/// <summary>
/// Imports the <see cref="ManagedAuthenticatedEncryptorDescriptor"/> from serialized XML.
/// </summary>
public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
{
if (element == null)
{
throw new ArgumentNullException(nameof(element));
}
// <descriptor>
// <!-- managed implementations -->
// <encryption algorithm="..." keyLength="..." />
// <validation algorithm="..." />
// <masterKey>...</masterKey>
// </descriptor>
var configuration = new ManagedAuthenticatedEncryptorConfiguration();
var encryptionElement = element.Element("encryption") !;
configuration.EncryptionAlgorithmType = FriendlyNameToType((string)encryptionElement.Attribute("algorithm") !);
configuration.EncryptionAlgorithmKeySize = (int)encryptionElement.Attribute("keyLength") !;
var validationElement = element.Element("validation") !;
configuration.ValidationAlgorithmType = FriendlyNameToType((string)validationElement.Attribute("algorithm") !);
Secret masterKey = ((string)element.Element("masterKey") !).ToSecret();
return(new ManagedAuthenticatedEncryptorDescriptor(configuration, masterKey));
}
public void CreateNewDescriptor_PropagatesOptions()
{
// Arrange
var configuration = new ManagedAuthenticatedEncryptorConfiguration();
// Act
var descriptor = (ManagedAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor();
// Assert
Assert.Equal(configuration, descriptor.Configuration);
}
public void CreateNewDescriptor_PropagatesOptions()
{
// Arrange
var configuration = new ManagedAuthenticatedEncryptorConfiguration(new ManagedAuthenticatedEncryptionSettings());
// Act
var descriptor = (ManagedAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor();
// Assert
Assert.Equal(configuration.Settings, descriptor.Settings);
}
public void CreateNewDescriptor_CreatesUniqueCorrectlySizedMasterKey()
{
// Arrange
var configuration = new ManagedAuthenticatedEncryptorConfiguration();
// Act
var masterKey1 = ((ManagedAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
var masterKey2 = ((ManagedAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
// Assert
SecretAssert.NotEqual(masterKey1, masterKey2);
SecretAssert.LengthIs(512 /* bits */, masterKey1);
SecretAssert.LengthIs(512 /* bits */, masterKey2);
}
public void CreateNewDescriptor_CreatesUniqueCorrectlySizedMasterKey()
{
// Arrange
var configuration = new ManagedAuthenticatedEncryptorConfiguration(new ManagedAuthenticatedEncryptionSettings());
// Act
var masterKey1 = ((ManagedAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
var masterKey2 = ((ManagedAuthenticatedEncryptorDescriptor)configuration.CreateNewDescriptor()).MasterKey;
// Assert
SecretAssert.NotEqual(masterKey1, masterKey2);
SecretAssert.LengthIs(512 /* bits */, masterKey1);
SecretAssert.LengthIs(512 /* bits */, masterKey2);
}
public ManagedAuthenticatedEncryptorDescriptor(ManagedAuthenticatedEncryptorConfiguration configuration, ISecret masterKey)
{
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
if (masterKey == null)
{
throw new ArgumentNullException(nameof(masterKey));
}
Configuration = configuration;
MasterKey = masterKey;
}
public void ResolvePolicy_ManagedEncryption_WithExplicitSettings()
{
IServiceCollection serviceCollection = new ServiceCollection();
RunTestWithRegValues(serviceCollection, new Dictionary<string, object>()
{
["EncryptionType"] = "managed",
["EncryptionAlgorithmType"] = typeof(TripleDES).AssemblyQualifiedName,
["EncryptionAlgorithmKeySize"] = 2048,
["ValidationAlgorithmType"] = typeof(HMACSHA1).AssemblyQualifiedName
});
var services = serviceCollection.BuildServiceProvider();
var expectedConfiguration = new ManagedAuthenticatedEncryptorConfiguration(new ManagedAuthenticatedEncryptionSettings()
{
EncryptionAlgorithmType = typeof(TripleDES),
EncryptionAlgorithmKeySize = 2048,
ValidationAlgorithmType = typeof(HMACSHA1)
});
var actualConfiguration = (ManagedAuthenticatedEncryptorConfiguration)services.GetService<IAuthenticatedEncryptorConfiguration>();
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmType, actualConfiguration.Settings.EncryptionAlgorithmType);
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmKeySize, actualConfiguration.Settings.EncryptionAlgorithmKeySize);
Assert.Equal(expectedConfiguration.Settings.ValidationAlgorithmType, actualConfiguration.Settings.ValidationAlgorithmType);
}
public void ResolvePolicy_ManagedEncryption_WithoutExplicitSettings()
{
IServiceCollection serviceCollection = new ServiceCollection();
RunTestWithRegValues(serviceCollection, new Dictionary<string, object>()
{
["EncryptionType"] = "managed"
});
var services = serviceCollection.BuildServiceProvider();
var expectedConfiguration = new ManagedAuthenticatedEncryptorConfiguration(new ManagedAuthenticatedEncryptionSettings());
var actualConfiguration = (ManagedAuthenticatedEncryptorConfiguration)services.GetService<IAuthenticatedEncryptorConfiguration>();
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmType, actualConfiguration.Settings.EncryptionAlgorithmType);
Assert.Equal(expectedConfiguration.Settings.EncryptionAlgorithmKeySize, actualConfiguration.Settings.EncryptionAlgorithmKeySize);
Assert.Equal(expectedConfiguration.Settings.ValidationAlgorithmType, actualConfiguration.Settings.ValidationAlgorithmType);
}