static void TestEncryptedS3(EncryptionMaterials encryptionMaterials) { string bucket_Name = null; AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials); bucket_Name = TdwUtils.rootBucketName + "encrypted-content"; try { AmazonS3Util.DeleteS3BucketWithObjects(s3Client, bucket_Name); } catch (Exception ex) { ex = null; } bucket_Name = TdwUtils.CreateBucket(s3Client, bucket_Name); string dataPath = TdwUtils.bingPathToAppDir(TdwUtils.cfClassPath); byte[] dataBytes = TdwUtils.FileToArray(dataPath); PutObjectRequest request = new PutObjectRequest() { BucketName = bucket_Name, Key = TdwUtils.keyName, InputStream = new MemoryStream(dataBytes) }; PutObjectResponse response = s3Client.PutObject(request); Console.WriteLine("===============>TestEncryptedS3 START<==============="); Console.WriteLine("Encryption method was:"); Console.WriteLine(response.ServerSideEncryptionMethod); Console.WriteLine("===============>TestEncryptedS3 END<==============="); }
public EncryptionTests() { using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = CallAsyncTask( kmsClient.CreateKeyAsync(new CreateKeyRequest { Description = "Key for .NET integration tests.", Origin = OriginType.AWS_KMS, KeyUsage = KeyUsageType.ENCRYPT_DECRYPT })); kmsKeyID = response.KeyMetadata.KeyId; } var encryptionMaterials = new EncryptionMaterials(RSA.Create()); var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials); s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials); using (StreamWriter writer = File.CreateText(filePath)) { writer.Write(sampleContent); } bucketName = CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileMode, GetType().Name)); }
private static void TestPutGet(AmazonS3EncryptionClient s3EncryptionClient, string filePath, byte[] inputStreamBytes, string contentBody, S3CannedACL cannedACL, string expectedContent) { PutObjectRequest request = new PutObjectRequest() { BucketName = bucketName, Key = "key-" + random.Next(), FilePath = filePath, InputStream = inputStreamBytes == null ? null : new MemoryStream(inputStreamBytes), ContentBody = contentBody, CannedACL = cannedACL }; PutObjectResponse response = s3EncryptionClient.PutObject(request); TestGet(request.Key, expectedContent, s3EncryptionClient); #if ASYNC_AWAIT // run the async version of the same test WaitForAsyncTask(TestPutGetAsync(s3EncryptionClient, filePath, inputStreamBytes, contentBody, cannedACL, expectedContent)); #elif AWS_APM_API // Run the APM version of the same test // KMS isn't supported for PutObject and GetObject in the APM. if (!IsKMSEncryptionClient(s3EncryptionClient)) { TestPutGetAPM(s3EncryptionClient, filePath, inputStreamBytes, contentBody, cannedACL, expectedContent); } #endif }
private void TestReadJavaObject(AmazonS3EncryptionClient encryptionClient, string s3Key, Type exceptionType, Regex errorMessageRegex) { var request = new GetObjectRequest { BucketName = bucketName, Key = s3Key }; GetObjectResponse response = null; if (exceptionType == null && errorMessageRegex == null) { response = WrapNoSuchKeyException(encryptionClient, request); using (var stream = response.ResponseStream) using (var reader = new StreamReader(stream)) { Assert.AreEqual(TestObjectContents, reader.ReadToEnd()); } response.Dispose(); } else { AssertExtensions.ExpectException(() => { response = WrapNoSuchKeyException(encryptionClient, request); }, exceptionType, errorMessageRegex); } }
static async Task <GetObjectResponse> MyPutObjectAsync(EncryptionMaterials materials, string bucketName, string keyName) { // CryptoStorageMode.ObjectMetadata is required for KMS EncryptionMaterials var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(config, materials); // encrypt and put object var putRequest = new PutObjectRequest { BucketName = bucketName, Key = keyName, ContentBody = "object content" }; await s3Client.PutObjectAsync(putRequest); // get object and decrypt var getRequest = new GetObjectRequest { BucketName = bucketName, Key = keyName }; GetObjectResponse response = await s3Client.GetObjectAsync(getRequest); return(response); }
public void Initialize() { kmsClient = new AmazonKeyManagementServiceClient(RegionEndpoint.USEast1); s3Client = new AmazonS3Client(RegionEndpoint.USEast1); // Create a bucket to store objects related to this test. bucketName = GetOrCreateBucket(s3Client); // Create a KMS key, and an S3 object with the KMSKeyID. kmsKeyID = GetOrCreateKMSKey(s3Client, kmsClient, bucketName); // Create an S3 object with a symmetric key used for testing. symmetricAlgorithm = GetOrCreateSymmetricAlgorithm(s3Client, bucketName); var encryptionMaterials = new EncryptionMaterials(symmetricAlgorithm); var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataMode); s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileMode); s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMS); s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMS); }
private static bool IsKMSEncryptionClient(AmazonS3EncryptionClient s3EncryptionClient) { var encryptionMaterials = ReflectionHelpers.Invoke(s3EncryptionClient, "EncryptionMaterials"); var kmsKeyID = ReflectionHelpers.Invoke(encryptionMaterials, "KMSKeyID"); return(kmsKeyID != null); }
static void TestDecryptedS3(EncryptionMaterials encryptionMaterials) { string bucket_Name = null; AmazonS3EncryptionClient s3Client = new AmazonS3EncryptionClient(encryptionMaterials); bucket_Name = TdwUtils.rootBucketName + "encrypted-content"; bucket_Name = TdwUtils.CreateBucket(s3Client, bucket_Name); GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucket_Name, Key = TdwUtils.keyName }; string data = null; using (GetObjectResponse getObjectResponse = s3Client.GetObject(getObjectRequest)) { using (var stream = getObjectResponse.ResponseStream) using (var reader = new StreamReader(stream)) { data = reader.ReadToEnd(); } Console.WriteLine("===============>TestDecryptedS3 START<==============="); Console.WriteLine("Encryption method was:"); Console.WriteLine(getObjectResponse.ServerSideEncryptionMethod); Console.WriteLine("===============> <==============="); } Console.WriteLine(data); Console.WriteLine("===============>TestDecryptedS3 END<==============="); }
private void WriteDotNetObject(AmazonS3EncryptionClient client, string s3Key) { var request = new PutObjectRequest { BucketName = bucketName, Key = s3Key, ContentBody = TestObjectContents }; client.PutObject(request); }
public EncryptionTestsV1NInteropV2(KmsKeyIdProvider kmsKeyIdProvider) : base(kmsKeyIdProvider) { kmsKeyID = _kmsKeyIdProvider.GetKmsIdAsync().GetAwaiter().GetResult(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; var asymmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(rsa, AsymmetricAlgorithmType.RsaOaepSha1); var symmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm); var kmsEncryptionMaterialsV2 = new EncryptionMaterialsV2(kmsKeyID, KmsType.KmsContext, new Dictionary <string, string>()); metadataConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.ObjectMetadata, }; fileConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.InstructionFile, }; #pragma warning disable 0618 s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); #pragma warning restore 0618 s3EncryptionClientMetadataModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientFileModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientFileModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeKMSV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, kmsEncryptionMaterialsV2); s3EncryptionClientFileModeKMSV2 = new AmazonS3EncryptionClientV2(fileConfigV2, kmsEncryptionMaterialsV2); using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = EncryptionTestsUtils.CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileModeAsymmetricWrapV1N)); }
public static void Main(string[] args) { string kmsKeyID = null; using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = kmsClient.CreateKey(new CreateKeyRequest()); kmsKeyID = response.KeyMetadata.KeyId; var keyMetadata = response.KeyMetadata; // An object that contains information about the CMK created by this operation. var bucketName = "<s3bucket>"; var objectKey = "key"; var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); // CryptoStorageMode.ObjectMetadata is required for KMS EncryptionMaterials var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials)) { // encrypt and put object var putRequest = new PutObjectRequest { BucketName = bucketName, Key = objectKey, ContentBody = "object content" }; s3Client.PutObject(putRequest); // get object and decrypt var getRequest = new GetObjectRequest { BucketName = bucketName, Key = objectKey }; using (var getResponse = s3Client.GetObject(getRequest)) using (var stream = getResponse.ResponseStream) using (var reader = new StreamReader(stream)) { Console.WriteLine(reader.ReadToEnd()); } } } Console.WriteLine("Press any key to continue..."); Console.ReadKey(); }
private static void TestPutGetAPM(AmazonS3EncryptionClient s3EncryptionClient, string filePath, byte[] inputStreamBytes, string contentBody, S3CannedACL cannedACL, string expectedContent) { PutObjectRequest request = new PutObjectRequest() { BucketName = bucketName, Key = "key-" + random.Next(), FilePath = filePath, InputStream = inputStreamBytes == null ? null : new MemoryStream(inputStreamBytes), ContentBody = contentBody, CannedACL = cannedACL }; PutObjectResponse response = s3EncryptionClient.EndPutObject(s3EncryptionClient.BeginPutObject(request, null, null)); TestGetAPM(request.Key, expectedContent, s3EncryptionClient); }
private async static System.Threading.Tasks.Task TestPutGetAsync(AmazonS3EncryptionClient s3EncryptionClient, string filePath, byte[] inputStreamBytes, string contentBody, S3CannedACL cannedACL, string expectedContent) { PutObjectRequest request = new PutObjectRequest() { BucketName = bucketName, Key = "key-" + random.Next(), FilePath = filePath, InputStream = inputStreamBytes == null ? null : new MemoryStream(inputStreamBytes), ContentBody = contentBody, CannedACL = cannedACL }; PutObjectResponse response = await s3EncryptionClient.PutObjectAsync(request).ConfigureAwait(false); await TestGetAsync(request.Key, expectedContent, s3EncryptionClient).ConfigureAwait(false); }
private static void TestGet(string key, string uploadedData, AmazonS3EncryptionClient s3EncryptionClient) { GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucketName, Key = key }; using (GetObjectResponse getObjectResponse = s3EncryptionClient.GetObject(getObjectRequest)) using (var stream = getObjectResponse.ResponseStream) using (var reader = new StreamReader(stream)) { string data = reader.ReadToEnd(); Assert.AreEqual(uploadedData, data); } }
public static void TestTransferUtility(AmazonS3EncryptionClient s3EncryptionClient) { var directory = TransferUtilityTests.CreateTestDirectory(10 * TransferUtilityTests.KILO_SIZE); var keyPrefix = directory.Name; var directoryPath = directory.FullName; using (var transferUtility = new Amazon.S3.Transfer.TransferUtility(s3EncryptionClient)) { TransferUtilityUploadDirectoryRequest uploadRequest = CreateUploadDirRequest(directoryPath, keyPrefix); transferUtility.UploadDirectory(uploadRequest); var newDir = TransferUtilityTests.GenerateDirectoryPath(); transferUtility.DownloadDirectory(bucketName, keyPrefix, newDir); TransferUtilityTests.ValidateDirectoryContents(s3EncryptionClient, bucketName, keyPrefix, directory); } }
#pragma warning restore 0618 public EncryptionTestsV1InteropV1N(KmsKeyIdProvider kmsKeyIdProvider) : base(kmsKeyIdProvider) { kmsKeyID = _kmsKeyIdProvider.GetKmsIdAsync().GetAwaiter().GetResult(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(rsa); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(aes); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(kmsKeyID); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1 = new Amazon.S3.Encryption.AmazonS3CryptoConfiguration() { StorageMode = Amazon.S3.Encryption.CryptoStorageMode.InstructionFile }; var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1); s3EncryptionClientFileModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, asymmetricEncryptionMaterialsV1); s3EncryptionClientMetadataModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1); s3EncryptionClientFileModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, symmetricEncryptionMaterialsV1); s3EncryptionClientMetadataModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(kmsEncryptionMaterialsV1); s3EncryptionClientFileModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, kmsEncryptionMaterialsV1); #pragma warning disable 0618 s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); #pragma warning restore 0618 using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = EncryptionTestsUtils.CallAsyncTask(UtilityMethods.CreateBucketAsync(s3EncryptionClientFileModeAsymmetricWrapV1)); }
private async Task TestGetAsync(string key, string uploadedData, AmazonS3EncryptionClient s3EncryptionClient) { GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucketName, Key = key }; using (GetObjectResponse getObjectResponse = await s3EncryptionClient.GetObjectAsync(getObjectRequest).ConfigureAwait(false)) { using (var stream = getObjectResponse.ResponseStream) using (var reader = new StreamReader(stream)) { string data = reader.ReadToEnd(); Assert.Equal(uploadedData, data); } } }
public static void Initialize(TestContext a) { EncryptionMaterials encryptionMaterials = new EncryptionMaterials(generateAsymmetricProvider()); s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); using (StreamWriter writer = File.CreateText(fileName)) { writer.Write(sampleContent); } bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode); }
private static void TestGet2(string key, string uploadedFile, AmazonS3EncryptionClient s3EncryptionClient) { GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucketName, Key = key }; var destinationFile = fileName + ".downloaded"; using (GetObjectResponse getObjectResponse = s3EncryptionClient.GetObject(getObjectRequest)) { getObjectResponse.WriteResponseStreamToFile(destinationFile); } var originalMd5 = HashFile(uploadedFile); var downloadedMd5 = HashFile(destinationFile); Assert.AreEqual(originalMd5, downloadedMd5); }
public EncryptionTests() { s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); filePath = Path.Combine(Path.GetTempPath(), "EncryptionPutObjectFile.txt"); using (StreamWriter writer = File.CreateText(filePath)) { writer.Write(sampleContent); } _filesToDelete.Add(filePath); bucketName = UtilityMethods.CreateBucketAsync(s3EncryptionClientFileMode, "EncryptionTests").Result; }
public static void Initialize(TestContext a) { using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = kmsClient.CreateKey(new CreateKeyRequest { Description = "Key for .NET integration tests.", Origin = OriginType.AWS_KMS, KeyUsage = KeyUsageType.ENCRYPT_DECRYPT }); kmsKeyID = response.KeyMetadata.KeyId; } var encryptionMaterials = new EncryptionMaterials(RSA.Create()); var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataMode); s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileMode); s3EncryptionClientMetadataModeKMS = new AmazonS3EncryptionClient(kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMS); s3EncryptionClientFileModeKMS = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMS); using (StreamWriter writer = File.CreateText(filePath)) { writer.Write(sampleContent); } bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode); }
private static GetObjectResponse WrapNoSuchKeyException(AmazonS3EncryptionClient encryptionClient, GetObjectRequest request) { GetObjectResponse response; try { response = encryptionClient.GetObject(request); } catch (Exception e) { AmazonS3Exception s3Exception = e as AmazonS3Exception; if (s3Exception != null && NoSuchKeyErrorCode.Equals(s3Exception.ErrorCode)) { throw new Exception("One or more of the objects expected to be written by the Java test are missing. " + "Please run EncryptionInteropTest.java and then re-run this test."); } else { throw; } } return(response); }
public async Task <string> ReadValue(string key) { using (var kmsClient = new AmazonKeyManagementServiceClient()) { string kmsKeyID = null; var response = await kmsClient.CreateKeyAsync(new CreateKeyRequest()); kmsKeyID = response.KeyMetadata.KeyId; var keyMetadata = response.KeyMetadata; var bucketName = "<your S3 bucket name>"; var objectKey = key; var kmsEncryptionMaterials = new EncryptionMaterials(key); var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials)) { var getRequest = new GetObjectRequest { BucketName = bucketName, Key = objectKey }; using (var getResponse = await s3Client.GetObjectAsync(getRequest)) using (var stream = getResponse.ResponseStream) using (var reader = new StreamReader(stream)) { return(reader.ReadToEnd()); } } } }
public async Task <bool> WriteValue(string key, string value) { using (var kmsClient = new AmazonKeyManagementServiceClient()) { var response = await kmsClient.CreateKeyAsync(new CreateKeyRequest()); string kmsKeyID = response.KeyMetadata.KeyId; var keyMetadata = response.KeyMetadata; var bucketName = "<your S3 bucket name>"; var objectKey = key; var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); var config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.ObjectMetadata }; using (var s3Client = new AmazonS3EncryptionClient(config, kmsEncryptionMaterials)) { var putRequest = new PutObjectRequest { BucketName = bucketName, Key = objectKey, ContentBody = value }; var obj = await s3Client.PutObjectAsync(putRequest); if (obj.HttpStatusCode == HttpStatusCode.OK) { return(true); } } } return(false); }
/// <summary> /// Construct an instance SetupEncryptionHandler. /// </summary> /// <param name="encryptionClient"></param> public SetupEncryptionHandler(AmazonS3EncryptionClient encryptionClient) { this.EncryptionClient = encryptionClient; }
public EncryptionTestsV1NInteropV2() : base(KmsKeyIdProvider.Instance) { kmsKeyID = _kmsKeyIdProvider.GetKmsId(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; var asymmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(rsa, AsymmetricAlgorithmType.RsaOaepSha1); var symmetricEncryptionMaterialsV2 = new EncryptionMaterialsV2(aes, SymmetricAlgorithmType.AesGcm); var kmsEncryptionMaterialsV2 = new EncryptionMaterialsV2(kmsKeyID, KmsType.KmsContext, new Dictionary <string, string>()); fileConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.InstructionFile, }; metadataConfigV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy) { StorageMode = CryptoStorageMode.ObjectMetadata, }; s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); s3EncryptionClientMetadataModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientFileModeAsymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, asymmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientFileModeSymmetricWrapV2 = new AmazonS3EncryptionClientV2(fileConfigV2, symmetricEncryptionMaterialsV2); s3EncryptionClientMetadataModeKMSV2 = new AmazonS3EncryptionClientV2(metadataConfigV2, kmsEncryptionMaterialsV2); s3EncryptionClientFileModeKMSV2 = new AmazonS3EncryptionClientV2(fileConfigV2, kmsEncryptionMaterialsV2); using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = S3TestUtils.CreateBucketWithWait(s3EncryptionClientFileModeAsymmetricWrapV1N); }
private async Task <Secret> GetSecretObject(string secretName, string secretVersion, string metadaatVersion, string objectKey, MetadataCollection metadata, AmazonS3EncryptionClient s3EncryptedClient) { var secret = new Secret() { Name = secretName, Version = metadaatVersion, UserMetadata = GetUserMetadata(metadata) }; var getObjectRequest = new GetObjectRequest { BucketName = BucketName, Key = objectKey }; if (!string.IsNullOrEmpty(secretVersion)) { getObjectRequest.VersionId = secretVersion; } var downloadedSecret = await s3EncryptedClient.GetObjectAsync(getObjectRequest); secret.Value = await GetByteArray(downloadedSecret); secret.LastModified = downloadedSecret.LastModified; logger.Info($"downloaded secret {secretName}"); return(secret); }
public void MultipartEncryptionTestAPM(AmazonS3EncryptionClient s3EncryptionClient) { var nextRandom = random.Next(); var filePath = @"C:\temp\multi-" + nextRandom + ".txt"; var retrievedFilepath = @"C:\temp\retreived-" + nextRandom + ".txt"; var totalSize = MegSize * 15; UtilityMethods.GenerateFile(filePath, totalSize); string key = "key-" + random.Next(); Stream inputStream = File.OpenRead(filePath); try { InitiateMultipartUploadRequest initRequest = new InitiateMultipartUploadRequest() { BucketName = bucketName, Key = key, StorageClass = S3StorageClass.ReducedRedundancy, ContentType = "text/html", CannedACL = S3CannedACL.PublicRead }; InitiateMultipartUploadResponse initResponse = null; if (IsKMSEncryptionClient(s3EncryptionClient)) { initResponse = s3EncryptionClient.InitiateMultipartUpload(initRequest); } else { initResponse = s3EncryptionClient.EndInitiateMultipartUpload( s3EncryptionClient.BeginInitiateMultipartUpload(initRequest, null, null)); } // Upload part 1 UploadPartRequest uploadRequest = new UploadPartRequest() { BucketName = bucketName, Key = key, UploadId = initResponse.UploadId, PartNumber = 1, PartSize = 5 * MegSize, InputStream = inputStream, }; UploadPartResponse up1Response = s3EncryptionClient.EndUploadPart( s3EncryptionClient.BeginUploadPart(uploadRequest, null, null)); // Upload part 2 uploadRequest = new UploadPartRequest() { BucketName = bucketName, Key = key, UploadId = initResponse.UploadId, PartNumber = 2, PartSize = 5 * MegSize, InputStream = inputStream, }; UploadPartResponse up2Response = s3EncryptionClient.EndUploadPart( s3EncryptionClient.BeginUploadPart(uploadRequest, null, null)); // Upload part 3 uploadRequest = new UploadPartRequest() { BucketName = bucketName, Key = key, UploadId = initResponse.UploadId, PartNumber = 3, InputStream = inputStream, IsLastPart = true }; UploadPartResponse up3Response = s3EncryptionClient.EndUploadPart( s3EncryptionClient.BeginUploadPart(uploadRequest, null, null)); ListPartsRequest listPartRequest = new ListPartsRequest() { BucketName = bucketName, Key = key, UploadId = initResponse.UploadId }; ListPartsResponse listPartResponse = s3EncryptionClient.EndListParts( s3EncryptionClient.BeginListParts(listPartRequest, null, null)); Assert.AreEqual(3, listPartResponse.Parts.Count); Assert.AreEqual(up1Response.PartNumber, listPartResponse.Parts[0].PartNumber); Assert.AreEqual(up1Response.ETag, listPartResponse.Parts[0].ETag); Assert.AreEqual(up2Response.PartNumber, listPartResponse.Parts[1].PartNumber); Assert.AreEqual(up2Response.ETag, listPartResponse.Parts[1].ETag); Assert.AreEqual(up3Response.PartNumber, listPartResponse.Parts[2].PartNumber); Assert.AreEqual(up3Response.ETag, listPartResponse.Parts[2].ETag); listPartRequest.MaxParts = 1; listPartResponse = s3EncryptionClient.EndListParts( s3EncryptionClient.BeginListParts(listPartRequest, null, null)); Assert.AreEqual(1, listPartResponse.Parts.Count); // Complete the response CompleteMultipartUploadRequest compRequest = new CompleteMultipartUploadRequest() { BucketName = bucketName, Key = key, UploadId = initResponse.UploadId }; compRequest.AddPartETags(up1Response, up2Response, up3Response); CompleteMultipartUploadResponse compResponse = s3EncryptionClient.EndCompleteMultipartUpload( s3EncryptionClient.BeginCompleteMultipartUpload(compRequest, null, null)); Assert.AreEqual(bucketName, compResponse.BucketName); Assert.IsNotNull(compResponse.ETag); Assert.AreEqual(key, compResponse.Key); Assert.IsNotNull(compResponse.Location); // Get the file back from S3 and make sure it is still the same. GetObjectRequest getRequest = new GetObjectRequest() { BucketName = bucketName, Key = key }; GetObjectResponse getResponse = null; if (IsKMSEncryptionClient(s3EncryptionClient)) { getResponse = s3EncryptionClient.GetObject(getRequest); } else { getResponse = s3EncryptionClient.EndGetObject( s3EncryptionClient.BeginGetObject(getRequest, null, null)); } getResponse.WriteResponseStreamToFile(retrievedFilepath); UtilityMethods.CompareFiles(filePath, retrievedFilepath); GetObjectMetadataRequest metaDataRequest = new GetObjectMetadataRequest() { BucketName = bucketName, Key = key }; GetObjectMetadataResponse metaDataResponse = s3EncryptionClient.EndGetObjectMetadata( s3EncryptionClient.BeginGetObjectMetadata(metaDataRequest, null, null)); Assert.AreEqual("text/html", metaDataResponse.Headers.ContentType); } finally { inputStream.Close(); if (File.Exists(filePath)) { File.Delete(filePath); } if (File.Exists(retrievedFilepath)) { File.Delete(retrievedFilepath); } } }
static void UploadFileWithClientSideEncryption(string filePath) { string kmsKeyID = null; var objectKey = System.IO.Path.GetFileName(filePath); using (var kmsClient = new AmazonKeyManagementServiceClient(defaultEndpoint)) { // var response = kmsClient.CreateKeyAsync(new CreateKeyRequest()).GetAwaiter().GetResult(); kmsKeyID = GetKeyByAlias(keyName, kmsClient); // var keyMetadata = keyData?.KeyMetadata; // An object that contains information about the CMK created by this operation. var kmsEncryptionMaterials = new EncryptionMaterials(kmsKeyID); //set encryption context using (var s3Client = new AmazonS3EncryptionClient(defaultEndpoint, kmsEncryptionMaterials)) { // encrypt and put object var putRequest = new PutObjectRequest { BucketName = bucketName, Key = objectKey, FilePath = filePath }; putRequest.Metadata.Add("x-amz-meta-moo", "This is a test"); // putRequest.Headers["x-amz-matdesc"] = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(jsonStringEncryptionContext)); putRequest.Headers["x-amz-server-side-encryption"] = "aws:kms"; putRequest.Headers["x-amz-server-side-encryption-aws-kms-key-id"] = kmsKeyID; putRequest.Headers["x-amz-server-side-encryption-context"] = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(jsonStringEncryptionContext)); s3Client.PutObjectAsync(putRequest).GetAwaiter().GetResult(); } // The KeyID is actually embedded in the metadata of the object and the encryptionclient automatically looks it up so you don't actually have to do that yourself var kem2 = new EncryptionMaterials("1111111-11111-11111111-11111111"); using (var s3Client2 = new AmazonS3EncryptionClient(defaultEndpoint, kem2)) { // get object and decrypt var getRequest = new GetObjectRequest { BucketName = bucketName, Key = objectKey }; string fPath2 = System.IO.Path.Combine(System.IO.Path.GetDirectoryName(filePath), System.IO.Path.GetFileNameWithoutExtension(filePath) + "_" + new Random().Next(0, 1000).ToString() + System.IO.Path.GetExtension(filePath)); using (var getResponse = s3Client2.GetObjectAsync(getRequest).GetAwaiter().GetResult()) using (var stream = getResponse.ResponseStream) using (var reader = new StreamReader(stream)) { using (var fileStream = new FileStream(fPath2, FileMode.Create, FileAccess.Write)) { stream.CopyTo(fileStream); fileStream.Flush(); fileStream.Close(); } } Console.WriteLine($"Object written to {fPath2}"); } } Console.WriteLine("Press any key to continue..."); Console.ReadKey(); }
public SetupEncryptionHandler(AmazonS3EncryptionClient encryptionClient) { this.EncryptionClient = encryptionClient; }
#pragma warning restore 0618 public EncryptionTestsV1InteropV1N() : base(KmsKeyIdProvider.Instance) { filePath = Path.Combine(Path.GetTempPath(), $"EncryptionPutObjectFile-{Guid.NewGuid()}.txt"); kmsKeyID = _kmsKeyIdProvider.GetKmsId(); var rsa = RSA.Create(); var aes = Aes.Create(); var asymmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(rsa); var asymmetricEncryptionMaterialsV1N = new EncryptionMaterials(rsa); var symmetricEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(aes); var symmetricEncryptionMaterialsV1N = new EncryptionMaterials(aes); var kmsEncryptionMaterialsV1 = new Amazon.S3.Encryption.EncryptionMaterials(kmsKeyID); var kmsEncryptionMaterialsV1N = new EncryptionMaterials(kmsKeyID); var configV1 = new Amazon.S3.Encryption.AmazonS3CryptoConfiguration() { StorageMode = Amazon.S3.Encryption.CryptoStorageMode.InstructionFile }; var configV1N = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientMetadataModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeAsymmetricWrapV1); s3EncryptionClientFileModeAsymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, asymmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeAsymmetricWrapV1); s3EncryptionClientMetadataModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeSymmetricWrapV1); s3EncryptionClientFileModeSymmetricWrapV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, symmetricEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeSymmetricWrapV1); s3EncryptionClientMetadataModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(kmsEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMSV1); s3EncryptionClientFileModeKMSV1 = new Amazon.S3.Encryption.AmazonS3EncryptionClient(configV1, kmsEncryptionMaterialsV1); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMSV1); s3EncryptionClientMetadataModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(asymmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeAsymmetricWrapV1N); s3EncryptionClientFileModeAsymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, asymmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeAsymmetricWrapV1N); s3EncryptionClientMetadataModeSymmetricWrapV1N = new AmazonS3EncryptionClient(symmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeSymmetricWrapV1N); s3EncryptionClientFileModeSymmetricWrapV1N = new AmazonS3EncryptionClient(configV1N, symmetricEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeSymmetricWrapV1N); s3EncryptionClientMetadataModeKMSV1N = new AmazonS3EncryptionClient(kmsEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientMetadataModeKMSV1N); s3EncryptionClientFileModeKMSV1N = new AmazonS3EncryptionClient(configV1N, kmsEncryptionMaterialsV1N); RetryUtilities.ForceConfigureClient(s3EncryptionClientFileModeKMSV1N); using (var writer = File.CreateText(filePath)) { writer.Write(SampleContent); } bucketName = S3TestUtils.CreateBucketWithWait(s3EncryptionClientFileModeAsymmetricWrapV1); }