public void ExpectApplicationIsolationToThrow(string app1, string app2, bool throws)
{
var config = new KmsXmlEncryptorConfig(KmsIntegrationTests.KmsTestingKey);
var sharedStorage = new EphemeralXmlRepository();
var plaintext = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
byte[] encrypted;
{
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.SetApplicationName(app1)
.PersistKeysToEphemeral(sharedStorage)
.ProtectKeysWithAwsKms(config);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var prov = serviceProvider.GetRequiredService <IDataProtectionProvider>().CreateProtector("bob");
encrypted = prov.Protect(plaintext);
}
}
{
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton(kmsClient);
serviceCollection.AddDataProtection()
.SetApplicationName(app2)
.PersistKeysToEphemeral(sharedStorage)
.ProtectKeysWithAwsKms(config);
using (var serviceProvider = serviceCollection.BuildServiceProvider())
{
var prov = serviceProvider.GetRequiredService <IDataProtectionProvider>().CreateProtector("bob");
if (throws)
{
Assert.Throws <CryptographicException>(() => prov.Unprotect(encrypted));
}
else
{
Assert.NotNull(prov.Unprotect(encrypted));
}
}
}
}
public static IDataProtectionBuilder PersistKeysToEphemeral(this IDataProtectionBuilder builder, EphemeralXmlRepository existing)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (existing == null)
{
throw new ArgumentNullException(nameof(existing));
}
builder.Services.Configure <KeyManagementOptions>(options => { options.XmlRepository = existing; });
return(builder);
}
