internal static List <string> ExtractExpiredKeysFromConfigSection(RijndaelEncryptionServiceConfig section)
{
if (section.ExpiredKeys == null)
{
return(new List <string>());
}
var encryptionKeys = section.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.Select(x => x.Key)
.ToList();
if (encryptionKeys.Any(string.IsNullOrWhiteSpace))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no data.");
}
if (encryptionKeys.Any(x => x == section.Key))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'Key' that is also defined inside the 'ExpiredKeys'.");
}
if (encryptionKeys.Count != encryptionKeys.Distinct().Count())
{
throw new Exception("The RijndaelEncryptionServiceConfig has overlapping ExpiredKeys defined. Please ensure that no keys overlap in the 'ExpiredKeys' property.");
}
return(encryptionKeys);
}
public void Should_correctly_convert_ascii_key_when_no_value()
{
const string asciiKey = "0123456789123456";
var key = Encoding.ASCII.GetBytes("0123456789123456");
var section = new RijndaelEncryptionServiceConfig
{
Key = asciiKey,
KeyIdentifier = "1",
ExpiredKeys =
{
new RijndaelExpiredKey
{
KeyIdentifier = "2",
Key = asciiKey
}
}
};
var keys = ConfigureRijndaelEncryptionService.ExtractKeysFromConfigSection(section);
Assert.AreEqual(key, keys["1"], "Key in configuration root incorrectly converted");
Assert.AreEqual(key, keys["2"], "Key in expired keys incorrectly converted");
}
public static bool OneOrMoreExpiredKeysHaveNoKeyIdentifier(RijndaelEncryptionServiceConfig section)
{
return section
.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.Any(x => string.IsNullOrEmpty(x.KeyIdentifier));
}
public void Should_correctly_parse_key_identifiers_containing_multiple_keys()
{
var section = new RijndaelEncryptionServiceConfig
{
KeyIdentifier = "1",
ExpiredKeys =
{
new RijndaelExpiredKey
{
KeyIdentifier = "2",
Key = "Key"
}
}
};
var keys = ConfigureRijndaelEncryptionService.ExtractKeysFromConfigSection(section);
ICollection <string> expected = new[]
{
"1",
"2"
};
Assert.AreEqual(expected, keys.Keys);
}
internal static void ValidateConfigSection(RijndaelEncryptionServiceConfig section)
{
if (section == null)
{
throw new Exception("No RijndaelEncryptionServiceConfig defined. Specify a valid 'RijndaelEncryptionServiceConfig' in the application's configuration file.");
}
if (section.ExpiredKeys == null)
{
throw new Exception("RijndaelEncryptionServiceConfig.ExpiredKeys is null.");
}
if (string.IsNullOrWhiteSpace(section.Key))
{
throw new Exception("The RijndaelEncryptionServiceConfig has an empty 'Key' property.");
}
if (RijndaelEncryptionServiceConfigValidations.ExpiredKeysHaveWhiteSpace(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no 'Key' property set.");
}
if (RijndaelEncryptionServiceConfigValidations.OneOrMoreExpiredKeysHaveNoKeyIdentifier(section))
{
Log.Warn("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no 'KeyIdentifier' property value. Verify if this is intentional.");
}
if (RijndaelEncryptionServiceConfigValidations.EncryptionKeyListedInExpiredKeys(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'Key' that is also defined inside the 'ExpiredKeys'.");
}
if (RijndaelEncryptionServiceConfigValidations.ExpiredKeysHaveDuplicateKeys(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has overlapping ExpiredKeys defined. Ensure that no keys overlap in the 'ExpiredKeys' property.");
}
if (RijndaelEncryptionServiceConfigValidations.ConfigurationHasDuplicateKeyIdentifiers(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has duplicate KeyIdentifiers defined with the same key identifier. Key identifiers must be unique in the complete configuration section.");
}
}
public static bool OneOrMoreExpiredKeysHaveNoKeyIdentifier(RijndaelEncryptionServiceConfig section)
{
return(section
.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.Any(x => string.IsNullOrEmpty(x.KeyIdentifier)));
}
public static bool ExpiredKeysHaveWhiteSpace(RijndaelEncryptionServiceConfig section)
{
return(section
.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.Any(x => string.IsNullOrWhiteSpace(x.Key)));
}
public static bool ExpiredKeysHaveWhiteSpace(RijndaelEncryptionServiceConfig section)
{
return section
.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.Any(x => string.IsNullOrWhiteSpace(x.Key));
}
public static bool EncryptionKeyListedInExpiredKeys(RijndaelEncryptionServiceConfig section)
{
return(section
.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.Any(x => x.Key == section.Key));
}
internal static List<string> ExtractExpiredKeysFromConfigSection(RijndaelEncryptionServiceConfig section)
{
if (section.ExpiredKeys == null)
{
return new List<string>();
}
var encryptionKeys = section.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.Select(x=>x.Key)
.ToList();
if (encryptionKeys.Any(string.IsNullOrWhiteSpace))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no data.");
}
if (encryptionKeys.Any(x => x == section.Key))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'Key' that is also defined inside the 'ExpiredKeys'.");
}
if (encryptionKeys.Count != encryptionKeys.Distinct().Count())
{
throw new Exception("The RijndaelEncryptionServiceConfig has overlapping ExpiredKeys defined. Please ensure that no keys overlap in the 'ExpiredKeys' property.");
}
return encryptionKeys;
}
public static bool EncryptionKeyListedInExpiredKeys(RijndaelEncryptionServiceConfig section)
{
return section
.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.Any(x => x.Key == section.Key);
}
public void Should_throw_for_no_key_in_config()
{
var config = new RijndaelEncryptionServiceConfig();
var exception = Assert.Throws <Exception>(() => ConfigureRijndaelEncryptionService.ConvertConfigToRijndaelService(config));
Assert.AreEqual("The RijndaelEncryptionServiceConfig has an empty a 'Key' property.", exception.Message);
}
internal static void ValidateConfigSection(RijndaelEncryptionServiceConfig section)
{
if (section == null)
{
throw new Exception("No RijndaelEncryptionServiceConfig defined. Specify a valid 'RijndaelEncryptionServiceConfig' in the application's configuration file.");
}
if (section.ExpiredKeys == null)
{
throw new Exception("RijndaelEncryptionServiceConfig.ExpiredKeys is null.");
}
if (string.IsNullOrWhiteSpace(section.Key))
{
throw new Exception("The RijndaelEncryptionServiceConfig has an empty 'Key' property.");
}
if (RijndaelEncryptionServiceConfigValidations.ExpiredKeysHaveWhiteSpace(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no 'Key' property set.");
}
if (RijndaelEncryptionServiceConfigValidations.OneOrMoreExpiredKeysHaveNoKeyIdentifier(section))
{
Log.Warn("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no 'KeyIdentifier' property value. Verify if this is intentional.");
}
if (RijndaelEncryptionServiceConfigValidations.EncryptionKeyListedInExpiredKeys(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has a 'Key' that is also defined inside the 'ExpiredKeys'.");
}
if (RijndaelEncryptionServiceConfigValidations.ExpiredKeysHaveDuplicateKeys(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has overlapping ExpiredKeys defined. Ensure that no keys overlap in the 'ExpiredKeys' property.");
}
if (RijndaelEncryptionServiceConfigValidations.ConfigurationHasDuplicateKeyIdentifiers(section))
{
throw new Exception("The RijndaelEncryptionServiceConfig has duplicate KeyIdentifiers defined with the same key identifier. Key identifiers must be unique in the complete configuration section.");
}
}
public void Should_correctly_convert_base64_key()
{
byte[] key = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
var base64 = Convert.ToBase64String(key);
var section = new RijndaelEncryptionServiceConfig
{
Key = base64,
KeyFormat = KeyFormat.Base64,
KeyIdentifier = "1",
ExpiredKeys =
{
new RijndaelExpiredKey
{
KeyIdentifier = "2",
Key = base64,
KeyFormat = KeyFormat.Base64
}
}
};
var keys = ConfigureRijndaelEncryptionService.ExtractKeysFromConfigSection(section);
Assert.AreEqual(key, keys["1"], "Key in configuration root incorrectly converted");
Assert.AreEqual(key, keys["2"], "Key in expired keys incorrectly converted");
}
public static bool ExpiredKeysHaveDuplicateKeys(RijndaelEncryptionServiceConfig section)
{
var items = section
.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.ToList();
return(items.Count != items.Select(x => x.Key).Distinct().Count());
}
public static bool ExpiredKeysHaveDuplicateKeys(RijndaelEncryptionServiceConfig section)
{
var items = section
.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.ToList();
return items.Count != items.Select(x => x.Key).Distinct().Count();
}
internal static List<byte[]> ExtractDecryptionKeysFromConfigSection(RijndaelEncryptionServiceConfig section)
{
var o = new List<byte[]>();
o.Add(ParseKey(section.Key, section.KeyFormat));
o.AddRange(section.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.Select(x => ParseKey(x.Key, x.KeyFormat)));
return o;
}
internal static IEncryptionService ConvertConfigToRijndaelService(RijndaelEncryptionServiceConfig section)
{
ValidateConfigSection(section);
var keys = ExtractKeysFromConfigSection(section);
var decryptionKeys = ExtractDecryptionKeysFromConfigSection(section);
return BuildRijndaelEncryptionService(
section.KeyIdentifier,
keys,
decryptionKeys
);
}
internal static List <byte[]> ExtractDecryptionKeysFromConfigSection(RijndaelEncryptionServiceConfig section)
{
var o = new List <byte[]>();
o.Add(ParseKey(section.Key, section.KeyFormat));
o.AddRange(section.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.Select(x => ParseKey(x.Key, x.KeyFormat)));
return(o);
}
internal static IEncryptionService ConvertConfigToRijndaelService(RijndaelEncryptionServiceConfig section)
{
ValidateConfigSection(section);
var keys = ExtractKeysFromConfigSection(section);
var decryptionKeys = ExtractDecryptionKeysFromConfigSection(section);
return(BuildRijndaelEncryptionService(
section.KeyIdentifier,
keys,
decryptionKeys
));
}
internal static IEncryptionService ConvertConfigToRijndaelService(RijndaelEncryptionServiceConfig section)
{
if (section == null)
{
throw new Exception("No RijndaelEncryptionServiceConfig defined. Please specify a valid 'RijndaelEncryptionServiceConfig' in your application's configuration file.");
}
if (string.IsNullOrWhiteSpace(section.Key))
{
throw new Exception("The RijndaelEncryptionServiceConfig has an empty a 'Key' property.");
}
var expiredKeys = ExtractExpiredKeysFromConfigSection(section);
return BuildRijndaelEncryptionService(section.Key, expiredKeys);
}
public T GetConfiguration <T>() where T : class, new()
{
if (typeof(T) == typeof(RijndaelEncryptionServiceConfig))
{
var config = new RijndaelEncryptionServiceConfig
{
Key = "gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6"
};
return(config as T);
}
// leaving the rest of the configuration as is:
return(ConfigurationManager.GetSection(typeof(T).Name) as T);
}
internal static Dictionary <string, byte[]> ExtractKeysFromConfigSection(RijndaelEncryptionServiceConfig section)
{
var result = new Dictionary <string, byte[]>();
AddKeyIdentifierItems(section, result);
foreach (RijndaelExpiredKey item in section.ExpiredKeys)
{
AddKeyIdentifierItems(item, result);
}
return(result);
}
public void Should_throw_for_null_keys_in_config()
{
var config = new RijndaelEncryptionServiceConfig
{
ExpiredKeys = new RijndaelExpiredKeyCollection
{
new RijndaelExpiredKey()
}
};
var exception = Assert.Throws <Exception>(() => ConfigureRijndaelEncryptionService.ExtractExpiredKeysFromConfigSection(config));
Assert.AreEqual("The RijndaelEncryptionServiceConfig has a 'ExpiredKeys' property defined however some keys have no data.", exception.Message);
}
internal static IEncryptionService ConvertConfigToRijndaelService(RijndaelEncryptionServiceConfig section)
{
if (section == null)
{
throw new Exception("No RijndaelEncryptionServiceConfig defined. Please specify a valid 'RijndaelEncryptionServiceConfig' in your application's configuration file.");
}
if (string.IsNullOrWhiteSpace(section.Key))
{
throw new Exception("The RijndaelEncryptionServiceConfig has an empty a 'Key' property.");
}
var expiredKeys = ExtractExpiredKeysFromConfigSection(section);
return(BuildRijndaelEncryptionService(section.Key, expiredKeys));
}
public static bool ConfigurationHasDuplicateKeyIdentifiers(RijndaelEncryptionServiceConfig section)
{
// Combine all key identifier values, filter the empty ones, split them
return(section
.ExpiredKeys
.Cast <RijndaelExpiredKey>()
.Select(x => x.KeyIdentifier)
.Union(new[] { section.KeyIdentifier })
.Where(x => !string.IsNullOrEmpty(x))
.Select(x => x.Split(';'))
.SelectMany(x => x)
.GroupBy(x => x)
.Any(x => x.Count() > 1));
}
public void Should_be_true_when_key_has_whitespace()
{
var section = new RijndaelEncryptionServiceConfig
{
ExpiredKeys =
{
new RijndaelExpiredKey {
Key = " "
}
}
};
Assert.IsTrue(RijndaelEncryptionServiceConfigValidations.ExpiredKeysHaveWhiteSpace(section));
}
public void Should_be_true_when_key_identifier_not_in_expired_keys()
{
var section = new RijndaelEncryptionServiceConfig
{
ExpiredKeys =
{
new RijndaelExpiredKey {
Key = "Key"
}
}
};
Assert.IsTrue(RijndaelEncryptionServiceConfigValidations.OneOrMoreExpiredKeysHaveNoKeyIdentifier(section));
}
public void Should_be_true_when_encryption_key_in_expirede_keys()
{
var section = new RijndaelEncryptionServiceConfig
{
Key = "Key",
ExpiredKeys = new RijndaelExpiredKeyCollection
{
new RijndaelExpiredKey {
Key = "Key"
},
}
};
Assert.IsTrue(RijndaelEncryptionServiceConfigValidations.EncryptionKeyListedInExpiredKeys(section));
}
public static bool ConfigurationHasDuplicateKeyIdentifiers(RijndaelEncryptionServiceConfig section)
{
// Combine all key identifier values, filter the empty ones, split them
return section
.ExpiredKeys
.Cast<RijndaelExpiredKey>()
.Select(x => x.KeyIdentifier)
.Union(new[]
{
section.KeyIdentifier
})
.Where(x => !string.IsNullOrEmpty(x))
.Select(x => x.Split(';'))
.SelectMany(x => x)
.GroupBy(x => x)
.Any(x => x.Count() > 1);
}
public void Should_for_duplicate_between_key_and_keys_in_config()
{
var config = new RijndaelEncryptionServiceConfig
{
Key = "a",
ExpiredKeys = new RijndaelExpiredKeyCollection
{
new RijndaelExpiredKey
{
Key = "a"
}
}
};
var exception = Assert.Throws <Exception>(() => ConfigureRijndaelEncryptionService.ExtractExpiredKeysFromConfigSection(config));
Assert.AreEqual("The RijndaelEncryptionServiceConfig has a 'Key' that is also defined inside the 'ExpiredKeys'.", exception.Message);
}
public void Should_have_correct_number_of_extracted_keys_without_key_identifier()
{
var section = new RijndaelEncryptionServiceConfig
{
Key = "a",
ExpiredKeys =
{
new RijndaelExpiredKey
{
Key = "b"
}
}
};
var result = ConfigureRijndaelEncryptionService.ExtractDecryptionKeysFromConfigSection(section);
Assert.AreEqual(2, result.Count, "Key count");
}
public void Should_be_true_when_duplicate_key_identifier_in_concat_expired_keys()
{
var section = new RijndaelEncryptionServiceConfig
{
KeyIdentifier = "2",
ExpiredKeys =
{
new RijndaelExpiredKey {
Key = "A", KeyIdentifier = "1;4"
},
new RijndaelExpiredKey {
Key = "B", KeyIdentifier = "3;4"
}
}
};
Assert.IsTrue(RijndaelEncryptionServiceConfigValidations.ConfigurationHasDuplicateKeyIdentifiers(section));
}
public void Duplicates_should_be_skipped()
{
var config = new RijndaelEncryptionServiceConfig
{
ExpiredKeys = new RijndaelExpiredKeyCollection
{
new RijndaelExpiredKey
{
Key = "a"
},
new RijndaelExpiredKey
{
Key = "a"
}
}
};
var keys = ConfigureRijndaelEncryptionService.ExtractExpiredKeysFromConfigSection(config);
Assert.That(new[] { "a" }, Is.EquivalentTo(keys));
}
public void Should_throw_when_expired_keys_has_duplicate_keys()
{
var section = new RijndaelEncryptionServiceConfig
{
ExpiredKeys =
{
new RijndaelExpiredKey {
Key = "Key"
},
}
};
Assert.Throws <ConfigurationErrorsException>(() =>
{
section.ExpiredKeys.Add(new RijndaelExpiredKey
{
Key = "Key",
KeyIdentifier = "ID"
});
}, "The entry 'Key' has already been added.");
}
internal static IDictionary<string, byte[]> ExtractKeysFromConfigSection(RijndaelEncryptionServiceConfig section)
{
var result = new Dictionary<string, byte[]>();
AddKeyIdentifierItems(section, result);
foreach (RijndaelExpiredKey item in section.ExpiredKeys)
{
AddKeyIdentifierItems(item, result);
}
return result;
}
