Exemplo n.º 1
0
        public void ExpectDecryptToSucceed()
        {
            var myEncryptedString     = "encrypted";
            var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString));
            var myEncryptedXml        = new XElement(ElementName, new XElement("value", myBase64EncryptedData));
            var myOutputXml           = new XElement(ElementName, "output");

            using (var decryptedResponseStream = new MemoryStream())
            {
                myOutputXml.Save(decryptedResponseStream);
                decryptedResponseStream.Seek(0, SeekOrigin.Begin);

                var decryptResponse = new DecryptResponse
                {
                    KeyId     = KeyId,
                    Plaintext = decryptedResponseStream
                };

                encryptConfig.Setup(x => x.EncryptionContext).Returns(encryptionContext);
                encryptConfig.Setup(x => x.GrantTokens).Returns(grantTokens);

                kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None))
                .ReturnsAsync(decryptResponse)
                .Callback <DecryptRequest, CancellationToken>((dr, ct) =>
                {
                    Assert.Same(encryptionContext, dr.EncryptionContext);
                    Assert.Same(grantTokens, dr.GrantTokens);

                    Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray()));
                });

                var plaintextXml = decryptor.Decrypt(myEncryptedXml);
                Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml));
            }
        }
        public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId)
        {
            var myEncryptedString     = "encrypted";
            var myBase64EncryptedData = Convert.ToBase64String(Encoding.UTF8.GetBytes(myEncryptedString));
            var myEncryptedXml        = new XElement(ElementName, new XElement("value", myBase64EncryptedData));
            var myOutputXml           = new XElement(ElementName, "output");

            using (var decryptedResponseStream = new MemoryStream())
            {
                myOutputXml.Save(decryptedResponseStream);
                decryptedResponseStream.Seek(0, SeekOrigin.Begin);

                var decryptResponse = new DecryptResponse
                {
                    KeyId     = KeyId,
                    Plaintext = decryptedResponseStream
                };

                var actualConfig = new KmsXmlEncryptorConfig
                {
                    EncryptionContext        = encryptionContext,
                    GrantTokens              = grantTokens,
                    KeyId                    = KeyId,
                    DiscriminatorAsContext   = useAppId,
                    HashDiscriminatorContext = hashAppId
                };

                var actualOptions = new DataProtectionOptions
                {
                    ApplicationDiscriminator = appId
                };

                encryptConfig.Setup(x => x.Value).Returns(actualConfig);
                dpOptions.Setup(x => x.Value).Returns(actualOptions);

                kmsClient.Setup(x => x.DecryptAsync(It.IsAny <DecryptRequest>(), CancellationToken.None))
                .ReturnsAsync(decryptResponse)
                .Callback <DecryptRequest, CancellationToken>((dr, ct) =>
                {
                    if (appId != null && useAppId)
                    {
                        Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, dr.EncryptionContext.Keys);
                        Assert.Equal(expectedAppId, dr.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]);
                    }
                    else
                    {
                        Assert.Same(encryptionContext, dr.EncryptionContext);
                    }
                    Assert.Same(grantTokens, dr.GrantTokens);

                    Assert.Equal(myEncryptedString, Encoding.UTF8.GetString(dr.CiphertextBlob.ToArray()));
                });

                var plaintextXml = decryptor.Decrypt(myEncryptedXml);
                Assert.True(XNode.DeepEquals(myOutputXml, plaintextXml));
            }
        }
        public void Roundtrip(int dataSize)
        {
            var key       = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString());
            var client    = new FakeKmsClient();
            var encryptor = new KmsXmlEncryptor(client, key);
            var decryptor = new KmsXmlDecryptor(client);
            var plain     = new XElement("Original", new string ('x', dataSize));
            var encrypted = encryptor.Encrypt(plain);

            Assert.DoesNotContain("Plaintext value", encrypted.EncryptedElement.ToString());
            var decrypted = decryptor.Decrypt(encrypted.EncryptedElement);

            Assert.Equal(plain.ToString(), decrypted.ToString());
        }