public void DifferentProvider_SamePurpose_DoesNotRoundTripData() { // Arrange var dataProtector1 = new EphemeralDataProtectionProvider().CreateProtector("purpose"); var dataProtector2 = new EphemeralDataProtectionProvider().CreateProtector("purpose"); byte[] bytes = Encoding.UTF8.GetBytes("Hello there!"); // Act & assert // Each instance of the EphemeralDataProtectionProvider has its own unique KDK, so payloads can't be shared. byte[] protectedBytes = dataProtector1.Protect(bytes); Assert.ThrowsAny<CryptographicException>(() => { byte[] unprotectedBytes = dataProtector2.Unprotect(protectedBytes); }); }
public void DifferentProvider_SamePurpose_DoesNotRoundTripData() { // Arrange var dataProtector1 = new EphemeralDataProtectionProvider().CreateProtector("purpose"); var dataProtector2 = new EphemeralDataProtectionProvider().CreateProtector("purpose"); byte[] bytes = Encoding.UTF8.GetBytes("Hello there!"); // Act & assert // Each instance of the EphemeralDataProtectionProvider has its own unique KDK, so payloads can't be shared. byte[] protectedBytes = dataProtector1.Protect(bytes); Assert.ThrowsAny <CryptographicException>(() => { byte[] unprotectedBytes = dataProtector2.Unprotect(protectedBytes); }); }
public void RoundTrip_ProtectedData() { // Arrange var ephemeralProtector = new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("my purpose"); var timeLimitedProtector = new TimeLimitedDataProtector(ephemeralProtector); var expectedExpiration = StringToDateTime("2020-01-01 00:00:00Z"); // Act byte[] ephemeralProtectedPayload = ephemeralProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04 }); byte[] timeLimitedProtectedPayload = timeLimitedProtector.Protect(new byte[] { 0x11, 0x22, 0x33, 0x44 }, expectedExpiration); // Assert Assert.Equal( new byte[] { 0x11, 0x22, 0x33, 0x44 }, timeLimitedProtector.UnprotectCore(timeLimitedProtectedPayload, StringToDateTime("2010-01-01 00:00:00Z"), out var actualExpiration)); Assert.Equal(expectedExpiration, actualExpiration); // the two providers shouldn't be able to talk to one another (due to the purpose chaining) Assert.Throws <CryptographicException>(() => ephemeralProtector.Unprotect(timeLimitedProtectedPayload)); Assert.Throws <CryptographicException>(() => timeLimitedProtector.Unprotect(ephemeralProtectedPayload, out actualExpiration)); }
public void RoundTrip_ProtectedData() { // Arrange var ephemeralProtector = new EphemeralDataProtectionProvider().CreateProtector("my purpose"); var timeLimitedProtector = new TimeLimitedDataProtector(ephemeralProtector); var expectedExpiration = StringToDateTime("2020-01-01 00:00:00Z"); // Act byte[] ephemeralProtectedPayload = ephemeralProtector.Protect(new byte[] { 0x01, 0x02, 0x03, 0x04 }); byte[] timeLimitedProtectedPayload = timeLimitedProtector.Protect(new byte[] { 0x11, 0x22, 0x33, 0x44 }, expectedExpiration); // Assert DateTimeOffset actualExpiration; Assert.Equal(new byte[] { 0x11, 0x22, 0x33, 0x44 }, timeLimitedProtector.UnprotectCore(timeLimitedProtectedPayload, StringToDateTime("2010-01-01 00:00:00Z"), out actualExpiration)); Assert.Equal(expectedExpiration, actualExpiration); // the two providers shouldn't be able to talk to one another (due to the purpose chaining) Assert.Throws<CryptographicException>(() => ephemeralProtector.Unprotect(timeLimitedProtectedPayload)); Assert.Throws<CryptographicException>(() => timeLimitedProtector.Unprotect(ephemeralProtectedPayload, out actualExpiration)); }