public void ExpectDecryptToSucceed() { var myEncryptedString = "encrypted"; var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString)); var myEncryptedXml = new XElement(ElementName, new XElement("value", myBase64EncryptedData)); var myOutputXml = new XElement(ElementName, "output"); using (var decryptedResponseStream = new MemoryStream()) { myOutputXml.Save(decryptedResponseStream); decryptedResponseStream.Seek(0, SeekOrigin.Begin); var decryptResponse = new DecryptResponse { KeyId = KeyId, Plaintext = decryptedResponseStream }; encryptConfig.Setup(x => x.EncryptionContext).Returns(encryptionContext); encryptConfig.Setup(x => x.GrantTokens).Returns(grantTokens); kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None)) .ReturnsAsync(decryptResponse) .Callback <DecryptRequest, CancellationToken>((dr, ct) => { Assert.Same(encryptionContext, dr.EncryptionContext); Assert.Same(grantTokens, dr.GrantTokens); Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray())); }); var plaintextXml = decryptor.Decrypt(myEncryptedXml); Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml)); } }
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId) { var myEncryptedString = "encrypted"; var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString)); var myEncryptedXml = new XElement(ElementName, new XElement("value", myBase64EncryptedData)); var myOutputXml = new XElement(ElementName, "output"); using (var decryptedResponseStream = new MemoryStream()) { myOutputXml.Save(decryptedResponseStream); decryptedResponseStream.Seek(0, SeekOrigin.Begin); var decryptResponse = new DecryptResponse { KeyId = KeyId, Plaintext = decryptedResponseStream }; var actualConfig = new KmsXmlEncryptorConfig { EncryptionContext = encryptionContext, GrantTokens = grantTokens, KeyId = KeyId, DiscriminatorAsContext = useAppId, HashDiscriminatorContext = hashAppId }; var actualOptions = new DataProtectionOptions { ApplicationDiscriminator = appId }; encryptConfig.Setup(x => x.Value).Returns(actualConfig); dpOptions.Setup(x => x.Value).Returns(actualOptions); kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None)) .ReturnsAsync(decryptResponse) .Callback <DecryptRequest, CancellationToken>((dr, ct) => { if (appId != null && useAppId) { Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, dr.EncryptionContext.Keys); Assert.Equal(expectedAppId, dr.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]); } else { Assert.Same(encryptionContext, dr.EncryptionContext); } Assert.Same(grantTokens, dr.GrantTokens); Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray())); }); var plaintextXml = decryptor.Decrypt(myEncryptedXml); Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml)); } }
public void Roundtrip(int dataSize) { var key = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString()); var client = new FakeKmsClient(); var encryptor = new KmsXmlEncryptor(client, key); var decryptor = new KmsXmlDecryptor(client); var plain = new XElement("Original", new string ('x', dataSize)); var encrypted = encryptor.Encrypt(plain); Assert.DoesNotContain("Plaintext value", encrypted.EncryptedElement.ToString()); var decrypted = decryptor.Decrypt(encrypted.EncryptedElement); Assert.Equal(plain.ToString(), decrypted.ToString()); }