static void TestEncryptedS3(EncryptionMaterials encryptionMaterials)
{
string bucket_Name = null;
AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials);
bucket_Name = TdwUtils.rootBucketName + "encrypted-content";
try
{
AmazonS3Util.DeleteS3BucketWithObjects(s3Client, bucket_Name);
}
catch (Exception ex)
{
ex = null;
}
bucket_Name = TdwUtils.CreateBucket(s3Client, bucket_Name);
string dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPath);
byte[] dataBytes = TdwUtils.FileToArray(dataPath);
PutObjectRequest request = new PutObjectRequest()
{
BucketName = bucket_Name,
Key = TdwUtils.keyName,
InputStream = new MemoryStream(dataBytes)
};
PutObjectResponse response = s3Client.PutObject(request);
Console.WriteLine("===============>TestEncryptedS3 START<===============");
Console.WriteLine("Encryption method was:");
Console.WriteLine(response.ServerSideEncryptionMethod);
Console.WriteLine("===============>TestEncryptedS3 END<===============");
}
public EncryptionTests()
{
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
var response = CallAsyncTask(
kmsClient.CreateKeyAsync(new CreateKeyRequest
{
Description = "Key for .NET integration tests.",
Origin = OriginType.AWS_KMS,
KeyUsage = KeyUsageType.ENCRYPT_DECRYPT
}));
kmsKeyID = response.KeyMetadata.KeyId;
}
var encryptionMaterials = new EncryptionMaterials(RSA.Create());
var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID);
AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);
s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);
s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials);
s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials);
using (StreamWriter writer = File.CreateText(filePath))
{
writer.Write(sampleContent);
}
bucketName = CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileMode, GetType().Name));
}
private static void TestPutGet(AmazonS3EncryptionClient s3EncryptionClient,
string filePath, byte[] inputStreamBytes, string contentBody, S3CannedACL cannedACL, string expectedContent)
{
PutObjectRequest request = new PutObjectRequest()
{
BucketName = bucketName,
Key = "key-" + random.Next(),
FilePath = filePath,
InputStream = inputStreamBytes == null ? null : new MemoryStream(inputStreamBytes),
ContentBody = contentBody,
CannedACL = cannedACL
};
PutObjectResponse response = s3EncryptionClient.PutObject(request);
TestGet(request.Key, expectedContent, s3EncryptionClient);
#if ASYNC_AWAIT
// run the async version of the same test
WaitForAsyncTask(TestPutGetAsync(s3EncryptionClient, filePath, inputStreamBytes, contentBody, cannedACL, expectedContent));
#elif AWS_APM_API
// Run the APM version of the same test
// KMS isn't supported for PutObject and GetObject in the APM.
if (!IsKMSEncryptionClient(s3EncryptionClient))
{
TestPutGetAPM(s3EncryptionClient, filePath, inputStreamBytes, contentBody, cannedACL, expectedContent);
}
#endif
}
private void TestReadJavaObject(AmazonS3EncryptionClient encryptionClient, string s3Key,
Type exceptionType, Regex errorMessageRegex)
{
var request = new GetObjectRequest
{
BucketName = bucketName,
Key = s3Key
};
GetObjectResponse response = null;
if (exceptionType == null && errorMessageRegex == null)
{
response = WrapNoSuchKeyException(encryptionClient, request);
using (var stream = response.ResponseStream)
using (var reader = new StreamReader(stream))
{
Assert.AreEqual(TestObjectContents, reader.ReadToEnd());
}
response.Dispose();
}
else
{
AssertExtensions.ExpectException(() =>
{
response = WrapNoSuchKeyException(encryptionClient, request);
}, exceptionType, errorMessageRegex);
}
}
static async Task <GetObjectResponse> MyPutObjectAsync(EncryptionMaterials materials, string bucketName, string keyName)
{
// CryptoStorageMode.ObjectMetadata is required for KMS EncryptionMaterials
var config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.ObjectMetadata
};
AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(config, materials);
// encrypt and put object
var putRequest = new PutObjectRequest
{
BucketName = bucketName,
Key = keyName,
ContentBody = "object content"
};
await s3Client.PutObjectAsync(putRequest);
// get object and decrypt
var getRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = keyName
};
GetObjectResponse response = await s3Client.GetObjectAsync(getRequest);
return(response);
}
public void Initialize()
{
kmsClient = new AmazonKeyManagementServiceClient(RegionEndpoint.USEast1);
s3Client = new AmazonS3Client(RegionEndpoint.USEast1);
// Create a bucket to store objects related to this test.
bucketName = GetOrCreateBucket(s3Client);
// Create a KMS key, and an S3 object with the KMSKeyID.
kmsKeyID = GetOrCreateKMSKey(s3Client, kmsClient, bucketName);
// Create an S3 object with a symmetric key used for testing.
symmetricAlgorithm = GetOrCreateSymmetricAlgorithm(s3Client, bucketName);
var encryptionMaterials = new EncryptionMaterials(symmetricAlgorithm);
var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID);
AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataMode);
s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileMode);
s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMS);
s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMS);
}
private static bool IsKMSEncryptionClient(AmazonS3EncryptionClient s3EncryptionClient)
{
var encryptionMaterials = ReflectionHelpers.Invoke(s3EncryptionClient, "EncryptionMaterials");
var kmsKeyID = ReflectionHelpers.Invoke(encryptionMaterials, "KMSKeyID");
return(kmsKeyID != null);
}
static void TestDecryptedS3(EncryptionMaterials encryptionMaterials)
{
string bucket_Name = null;
AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials);
bucket_Name = TdwUtils.rootBucketName + "encrypted-content";
bucket_Name = TdwUtils.CreateBucket(s3Client, bucket_Name);
GetObjectRequest getObjectRequest = new GetObjectRequest
{
BucketName = bucket_Name,
Key = TdwUtils.keyName
};
string data = null;
using (GetObjectResponse getObjectResponse = s3Client.GetObject(getObjectRequest))
{
using (var stream = getObjectResponse.ResponseStream)
using (var reader = new StreamReader(stream))
{
data = reader.ReadToEnd();
}
Console.WriteLine("===============>TestDecryptedS3 START<===============");
Console.WriteLine("Encryption method was:");
Console.WriteLine(getObjectResponse.ServerSideEncryptionMethod);
Console.WriteLine("===============> <===============");
}
Console.WriteLine(data);
Console.WriteLine("===============>TestDecryptedS3 END<===============");
}
private void WriteDotNetObject(AmazonS3EncryptionClient client, string s3Key)
{
var request = new PutObjectRequest
{
BucketName = bucketName,
Key = s3Key,
ContentBody = TestObjectContents
};
client.PutObject(request);
}
public EncryptionTestsV1NInteropV2(KmsKeyIdProvider kmsKeyIdProvider) : base(kmsKeyIdProvider)
{
kmsKeyID = _kmsKeyIdProvider.GetKmsIdAsync().GetAwaiter().GetResult();
var rsa = RSA.Create();
var aes = Aes.Create();
var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa);
var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes);
var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID);
var configV1N = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
var asymmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(rsa, AsymmetricAlgorithmType.RsaOaepSha1);
var symmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm);
var kmsEncryptionMaterialsV2 = new EncryptionMaterialsV2(kmsKeyID, KmsType.KmsContext, new Dictionary <string, string>());
metadataConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy)
{
StorageMode = CryptoStorageMode.ObjectMetadata,
};
fileConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy)
{
StorageMode = CryptoStorageMode.InstructionFile,
};
#pragma warning disable 0618
s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N);
s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N);
s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N);
s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N);
#pragma warning restore 0618
s3EncryptionClientMetadataModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, asymmetricEncryptionMaterialsV2);
s3EncryptionClientFileModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, asymmetricEncryptionMaterialsV2);
s3EncryptionClientMetadataModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, symmetricEncryptionMaterialsV2);
s3EncryptionClientFileModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, symmetricEncryptionMaterialsV2);
s3EncryptionClientMetadataModeKMSV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, kmsEncryptionMaterialsV2);
s3EncryptionClientFileModeKMSV2 = new AmazonS3EncryptionClientV2(fileConfigV2, kmsEncryptionMaterialsV2);
using (var writer = File.CreateText(filePath))
{
writer.Write(SampleContent);
}
bucketName = EncryptionTestsUtils.CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileModeAsymmetricWrapV1N));
}
public static void Main(string[] args)
{
string kmsKeyID = null;
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
var response = kmsClient.CreateKey(new CreateKeyRequest());
kmsKeyID = response.KeyMetadata.KeyId;
var keyMetadata = response.KeyMetadata; // An object that contains information about the CMK created by this operation.
var bucketName = "<s3bucket>";
var objectKey = "key";
var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID);
// CryptoStorageMode.ObjectMetadata is required for KMS EncryptionMaterials
var config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.ObjectMetadata
};
using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials))
{
// encrypt and put object
var putRequest = new PutObjectRequest
{
BucketName = bucketName,
Key = objectKey,
ContentBody = "object content"
};
s3Client.PutObject(putRequest);
// get object and decrypt
var getRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = objectKey
};
using (var getResponse = s3Client.GetObject(getRequest))
using (var stream = getResponse.ResponseStream)
using (var reader = new StreamReader(stream))
{
Console.WriteLine(reader.ReadToEnd());
}
}
}
Console.WriteLine("Press any key to continue...");
Console.ReadKey();
}
private static void TestPutGetAPM(AmazonS3EncryptionClient s3EncryptionClient,
string filePath, byte[] inputStreamBytes, string contentBody, S3CannedACL cannedACL, string expectedContent)
{
PutObjectRequest request = new PutObjectRequest()
{
BucketName = bucketName,
Key = "key-" + random.Next(),
FilePath = filePath,
InputStream = inputStreamBytes == null ? null : new MemoryStream(inputStreamBytes),
ContentBody = contentBody,
CannedACL = cannedACL
};
PutObjectResponse response = s3EncryptionClient.EndPutObject(s3EncryptionClient.BeginPutObject(request, null, null));
TestGetAPM(request.Key, expectedContent, s3EncryptionClient);
}
private async static System.Threading.Tasks.Task TestPutGetAsync(AmazonS3EncryptionClient s3EncryptionClient,
string filePath, byte[] inputStreamBytes, string contentBody, S3CannedACL cannedACL, string expectedContent)
{
PutObjectRequest request = new PutObjectRequest()
{
BucketName = bucketName,
Key = "key-" + random.Next(),
FilePath = filePath,
InputStream = inputStreamBytes == null ? null : new MemoryStream(inputStreamBytes),
ContentBody = contentBody,
CannedACL = cannedACL
};
PutObjectResponse response = await s3EncryptionClient.PutObjectAsync(request).ConfigureAwait(false);
await TestGetAsync(request.Key, expectedContent, s3EncryptionClient).ConfigureAwait(false);
}
private static void TestGet(string key, string uploadedData, AmazonS3EncryptionClient s3EncryptionClient)
{
GetObjectRequest getObjectRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = key
};
using (GetObjectResponse getObjectResponse = s3EncryptionClient.GetObject(getObjectRequest))
using (var stream = getObjectResponse.ResponseStream)
using (var reader = new StreamReader(stream))
{
string data = reader.ReadToEnd();
Assert.AreEqual(uploadedData, data);
}
}
public static void TestTransferUtility(AmazonS3EncryptionClient s3EncryptionClient)
{
var directory = TransferUtilityTests.CreateTestDirectory(10 * TransferUtilityTests.KILO_SIZE);
var keyPrefix = directory.Name;
var directoryPath = directory.FullName;
using (var transferUtility = new Amazon.S3.Transfer.TransferUtility(s3EncryptionClient))
{
TransferUtilityUploadDirectoryRequest uploadRequest = CreateUploadDirRequest(directoryPath, keyPrefix);
transferUtility.UploadDirectory(uploadRequest);
var newDir = TransferUtilityTests.GenerateDirectoryPath();
transferUtility.DownloadDirectory(bucketName, keyPrefix, newDir);
TransferUtilityTests.ValidateDirectoryContents(s3EncryptionClient, bucketName, keyPrefix, directory);
}
}
#pragma warning restore 0618
public EncryptionTestsV1InteropV1N(KmsKeyIdProvider kmsKeyIdProvider) : base(kmsKeyIdProvider)
{
kmsKeyID = _kmsKeyIdProvider.GetKmsIdAsync().GetAwaiter().GetResult();
var rsa = RSA.Create();
var aes = Aes.Create();
var asymmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(rsa);
var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa);
var symmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(aes);
var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes);
var kmsEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(kmsKeyID);
var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID);
var configV1 = new Amazon.S3.Encryption.AmazonS3CryptoConfiguration()
{
StorageMode = Amazon.S3.Encryption.CryptoStorageMode.InstructionFile
};
var configV1N = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientMetadataModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1);
s3EncryptionClientFileModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, asymmetricEncryptionMaterialsV1);
s3EncryptionClientMetadataModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1);
s3EncryptionClientFileModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, symmetricEncryptionMaterialsV1);
s3EncryptionClientMetadataModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(kmsEncryptionMaterialsV1);
s3EncryptionClientFileModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, kmsEncryptionMaterialsV1);
#pragma warning disable 0618
s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N);
s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N);
s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N);
s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N);
#pragma warning restore 0618
using (var writer = File.CreateText(filePath))
{
writer.Write(SampleContent);
}
bucketName = EncryptionTestsUtils.CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileModeAsymmetricWrapV1));
}
private async Task TestGetAsync(string key, string uploadedData, AmazonS3EncryptionClient s3EncryptionClient)
{
GetObjectRequest getObjectRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = key
};
using (GetObjectResponse getObjectResponse = await s3EncryptionClient.GetObjectAsync(getObjectRequest).ConfigureAwait(false))
{
using (var stream = getObjectResponse.ResponseStream)
using (var reader = new StreamReader(stream))
{
string data = reader.ReadToEnd();
Assert.Equal(uploadedData, data);
}
}
}
public static void Initialize(TestContext a)
{
EncryptionMaterials encryptionMaterials = new EncryptionMaterials(generateAsymmetricProvider());
s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);
AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);
using (StreamWriter writer = File.CreateText(fileName))
{
writer.Write(sampleContent);
}
bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode);
}
private static void TestGet2(string key, string uploadedFile, AmazonS3EncryptionClient s3EncryptionClient)
{
GetObjectRequest getObjectRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = key
};
var destinationFile = fileName + ".downloaded";
using (GetObjectResponse getObjectResponse = s3EncryptionClient.GetObject(getObjectRequest))
{
getObjectResponse.WriteResponseStreamToFile(destinationFile);
}
var originalMd5 = HashFile(uploadedFile);
var downloadedMd5 = HashFile(destinationFile);
Assert.AreEqual(originalMd5, downloadedMd5);
}
public EncryptionTests()
{
s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);
AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);
filePath = Path.Combine(Path.GetTempPath(), "EncryptionPutObjectFile.txt");
using (StreamWriter writer = File.CreateText(filePath))
{
writer.Write(sampleContent);
}
_filesToDelete.Add(filePath);
bucketName = UtilityMethods.CreateBucketAsync(s3EncryptionClientFileMode, "EncryptionTests").Result;
}
public static void Initialize(TestContext a)
{
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
var response = kmsClient.CreateKey(new CreateKeyRequest
{
Description = "Key for .NET integration tests.",
Origin = OriginType.AWS_KMS,
KeyUsage = KeyUsageType.ENCRYPT_DECRYPT
});
kmsKeyID = response.KeyMetadata.KeyId;
}
var encryptionMaterials = new EncryptionMaterials(RSA.Create());
var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID);
AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataMode);
s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileMode);
s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMS);
s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMS);
using (StreamWriter writer = File.CreateText(filePath))
{
writer.Write(sampleContent);
}
bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode);
}
private static GetObjectResponse WrapNoSuchKeyException(AmazonS3EncryptionClient encryptionClient, GetObjectRequest request)
{
GetObjectResponse response;
try
{
response = encryptionClient.GetObject(request);
}
catch (Exception e)
{
AmazonS3Exception s3Exception = e as AmazonS3Exception;
if (s3Exception != null && NoSuchKeyErrorCode.Equals(s3Exception.ErrorCode))
{
throw new Exception("One or more of the objects expected to be written by the Java test are missing. " +
"Please run EncryptionInteropTest.java and then re-run this test.");
}
else
{
throw;
}
}
return(response);
}
public async Task <string> ReadValue(string key)
{
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
string kmsKeyID = null;
var response = await kmsClient.CreateKeyAsync(new CreateKeyRequest());
kmsKeyID = response.KeyMetadata.KeyId;
var keyMetadata = response.KeyMetadata;
var bucketName = "<your S3 bucket name>";
var objectKey = key;
var kmsEncryptionMaterials = new EncryptionMaterials(key);
var config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.ObjectMetadata
};
using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials))
{
var getRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = objectKey
};
using (var getResponse = await s3Client.GetObjectAsync(getRequest))
using (var stream = getResponse.ResponseStream)
using (var reader = new StreamReader(stream))
{
return(reader.ReadToEnd());
}
}
}
}
public async Task <bool> WriteValue(string key, string value)
{
using (var kmsClient = new AmazonKeyManagementServiceClient())
{
var response = await kmsClient.CreateKeyAsync(new CreateKeyRequest());
string kmsKeyID = response.KeyMetadata.KeyId;
var keyMetadata = response.KeyMetadata;
var bucketName = "<your S3 bucket name>";
var objectKey = key;
var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID);
var config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.ObjectMetadata
};
using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials))
{
var putRequest = new PutObjectRequest
{
BucketName = bucketName,
Key = objectKey,
ContentBody = value
};
var obj = await s3Client.PutObjectAsync(putRequest);
if (obj.HttpStatusCode == HttpStatusCode.OK)
{
return(true);
}
}
}
return(false);
}
/// <summary>
/// Construct an instance SetupEncryptionHandler.
/// </summary>
/// <param name="encryptionClient"></param>
public SetupEncryptionHandler(AmazonS3EncryptionClient encryptionClient)
{
this.EncryptionClient = encryptionClient;
}
public EncryptionTestsV1NInteropV2() : base(KmsKeyIdProvider.Instance)
{
kmsKeyID = _kmsKeyIdProvider.GetKmsId();
var rsa = RSA.Create();
var aes = Aes.Create();
var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa);
var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes);
var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID);
var configV1N = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
var asymmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(rsa, AsymmetricAlgorithmType.RsaOaepSha1);
var symmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm);
var kmsEncryptionMaterialsV2 =
new EncryptionMaterialsV2(kmsKeyID, KmsType.KmsContext, new Dictionary <string, string>());
fileConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy)
{
StorageMode = CryptoStorageMode.InstructionFile,
};
metadataConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy)
{
StorageMode = CryptoStorageMode.ObjectMetadata,
};
s3EncryptionClientMetadataModeAsymmetricWrapV1N =
new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N);
s3EncryptionClientFileModeAsymmetricWrapV1N =
new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeSymmetricWrapV1N =
new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N);
s3EncryptionClientFileModeSymmetricWrapV1N =
new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N);
s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N);
s3EncryptionClientMetadataModeAsymmetricWrapV2 =
new AmazonS3EncryptionClientV2(metadataConfigV2, asymmetricEncryptionMaterialsV2);
s3EncryptionClientFileModeAsymmetricWrapV2 =
new AmazonS3EncryptionClientV2(fileConfigV2, asymmetricEncryptionMaterialsV2);
s3EncryptionClientMetadataModeSymmetricWrapV2 =
new AmazonS3EncryptionClientV2(metadataConfigV2, symmetricEncryptionMaterialsV2);
s3EncryptionClientFileModeSymmetricWrapV2 =
new AmazonS3EncryptionClientV2(fileConfigV2, symmetricEncryptionMaterialsV2);
s3EncryptionClientMetadataModeKMSV2 =
new AmazonS3EncryptionClientV2(metadataConfigV2, kmsEncryptionMaterialsV2);
s3EncryptionClientFileModeKMSV2 = new AmazonS3EncryptionClientV2(fileConfigV2, kmsEncryptionMaterialsV2);
using (var writer = File.CreateText(filePath))
{
writer.Write(SampleContent);
}
bucketName = S3TestUtils.CreateBucketWithWait(s3EncryptionClientFileModeAsymmetricWrapV1N);
}
private async Task <Secret> GetSecretObject(string secretName, string secretVersion, string metadaatVersion, string objectKey, MetadataCollection metadata, AmazonS3EncryptionClient s3EncryptedClient)
{
var secret = new Secret()
{
Name = secretName,
Version = metadaatVersion,
UserMetadata = GetUserMetadata(metadata)
};
var getObjectRequest = new GetObjectRequest {
BucketName = BucketName, Key = objectKey
};
if (!string.IsNullOrEmpty(secretVersion))
{
getObjectRequest.VersionId = secretVersion;
}
var downloadedSecret = await s3EncryptedClient.GetObjectAsync(getObjectRequest);
secret.Value = await GetByteArray(downloadedSecret);
secret.LastModified = downloadedSecret.LastModified;
logger.Info($"downloaded secret {secretName}");
return(secret);
}
public void MultipartEncryptionTestAPM(AmazonS3EncryptionClient s3EncryptionClient)
{
var nextRandom = random.Next();
var filePath = @"C:\temp\multi-" + nextRandom + ".txt";
var retrievedFilepath = @"C:\temp\retreived-" + nextRandom + ".txt";
var totalSize = MegSize * 15;
UtilityMethods.GenerateFile(filePath, totalSize);
string key = "key-" + random.Next();
Stream inputStream = File.OpenRead(filePath);
try
{
InitiateMultipartUploadRequest initRequest = new InitiateMultipartUploadRequest()
{
BucketName = bucketName,
Key = key,
StorageClass = S3StorageClass.ReducedRedundancy,
ContentType = "text/html",
CannedACL = S3CannedACL.PublicRead
};
InitiateMultipartUploadResponse initResponse = null;
if (IsKMSEncryptionClient(s3EncryptionClient))
{
initResponse = s3EncryptionClient.InitiateMultipartUpload(initRequest);
}
else
{
initResponse = s3EncryptionClient.EndInitiateMultipartUpload(
s3EncryptionClient.BeginInitiateMultipartUpload(initRequest, null, null));
}
// Upload part 1
UploadPartRequest uploadRequest = new UploadPartRequest()
{
BucketName = bucketName,
Key = key,
UploadId = initResponse.UploadId,
PartNumber = 1,
PartSize = 5 * MegSize,
InputStream = inputStream,
};
UploadPartResponse up1Response = s3EncryptionClient.EndUploadPart(
s3EncryptionClient.BeginUploadPart(uploadRequest, null, null));
// Upload part 2
uploadRequest = new UploadPartRequest()
{
BucketName = bucketName,
Key = key,
UploadId = initResponse.UploadId,
PartNumber = 2,
PartSize = 5 * MegSize,
InputStream = inputStream,
};
UploadPartResponse up2Response = s3EncryptionClient.EndUploadPart(
s3EncryptionClient.BeginUploadPart(uploadRequest, null, null));
// Upload part 3
uploadRequest = new UploadPartRequest()
{
BucketName = bucketName,
Key = key,
UploadId = initResponse.UploadId,
PartNumber = 3,
InputStream = inputStream,
IsLastPart = true
};
UploadPartResponse up3Response = s3EncryptionClient.EndUploadPart(
s3EncryptionClient.BeginUploadPart(uploadRequest, null, null));
ListPartsRequest listPartRequest = new ListPartsRequest()
{
BucketName = bucketName,
Key = key,
UploadId = initResponse.UploadId
};
ListPartsResponse listPartResponse = s3EncryptionClient.EndListParts(
s3EncryptionClient.BeginListParts(listPartRequest, null, null));
Assert.AreEqual(3, listPartResponse.Parts.Count);
Assert.AreEqual(up1Response.PartNumber, listPartResponse.Parts[0].PartNumber);
Assert.AreEqual(up1Response.ETag, listPartResponse.Parts[0].ETag);
Assert.AreEqual(up2Response.PartNumber, listPartResponse.Parts[1].PartNumber);
Assert.AreEqual(up2Response.ETag, listPartResponse.Parts[1].ETag);
Assert.AreEqual(up3Response.PartNumber, listPartResponse.Parts[2].PartNumber);
Assert.AreEqual(up3Response.ETag, listPartResponse.Parts[2].ETag);
listPartRequest.MaxParts = 1;
listPartResponse = s3EncryptionClient.EndListParts(
s3EncryptionClient.BeginListParts(listPartRequest, null, null));
Assert.AreEqual(1, listPartResponse.Parts.Count);
// Complete the response
CompleteMultipartUploadRequest compRequest = new CompleteMultipartUploadRequest()
{
BucketName = bucketName,
Key = key,
UploadId = initResponse.UploadId
};
compRequest.AddPartETags(up1Response, up2Response, up3Response);
CompleteMultipartUploadResponse compResponse = s3EncryptionClient.EndCompleteMultipartUpload(
s3EncryptionClient.BeginCompleteMultipartUpload(compRequest, null, null));
Assert.AreEqual(bucketName, compResponse.BucketName);
Assert.IsNotNull(compResponse.ETag);
Assert.AreEqual(key, compResponse.Key);
Assert.IsNotNull(compResponse.Location);
// Get the file back from S3 and make sure it is still the same.
GetObjectRequest getRequest = new GetObjectRequest()
{
BucketName = bucketName,
Key = key
};
GetObjectResponse getResponse = null;
if (IsKMSEncryptionClient(s3EncryptionClient))
{
getResponse = s3EncryptionClient.GetObject(getRequest);
}
else
{
getResponse = s3EncryptionClient.EndGetObject(
s3EncryptionClient.BeginGetObject(getRequest, null, null));
}
getResponse.WriteResponseStreamToFile(retrievedFilepath);
UtilityMethods.CompareFiles(filePath, retrievedFilepath);
GetObjectMetadataRequest metaDataRequest = new GetObjectMetadataRequest()
{
BucketName = bucketName,
Key = key
};
GetObjectMetadataResponse metaDataResponse = s3EncryptionClient.EndGetObjectMetadata(
s3EncryptionClient.BeginGetObjectMetadata(metaDataRequest, null, null));
Assert.AreEqual("text/html", metaDataResponse.Headers.ContentType);
}
finally
{
inputStream.Close();
if (File.Exists(filePath))
{
File.Delete(filePath);
}
if (File.Exists(retrievedFilepath))
{
File.Delete(retrievedFilepath);
}
}
}
static void UploadFileWithClientSideEncryption(string filePath)
{
string kmsKeyID = null;
var objectKey = System.IO.Path.GetFileName(filePath);
using (var kmsClient = new AmazonKeyManagementServiceClient(defaultEndpoint))
{
// var response = kmsClient.CreateKeyAsync(new CreateKeyRequest()).GetAwaiter().GetResult();
kmsKeyID = GetKeyByAlias(keyName, kmsClient);
// var keyMetadata = keyData?.KeyMetadata; // An object that contains information about the CMK created by this operation.
var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID);
//set encryption context
using (var s3Client = new AmazonS3EncryptionClient(defaultEndpoint, kmsEncryptionMaterials))
{
// encrypt and put object
var putRequest = new PutObjectRequest
{
BucketName = bucketName,
Key = objectKey,
FilePath = filePath
};
putRequest.Metadata.Add("x-amz-meta-moo", "This is a test");
// putRequest.Headers["x-amz-matdesc"] = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(jsonStringEncryptionContext));
putRequest.Headers["x-amz-server-side-encryption"] = "aws:kms";
putRequest.Headers["x-amz-server-side-encryption-aws-kms-key-id"] = kmsKeyID;
putRequest.Headers["x-amz-server-side-encryption-context"] = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(jsonStringEncryptionContext));
s3Client.PutObjectAsync(putRequest).GetAwaiter().GetResult();
}
// The KeyID is actually embedded in the metadata of the object and the encryptionclient automatically looks it up so you don't actually have to do that yourself
var kem2 = new EncryptionMaterials("1111111-11111-11111111-11111111");
using (var s3Client2 = new AmazonS3EncryptionClient(defaultEndpoint, kem2))
{
// get object and decrypt
var getRequest = new GetObjectRequest
{
BucketName = bucketName,
Key = objectKey
};
string fPath2 = System.IO.Path.Combine(System.IO.Path.GetDirectoryName(filePath), System.IO.Path.GetFileNameWithoutExtension(filePath) + "_" + new Random().Next(0, 1000).ToString() + System.IO.Path.GetExtension(filePath));
using (var getResponse = s3Client2.GetObjectAsync(getRequest).GetAwaiter().GetResult())
using (var stream = getResponse.ResponseStream)
using (var reader = new StreamReader(stream))
{
using (var fileStream = new FileStream(fPath2, FileMode.Create, FileAccess.Write))
{
stream.CopyTo(fileStream);
fileStream.Flush();
fileStream.Close();
}
}
Console.WriteLine($"Object written to {fPath2}");
}
}
Console.WriteLine("Press any key to continue...");
Console.ReadKey();
}
public SetupEncryptionHandler(AmazonS3EncryptionClient encryptionClient)
{
this.EncryptionClient = encryptionClient;
}
#pragma warning restore 0618
public EncryptionTestsV1InteropV1N() : base(KmsKeyIdProvider.Instance)
{
filePath = Path.Combine(Path.GetTempPath(), $"EncryptionPutObjectFile-{Guid.NewGuid()}.txt");
kmsKeyID = _kmsKeyIdProvider.GetKmsId();
var rsa = RSA.Create();
var aes = Aes.Create();
var asymmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(rsa);
var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa);
var symmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(aes);
var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes);
var kmsEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(kmsKeyID);
var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID);
var configV1 = new Amazon.S3.Encryption.AmazonS3CryptoConfiguration()
{
StorageMode = Amazon.S3.Encryption.CryptoStorageMode.InstructionFile
};
var configV1N = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientMetadataModeAsymmetricWrapV1 =
new Amazon.S3.Encryption.AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeAsymmetricWrapV1);
s3EncryptionClientFileModeAsymmetricWrapV1 =
new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, asymmetricEncryptionMaterialsV1);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeAsymmetricWrapV1);
s3EncryptionClientMetadataModeSymmetricWrapV1 =
new Amazon.S3.Encryption.AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeSymmetricWrapV1);
s3EncryptionClientFileModeSymmetricWrapV1 =
new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, symmetricEncryptionMaterialsV1);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeSymmetricWrapV1);
s3EncryptionClientMetadataModeKMSV1 =
new Amazon.S3.Encryption.AmazonS3EncryptionClient(kmsEncryptionMaterialsV1);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMSV1);
s3EncryptionClientFileModeKMSV1 =
new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, kmsEncryptionMaterialsV1);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMSV1);
s3EncryptionClientMetadataModeAsymmetricWrapV1N =
new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeAsymmetricWrapV1N);
s3EncryptionClientFileModeAsymmetricWrapV1N =
new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeAsymmetricWrapV1N);
s3EncryptionClientMetadataModeSymmetricWrapV1N =
new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeSymmetricWrapV1N);
s3EncryptionClientFileModeSymmetricWrapV1N =
new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeSymmetricWrapV1N);
s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N);
RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMSV1N);
s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N);
RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMSV1N);
using (var writer = File.CreateText(filePath))
{
writer.Write(SampleContent);
}
bucketName = S3TestUtils.CreateBucketWithWait(s3EncryptionClientFileModeAsymmetricWrapV1);
}
