public void ExpectDecryptToSucceed()
{
var myEncryptedString = "encrypted";
var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString));
var myEncryptedXml = new XElement(ElementName, new XElement("value", myBase64EncryptedData));
var myOutputXml = new XElement(ElementName, "output");
using (var decryptedResponseStream = new MemoryStream())
{
myOutputXml.Save(decryptedResponseStream);
decryptedResponseStream.Seek(0, SeekOrigin.Begin);
var decryptResponse = new DecryptResponse
{
KeyId = KeyId,
Plaintext = decryptedResponseStream
};
encryptConfig.Setup(x => x.EncryptionContext).Returns(encryptionContext);
encryptConfig.Setup(x => x.GrantTokens).Returns(grantTokens);
kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None))
.ReturnsAsync(decryptResponse)
.Callback <DecryptRequest, CancellationToken>((dr, ct) =>
{
Assert.Same(encryptionContext, dr.EncryptionContext);
Assert.Same(grantTokens, dr.GrantTokens);
Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray()));
});
var plaintextXml = decryptor.Decrypt(myEncryptedXml);
Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml));
}
}
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId)
{
var myEncryptedString = "encrypted";
var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString));
var myEncryptedXml = new XElement(ElementName, new XElement("value", myBase64EncryptedData));
var myOutputXml = new XElement(ElementName, "output");
using (var decryptedResponseStream = new MemoryStream())
{
myOutputXml.Save(decryptedResponseStream);
decryptedResponseStream.Seek(0, SeekOrigin.Begin);
var decryptResponse = new DecryptResponse
{
KeyId = KeyId,
Plaintext = decryptedResponseStream
};
var actualConfig = new KmsXmlEncryptorConfig
{
EncryptionContext = encryptionContext,
GrantTokens = grantTokens,
KeyId = KeyId,
DiscriminatorAsContext = useAppId,
HashDiscriminatorContext = hashAppId
};
var actualOptions = new DataProtectionOptions
{
ApplicationDiscriminator = appId
};
encryptConfig.Setup(x => x.Value).Returns(actualConfig);
dpOptions.Setup(x => x.Value).Returns(actualOptions);
kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None))
.ReturnsAsync(decryptResponse)
.Callback <DecryptRequest, CancellationToken>((dr, ct) =>
{
if (appId != null && useAppId)
{
Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, dr.EncryptionContext.Keys);
Assert.Equal(expectedAppId, dr.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]);
}
else
{
Assert.Same(encryptionContext, dr.EncryptionContext);
}
Assert.Same(grantTokens, dr.GrantTokens);
Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray()));
});
var plaintextXml = decryptor.Decrypt(myEncryptedXml);
Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml));
}
}
public void Roundtrip(int dataSize)
{
var key = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString());
var client = new FakeKmsClient();
var encryptor = new KmsXmlEncryptor(client, key);
var decryptor = new KmsXmlDecryptor(client);
var plain = new XElement("Original", new string ('x', dataSize));
var encrypted = encryptor.Encrypt(plain);
Assert.DoesNotContain("Plaintext value", encrypted.EncryptedElement.ToString());
var decrypted = decryptor.Decrypt(encrypted.EncryptedElement);
Assert.Equal(plain.ToString(), decrypted.ToString());
}
