internal static Mock <MemoryPersistenceImpl <JObject> > CreateMetastoreMock(
AppEncryptionPartition appEncryptionPartition,
KeyManagementService kms,
KeyState metaIK,
KeyState metaSK,
CryptoKeyHolder cryptoKeyHolder)
{
// TODO Change this to generate a mock dynamically based on the Metastore type
Mock <MemoryPersistenceImpl <JObject> > metastorePersistenceSpy = new Mock <MemoryPersistenceImpl <JObject> > {
CallBase = true
};
CryptoKey systemKey = cryptoKeyHolder.SystemKey;
if (metaSK != KeyState.Empty)
{
if (metaSK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = systemKey.GetCreated();
systemKey = systemKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(
systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked());
metastorePersistenceSpy.Object.Store(
appEncryptionPartition.SystemKeyId,
systemKeyRecord.Created,
systemKeyRecord.ToJson());
}
if (metaIK != KeyState.Empty)
{
CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey;
if (metaIK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = intermediateKey.GetCreated();
intermediateKey = intermediateKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord(
intermediateKey.GetCreated(),
new KeyMeta(appEncryptionPartition.SystemKeyId, systemKey.GetCreated()),
Crypto.EncryptKey(intermediateKey, systemKey),
intermediateKey.IsRevoked());
metastorePersistenceSpy.Object.Store(
appEncryptionPartition.IntermediateKeyId,
intermediateKeyRecord.Created,
intermediateKeyRecord.ToJson());
}
metastorePersistenceSpy.Reset();
return(metastorePersistenceSpy);
}
private void TestToJsonWithNullParentKeyMetaAndNullRevokedShouldBeNull()
{
EnvelopeKeyRecord envelopeKeyRecord = new EnvelopeKeyRecord(created, null, encryptedKey);
JObject recordJson = envelopeKeyRecord.ToJson();
Assert.Equal(created.ToUnixTimeSeconds(), recordJson.GetValue("Created").ToObject <long>());
Assert.Null(recordJson["ParentKeyMeta"]);
Assert.Equal(encryptedKey, Convert.FromBase64String(recordJson["Key"].ToString()));
Assert.Null(recordJson["Revoked"]);
}
private void TestToJsonWithParentKeyMetaAndRevoked()
{
EnvelopeKeyRecord envelopeKeyRecord = new EnvelopeKeyRecord(created, parentKeyMeta, encryptedKey, Revoked);
JObject recordJson = envelopeKeyRecord.ToJson();
Assert.Equal(created.ToUnixTimeSeconds(), recordJson.GetValue("Created").ToObject <long>());
Assert.Equal(parentCreated.ToUnixTimeSeconds(), recordJson["ParentKeyMeta"]["Created"].ToObject <long>());
Assert.Equal(ParentKey, recordJson["ParentKeyMeta"]["KeyId"].ToObject <string>());
Assert.Equal(encryptedKey, Convert.FromBase64String(recordJson["Key"].ToString()));
Assert.Equal(Revoked, recordJson["Revoked"].ToObject <bool>());
}
public AppJsonEncryptionImplTest()
{
partition = new Partition("PARTITION", "SYSTEM", "PRODUCT");
Dictionary <string, JObject> memoryPersistence = new Dictionary <string, JObject>();
dataPersistence = new AdhocPersistence <JObject>(
key => memoryPersistence.TryGetValue(key, out JObject result) ? result : Option <JObject> .None,
(key, jsonObject) => memoryPersistence.Add(key, jsonObject));
metastore = new InMemoryMetastoreImpl <JObject>();
keyManagementService = new DummyKeyManagementService();
AeadEnvelopeCrypto aeadEnvelopeCrypto = new BouncyAes256GcmCrypto();
// Generate a dummy systemKey document
CryptoKey systemKey = aeadEnvelopeCrypto.GenerateKey();
byte[] encryptedSystemKey = keyManagementService.EncryptKey(systemKey);
EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(DateTimeOffset.UtcNow, null, encryptedSystemKey);
// Write out the dummy systemKey record
memoryPersistence.TryAdd(partition.SystemKeyId, systemKeyRecord.ToJson());
}
internal static Mock <IMetastore <JObject> > CreateMetastoreMock(
Partition partition,
KeyManagementService kms,
KeyState metaIK,
KeyState metaSK,
CryptoKeyHolder cryptoKeyHolder,
IMetastore <JObject> metastore)
{
CryptoKey systemKey = cryptoKeyHolder.SystemKey;
Mock <IMetastore <JObject> > metastoreSpy = new Mock <IMetastore <JObject> >();
metastoreSpy
.Setup(x => x.Load(It.IsAny <string>(), It.IsAny <DateTimeOffset>()))
.Returns <string, DateTimeOffset>(metastore.Load);
metastoreSpy
.Setup(x => x.LoadLatest(It.IsAny <string>()))
.Returns <string>(metastore.LoadLatest);
metastoreSpy
.Setup(x => x.Store(It.IsAny <string>(), It.IsAny <DateTimeOffset>(), It.IsAny <JObject>()))
.Returns <string, DateTimeOffset, JObject>(metastore.Store);
if (metaSK != KeyState.Empty)
{
if (metaSK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = systemKey.GetCreated();
systemKey = systemKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(
systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked());
metastore.Store(
partition.SystemKeyId,
systemKeyRecord.Created,
systemKeyRecord.ToJson());
}
if (metaIK != KeyState.Empty)
{
CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey;
if (metaIK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = intermediateKey.GetCreated();
intermediateKey = intermediateKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord(
intermediateKey.GetCreated(),
new KeyMeta(partition.SystemKeyId, systemKey.GetCreated()),
Crypto.EncryptKey(intermediateKey, systemKey),
intermediateKey.IsRevoked());
metastore.Store(
partition.IntermediateKeyId,
intermediateKeyRecord.Created,
intermediateKeyRecord.ToJson());
}
return(metastoreSpy);
}