public void GivenUsername_WhenCreatingContainer_ThenSetsAccessControlToReadOnlyForUser()
        {
            var container = $"{Guid.NewGuid()}";

            var rsaEncryption = RSAEncryption.CreateSecureContainer(container, User);

            var rsaCryptoServiceProvider = new RSACryptoServiceProvider(new CspParameters()
            {
                KeyContainerName = container
            });

            rsaEncryption.ExportKey(false);

            var path = Path.Combine(WellKnownPaths.RSA_MACHINEKEYS, rsaCryptoServiceProvider.CspKeyContainerInfo.UniqueKeyContainerName);

            FileSecurity fSecurity = new FileSecurity(path, AccessControlSections.Access);

            var accessRule = fSecurity.GetAccessRules(true, true, typeof(NTAccount))
                             .Cast <FileSystemAccessRule>()
                             .SingleOrDefault();

            var rights = accessRule.FileSystemRights
                         .ToString()
                         .Split(',')
                         .Select(x => (FileSystemRights)Enum.Parse(typeof(FileSystemRights), x, true));

            Assert.NotNull(rights);
            Assert.That(rights.Count(), Is.EqualTo(1));
            Assert.That(rights.Any(systemRights => systemRights == FileSystemRights.FullControl));
        }
        public WhenEncryptingData()
        {
            _files = Directory.EnumerateFiles(WellKnownPaths.RSA_MACHINEKEYS)
                     .ToArray();

            var currentUser = WindowsIdentity.GetCurrent()
                              .Name;

            var signatureContainer  = "signature";
            var encryptionContainer = "encryption";

            var encryptionKey = RSAEncryption.CreateSecureContainer(encryptionContainer, currentUser);

            var encryptionPublicKey = encryptionKey.ExportKey(false);

            _hybridEncryption = HybridEncryption.Create(encryptionPublicKey, signatureContainer);
        }
        public void GivenUsername_WhenCreatingContainer_ThenOnlyProvidedUserNameHasAccess()
        {
            var container = $"{Guid.NewGuid()}";

            var rsaEncryption = RSAEncryption.CreateSecureContainer(container, User);

            rsaEncryption.ExportKey(false);

            var cspContainer = LoadCspKeyContainerInfo(container);

            var rule = cspContainer.CryptoKeySecurity.GetAccessRules(true, true, typeof(NTAccount))
                       .Cast <AuthorizationRule>()
                       .SingleOrDefault();

            Assert.That(rule, Is.Not.Null);

            Assert.That(rule.IdentityReference.Value, Is.EqualTo(User));
        }
        public void GivenContainerAlreadyExistsForCurrentUser_WhenCreatingContainerWithSameName_ThenLoadsContainer()
        {
            RSAEncryption.CreateSecureContainer("Container", User);

            Assert.DoesNotThrow(() => RSAEncryption.CreateContainer("Container"));
        }
        public void GivenContainerAlreadyExistsForAnotherUser_WhenLoadingContainerWithSameName_ThenThrowsCryptographicException()
        {
            RSAEncryption.CreateSecureContainer("Container", "SYSTEM");

            Assert.Throws <CryptographicException>(() => RSAEncryption.LoadContainer("Container"));
        }