public void ThrowsIfCannotDecrypt()
{
var testCert1 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password");
var encryptor = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance);
var data = new XElement("SampleData", "Lorem ipsum");
var encryptedXml = encryptor.Encrypt(data);
var decryptor = new EncryptedXmlDecryptor();
var ex = Assert.Throws <CryptographicException>(() =>
decryptor.Decrypt(encryptedXml.EncryptedElement));
Assert.Equal("Unable to retrieve the decryption key.", ex.Message);
}
public void Encrypt_Decrypt_RoundTrips()
{
// Arrange
var symmetricAlgorithm = TripleDES.Create();
symmetricAlgorithm.GenerateKey();
var mockInternalEncryptor = new Mock <IInternalCertificateXmlEncryptor>();
mockInternalEncryptor.Setup(o => o.PerformEncryption(It.IsAny <EncryptedXml>(), It.IsAny <XmlElement>()))
.Returns <EncryptedXml, XmlElement>((encryptedXml, element) =>
{
encryptedXml.AddKeyNameMapping("theKey", symmetricAlgorithm); // use symmetric encryption
return(encryptedXml.Encrypt(element, "theKey"));
});
var mockInternalDecryptor = new Mock <IInternalEncryptedXmlDecryptor>();
mockInternalDecryptor.Setup(o => o.PerformPreDecryptionSetup(It.IsAny <EncryptedXml>()))
.Callback <EncryptedXml>(encryptedXml =>
{
encryptedXml.AddKeyNameMapping("theKey", symmetricAlgorithm); // use symmetric encryption
});
var serviceCollection = new ServiceCollection();
serviceCollection.AddSingleton <IInternalEncryptedXmlDecryptor>(mockInternalDecryptor.Object);
var services = serviceCollection.BuildServiceProvider();
var encryptor = new CertificateXmlEncryptor(NullLoggerFactory.Instance, mockInternalEncryptor.Object);
var decryptor = new EncryptedXmlDecryptor(services);
var originalXml = XElement.Parse(@"<mySecret value='265ee4ea-ade2-43b1-b706-09b259e58b6b' />");
// Act & assert - run through encryptor and make sure we get back <EncryptedData> element
var encryptedXmlInfo = encryptor.Encrypt(originalXml);
Assert.Equal(typeof(EncryptedXmlDecryptor), encryptedXmlInfo.DecryptorType);
Assert.Equal(XName.Get("EncryptedData", "http://www.w3.org/2001/04/xmlenc#"), encryptedXmlInfo.EncryptedElement.Name);
Assert.Equal("http://www.w3.org/2001/04/xmlenc#Element", (string)encryptedXmlInfo.EncryptedElement.Attribute("Type"));
Assert.DoesNotContain("265ee4ea-ade2-43b1-b706-09b259e58b6b", encryptedXmlInfo.EncryptedElement.ToString(), StringComparison.OrdinalIgnoreCase);
// Act & assert - run through decryptor and make sure we get back the original value
var roundTrippedElement = decryptor.Decrypt(encryptedXmlInfo.EncryptedElement);
XmlAssert.Equal(originalXml, roundTrippedElement);
}
public void ThrowsIfProvidedCertificateDoesHavePrivateKey()
{
var fullCert = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password");
var publicKeyOnly = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.PublicKeyOnly.cer"), "");
var services = new ServiceCollection()
.Configure <XmlKeyDecryptionOptions>(o => o.AddKeyDecryptionCertificate(publicKeyOnly))
.BuildServiceProvider();
var encryptor = new CertificateXmlEncryptor(fullCert, NullLoggerFactory.Instance);
var data = new XElement("SampleData", "Lorem ipsum");
var encryptedXml = encryptor.Encrypt(data);
var decryptor = new EncryptedXmlDecryptor(services);
var ex = Assert.Throws <CryptographicException>(() =>
decryptor.Decrypt(encryptedXml.EncryptedElement));
Assert.Equal("Unable to retrieve the decryption key.", ex.Message);
}
public void ThrowsIfProvidedCertificateDoesNotMatch()
{
var testCert1 = new X509Certificate2("TestCert1.pfx", "password");
var testCert2 = new X509Certificate2("TestCert2.pfx", "password");
var services = new ServiceCollection()
.Configure <XmlKeyDecryptionOptions>(o => o.AddKeyDecryptionCertificate(testCert2))
.BuildServiceProvider();
var encryptor = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance);
var data = new XElement("SampleData", "Lorem ipsum");
var encryptedXml = encryptor.Encrypt(data);
var decryptor = new EncryptedXmlDecryptor(services);
var ex = Assert.Throws <CryptographicException>(() =>
decryptor.Decrypt(encryptedXml.EncryptedElement));
Assert.Equal("Unable to retrieve the decryption key.", ex.Message);
}
public void XmlCanRoundTrip()
{
var testCert1 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert1.pfx"), "password");
var testCert2 = new X509Certificate2(Path.Combine(AppContext.BaseDirectory, "TestFiles", "TestCert2.pfx"), "password");
var services = new ServiceCollection()
.Configure <XmlKeyDecryptionOptions>(o =>
{
o.AddKeyDecryptionCertificate(testCert1);
o.AddKeyDecryptionCertificate(testCert2);
})
.BuildServiceProvider();
var encryptor = new CertificateXmlEncryptor(testCert1, NullLoggerFactory.Instance);
var data = new XElement("SampleData", "Lorem ipsum");
var encryptedXml = encryptor.Encrypt(data);
var decryptor = new EncryptedXmlDecryptor(services);
var decrypted = decryptor.Decrypt(encryptedXml.EncryptedElement);
Assert.Equal("SampleData", decrypted.Name);
Assert.Equal("Lorem ipsum", decrypted.Value);
}
public void Decrypt_should_throw_on_argument_null()
{
var sut = new EncryptedXmlDecryptor();
Assert.Throws <ArgumentNullException>(() => sut.Decrypt(null));
}
