public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup)
{
_migrator = A.Fake <IClientStoreMigrator>();
_collectionName = "clients_" + Guid.NewGuid();
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName, _encryptionKey, _migrator);
}
public MongoDbClientStoreTests(MongoSetup mongoSetup) : base(mongoSetup)
{
_migrator = A.Fake <IClientStoreMigrator>();
_collectionName = "clients_" + Guid.NewGuid();
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_signatureAlgorithmDataRecordConverter = new SignatureAlgorithmDataRecordConverter(new FakeStringProtectorFactory());
_sut = new MongoDbClientStore(new MongoDatabaseClientProvider(Database), _collectionName, _encryptionKey, _migrator, _signatureAlgorithmDataRecordConverter);
}
public SetSignatureAlgorithm()
{
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_unencryptedKey = "s3cr3t";
_dataRecord = new ClientDataRecord {
V = ClientDataRecord.GetV()
};
}
public FileSystemClientStore(
IFileManager <ClientDataRecord> fileManager,
ISignatureAlgorithmDataRecordConverter signatureAlgorithmDataRecordConverter,
SharedSecretEncryptionKey encryptionKey)
{
_fileManager = fileManager ?? throw new ArgumentNullException(nameof(fileManager));
_signatureAlgorithmDataRecordConverter = signatureAlgorithmDataRecordConverter ?? throw new ArgumentNullException(nameof(signatureAlgorithmDataRecordConverter));
_encryptionKey = encryptionKey;
}
public ToSignatureAlgorithm()
{
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_unencryptedKey = "s3cr3t";
_recordVersion = 2;
_dataRecord = new SignatureAlgorithmDataRecordV2 {
Type = "HMAC",
Parameter = new FakeStringProtector().Protect(_unencryptedKey),
HashAlgorithm = HashAlgorithmName.MD5.Name,
IsParameterEncrypted = true
};
}
public ToSignatureAlgorithm()
{
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_unencryptedKey = "s3cr3t";
_dataRecord = new ClientDataRecord {
SigType = "HMAC",
SigParameter = new FakeStringProtector().Protect(_unencryptedKey),
SigHashAlgorithm = HashAlgorithmName.MD5.Name,
IsSigParameterEncrypted = true,
V = ClientDataRecord.GetV()
};
}
public FileSystemClientStoreTests()
{
var tempFilePath = Path.Combine(Path.GetTempPath(), Guid.NewGuid() + ".xml");
_fileManager = new ClientsFileManager(
new FileReader(),
new FileWriter(),
tempFilePath,
new ClientDataRecordSerializer());
var encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_signatureAlgorithmDataRecordConverter = new SignatureAlgorithmDataRecordConverter(new FakeStringProtectorFactory());
_sut = new FileSystemClientStore(_fileManager, _signatureAlgorithmDataRecordConverter, encryptionKey);
}
private string GetParameterWithEncryption(HMACSignatureAlgorithm hmac, SharedSecretEncryptionKey encryptionKey, out bool isEncrypted)
{
var unencrypted = Encoding.UTF8.GetString(hmac.Key);
if (encryptionKey == SharedSecretEncryptionKey.Empty)
{
isEncrypted = false;
return(unencrypted);
}
isEncrypted = true;
var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey);
return(protector.Protect(unencrypted));
}
private string GetUnencryptedParameter(ClientDataRecord dataRecord, SharedSecretEncryptionKey encryptionKey)
{
if (encryptionKey == SharedSecretEncryptionKey.Empty)
{
return(dataRecord.SigParameter);
}
if (!dataRecord.IsSigParameterEncrypted)
{
return(dataRecord.SigParameter); // The value in the data store is not encrypted
}
var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey);
try {
return(protector.Unprotect(dataRecord.SigParameter));
}
catch (Exception ex) {
throw new SecurityException("Something went wrong during acquisition of the unencrypted symmetric key. See inner exception for details.", ex);
}
}
public MongoDbClientStore(
IMongoDatabaseClientProvider clientProvider,
string collectionName,
SharedSecretEncryptionKey encryptionKey,
IClientStoreMigrator migrator)
{
if (clientProvider == null)
{
throw new ArgumentNullException(nameof(clientProvider));
}
if (string.IsNullOrEmpty(collectionName))
{
throw new ArgumentException("Value cannot be null or empty.", nameof(collectionName));
}
_encryptionKey = encryptionKey;
_migrator = migrator ?? throw new ArgumentNullException(nameof(migrator));
_lazyCollection = new Lazy <IMongoCollection <ClientDataRecordV2> >(() => {
var database = clientProvider.Provide();
return(database.GetCollection <ClientDataRecordV2>(collectionName));
});
}
public ISignatureAlgorithm ToSignatureAlgorithm(ClientDataRecord dataRecord, SharedSecretEncryptionKey encryptionKey)
{
if (dataRecord == null)
{
throw new ArgumentNullException(nameof(dataRecord));
}
switch (dataRecord.SigType)
{
case string str when str.Equals("rsa", StringComparison.OrdinalIgnoreCase):
using (var rsaForVerification = new RSACryptoServiceProvider())
{
rsaForVerification.FromXml(dataRecord.SigParameter);
var paramsForVerification = rsaForVerification.ExportParameters(false);
return(SignatureAlgorithm.CreateForVerification(paramsForVerification, new HashAlgorithmName(dataRecord.SigHashAlgorithm)));
}
case string str when str.Equals("ecdsa", StringComparison.OrdinalIgnoreCase):
using (var ecdsaForVerification = ECDsa.Create())
{
ecdsaForVerification.FromXml(dataRecord.SigParameter);
var paramsForVerification = ecdsaForVerification.ExportParameters(false);
return(SignatureAlgorithm.CreateForVerification(paramsForVerification, new HashAlgorithmName(dataRecord.SigHashAlgorithm)));
}
case string str when str.Equals("hmac", StringComparison.OrdinalIgnoreCase):
var unencryptedKey = GetUnencryptedParameter(dataRecord, encryptionKey);
return(SignatureAlgorithm.CreateForVerification(unencryptedKey, new HashAlgorithmName(dataRecord.SigHashAlgorithm)));
default:
throw new NotSupportedException($"The specified signature algorithm type ({dataRecord.SigHashAlgorithm ?? "[null]"}) cannot be deserialized.");
}
}
public FromSignatureAlgorithm()
{
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_unencryptedKey = "s3cr3t";
}
private string GetUnencryptedParameter(SignatureAlgorithmDataRecord dataRecord, SharedSecretEncryptionKey encryptionKey)
{
var paramValue = XElement.Parse(dataRecord.Param).Value;
if (encryptionKey == SharedSecretEncryptionKey.Empty)
{
return(paramValue);
}
if (!dataRecord.Encrypted)
{
return(paramValue); // The value in the data store is not encrypted
}
var protector = _stringProtectorFactory.CreateSymmetric(encryptionKey);
try {
return(protector.Unprotect(paramValue));
}
catch (Exception ex) {
throw new SecurityException("Something went wrong during acquisition of the unencrypted symmetric key. See inner exception for details.", ex);
}
}
public static SignatureAlgorithmDataRecordV2 FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey)
{
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
return(new SignatureAlgorithmDataRecordV2 {
Type = rsa.Name,
HashAlgorithm = rsa.HashAlgorithm.Name,
Parameter = rsa.GetPublicKey().ToXml(),
IsParameterEncrypted = false
});
case ECDsaSignatureAlgorithm ecdsa:
return(new SignatureAlgorithmDataRecordV2 {
Type = ecdsa.Name,
HashAlgorithm = ecdsa.HashAlgorithm.Name,
Parameter = ecdsa.GetPublicKey().ToXml(),
IsParameterEncrypted = false
});
case HMACSignatureAlgorithm hmac:
return(new SignatureAlgorithmDataRecordV2 {
Type = hmac.Name,
HashAlgorithm = hmac.HashAlgorithm.Name,
Parameter = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted),
IsParameterEncrypted = isEncrypted
});
public void SetSignatureAlgorithm(ClientDataRecord dataRecord, ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey)
{
if (dataRecord == null)
{
throw new ArgumentNullException(nameof(dataRecord));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
dataRecord.SigType = rsa.Name;
dataRecord.SigHashAlgorithm = rsa.HashAlgorithm.Name;
dataRecord.SigParameter = rsa.GetPublicKey().ToXml();
dataRecord.IsSigParameterEncrypted = false;
break;
case ECDsaSignatureAlgorithm ecdsa:
dataRecord.SigType = ecdsa.Name;
dataRecord.SigHashAlgorithm = ecdsa.HashAlgorithm.Name;
dataRecord.SigParameter = ecdsa.GetPublicKey().ToXml();
dataRecord.IsSigParameterEncrypted = false;
break;
case HMACSignatureAlgorithm hmac:
dataRecord.SigType = hmac.Name;
dataRecord.SigHashAlgorithm = hmac.HashAlgorithm.Name;
dataRecord.SigParameter = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted);
dataRecord.IsSigParameterEncrypted = isEncrypted;
break;
default:
throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized.");
}
}
public SignatureAlgorithmDataRecordTests()
{
_encryptionKey = new SharedSecretEncryptionKey("The_Big_Secret");
_unencryptedKey = "s3cr3t";
}
public SignatureAlgorithmDataRecord FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey)
{
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
return(new SignatureAlgorithmDataRecord {
Type = rsa.Name,
Hash = rsa.HashAlgorithm.Name,
Param = rsa.GetPublicKey().ToXml(),
Encrypted = false
});
case ECDsaSignatureAlgorithm ecdsa:
return(new SignatureAlgorithmDataRecord {
Type = ecdsa.Name,
Hash = ecdsa.HashAlgorithm.Name,
Param = ecdsa.GetPublicKey().ToXml(),
Encrypted = false
});
case HMACSignatureAlgorithm hmac:
var paramValue = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted);
var xmlString = new XElement("Secret", paramValue).ToString();
return(new SignatureAlgorithmDataRecord {
Type = hmac.Name,
Hash = hmac.HashAlgorithm.Name,
Param = xmlString,
Encrypted = isEncrypted
});
default:
throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized.");
}
}
