public override int Run(string[] remainingArguments)
{
using (var keySet = new MutableKeySet(_location))
{
var status = keySet.Demote(_version);
if (status == null)
{
Console.WriteLine("{0} {1}", Localized.MsgUnknownVersion, _version);
return(-1);
}
try
{
if (keySet.Save(new KeySetWriter(_location, overwrite: true)))
{
Console.WriteLine(Localized.MsgDemotedVersion, _version, status);
return(0);
}
}
catch
{
}
}
Console.WriteLine("{0} {1}", Localized.MsgCouldNotWrite, _location);
return(-1);
}
public void CreateNoPrimary(string keyType, string topDir)
{
KeyType type = keyType;
var kspath = Util.TestDataPath(WRITE_DATA, topDir);
var writer = new KeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var encrypter = new Encrypter(kspath))
{
var ciphertext = encrypter.Encrypt(input);
File.WriteAllText(Path.Combine(kspath, "1.out"), ciphertext);
}
using (var ks = new MutableKeySet(kspath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var success = ks.Save(writer);
Expect(success, Is.True);
}
}
public override int Run(string[] remainingArguments)
{
using (var keySet = new MutableKeySet(_location))
{
var status = keySet.Demote(_version);
if (status == null)
{
Console.WriteLine("{0} {1}", Localized.MsgUnknownVersion, _version);
return(-1);
}
try
{
if (keySet.Save(new FileSystemKeySetWriter(_location, overwrite: true)))
{
Console.WriteLine(Localized.MsgDemotedVersion, _version, status);
return(0);
}
}
catch
{
//error handling unified with falling through - lgtm [cs/empty-catch-block]
}
}
Console.WriteLine("{0} {1}", Localized.MsgCouldNotWrite, _location);
return(-1);
}
public void TestRevoke()
{
using (var reader = new MutableKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary"))){
var status = reader.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Inactive));
var re = reader.Revoke(1);
Expect(re, Is.True);
Expect(reader.Metadata.Versions.Any(), Is.False);
}
}
public void CreateNoPrimary()
{
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 cipherText = null;
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var encrypter = new Encrypter(origKs))
{
cipherText = encrypter.Encrypt(Input);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var crypter = new Crypter(origKs))
{
var output = crypter.Decrypt(cipherText);
Expect(output, Is.EqualTo(Input));
}
}
public void RevokeOverwrite()
{
var testPath = "revoke-override";
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 origCipherText = null;
WebBase64 origKeyId = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
origCipherText = encrypter.Encrypt(Input);
origKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var status2 = ks.Demote(1);
Expect(status2, Is.EqualTo(KeyStatus.Inactive));
var revoked = ks.Revoke(1);
Expect(revoked, Is.True);
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 newCipherText = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
newCipherText = encrypter.Encrypt(Input);
}
using (var ks = StorageKeySet.Create(GetClientCred(), DefaultContainer, testPath)())
{
var newKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
var prefix = new byte[KeyczarConst.KeyHashLength];
Array.Copy(newCipherText.ToBytes(), 1, prefix, 0, prefix.Length);
Expect(prefix, Is.Not.EqualTo(origKeyId.ToBytes()));
Expect(prefix, Is.EqualTo(newKeyId.ToBytes()));
}
}
