public async Task EncryptionUTCreateItemWithUnknownDek()
{
Container container = this.GetContainerWithMockSetup();
DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database;
MyItem item = EncryptionUnitTests.GetNewItem();
try
{
await container.CreateItemAsync(
item,
new PartitionKey(item.PK),
new ItemRequestOptions
{
EncryptionOptions = new EncryptionOptions
{
DataEncryptionKey = database.GetDataEncryptionKey("random"),
PathsToEncrypt = MyItem.PathsToEncrypt
}
});
Assert.Fail();
}
catch (CosmosException ex)
{
Assert.IsTrue(ex.Message.Contains(ClientResources.DataEncryptionKeyNotFound));
}
}
public async Task EncryptionUTReadItem()
{
Container container = this.GetContainerWithMockSetup();
DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database;
string dekId = "mydek";
DataEncryptionKeyResponse dekResponse = await database.CreateDataEncryptionKeyAsync(dekId, EncryptionUnitTests.Algo, this.metadata1);
Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode);
MyItem item = await EncryptionUnitTests.CreateItemAsync(container, dekId, MyItem.PathsToEncrypt);
ItemResponse <MyItem> readResponse = await container.ReadItemAsync <MyItem>(item.Id, new PartitionKey(item.PK));
Assert.AreEqual(item, readResponse.Resource);
}
private static async Task <MyItem> CreateItemAsync(Container container, string dekId, List <string> pathsToEncrypt)
{
DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database;
MyItem item = EncryptionUnitTests.GetNewItem();
ItemResponse <MyItem> response = await container.CreateItemAsync <MyItem>(
item,
requestOptions : new ItemRequestOptions
{
EncryptionOptions = new EncryptionOptions
{
DataEncryptionKey = database.GetDataEncryptionKey(dekId),
PathsToEncrypt = pathsToEncrypt
}
});
Assert.AreEqual(HttpStatusCode.Created, response.StatusCode);
Assert.AreEqual(item, response.Resource);
return(item);
}
public async Task EncryptionUTCreateItem()
{
Container container = this.GetContainerWithMockSetup();
DatabaseCore database = (DatabaseCore)((ContainerCore)(ContainerInlineCore)container).Database;
string dekId = "mydek";
DataEncryptionKeyResponse dekResponse = await database.CreateDataEncryptionKeyAsync(dekId, EncryptionUnitTests.Algo, this.metadata1);
Assert.AreEqual(HttpStatusCode.Created, dekResponse.StatusCode);
MyItem item = await EncryptionUnitTests.CreateItemAsync(container, dekId, MyItem.PathsToEncrypt);
// Validate server state
Assert.IsTrue(this.testHandler.Items.TryGetValue(item.Id, out JObject serverItem));
Assert.IsNotNull(serverItem);
Assert.AreEqual(item.Id, serverItem.Property(Constants.Properties.Id).Value.Value <string>());
Assert.AreEqual(item.PK, serverItem.Property(nameof(MyItem.PK)).Value.Value <string>());
Assert.IsNull(serverItem.Property(nameof(MyItem.EncStr1)));
Assert.IsNull(serverItem.Property(nameof(MyItem.EncInt)));
JProperty eiJProp = serverItem.Property(Constants.Properties.EncryptedInfo);
Assert.IsNotNull(eiJProp);
Assert.IsNotNull(eiJProp.Value);
Assert.AreEqual(JTokenType.Object, eiJProp.Value.Type);
EncryptionProperties encryptionPropertiesAtServer = ((JObject)eiJProp.Value).ToObject <EncryptionProperties>();
Assert.IsNotNull(encryptionPropertiesAtServer);
Assert.AreEqual(dekResponse.Resource.ResourceId, encryptionPropertiesAtServer.DataEncryptionKeyRid);
Assert.AreEqual(1, encryptionPropertiesAtServer.EncryptionFormatVersion);
Assert.IsNotNull(encryptionPropertiesAtServer.EncryptedData);
JObject decryptedJObj = EncryptionUnitTests.ParseStream(new MemoryStream(encryptionPropertiesAtServer.EncryptedData.Reverse().ToArray()));
Assert.AreEqual(2, decryptedJObj.Properties().Count());
Assert.AreEqual(item.EncStr1, decryptedJObj.Property(nameof(MyItem.EncStr1)).Value.Value <string>());
Assert.AreEqual(item.EncInt, decryptedJObj.Property(nameof(MyItem.EncInt)).Value.Value <int>());
}
public override async Task <ResponseMessage> SendAsync(
RequestMessage request,
CancellationToken cancellationToken)
{
// We clone the request message as the Content is disposed before we can use it in the test assertions later.
this.Received.Add(EncryptionTestHandler.CloneRequestMessage(request));
if (this.func != null)
{
return(await this.func(request));
}
HttpStatusCode httpStatusCode = HttpStatusCode.InternalServerError;
if (request.ResourceType == ResourceType.ClientEncryptionKey)
{
DataEncryptionKeyProperties dekProperties = null;
if (request.OperationType == OperationType.Create)
{
dekProperties = this.serializer.FromStream <DataEncryptionKeyProperties>(request.Content);
string databaseRid = ResourceId.NewDatabaseId(1).ToString();
dekProperties.ResourceId = ResourceId.NewClientEncryptionKeyId(databaseRid, (uint)this.Received.Count).ToString();
dekProperties.CreatedTime = EncryptionTestHandler.ReducePrecisionToSeconds(DateTime.UtcNow);
dekProperties.LastModified = dekProperties.CreatedTime;
dekProperties.ETag = Guid.NewGuid().ToString();
dekProperties.SelfLink = string.Format(
"dbs/{0}/{1}/{2}/",
databaseRid,
Paths.ClientEncryptionKeysPathSegment,
dekProperties.ResourceId);
httpStatusCode = HttpStatusCode.Created;
if (!this.Deks.TryAdd(dekProperties.Id, dekProperties))
{
httpStatusCode = HttpStatusCode.Conflict;
}
}
else if (request.OperationType == OperationType.Read)
{
string dekId = EncryptionTestHandler.ParseDekUri(request.RequestUri);
httpStatusCode = HttpStatusCode.OK;
if (!this.Deks.TryGetValue(dekId, out dekProperties))
{
httpStatusCode = HttpStatusCode.NotFound;
}
}
else if (request.OperationType == OperationType.Replace)
{
string dekId = EncryptionTestHandler.ParseDekUri(request.RequestUri);
dekProperties = this.serializer.FromStream <DataEncryptionKeyProperties>(request.Content);
dekProperties.LastModified = EncryptionTestHandler.ReducePrecisionToSeconds(DateTime.UtcNow);
dekProperties.ETag = Guid.NewGuid().ToString();
httpStatusCode = HttpStatusCode.OK;
if (!this.Deks.TryGetValue(dekId, out DataEncryptionKeyProperties existingDekProperties))
{
httpStatusCode = HttpStatusCode.NotFound;
}
if (!this.Deks.TryUpdate(dekId, dekProperties, existingDekProperties))
{
throw new InvalidOperationException("Concurrency not handled in tests.");
}
}
else if (request.OperationType == OperationType.Delete)
{
string dekId = EncryptionTestHandler.ParseDekUri(request.RequestUri);
httpStatusCode = HttpStatusCode.NoContent;
if (!this.Deks.TryRemove(dekId, out _))
{
httpStatusCode = HttpStatusCode.NotFound;
}
}
ResponseMessage responseMessage = new ResponseMessage(httpStatusCode, request)
{
Content = dekProperties != null?this.serializer.ToStream(dekProperties) : null,
};
responseMessage.Headers.RequestCharge = EncryptionUnitTests.requestCharge;
responseMessage.Headers.ETag = dekProperties?.ETag;
return(responseMessage);
}
else if (request.ResourceType == ResourceType.Document)
{
JObject item = null;
if (request.OperationType == OperationType.Create)
{
item = EncryptionUnitTests.ParseStream(request.Content);
string itemId = item.Property("id").Value.Value <string>();
httpStatusCode = HttpStatusCode.Created;
if (!this.Items.TryAdd(itemId, item))
{
httpStatusCode = HttpStatusCode.Conflict;
}
}
else if (request.OperationType == OperationType.Read)
{
string itemId = EncryptionTestHandler.ParseItemUri(request.RequestUri);
httpStatusCode = HttpStatusCode.OK;
if (!this.Items.TryGetValue(itemId, out item))
{
httpStatusCode = HttpStatusCode.NotFound;
}
}
else if (request.OperationType == OperationType.Replace)
{
string itemId = EncryptionTestHandler.ParseItemUri(request.RequestUri);
item = EncryptionUnitTests.ParseStream(request.Content);
httpStatusCode = HttpStatusCode.OK;
if (!this.Items.TryGetValue(itemId, out JObject existingItem))
{
httpStatusCode = HttpStatusCode.NotFound;
}
if (!this.Items.TryUpdate(itemId, item, existingItem))
{
throw new InvalidOperationException("Concurrency not handled in tests.");
}
}
else if (request.OperationType == OperationType.Delete)
{
string itemId = EncryptionTestHandler.ParseItemUri(request.RequestUri);
httpStatusCode = HttpStatusCode.NoContent;
if (!this.Items.TryRemove(itemId, out _))
{
httpStatusCode = HttpStatusCode.NotFound;
}
}
ResponseMessage responseMessage = new ResponseMessage(httpStatusCode, request)
{
Content = item != null?this.serializer.ToStream(item) : null,
};
responseMessage.Headers.RequestCharge = EncryptionUnitTests.requestCharge;
return(responseMessage);
}
return(new ResponseMessage(httpStatusCode, request));
}
