = KeyFormat.Base64 } } }; var keys = ConfigureAesEncryptionService.ExtractKeysFromConfigSection(section); Assert.AreEqual(key, keys["1"], "Key in configuration root incorrectly converted"); Assert.AreEqual(key, keys["2"], "Key in expired keys incorrectly converted"); }
public static bool EncryptionKeyListedInExpiredKeys(EncryptionServiceConfig section) { return(section .ExpiredKeys .Cast <ExpiredKey>() .Any(x => x.Key == section.Key)); }
public static bool OneOrMoreExpiredKeysHaveNoKeyIdentifier(EncryptionServiceConfig section) { return(section .ExpiredKeys .Cast <ExpiredKey>() .Any(x => string.IsNullOrEmpty(x.KeyIdentifier))); }
public void Should_correctly_convert_ascii_key_when_no_value() { const string asciiKey = "0123456789123456"; var key = Encoding.ASCII.GetBytes("0123456789123456"); var section = new EncryptionServiceConfig { Key = asciiKey, KeyIdentifier = "1", ExpiredKeys = { new ExpiredKey { KeyIdentifier = "2", Key = asciiKey } } }; var keys = ConfigureAesEncryptionService.ExtractKeysFromConfigSection(section); Assert.AreEqual(key, keys["1"], "Key in configuration root incorrectly converted"); Assert.AreEqual(key, keys["2"], "Key in expired keys incorrectly converted"); }
public void Should_correctly_parse_key_identifiers_containing_multiple_keys() { var section = new EncryptionServiceConfig { KeyIdentifier = "1", ExpiredKeys = { new ExpiredKey { KeyIdentifier = "2", Key = "Key" } } }; var keys = ConfigureAesEncryptionService.ExtractKeysFromConfigSection(section); ICollection <string> expected = new[] { "1", "2" }; Assert.AreEqual(expected, keys.Keys); }
public static bool ExpiredKeysHaveDuplicateKeys(EncryptionServiceConfig section) { var items = section .ExpiredKeys .Cast <ExpiredKey>() .ToList(); return(items.Count != items.Select(x => x.Key).Distinct().Count()); }
internal static List <byte[]> ExtractDecryptionKeysFromConfigSection(EncryptionServiceConfig section) { var o = new List <byte[]>(); o.Add(ParseKey(section.Key, section.KeyFormat)); o.AddRange(section.ExpiredKeys .Cast <ExpiredKey>() .Select(x => ParseKey(x.Key, x.KeyFormat))); return(o); }
internal static IEncryptionService ConvertConfigToAesService(EncryptionServiceConfig section) { ValidateConfigSection(section); var keys = ExtractKeysFromConfigSection(section); var decryptionKeys = ExtractDecryptionKeysFromConfigSection(section); return(BuildAesEncryptionService( section.KeyIdentifier, keys, decryptionKeys )); }
internal static Dictionary <string, byte[]> ExtractKeysFromConfigSection(EncryptionServiceConfig section) { var result = new Dictionary <string, byte[]>(); AddKeyIdentifierItems(section, result); foreach (ExpiredKey item in section.ExpiredKeys) { AddKeyIdentifierItems(item, result); } return(result); }
public void Should_be_true_when_key_identifier_not_in_expired_keys() { var section = new EncryptionServiceConfig { ExpiredKeys = { new ExpiredKey { Key = "Key" } } }; Assert.IsTrue(EncryptionServiceConfigValidations.OneOrMoreExpiredKeysHaveNoKeyIdentifier(section)); }
public void Should_be_true_when_key_has_whitespace() { var section = new EncryptionServiceConfig { ExpiredKeys = { new ExpiredKey { Key = " " } } }; Assert.IsTrue(EncryptionServiceConfigValidations.ExpiredKeysHaveWhiteSpace(section)); }
public void Should_be_true_when_encryption_key_in_expirede_keys() { var section = new EncryptionServiceConfig { Key = "Key", ExpiredKeys = new ExpiredKeyCollection { new ExpiredKey { Key = "Key" }, } }; Assert.IsTrue(EncryptionServiceConfigValidations.EncryptionKeyListedInExpiredKeys(section)); }
public void Should_be_false_when_encryption_key_not_in_expired_keys() { var section = new EncryptionServiceConfig() { Key = "Key", ExpiredKeys = new ExpiredKeyCollection { new ExpiredKey { Key = "AnotherKey" }, } }; Assert.IsFalse(EncryptionServiceConfigValidations.EncryptionKeyListedInExpiredKeys(section)); }
public static bool ConfigurationHasDuplicateKeyIdentifiers(EncryptionServiceConfig section) { // Combine all key identifier values, filter the empty ones, split them return(section .ExpiredKeys .Cast <ExpiredKey>() .Select(x => x.KeyIdentifier) .Union(new[] { section.KeyIdentifier }) .Where(x => !string.IsNullOrEmpty(x)) .Select(x => x.Split(';')) .SelectMany(x => x) .GroupBy(x => x) .Any(x => x.Count() > 1)); }
public void Should_be_true_when_duplicate_key_identifier_in_concat_expired_keys() { var section = new EncryptionServiceConfig { KeyIdentifier = "2", ExpiredKeys = { new ExpiredKey { Key = "A", KeyIdentifier = "1;4" }, new ExpiredKey { Key = "B", KeyIdentifier = "3;4" } } }; Assert.IsTrue(EncryptionServiceConfigValidations.ConfigurationHasDuplicateKeyIdentifiers(section)); }
public void Should_have_correct_number_of_extracted_keys_without_key_identifier() { var section = new EncryptionServiceConfig { Key = "a", ExpiredKeys = { new ExpiredKey { Key = "b" } } }; var result = ConfigureAesEncryptionService.ExtractDecryptionKeysFromConfigSection(section); Assert.AreEqual(2, result.Count, "Key count"); }
public void Should_throw_when_expired_keys_has_duplicate_keys() { var section = new EncryptionServiceConfig { ExpiredKeys = { new ExpiredKey { Key = "Key" }, } }; Assert.Throws <ConfigurationErrorsException>(() => { section.ExpiredKeys.Add(new ExpiredKey { Key = "Key", KeyIdentifier = "ID" }); }, "The entry 'Key' has already been added."); }