public void Roundtrip(int dataSize) { var key = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString()); var client = new FakeKmsClient(); var encryptor = new KmsXmlEncryptor(client, key); var decryptor = new KmsXmlDecryptor(client); var plain = new XElement("Original", new string ('x', dataSize)); var encrypted = encryptor.Encrypt(plain); Assert.DoesNotContain("Plaintext value", encrypted.EncryptedElement.ToString()); var decrypted = decryptor.Decrypt(encrypted.EncryptedElement); Assert.Equal(plain.ToString(), decrypted.ToString()); }
public void EncryptFormat() { var key = new CryptoKeyName("projectId", "locationId", "keyRingId", Guid.NewGuid().ToString()); var encryptor = new KmsXmlEncryptor(new FakeKmsClient(), key); var plain = new XElement("Original", "Plaintext value"); var encrypted = encryptor.Encrypt(plain); Assert.Equal(typeof(KmsXmlDecryptor), encrypted.DecryptorType); var element = encrypted.EncryptedElement; Assert.Equal(KmsXmlConstants.EncryptedElement, element.Name); Assert.Equal(key.ToString(), element.Attribute(KmsXmlConstants.KmsKeyNameAttribute).Value); // Validate that the key data contains valid base64 data Convert.FromBase64String(element.Attribute(KmsXmlConstants.LocalKeyDataAttribute).Value); // Validate that the payload contains valid base64 data. Convert.FromBase64String(element.Element(KmsXmlConstants.PayloadElement).Value); }
public void ExpectEncryptToSucceed() { var myInputXml = new XElement(ElementName, "input"); byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted"); var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData); using (var encryptedResponseStream = new MemoryStream()) { encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length); encryptedResponseStream.Seek(0, SeekOrigin.Begin); var encryptResponse = new EncryptResponse { KeyId = KeyId, CiphertextBlob = encryptedResponseStream }; encryptConfig.Setup(x => x.EncryptionContext).Returns(encryptionContext); encryptConfig.Setup(x => x.GrantTokens).Returns(grantTokens); encryptConfig.Setup(x => x.KeyId).Returns(KeyId); kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None)) .ReturnsAsync(encryptResponse) .Callback <EncryptRequest, CancellationToken>((er, ct) => { Assert.Same(encryptionContext, er.EncryptionContext); Assert.Same(grantTokens, er.GrantTokens); var body = XElement.Load(er.Plaintext); Assert.True(XNode.DeepEquals(myInputXml, body)); }); var encryptedXml = encryptor.Encrypt(myInputXml); Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType); var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value"); Assert.Equal(myBase64EncryptedData, encryptedBlob); } }
public void ExpectEncryptToSucceed(bool useAppId, bool hashAppId, string appId, string expectedAppId) { var myInputXml = new XElement(ElementName, "input"); byte[] myEncryptedData = Encoding.UTF8.GetBytes("encrypted"); var myBase64EncryptedData = Convert.ToBase64String(myEncryptedData); using (var encryptedResponseStream = new MemoryStream()) { encryptedResponseStream.Write(myEncryptedData, 0, myEncryptedData.Length); encryptedResponseStream.Seek(0, SeekOrigin.Begin); var encryptResponse = new EncryptResponse { KeyId = KeyId, CiphertextBlob = encryptedResponseStream }; var actualConfig = new KmsXmlEncryptorConfig { EncryptionContext = encryptionContext, GrantTokens = grantTokens, KeyId = KeyId, DiscriminatorAsContext = useAppId, HashDiscriminatorContext = hashAppId }; var actualOptions = new DataProtectionOptions { ApplicationDiscriminator = appId }; encryptConfig.Setup(x => x.Value).Returns(actualConfig); dpOptions.Setup(x => x.Value).Returns(actualOptions); kmsClient.Setup(x => x.EncryptAsync(It.IsAny <EncryptRequest>(), CancellationToken.None)) .ReturnsAsync(encryptResponse) .Callback <EncryptRequest, CancellationToken>((er, ct) => { if (appId != null && useAppId) { Assert.Contains(KmsConstants.ApplicationEncryptionContextKey, er.EncryptionContext.Keys); Assert.Equal(expectedAppId, er.EncryptionContext[KmsConstants.ApplicationEncryptionContextKey]); } else { Assert.Same(encryptionContext, er.EncryptionContext); } Assert.Same(grantTokens, er.GrantTokens); var body = XElement.Load(er.Plaintext); Assert.True(XNode.DeepEquals(myInputXml, body)); }); var encryptedXml = encryptor.Encrypt(myInputXml); Assert.Equal(typeof(KmsXmlDecryptor), encryptedXml.DecryptorType); var encryptedBlob = (string)encryptedXml.EncryptedElement.Element("value"); Assert.Equal(myBase64EncryptedData, encryptedBlob); } }