public void ReadMeta()
{
using (var ks = StorageKeySet.Create(GetClientCred(), DefaultContainer, "create1")())
{
Expect(ks.Metadata.Name, Is.EqualTo("Create1"));
}
}
public void CreateNoPrimary()
{
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 cipherText = null;
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var encrypter = new Encrypter(origKs))
{
cipherText = encrypter.Encrypt(Input);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, "no-primary"))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, "no-primary"))
using (var crypter = new Crypter(origKs))
{
var output = crypter.Decrypt(cipherText);
Expect(output, Is.EqualTo(Input));
}
}
public void RevokeOverwrite()
{
var testPath = "revoke-override";
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 origCipherText = null;
WebBase64 origKeyId = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
origCipherText = encrypter.Encrypt(Input);
origKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
}
using (var origKs = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var ks = new MutableKeySet(origKs))
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
{
var status = ks.Demote(1);
Expect(status, Is.EqualTo(KeyStatus.Active));
var status2 = ks.Demote(1);
Expect(status2, Is.EqualTo(KeyStatus.Inactive));
var revoked = ks.Revoke(1);
Expect(revoked, Is.True);
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var writer = CreateNewStorageWriter(DefaultContainer, testPath))
using (var ks = CreateNewKeySetMeta(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt))
{
int ver = ks.AddKey(KeyStatus.Primary);
Expect(ver, Is.EqualTo(1));
var success = ks.Save(writer);
Expect(success, Is.True);
}
WebBase64 newCipherText = null;
using (var ks = new StorageKeySet(GetClientCred(), DefaultContainer, testPath))
using (var encrypter = new Encrypter(ks))
{
newCipherText = encrypter.Encrypt(Input);
}
using (var ks = StorageKeySet.Create(GetClientCred(), DefaultContainer, testPath)())
{
var newKeyId = WebBase64.FromBytes(ks.Metadata.Versions.First().KeyId);
var prefix = new byte[KeyczarConst.KeyHashLength];
Array.Copy(newCipherText.ToBytes(), 1, prefix, 0, prefix.Length);
Expect(prefix, Is.Not.EqualTo(origKeyId.ToBytes()));
Expect(prefix, Is.EqualTo(newKeyId.ToBytes()));
}
}
