private void RoundTripGeneric(string testData, AeadEnvelopeCrypto aeadEnvelopeCrypto)
{
CryptoPolicy cryptoPolicy = new DummyCryptoPolicy();
using (SecureCryptoKeyDictionary <DateTimeOffset> secureCryptoKeyDictionary =
new SecureCryptoKeyDictionary <DateTimeOffset>(cryptoPolicy.GetRevokeCheckPeriodMillis()))
{
IEnvelopeEncryption <JObject> envelopeEncryptionJsonImpl = new EnvelopeEncryptionJsonImpl(
partition,
metastore,
secureCryptoKeyDictionary,
new SecureCryptoKeyDictionary <DateTimeOffset>(cryptoPolicy.GetRevokeCheckPeriodMillis()),
aeadEnvelopeCrypto,
cryptoPolicy,
keyManagementService);
using (Session <JObject, JObject> sessionJsonImpl =
new SessionJsonImpl <JObject>(envelopeEncryptionJsonImpl))
{
Asherah.AppEncryption.Util.Json testJson = new Asherah.AppEncryption.Util.Json();
testJson.Put("Test", testData);
string persistenceKey = sessionJsonImpl.Store(testJson.ToJObject(), dataPersistence);
Option <JObject> testJson2 = sessionJsonImpl.Load(persistenceKey, dataPersistence);
Assert.True(testJson2.IsSome);
string resultData = ((JObject)testJson2)["Test"].ToObject <string>();
Assert.Equal(testData, resultData);
}
}
}
private void TestDateTimeOffsetDeserialization()
{
string key = "testDateTime";
string unixTimeStampString = "1553210640"; // March 21, 2019 11:24:00 PM GMT
string jsonString = string.Concat("{\"", key, "\":", unixTimeStampString, "}");
DateTimeOffset expectedDateTimeOffset = new DateTimeOffset(2019, 3, 21, 23, 24, 0, TimeSpan.Zero);
Asherah.AppEncryption.Util.Json json = new Asherah.AppEncryption.Util.Json(JObject.Parse(jsonString));
DateTimeOffset actualDateTimeOffset = json.GetDateTimeOffset(key);
Assert.Equal(expectedDateTimeOffset, actualDateTimeOffset);
}
private void TestConstructorJson()
{
Asherah.AppEncryption.Util.Json keyMetaJson = new Asherah.AppEncryption.Util.Json();
keyMetaJson.Put("KeyId", KeyId);
keyMetaJson.Put("Created", created);
KeyMeta meta = new KeyMeta(keyMetaJson);
Assert.NotNull(meta);
Assert.Equal(KeyId, meta.KeyId);
Assert.Equal(created, meta.Created);
}
private void TestDecrypt()
{
const string json = @"{key:'some_key', value:123}";
JObject expectedJson = JObject.Parse(json);
byte[] utf8Bytes = new Asherah.AppEncryption.Util.Json(expectedJson).ToUtf8();
envelopeEncryptionMock.Setup(x => x.DecryptDataRowRecord(It.IsAny <string>())).Returns(utf8Bytes);
JObject actualJson = appEncryptionJsonImpl.Decrypt("some data row record");
Assert.Equal(expectedJson, actualJson);
}
private void TestConstructorJsonWithNullParentKeyMetaAndNullRevokedShouldBeOptionalEmptyAndFalse()
{
Asherah.AppEncryption.Util.Json envelopeKeyRecordJson = new Asherah.AppEncryption.Util.Json();
envelopeKeyRecordJson.Put("Created", created);
envelopeKeyRecordJson.Put("Key", encryptedKey);
EnvelopeKeyRecord record = new EnvelopeKeyRecord(envelopeKeyRecordJson);
Assert.NotNull(record);
Assert.Equal(created, record.Created);
Assert.Equal(Option <KeyMeta> .None, record.ParentKeyMeta);
Assert.Equal(encryptedKey, record.EncryptedKey);
Assert.Equal(Option <bool> .None, record.Revoked);
}
private void TestDecryptDataRowRecord()
{
byte[] expectedBytes = { 0, 1 };
envelopeEncryptionJsonImplMock.Setup(x => x.DecryptDataRowRecord(It.IsAny <JObject>()))
.Returns(expectedBytes);
ImmutableDictionary <string, string> immutableDictionary = new Dictionary <string, string> {
{ "key", "value" }
}.ToImmutableDictionary();
byte[] dataRowRecordBytes = new Asherah.AppEncryption.Util.Json(JObject.FromObject(immutableDictionary)).ToUtf8();
byte[] actualBytes = envelopeEncryptionBytesImpl.DecryptDataRowRecord(dataRowRecordBytes);
Assert.Equal(expectedBytes, actualBytes);
}
public void TestJsonDateParsing()
{
string time = DateTime.UtcNow.ToString("o");
JObject jObject = new JObject
{
{ "Created", 1541461380 },
{ "Time", time },
};
// Get json bytes
byte[] jsonBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(jObject));
// Convert to JObject using the Asherah.AppEncryption.Util.Json class. This in turn calls the
// ConvertUtf8ToJson method which sets the DateParseHandling to None
JObject json = new Asherah.AppEncryption.Util.Json(jsonBytes).ToJObject();
Assert.Equal(time, json.GetValue("Time").ToString());
}
private void TestConstructorJsonWithParentKeyMetaAndRevoked()
{
Asherah.AppEncryption.Util.Json parentKeyMetaJson = new Asherah.AppEncryption.Util.Json();
parentKeyMetaJson.Put("KeyId", ParentKey);
parentKeyMetaJson.Put("Created", parentCreated);
Asherah.AppEncryption.Util.Json envelopeKeyRecordJson = new Asherah.AppEncryption.Util.Json();
envelopeKeyRecordJson.Put("Created", created);
envelopeKeyRecordJson.Put("ParentKeyMeta", parentKeyMetaJson);
envelopeKeyRecordJson.Put("Key", encryptedKey);
envelopeKeyRecordJson.Put("Revoked", Revoked);
EnvelopeKeyRecord record = new EnvelopeKeyRecord(envelopeKeyRecordJson);
Assert.NotNull(record);
Assert.Equal(created, record.Created);
Assert.Equal(Option <KeyMeta> .Some(parentKeyMeta), record.ParentKeyMeta);
Assert.Equal(encryptedKey, record.EncryptedKey);
Assert.Equal(Option <bool> .Some(Revoked), record.Revoked);
}
private void TestEncryptKeySuccessful()
{
byte[] encryptedKey = { 3, 4 };
byte[] dataKeyPlainText = { 1, 2 };
byte[] dataKeyCipherText = { 5, 6 };
byte[] encryptKeyCipherText = { 7, 8 };
JObject encryptKeyAndBuildResultJson = JObject.FromObject(new Dictionary <string, object>
{
{ RegionKey, UsEast1 },
{ ArnKey, ArnUsEast1 },
{ EncryptedKek, Convert.ToBase64String(encryptKeyCipherText) },
});
JObject kmsKeyEnvelope = JObject.FromObject(new Dictionary <string, object>
{
{ EncryptedKey, Convert.ToBase64String(encryptedKey) },
{
KmsKeksKey, new List <object>
{
new Dictionary <string, object>
{
{ RegionKey, UsWest1 },
{ ArnKey, ArnUsWest1 },
{ EncryptedKek, Convert.ToBase64String(dataKeyCipherText) },
},
encryptKeyAndBuildResultJson,
}
},
});
GenerateDataKeyResult generateDataKeyResult = new GenerateDataKeyResult
{
KeyPlaintext = dataKeyPlainText,
KeyCiphertext = dataKeyCipherText,
};
Mock <CryptoKey> generatedDataKeyCryptoKey = new Mock <CryptoKey>();
string keyId = ArnUsWest1;
awsKeyManagementServiceImplSpy
.Setup(x =>
x.GenerateDataKey(awsKeyManagementServiceImplSpy.Object.RegionToArnAndClientDictionary, out keyId))
.Returns(generateDataKeyResult);
cryptoMock.Setup(x => x.GenerateKeyFromBytes(generateDataKeyResult.KeyPlaintext))
.Returns(generatedDataKeyCryptoKey.Object);
cryptoMock.Setup(x => x.EncryptKey(cryptoKeyMock.Object, generatedDataKeyCryptoKey.Object))
.Returns(encryptedKey);
awsKeyManagementServiceImplSpy.Setup(x =>
x.EncryptKeyAndBuildResult(
It.IsAny <IAmazonKeyManagementService>(),
UsEast1,
ArnUsEast1,
dataKeyPlainText))
.Returns(Option <JObject> .Some(encryptKeyAndBuildResultJson));
byte[] encryptedResult = awsKeyManagementServiceImplSpy.Object.EncryptKey(cryptoKeyMock.Object);
JObject kmsKeyEnvelopeResult = new Asherah.AppEncryption.Util.Json(encryptedResult).ToJObject();
Assert.Equal(new byte[] { 0, 0 }, dataKeyPlainText);
// This is a workaround for https://github.com/JamesNK/Newtonsoft.Json/issues/1437
// If DeepEquals fails due to mismatching array order, compare the elements individually
if (!JToken.DeepEquals(kmsKeyEnvelope, kmsKeyEnvelopeResult))
{
JArray kmsKeyEnvelopeKmsKeks = JArray.FromObject(kmsKeyEnvelope[KmsKeksKey]
.OrderBy(k => k[RegionKey]));
JArray kmsKeyEnvelopeResultKmsKeks = JArray.FromObject(kmsKeyEnvelopeResult[KmsKeksKey]
.OrderBy(k => k[RegionKey]));
Assert.True(JToken.DeepEquals(kmsKeyEnvelope[EncryptedKey], kmsKeyEnvelopeResult[EncryptedKey]));
Assert.True(JToken.DeepEquals(kmsKeyEnvelopeKmsKeks, kmsKeyEnvelopeResultKmsKeks));
}
}
private void TestEncryptKeySuccessful()
{
byte[] encryptedKey = { 3, 4 };
byte[] dataKeyPlainText = { 1, 2 };
byte[] dataKeyCipherText = { 5, 6 };
byte[] encryptKeyCipherText = { 7, 8 };
JObject encryptKeyAndBuildResultJson = JObject.FromObject(new Dictionary <string, object>
{
{ RegionKey, UsEast1 },
{ ArnKey, ArnUsEast1 },
{ EncryptedKek, Convert.ToBase64String(encryptKeyCipherText) }
});
JObject kmsKeyEnvelope = JObject.FromObject(new Dictionary <string, object>
{
{ EncryptedKey, Convert.ToBase64String(encryptedKey) },
{
// For some reason we have to use ConcurrentBag here. Likely due to internal ConcurrentBag list
// structure failing to compare against regular List?
KmsKeksKey, new ConcurrentBag <object>
{
new Dictionary <string, object>
{
{ RegionKey, UsWest1 },
{ ArnKey, ArnUsWest1 },
{ EncryptedKek, Convert.ToBase64String(dataKeyCipherText) }
},
encryptKeyAndBuildResultJson
}
}
});
GenerateDataKeyResult generateDataKeyResult = new GenerateDataKeyResult
{
KeyPlaintext = dataKeyPlainText,
KeyCiphertext = dataKeyCipherText
};
Mock <CryptoKey> generatedDataKeyCryptoKey = new Mock <CryptoKey>();
string keyId = ArnUsWest1;
awsKeyManagementServiceImplSpy
.Setup(x =>
x.GenerateDataKey(awsKeyManagementServiceImplSpy.Object.RegionToArnAndClientDictionary, out keyId))
.Returns(generateDataKeyResult);
cryptoMock.Setup(x => x.GenerateKeyFromBytes(generateDataKeyResult.KeyPlaintext))
.Returns(generatedDataKeyCryptoKey.Object);
cryptoMock.Setup(x => x.EncryptKey(cryptoKeyMock.Object, generatedDataKeyCryptoKey.Object))
.Returns(encryptedKey);
awsKeyManagementServiceImplSpy.Setup(x =>
x.EncryptKeyAndBuildResult(
It.IsAny <IAmazonKeyManagementService>(),
UsEast1,
ArnUsEast1,
dataKeyPlainText))
.Returns(Option <JObject> .Some(encryptKeyAndBuildResultJson));
byte[] encryptedResult = awsKeyManagementServiceImplSpy.Object.EncryptKey(cryptoKeyMock.Object);
Asherah.AppEncryption.Util.Json kmsKeyEnvelopeResult = new Asherah.AppEncryption.Util.Json(encryptedResult);
Assert.True(JToken.DeepEquals(kmsKeyEnvelope, kmsKeyEnvelopeResult.ToJObject()));
Assert.Equal(new byte[] { 0, 0 }, dataKeyPlainText);
}
public JsonTest()
{
testDocument = new Asherah.AppEncryption.Util.Json();
}