public void Should_encrypt_and_decrypt_for_expired_key()
        {
            var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
            var encryptionIV   = Encoding.ASCII.GetBytes("GaoKtfQo87igiaks");
            var service1       = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new[]
            {
                encryptionKey1
            })
            {
                EncryptionIV = encryptionIV
            };
            var encryptedValue = service1.Encrypt("string to encrypt", null);

            Assert.AreNotEqual("string to encrypt", encryptedValue.EncryptedBase64Value);

            var encryptionKey2 = Encoding.ASCII.GetBytes("vznkynwuvateefgduvsqjsufqfrrfcya");
            var service2       = new TestableAesEncryptionService("encryptionKey2", encryptionKey2, new List <byte[]>
            {
                encryptionKey2,
                encryptionKey1
            });

            var decryptedValue = service2.Decrypt(encryptedValue, null);

            Assert.AreEqual("string to encrypt", decryptedValue);
        }
        public void Should_throw_when_decrypt_with_wrong_key()
        {
            var usedKey        = Encoding.ASCII.GetBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
            var service1       = new TestableAesEncryptionService("should-be-ignored-in-next-arrange", usedKey, new List <byte[]>());
            var encryptedValue = service1.Encrypt("string to encrypt", null);

            Assert.AreNotEqual("string to encrypt", encryptedValue.EncryptedBase64Value);

            var unusedExpiredKeys = new List <byte[]>
            {
                Encoding.ASCII.GetBytes("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"),
                Encoding.ASCII.GetBytes("cccccccccccccccccccccccccccccccc")
            };

            var service2 = new TestableAesEncryptionService("should-be-ignored", usedKey, unusedExpiredKeys);

            var exception = Assert.Throws <AggregateException>(() => service2.Decrypt(encryptedValue, null));

            Assert.AreEqual("Could not decrypt message. Tried 2 keys.", exception.Message);
            Assert.AreEqual(2, exception.InnerExceptions.Count);
            foreach (var inner in exception.InnerExceptions)
            {
                Assert.IsInstanceOf <CryptographicException>(inner);
            }
        }
        public void Encrypt_must_set_header()
        {
            var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
            var service1       = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new List <byte[]>());

            Assert.AreEqual(false, service1.OutgoingKeyIdentifierSet);
            service1.Encrypt("string to encrypt", null);
            Assert.AreEqual(true, service1.OutgoingKeyIdentifierSet);
        }
        public void Should_encrypt_and_decrypt()
        {
            var encryptionKey = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
            var service       = new TestableAesEncryptionService("encryptionKey", encryptionKey, new[]
            {
                encryptionKey
            });
            var encryptedValue = service.Encrypt("string to encrypt", null);

            Assert.AreNotEqual("string to encrypt", encryptedValue.EncryptedBase64Value);
            var decryptedValue = service.Decrypt(encryptedValue, null);

            Assert.AreEqual("string to encrypt", decryptedValue);
        }
        public void Should_throw_informative_exception_when_decryption_fails_with_key_identifier()
        {
            var keyIdentifier = "encryptionKey1";

            var key1           = Encoding.ASCII.GetBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
            var service1       = new TestableAesEncryptionService(keyIdentifier, key1, new List <byte[]>());
            var encryptedValue = service1.Encrypt("string to encrypt", null);

            var key2     = Encoding.ASCII.GetBytes("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
            var service2 = new TestableAesEncryptionService(keyIdentifier, key2, new List <byte[]>())
            {
                IncomingKeyIdentifier = "encryptionKey1"
            };

            Assert.Catch <InvalidOperationException>(() => { service2.Decrypt(encryptedValue, null); }, "Unable to decrypt property using configured decryption key specified in key identifier header.");
        }
        public void Decrypt_using_missing_key_identifier_must_throw()
        {
            var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
            var service1       = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new List <byte[]>());
            var encryptedValue = service1.Encrypt("string to encrypt", null);

            var encryptionKey2 = Encoding.ASCII.GetBytes("vznkynwuvateefgduvsqjsufqfrrfcya");
            var expiredKeys    = new List <byte[]>
            {
                Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6")
            };
            var service2 = new TestableAesEncryptionService("encryptionKey1", encryptionKey2, expiredKeys)
            {
                IncomingKeyIdentifier = "missingKey"
            };

            Assert.Catch <InvalidOperationException>(() => { service2.Decrypt(encryptedValue, null); }, "Decryption key not available for key identifier 'missingKey'. Add this key to the rijndael encryption service configuration. Key identifiers are case sensitive.");
        }
        public void Decrypt_using_key_identifier()
        {
            var encryptionKey1 = Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6");
            var service1       = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, new List <byte[]>());
            var encryptedValue = service1.Encrypt("string to encrypt", null);

            var expiredKeys = new List <byte[]>
            {
                Encoding.ASCII.GetBytes("gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6")
            };
            var service2 = new TestableAesEncryptionService("encryptionKey1", encryptionKey1, expiredKeys)
            {
                IncomingKeyIdentifier = "encryptionKey1"
            };

            var decryptedValue = service2.Decrypt(encryptedValue, null);

            Assert.AreEqual("string to encrypt", decryptedValue);
        }