Пример #1
0
 public AppEncryptionJsonMultiThreadedTest()
 {
     payload = PayloadGenerator.CreateDefaultRandomJsonPayload();
     appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory();
     partitionId       = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset();
     appEncryptionJson = appEncryptionSessionFactory.GetAppEncryptionJson(partitionId);
 }
Пример #2
0
        private void TestBuilderPathWithSpecifiedInterfaces()
        {
            AppEncryptionSessionFactory.IMetastoreStep metastoreStep =
                AppEncryptionSessionFactory.NewBuilder(TestProductId, TestSystemId);
            Assert.NotNull(metastoreStep);

            IMetastorePersistence <JObject> metastorePersistence = new MemoryPersistenceImpl <JObject>();

            AppEncryptionSessionFactory.ICryptoPolicyStep cryptoPolicyStep =
                metastoreStep.WithMetaStorePersistence(metastorePersistence);
            Assert.NotNull(cryptoPolicyStep);

            CryptoPolicy cryptoPolicy = new NeverExpiredCryptoPolicy();

            AppEncryptionSessionFactory.IKeyManagementServiceStep keyManagementServiceStep =
                cryptoPolicyStep.WithCryptoPolicy(cryptoPolicy);
            Assert.NotNull(keyManagementServiceStep);

            KeyManagementService keyManagementService = new StaticKeyManagementServiceImpl(TestMasterKey);

            AppEncryptionSessionFactory.IBuildStep buildStep =
                keyManagementServiceStep.WithKeyManagementService(keyManagementService);
            Assert.NotNull(buildStep);

            AppEncryptionSessionFactory sessionFactory = buildStep.Build();

            Assert.NotNull(sessionFactory);
        }
Пример #3
0
 public AppEncryptionBytesTest()
 {
     payload = PayloadGenerator.CreateDefaultRandomBytePayload();
     appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory();
     partitionId        = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset();
     appEncryptionBytes = appEncryptionSessionFactory.GetAppEncryptionBytes(partitionId);
 }
Пример #4
0
 public static AppEncryptionSessionFactory CreateDefaultAppEncryptionSessionFactory(string productId, string systemId)
 {
     return(AppEncryptionSessionFactory.NewBuilder(productId, systemId)
            .WithMemoryPersistence()
            .WithNeverExpiredCryptoPolicy()
            .WithStaticKeyManagementService(KeyManagementStaticMasterKey)
            .Build());
 }
Пример #5
0
 public AppEncryptionJsonMultiThreadedTest(ConfigFixture configFixture)
 {
     payload = PayloadGenerator.CreateDefaultRandomJsonPayload();
     appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(
         configFixture.KeyManagementService,
         configFixture.MetastorePersistence);
     partitionId       = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset();
     appEncryptionJson = appEncryptionSessionFactory.GetAppEncryptionJson(partitionId);
 }
Пример #6
0
 private static AppEncryptionSessionFactory CreateDefaultAppEncryptionSessionFactory(
     string productId,
     string systemId,
     KeyManagementService keyManagementService,
     IMetastorePersistence <JObject> metastorePersistence)
 {
     return(AppEncryptionSessionFactory.NewBuilder(productId, systemId)
            .WithMetaStorePersistence(metastorePersistence)
            .WithNeverExpiredCryptoPolicy()
            .WithKeyManagementService(keyManagementService)
            .Build());
 }
Пример #7
0
        private void TestConstructor()
        {
            AppEncryptionSessionFactory appEncryptionSessionFactory = new AppEncryptionSessionFactory(
                TestProductId,
                TestSystemId,
                metastorePersistenceMock.Object,
                secureCryptoKeyDictionaryFactoryMock.Object,
                cryptoPolicyMock.Object,
                keyManagementServiceMock.Object);

            Assert.NotNull(appEncryptionSessionFactory);
        }
Пример #8
0
        private void TestBuilderPathWithMetricsDisabled()
        {
            AppEncryptionSessionFactory.NewBuilder(TestProductId, TestSystemId)
            .WithMemoryPersistence()
            .WithNeverExpiredCryptoPolicy()
            .WithStaticKeyManagementService(TestMasterKey)
            .Build();

            MetricsUtil.MetricsInstance.Measure.Meter.Mark(new MeterOptions {
                Name = "should.not.record"
            }, 1);

            // Verify no metrics were recorded
            Assert.Empty(MetricsUtil.MetricsInstance.Snapshot.Get().Contexts);
        }
Пример #9
0
        public AppEncryptionSessionFactoryTest()
        {
            metastorePersistenceMock             = new Mock <IMetastorePersistence <JObject> >();
            cryptoPolicyMock                     = new Mock <CryptoPolicy>();
            keyManagementServiceMock             = new Mock <KeyManagementService>();
            secureCryptoKeyDictionaryFactoryMock =
                new Mock <SecureCryptoKeyDictionaryFactory <DateTimeOffset> >(cryptoPolicyMock.Object);
            systemKeyCacheMock = new Mock <SecureCryptoKeyDictionary <DateTimeOffset> >(1);
            secureCryptoKeyDictionaryFactoryMock.Setup(x => x.CreateSecureCryptoKeyDictionary())
            .Returns(systemKeyCacheMock.Object);

            appEncryptionSessionFactory = new AppEncryptionSessionFactory(
                TestProductId,
                TestSystemId,
                metastorePersistenceMock.Object,
                secureCryptoKeyDictionaryFactoryMock.Object,
                cryptoPolicyMock.Object,
                keyManagementServiceMock.Object);
        }
Пример #10
0
        private void TestBuilderPathWithPrebuiltInterfaces()
        {
            AppEncryptionSessionFactory.IMetastoreStep metastoreStep =
                AppEncryptionSessionFactory.NewBuilder(TestProductId, TestSystemId);
            Assert.NotNull(metastoreStep);

            AppEncryptionSessionFactory.ICryptoPolicyStep cryptoPolicyStep = metastoreStep.WithMemoryPersistence();
            Assert.NotNull(cryptoPolicyStep);

            AppEncryptionSessionFactory.IKeyManagementServiceStep keyManagementServiceStep =
                cryptoPolicyStep.WithNeverExpiredCryptoPolicy();
            Assert.NotNull(keyManagementServiceStep);

            AppEncryptionSessionFactory.IBuildStep buildStep =
                keyManagementServiceStep.WithStaticKeyManagementService(TestMasterKey);
            Assert.NotNull(buildStep);

            AppEncryptionSessionFactory sessionFactory = buildStep.Build();

            Assert.NotNull(sessionFactory);
        }
Пример #11
0
        private void RunPartitionTest(int testIterations, string partitionId, int payloadSizeBytesBase)
        {
            try
            {
                using (AppEncryptionSessionFactory factory =
                           SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(
                               configFixture.KeyManagementService,
                               configFixture.MetastorePersistence))
                {
                    using (AppEncryption <JObject, byte[]> partition = factory.GetAppEncryptionJson(partitionId))
                    {
                        Dictionary <string, byte[]> dataStore = new Dictionary <string, byte[]>();

                        string partitionPart = $"partition-{partitionId}-";

                        for (int i = 0; i < testIterations; i++)
                        {
                            // Note the size will be slightly larger since we're adding extra unique meta
                            JObject jObject = PayloadGenerator.CreateRandomJsonPayload(payloadSizeBytesBase);
                            string  keyPart = $"iteration-{i}";
                            jObject["payload"] = partitionPart + keyPart;

                            dataStore.Add(keyPart, partition.Encrypt(jObject));
                        }

                        foreach (KeyValuePair <string, byte[]> keyValuePair in dataStore)
                        {
                            JObject decryptedObject = partition.Decrypt(keyValuePair.Value);
                            Assert.Equal(partitionPart + keyValuePair.Key, decryptedObject["payload"].ToObject <string>());
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Logger.LogError(e, "Unexpected error during call");
                throw;
            }
        }
Пример #12
0
 public MultiPartitionMultiThreadedTest(ConfigFixture configFixture)
 {
     appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory(
         configFixture.KeyManagementService,
         configFixture.MetastorePersistence);
 }
Пример #13
0
 public MultiPartitionMultiThreadedTest()
 {
     appEncryptionSessionFactory = SessionFactoryGenerator.CreateDefaultAppEncryptionSessionFactory();
 }
Пример #14
0
        private static async void App(Options options)
        {
            IMetastorePersistence <JObject> metastorePersistence = null;
            KeyManagementService            keyManagementService = null;

            if (options.MetaStore == MetaStore.ADO)
            {
                if (options.AdoConnectionString != null)
                {
                    logger.LogInformation("using ADO-based metastore...");
                    metastorePersistence = AdoMetastorePersistenceImpl
                                           .NewBuilder(MySqlClientFactory.Instance, options.AdoConnectionString)
                                           .Build();
                }
                else
                {
                    logger.LogError("ADO connection string is a mandatory parameter with MetaStore Type: ADO");
                    Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
                    return;
                }
            }
            else if (options.MetaStore == MetaStore.DYNAMODB)
            {
                logger.LogInformation("using DynamoDB-based metastore...");
                AWSConfigs.AWSRegion = "us-west-2";
                metastorePersistence = DynamoDbMetastorePersistenceImpl.NewBuilder().Build();
            }
            else
            {
                logger.LogInformation("using in-memory metastore...");
                metastorePersistence = new MemoryPersistenceImpl <JObject>();
            }

            if (options.Kms == Kms.AWS)
            {
                if (options.PreferredRegion != null && options.RegionToArnTuples != null)
                {
                    Dictionary <string, string> regionToArnDictionary = new Dictionary <string, string>();
                    foreach (string regionArnPair in options.RegionToArnTuples)
                    {
                        string[] regionArnArray = regionArnPair.Split("=");
                        regionToArnDictionary.Add(regionArnArray[0], regionArnArray[1]);
                    }

                    logger.LogInformation("using AWS KMS...");
                    keyManagementService = AwsKeyManagementServiceImpl
                                           .NewBuilder(regionToArnDictionary, options.PreferredRegion).Build();
                }
                else
                {
                    logger.LogError("Preferred region and <region>=<arn> tuples are mandatory with  KMS Type: AWS");
                    Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
                    return;
                }
            }
            else
            {
                logger.LogInformation("using static KMS...");
                keyManagementService = new StaticKeyManagementServiceImpl("secretmasterkey!");
            }

            CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy
                                        .NewBuilder()
                                        .WithKeyExpirationDays(KeyExpirationDays)
                                        .WithRevokeCheckMinutes(CacheCheckMinutes)
                                        .Build();

            // Setup metrics reporters and always include console.
            IMetricsBuilder metricsBuilder = new MetricsBuilder()
                                             .Report.ToConsole(consoleOptions => consoleOptions.FlushInterval = TimeSpan.FromSeconds(60));

            // CloudWatch metrics generation
            if (options.EnableCloudWatch)
            {
                // Fill in when we open source our App.Metrics cloudwatch reporter separately
            }

            IMetrics metrics = metricsBuilder.Build();

            // Create a session factory for this app. Normally this would be done upon app startup and the
            // same factory would be used anytime a new session is needed for a partition (e.g., shopper).
            // We've split it out into multiple using blocks to underscore this point.
            using (AppEncryptionSessionFactory appEncryptionSessionFactory = AppEncryptionSessionFactory
                                                                             .NewBuilder("productId", "reference_app")
                                                                             .WithMetaStorePersistence(metastorePersistence)
                                                                             .WithCryptoPolicy(cryptoPolicy)
                                                                             .WithKeyManagementService(keyManagementService)
                                                                             .WithMetrics(metrics)
                                                                             .Build())
            {
                // Now create an actual session for a partition (which in our case is a pretend shopper id). This session is used
                // for a transaction and is disposed automatically after use due to the IDisposable implementation.
                using (AppEncryption <byte[], byte[]> appEncryptionBytes =
                           appEncryptionSessionFactory.GetAppEncryptionBytes("shopper123"))
                {
                    const string originalPayloadString = "mysupersecretpayload";
                    foreach (int i in Enumerable.Range(0, options.Iterations))
                    {
                        string dataRowString;

                        // If we get a DRR as a command line argument, we want to directly decrypt it
                        if (options.Drr != null)
                        {
                            dataRowString = options.Drr;
                        }
                        else
                        {
                            // Encrypt the payload
                            byte[] dataRowRecordBytes =
                                appEncryptionBytes.Encrypt(Encoding.UTF8.GetBytes(originalPayloadString));

                            // Consider this us "persisting" the DRR
                            dataRowString = Convert.ToBase64String(dataRowRecordBytes);
                        }

                        logger.LogInformation("dataRowRecord as string = {dataRow}", dataRowString);

                        byte[] newDataRowRecordBytes = Convert.FromBase64String(dataRowString);

                        // Decrypt the payload
                        string decryptedPayloadString =
                            Encoding.UTF8.GetString(appEncryptionBytes.Decrypt(newDataRowRecordBytes));

                        logger.LogInformation("decryptedPayloadString = {payload}", decryptedPayloadString);
                        logger.LogInformation("matches = {result}", originalPayloadString.Equals(decryptedPayloadString));
                    }
                }
            }

            // Force final publish of metrics
            await Task.WhenAll(((IMetricsRoot)metrics).ReportRunner.RunAllAsync());
        }