public void Roundtrip(int dataSize)
{
var key = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString());
var client = new FakeKmsClient();
var encryptor = new KmsXmlEncryptor(client, key);
var decryptor = new KmsXmlDecryptor(client);
var plain = new XElement("Original", new string ('x', dataSize));
var encrypted = encryptor.Encrypt(plain);
Assert.DoesNotContain("Plaintext value", encrypted.EncryptedElement.ToString());
var decrypted = decryptor.Decrypt(encrypted.EncryptedElement);
Assert.Equal(plain.ToString(), decrypted.ToString());
}
public void EncryptFormat()
{
var key = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString());
var encryptor = new KmsXmlEncryptor(new FakeKmsClient(), key);
var plain = new XElement("Original", "Plaintext value");
var encrypted = encryptor.Encrypt(plain);
Assert.Equal(typeof(KmsXmlDecryptor), encrypted.DecryptorType);
var element = encrypted.EncryptedElement;
Assert.Equal(KmsXmlConstants.EncryptedElement, element.Name);
Assert.Equal(key.ToString(), element.Attribute(KmsXmlConstants.KmsKeyNameAttribute).Value);
// Validate that the key data contains valid base64 data
Convert.FromBase64String(element.Attribute(KmsXmlConstants.LocalKeyDataAttribute).Value);
// Validate that the payload contains valid base64 data.
Convert.FromBase64String(element.Element(KmsXmlConstants.PayloadElement).Value);
}
public void ExpectEncryptToSucceed()
{
var myInputXml = new XElement(ElementName, "input");
byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted");
var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData);
using (var encryptedResponseStream = new MemoryStream())
{
encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length);
encryptedResponseStream.Seek(0, SeekOrigin.Begin);
var encryptResponse = new EncryptResponse
{
KeyId = KeyId,
CiphertextBlob = encryptedResponseStream
};
encryptConfig.Setup(x => x.EncryptionContext).Returns(encryptionContext);
encryptConfig.Setup(x => x.GrantTokens).Returns(grantTokens);
encryptConfig.Setup(x => x.KeyId).Returns(KeyId);
kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None))
.ReturnsAsync(encryptResponse)
.Callback <EncryptRequest, CancellationToken>((er, ct) =>
{
Assert.Same(encryptionContext, er.EncryptionContext);
Assert.Same(grantTokens, er.GrantTokens);
var body = XElement.Load(er.Plaintext);
Assert.True(XNode.DeepEquals(myInputXml, body));
});
var encryptedXml = encryptor.Encrypt(myInputXml);
Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType);
var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value");
Assert.Equal(myBase64EncryptedData, encryptedBlob);
}
}
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId)
{
var myInputXml = new XElement(ElementName, "input");
byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted");
var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData);
using (var encryptedResponseStream = new MemoryStream())
{
encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length);
encryptedResponseStream.Seek(0, SeekOrigin.Begin);
var encryptResponse = new EncryptResponse
{
KeyId = KeyId,
CiphertextBlob = encryptedResponseStream
};
var actualConfig = new KmsXmlEncryptorConfig
{
EncryptionContext = encryptionContext,
GrantTokens = grantTokens,
KeyId = KeyId,
DiscriminatorAsContext = useAppId,
HashDiscriminatorContext = hashAppId
};
var actualOptions = new DataProtectionOptions
{
ApplicationDiscriminator = appId
};
encryptConfig.Setup(x => x.Value).Returns(actualConfig);
dpOptions.Setup(x => x.Value).Returns(actualOptions);
kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None))
.ReturnsAsync(encryptResponse)
.Callback <EncryptRequest, CancellationToken>((er, ct) =>
{
if (appId != null && useAppId)
{
Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, er.EncryptionContext.Keys);
Assert.Equal(expectedAppId, er.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]);
}
else
{
Assert.Same(encryptionContext, er.EncryptionContext);
}
Assert.Same(grantTokens, er.GrantTokens);
var body = XElement.Load(er.Plaintext);
Assert.True(XNode.DeepEquals(myInputXml, body));
});
var encryptedXml = encryptor.Encrypt(myInputXml);
Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType);
var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value");
Assert.Equal(myBase64EncryptedData, encryptedBlob);
}
}