public void Before_each_test()
{
clientLicenseRepoistory = new ClientLicenseRepository(objectSerializationProvider, symmetricEncryptionProvider);
clientLicenseService = new ClientLicenseService(clientLicenseRepoistory);
serviceProductsRepository = new ServiceProductsRepository(new ScutexServiceEntities());
symmetricEncryptionProvider = new SymmetricEncryptionProvider();
asymmetricEncryptionProvider = new AsymmetricEncryptionProvider();
hashingProvider = new HashingProvider();
objectSerializationProvider = new ObjectSerializationProvider();
numberDataGenerator = new NumberDataGenerator();
packingService = new PackingService(numberDataGenerator);
commonRepository = new CommonRepository(new ScutexServiceEntities());
clientRepository = new ClientRepository(new ScutexServiceEntities());
keyGenerator = new KeyGenerator(symmetricEncryptionProvider, asymmetricEncryptionProvider, hashingProvider);
masterService = new MasterService(commonRepository);
activationLogRepository = new ActivationLogRepoistory(new ScutexServiceEntities());
activationLogService = new ActivationLogService(activationLogRepository, hashingProvider);
keyService = new KeyManagementService(clientRepository, licenseKeyService, activationLogService, hashingProvider, serviceProductsRepository);
commonService = new CommonService();
string path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().GetName().CodeBase);
path = path.Replace("file:\\", "");
var mockCommonService = new Mock<ICommonService>();
mockCommonService.Setup(common => common.GetPath()).Returns(path + "\\Data\\Client\\");
string masterServiceDataText;
using (TextReader reader = new StreamReader(path + "\\Data\\MasterService.dat"))
{
masterServiceDataText = reader.ReadToEnd().Trim();
}
masterServiceData = objectSerializationProvider.Deserialize<MasterServiceData>(masterServiceDataText);
var mockCommonRepository = new Mock<ICommonRepository>();
mockCommonRepository.Setup(repo => repo.GetMasterServiceData()).Returns(masterServiceData);
keyPairService = new KeyPairService(mockCommonService.Object, mockCommonRepository.Object);
controlService = new ControlService(symmetricEncryptionProvider, keyPairService, packingService, masterService, objectSerializationProvider, asymmetricEncryptionProvider);
servicesRepository = new ServicesRepository(new ScutexEntities());
serviceStatusProvider = new ServiceStatusProvider(symmetricEncryptionProvider, objectSerializationProvider, asymmetricEncryptionProvider);
licenseActiviationProvider = new LicenseActiviationProvider(asymmetricEncryptionProvider, symmetricEncryptionProvider, objectSerializationProvider);
servicesService = new ServicesService(servicesRepository, serviceStatusProvider, packingService, licenseActiviationProvider, null, null, null, null, null);
licenseKeyService = new LicenseKeyService(keyGenerator, packingService, clientLicenseService);
activationService = new ActivationService(controlService, keyService, keyPairService, objectSerializationProvider, asymmetricEncryptionProvider, null, null);
string serviceData;
using (TextReader reader = new StreamReader(path + "\\Data\\Service.dat"))
{
serviceData = reader.ReadToEnd().Trim();
}
service = objectSerializationProvider.Deserialize<Service>(serviceData);
}
internal static Mock <MemoryPersistenceImpl <JObject> > CreateMetastoreMock(
AppEncryptionPartition appEncryptionPartition,
KeyManagementService kms,
KeyState metaIK,
KeyState metaSK,
CryptoKeyHolder cryptoKeyHolder)
{
// TODO Change this to generate a mock dynamically based on the Metastore type
Mock <MemoryPersistenceImpl <JObject> > metastorePersistenceSpy = new Mock <MemoryPersistenceImpl <JObject> > {
CallBase = true
};
CryptoKey systemKey = cryptoKeyHolder.SystemKey;
if (metaSK != KeyState.Empty)
{
if (metaSK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = systemKey.GetCreated();
systemKey = systemKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(
systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked());
metastorePersistenceSpy.Object.Store(
appEncryptionPartition.SystemKeyId,
systemKeyRecord.Created,
systemKeyRecord.ToJson());
}
if (metaIK != KeyState.Empty)
{
CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey;
if (metaIK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = intermediateKey.GetCreated();
intermediateKey = intermediateKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord(
intermediateKey.GetCreated(),
new KeyMeta(appEncryptionPartition.SystemKeyId, systemKey.GetCreated()),
Crypto.EncryptKey(intermediateKey, systemKey),
intermediateKey.IsRevoked());
metastorePersistenceSpy.Object.Store(
appEncryptionPartition.IntermediateKeyId,
intermediateKeyRecord.Created,
intermediateKeyRecord.ToJson());
}
metastorePersistenceSpy.Reset();
return(metastorePersistenceSpy);
}
private static AppEncryptionSessionFactory CreateDefaultAppEncryptionSessionFactory(
string productId,
string systemId,
KeyManagementService keyManagementService,
IMetastorePersistence <JObject> metastorePersistence)
{
return(AppEncryptionSessionFactory.NewBuilder(productId, systemId)
.WithMetaStorePersistence(metastorePersistence)
.WithNeverExpiredCryptoPolicy()
.WithKeyManagementService(keyManagementService)
.Build());
}
private static SessionFactory CreateDefaultSessionFactory(
string productId,
string serviceId,
KeyManagementService keyManagementService,
IMetastore <JObject> metastore)
{
return(SessionFactory.NewBuilder(productId, serviceId)
.WithMetastore(metastore)
.WithNeverExpiredCryptoPolicy()
.WithKeyManagementService(keyManagementService)
.Build());
}
public SessionFactory(
string productId,
string serviceId,
IMetastore <JObject> metastore,
SecureCryptoKeyDictionaryFactory <DateTimeOffset> secureCryptoKeyDictionaryFactory,
CryptoPolicy cryptoPolicy,
KeyManagementService keyManagementService)
{
this.productId = productId;
this.serviceId = serviceId;
this.metastore = metastore;
this.secureCryptoKeyDictionaryFactory = secureCryptoKeyDictionaryFactory;
systemKeyCache = secureCryptoKeyDictionaryFactory.CreateSecureCryptoKeyDictionary();
this.cryptoPolicy = cryptoPolicy;
this.keyManagementService = keyManagementService;
}
/// <summary>
/// Initializes a new instance of the <see cref="EnvelopeEncryptionJsonImpl"/> class using the provided
/// parameters. This is an implementation of <see cref="IEnvelopeEncryption{TD}"/> which uses
/// <see cref="JObject"/> as the Data Row Record format.
/// </summary>
///
/// <param name="partition">A <see cref="GoDaddy.Asherah.AppEncryption.Partition"/> object.</param>
/// <param name="metastore">A <see cref="IMetastore{T}"/> implementation used to store system & intermediate
/// keys.</param>
/// <param name="systemKeyCache">A <see cref="ConcurrentDictionary{TKey,TValue}"/> based implementation for
/// caching system keys.</param>
/// <param name="intermediateKeyCache">A <see cref="ConcurrentDictionary{TKey,TValue}"/> based implementation
/// for caching intermediate keys.</param>
/// <param name="aeadEnvelopeCrypto">An implementation of
/// <see cref="GoDaddy.Asherah.Crypto.Envelope.AeadEnvelopeCrypto"/>, used to encrypt/decrypt keys and
/// envelopes.</param>
/// <param name="cryptoPolicy">A <see cref="GoDaddy.Asherah.Crypto.CryptoPolicy"/> implementation that dictates
/// the various behaviors of Asherah.</param>
/// <param name="keyManagementService">A <see cref="GoDaddy.Asherah.AppEncryption.Kms.KeyManagementService"/>
/// implementation that generates the top level master key and encrypts the system keys using the master key.
/// </param>
public EnvelopeEncryptionJsonImpl(
Partition partition,
IMetastore <JObject> metastore,
SecureCryptoKeyDictionary <DateTimeOffset> systemKeyCache,
SecureCryptoKeyDictionary <DateTimeOffset> intermediateKeyCache,
AeadEnvelopeCrypto aeadEnvelopeCrypto,
CryptoPolicy cryptoPolicy,
KeyManagementService keyManagementService)
{
this.partition = partition;
this.metastore = metastore;
this.systemKeyCache = systemKeyCache;
this.intermediateKeyCache = intermediateKeyCache;
crypto = aeadEnvelopeCrypto;
this.cryptoPolicy = cryptoPolicy;
this.keyManagementService = keyManagementService;
}
/// <summary>
/// Initializes a new instance of the <see cref="SessionFactory"/> class.
/// </summary>
///
/// <param name="productId">A unique identifier for a product.</param>
/// <param name="serviceId">A unique identifier for a service.</param>
/// <param name="metastore">A <see cref="IMetastore{T}"/> implementation used to store system & intermediate
/// keys.</param>
/// <param name="systemKeyCache">A <see cref="ConcurrentDictionary{TKey,TValue}"/> based implementation for
/// caching system keys.</param>
/// <param name="cryptoPolicy">A <see cref="GoDaddy.Asherah.Crypto.CryptoPolicy"/> implementation that dictates
/// the various behaviors of Asherah.</param>
/// <param name="keyManagementService">A <see cref="GoDaddy.Asherah.AppEncryption.Kms.KeyManagementService"/>
/// implementation that generates the top level master key and encrypts the system keys using the master key.
/// </param>
public SessionFactory(
string productId,
string serviceId,
IMetastore <JObject> metastore,
SecureCryptoKeyDictionary <DateTimeOffset> systemKeyCache,
CryptoPolicy cryptoPolicy,
KeyManagementService keyManagementService)
{
this.productId = productId;
this.serviceId = serviceId;
this.metastore = metastore;
this.systemKeyCache = systemKeyCache;
this.cryptoPolicy = cryptoPolicy;
this.keyManagementService = keyManagementService;
semaphoreLocks = new ConcurrentDictionary <string, object>();
SessionCache = new MemoryCache(new MemoryCacheOptions());
}
private object[] GenerateMocks(KeyState cacheIK, KeyState metaIK, KeyState cacheSK, KeyState metaSK)
{
Partition partition = new Partition(
cacheIK + "CacheIK_" + metaIK + "MetaIK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() +
"_" + Random.Next(),
cacheSK + "CacheSK_" + metaSK + "MetaSK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() + "_" + Random.Next(),
DefaultProductId);
KeyManagementService kms = configFixture.KeyManagementService;
CryptoKeyHolder cryptoKeyHolder = CryptoKeyHolder.GenerateIKSK();
Mock <IMetastore <JObject> > metastoreMock = MetastoreMock.CreateMetastoreMock(
partition, kms, metaIK, metaSK, cryptoKeyHolder, configFixture.Metastore);
CacheMock cacheMock = CacheMock.CreateCacheMock(cacheIK, cacheSK, cryptoKeyHolder);
// Mimics (mostly) the old TimeBasedCryptoPolicyImpl settings
CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy.NewBuilder()
.WithKeyExpirationDays(KeyExpiryDays)
.WithRevokeCheckMinutes(int.MaxValue)
.WithCanCacheIntermediateKeys(false)
.WithCanCacheSystemKeys(false)
.Build();
SecureCryptoKeyDictionary <DateTimeOffset> intermediateKeyCache = cacheMock.IntermediateKeyCache;
SecureCryptoKeyDictionary <DateTimeOffset> systemKeyCache = cacheMock.SystemKeyCache;
EnvelopeEncryptionJsonImpl envelopeEncryptionJson = new EnvelopeEncryptionJsonImpl(
partition,
metastoreMock.Object,
systemKeyCache,
new FakeSecureCryptoKeyDictionaryFactory <DateTimeOffset>(intermediateKeyCache),
new BouncyAes256GcmCrypto(),
cryptoPolicy,
kms);
IEnvelopeEncryption <byte[]> envelopeEncryptionByteImpl =
new EnvelopeEncryptionBytesImpl(envelopeEncryptionJson);
return(new object[]
{
envelopeEncryptionByteImpl, metastoreMock, cacheIK, metaIK, cacheSK, metaSK,
partition
});
}
public AppJsonEncryptionImplTest()
{
partition = new Partition("PARTITION", "SYSTEM", "PRODUCT");
Dictionary <string, JObject> memoryPersistence = new Dictionary <string, JObject>();
dataPersistence = new AdhocPersistence <JObject>(
key => memoryPersistence.TryGetValue(key, out JObject result) ? result : Option <JObject> .None,
(key, jsonObject) => memoryPersistence.Add(key, jsonObject));
metastore = new InMemoryMetastoreImpl <JObject>();
keyManagementService = new DummyKeyManagementService();
AeadEnvelopeCrypto aeadEnvelopeCrypto = new BouncyAes256GcmCrypto();
// Generate a dummy systemKey document
CryptoKey systemKey = aeadEnvelopeCrypto.GenerateKey();
byte[] encryptedSystemKey = keyManagementService.EncryptKey(systemKey);
EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(DateTimeOffset.UtcNow, null, encryptedSystemKey);
// Write out the dummy systemKey record
memoryPersistence.TryAdd(partition.SystemKeyId, systemKeyRecord.ToJson());
}
public void Before_each_test()
{
clientLicenseRepoistory = new ClientLicenseRepository(objectSerializationProvider, symmetricEncryptionProvider);
clientLicenseService = new ClientLicenseService(clientLicenseRepoistory);
serviceProductsRepository = new ServiceProductsRepository(new ScutexServiceEntities());
symmetricEncryptionProvider = new SymmetricEncryptionProvider();
asymmetricEncryptionProvider = new AsymmetricEncryptionProvider();
hashingProvider = new HashingProvider();
objectSerializationProvider = new ObjectSerializationProvider();
numberDataGenerator = new NumberDataGenerator();
packingService = new PackingService(numberDataGenerator);
commonRepository = new CommonRepository(new ScutexServiceEntities());
clientRepository = new ClientRepository(new ScutexServiceEntities());
keyGenerator = new KeyGenerator(symmetricEncryptionProvider, asymmetricEncryptionProvider, hashingProvider);
masterService = new MasterService(commonRepository);
hardwareFingerprintService = new HardwareFingerprintService(new WmiDataProvider(), new HashingProvider());
keyGeneratorLarge = new Scutex.Generators.StaticKeyGeneratorLarge.KeyGenerator(symmetricEncryptionProvider, asymmetricEncryptionProvider, hashingProvider, hardwareFingerprintService);
var mockActivationLogRepository = new Mock <IActivationLogRepoistory>();
mockActivationLogRepository.Setup(log => log.SaveActivationLog(It.IsAny <Scutex.Model.ActivationLog>()));
activationLogService = new ActivationLogService(mockActivationLogRepository.Object, hashingProvider);
commonService = new CommonService();
string path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().GetName().CodeBase);
path = path.Replace("file:\\", "");
var mockCommonService = new Mock <ICommonService>();
mockCommonService.Setup(common => common.GetPath()).Returns(path + "\\Data\\Client\\");
string masterServiceDataText;
using (TextReader reader = new StreamReader(path + "\\Data\\MasterService.dat"))
{
masterServiceDataText = reader.ReadToEnd().Trim();
}
masterServiceData = objectSerializationProvider.Deserialize <MasterServiceData>(masterServiceDataText);
var mockCommonRepository = new Mock <ICommonRepository>();
mockCommonRepository.Setup(repo => repo.GetMasterServiceData()).Returns(masterServiceData);
masterService = new MasterService(mockCommonRepository.Object);
keyPairService = new KeyPairService(mockCommonService.Object, mockCommonRepository.Object);
controlService = new ControlService(symmetricEncryptionProvider, keyPairService, packingService, masterService, objectSerializationProvider, asymmetricEncryptionProvider);
servicesRepository = new ServicesRepository(new ScutexEntities());
serviceStatusProvider = new ServiceStatusProvider(symmetricEncryptionProvider, objectSerializationProvider, asymmetricEncryptionProvider);
licenseActiviationProvider = new LicenseActiviationProvider(asymmetricEncryptionProvider, symmetricEncryptionProvider, objectSerializationProvider);
servicesService = new ServicesService(servicesRepository, serviceStatusProvider, packingService, licenseActiviationProvider, null, null, null, null, null);
licenseKeyService = new LicenseKeyService(keyGenerator, keyGeneratorLarge, packingService, clientLicenseService);
keyService = new KeyManagementService(clientRepository, licenseKeyService, activationLogService, hashingProvider, serviceProductsRepository);
activationService = new ActivationService(controlService, keyService, keyPairService, objectSerializationProvider, asymmetricEncryptionProvider, activationLogService, masterService, commonService, null);
string serviceData;
using (TextReader reader = new StreamReader(path + "\\Data\\Service.dat"))
{
serviceData = reader.ReadToEnd().Trim();
}
service = objectSerializationProvider.Deserialize <Service>(serviceData);
}
public IBuildStep WithKeyManagementService(KeyManagementService kms)
{
keyManagementService = kms;
return(this);
}
public IBuildStep WithStaticKeyManagementService(string demoMasterKey)
{
keyManagementService = new StaticKeyManagementServiceImpl(demoMasterKey);
return(this);
}
public static AppEncryptionSessionFactory CreateDefaultAppEncryptionSessionFactory(
KeyManagementService keyManagementService, IMetastorePersistence <JObject> metastorePersistence)
{
return(CreateDefaultAppEncryptionSessionFactory(DefaultProductId, DefaultSystemId, keyManagementService, metastorePersistence));
}
private static async void App(Options options)
{
IMetastore <JObject> metastore = null;
KeyManagementService keyManagementService = null;
if (options.Metastore == Metastore.ADO)
{
if (options.AdoConnectionString != null)
{
logger.LogInformation("using ADO-based metastore...");
metastore = AdoMetastoreImpl
.NewBuilder(MySqlClientFactory.Instance, options.AdoConnectionString)
.Build();
}
else
{
logger.LogError("ADO connection string is a mandatory parameter with Metastore Type: ADO");
Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
return;
}
}
else if (options.Metastore == Metastore.DYNAMODB)
{
logger.LogInformation("using DynamoDB-based metastore...");
AWSConfigs.AWSRegion = "us-west-2";
metastore = DynamoDbMetastoreImpl.NewBuilder().Build();
}
else
{
logger.LogInformation("using in-memory metastore...");
metastore = new InMemoryMetastoreImpl <JObject>();
}
if (options.Kms == Kms.AWS)
{
if (options.PreferredRegion != null && options.RegionToArnTuples != null)
{
Dictionary <string, string> regionToArnDictionary = new Dictionary <string, string>();
foreach (string regionArnPair in options.RegionToArnTuples)
{
string[] regionArnArray = regionArnPair.Split("=");
regionToArnDictionary.Add(regionArnArray[0], regionArnArray[1]);
}
logger.LogInformation("using AWS KMS...");
keyManagementService = AwsKeyManagementServiceImpl
.NewBuilder(regionToArnDictionary, options.PreferredRegion).Build();
}
else
{
logger.LogError("Preferred region and <region>=<arn> tuples are mandatory with KMS Type: AWS");
Console.WriteLine(HelpText.AutoBuild(cmdOptions, null, null));
return;
}
}
else
{
logger.LogInformation("using static KMS...");
keyManagementService = new StaticKeyManagementServiceImpl("mysupersecretstaticmasterkey!!!!");
}
CryptoPolicy cryptoPolicy = BasicExpiringCryptoPolicy
.NewBuilder()
.WithKeyExpirationDays(KeyExpirationDays)
.WithRevokeCheckMinutes(CacheCheckMinutes)
.Build();
// Setup metrics reporters and always include console.
IMetricsBuilder metricsBuilder = new MetricsBuilder()
.Report.ToConsole(consoleOptions => consoleOptions.FlushInterval = TimeSpan.FromSeconds(60));
// CloudWatch metrics generation
if (options.EnableCloudWatch)
{
// Fill in when we open source our App.Metrics cloudwatch reporter separately
}
IMetrics metrics = metricsBuilder.Build();
// Create a session factory for this app. Normally this would be done upon app startup and the
// same factory would be used anytime a new session is needed for a partition (e.g., shopper).
// We've split it out into multiple using blocks to underscore this point.
using (SessionFactory sessionFactory = SessionFactory
.NewBuilder("productId", "reference_app")
.WithMetastore(metastore)
.WithCryptoPolicy(cryptoPolicy)
.WithKeyManagementService(keyManagementService)
.WithMetrics(metrics)
.Build())
{
// Now create an actual session for a partition (which in our case is a pretend shopper id). This session is used
// for a transaction and is disposed automatically after use due to the IDisposable implementation.
using (Session <byte[], byte[]> sessionBytes =
sessionFactory.GetSessionBytes("shopper123"))
{
const string originalPayloadString = "mysupersecretpayload";
foreach (int i in Enumerable.Range(0, options.Iterations))
{
string dataRowString;
// If we get a DRR as a command line argument, we want to directly decrypt it
if (options.Drr != null)
{
dataRowString = options.Drr;
}
else
{
// Encrypt the payload
byte[] dataRowRecordBytes =
sessionBytes.Encrypt(Encoding.UTF8.GetBytes(originalPayloadString));
// Consider this us "persisting" the DRR
dataRowString = Convert.ToBase64String(dataRowRecordBytes);
}
logger.LogInformation("dataRowRecord as string = {dataRow}", dataRowString);
byte[] newDataRowRecordBytes = Convert.FromBase64String(dataRowString);
// Decrypt the payload
string decryptedPayloadString =
Encoding.UTF8.GetString(sessionBytes.Decrypt(newDataRowRecordBytes));
logger.LogInformation("decryptedPayloadString = {payload}", decryptedPayloadString);
logger.LogInformation("matches = {result}", originalPayloadString.Equals(decryptedPayloadString));
}
}
}
// Force final publish of metrics
await Task.WhenAll(((IMetricsRoot)metrics).ReportRunner.RunAllAsync());
}
internal static Mock <IMetastore <JObject> > CreateMetastoreMock(
Partition partition,
KeyManagementService kms,
KeyState metaIK,
KeyState metaSK,
CryptoKeyHolder cryptoKeyHolder,
IMetastore <JObject> metastore)
{
CryptoKey systemKey = cryptoKeyHolder.SystemKey;
Mock <IMetastore <JObject> > metastoreSpy = new Mock <IMetastore <JObject> >();
metastoreSpy
.Setup(x => x.Load(It.IsAny <string>(), It.IsAny <DateTimeOffset>()))
.Returns <string, DateTimeOffset>(metastore.Load);
metastoreSpy
.Setup(x => x.LoadLatest(It.IsAny <string>()))
.Returns <string>(metastore.LoadLatest);
metastoreSpy
.Setup(x => x.Store(It.IsAny <string>(), It.IsAny <DateTimeOffset>(), It.IsAny <JObject>()))
.Returns <string, DateTimeOffset, JObject>(metastore.Store);
if (metaSK != KeyState.Empty)
{
if (metaSK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = systemKey.GetCreated();
systemKey = systemKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord systemKeyRecord = new EnvelopeKeyRecord(
systemKey.GetCreated(), null, kms.EncryptKey(systemKey), systemKey.IsRevoked());
metastore.Store(
partition.SystemKeyId,
systemKeyRecord.Created,
systemKeyRecord.ToJson());
}
if (metaIK != KeyState.Empty)
{
CryptoKey intermediateKey = cryptoKeyHolder.IntermediateKey;
if (metaIK == KeyState.Retired)
{
// We create a revoked copy of the same key
DateTimeOffset created = intermediateKey.GetCreated();
intermediateKey = intermediateKey
.WithKey(bytes => Crypto.GenerateKeyFromBytes(bytes, created, true));
}
EnvelopeKeyRecord intermediateKeyRecord = new EnvelopeKeyRecord(
intermediateKey.GetCreated(),
new KeyMeta(partition.SystemKeyId, systemKey.GetCreated()),
Crypto.EncryptKey(intermediateKey, systemKey),
intermediateKey.IsRevoked());
metastore.Store(
partition.IntermediateKeyId,
intermediateKeyRecord.Created,
intermediateKeyRecord.ToJson());
}
return(metastoreSpy);
}
public static SessionFactory CreateDefaultSessionFactory(
KeyManagementService keyManagementService, IMetastore <JObject> metastore)
{
return(CreateDefaultSessionFactory(DefaultProductId, DefaultServiceId, keyManagementService, metastore));
}
