示例#1
0
        static void Main(string[] args)
        {
            Console.WriteLine("Queue encryption sample");

            // Retrieve storage account information from connection string
            // How to create a storage connection string - https://azure.microsoft.com/en-us/documentation/articles/storage-configure-connection-string/
            CloudStorageAccount storageAccount = EncryptionShared.Utility.CreateStorageAccountFromConnectionString();
            CloudQueueClient client = storageAccount.CreateCloudQueueClient();
            CloudQueue queue = client.GetQueueReference(DemoQueue + Guid.NewGuid().ToString("N"));

            try
            {
                queue.Create();

                // Create the IKey used for encryption.
                RsaKey key = new RsaKey("private:key1");           

                // Create the encryption policy to be used for insert and update.
                QueueEncryptionPolicy insertPolicy = new QueueEncryptionPolicy(key, null);

                // Set the encryption policy on the request options.
                QueueRequestOptions insertOptions = new QueueRequestOptions() { EncryptionPolicy = insertPolicy };

                string messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message = new CloudQueueMessage(messageStr);

                // Add message
                Console.WriteLine("Inserting the encrypted message.");
                queue.AddMessage(message, null, null, insertOptions, null);

                // For retrieves, a resolver can be set up that will help pick the key based on the key id.
                LocalResolver resolver = new LocalResolver();
                resolver.Add(key);

                QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, resolver);
                QueueRequestOptions retrieveOptions = new QueueRequestOptions() { EncryptionPolicy = retrPolicy };

                // Retrieve message
                Console.WriteLine("Retrieving the encrypted message.");
                CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);

                // Update message
                Console.WriteLine("Updating the encrypted message.");
                string updatedMessage = Guid.NewGuid().ToString("N");
                retrMessage.SetMessageContent(updatedMessage);
                queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, insertOptions, null);

                // Retrieve updated message
                Console.WriteLine("Retrieving the updated encrypted message.");
                retrMessage = queue.GetMessage(null, retrieveOptions, null);

                Console.WriteLine("Press enter key to exit");
                Console.ReadLine();
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
示例#2
0
        public void CloudQueueMessageValidateEncryption()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            CloudQueueClient client = GenerateCloudQueueClient();
            string           name   = GenerateNewQueueName();
            CloudQueue       queue  = client.GetQueueReference(name);

            try
            {
                queue.CreateIfNotExists();

                byte[] messageBytes = new byte[100];
                Random rand         = new Random();
                rand.NextBytes(messageBytes);

                string            inputMessage = Convert.ToBase64String(messageBytes);
                CloudQueueMessage message      = new CloudQueueMessage(inputMessage);
                queue.EncodeMessage = false;

                QueueEncryptionPolicy policy  = new QueueEncryptionPolicy(aesKey, null);
                QueueRequestOptions   options = new QueueRequestOptions()
                {
                    EncryptionPolicy = policy
                };

                // Add message
                queue.AddMessage(message, null, null, options, null);

                // Retrieve message without decrypting
                CloudQueueMessage retrMessage = queue.GetMessage(null, null, null);

                // Decrypt locally
                CloudQueueMessage          decryptedMessage;
                CloudQueueEncryptedMessage encryptedMessage = JsonConvert.DeserializeObject <CloudQueueEncryptedMessage>(retrMessage.AsString);
                EncryptionData             encryptionData   = encryptedMessage.EncryptionData;

                byte[] contentEncryptionKey = aesKey.UnwrapKeyAsync(encryptionData.WrappedContentKey.EncryptedKey, encryptionData.WrappedContentKey.Algorithm, CancellationToken.None).Result;

                using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider())
                {
                    myAes.Key = contentEncryptionKey;
                    myAes.IV  = encryptionData.ContentEncryptionIV;

                    byte[] src = Convert.FromBase64String(encryptedMessage.EncryptedMessageContents);
                    using (ICryptoTransform decryptor = myAes.CreateDecryptor())
                    {
                        decryptedMessage = new CloudQueueMessage(decryptor.TransformFinalBlock(src, 0, src.Length));
                    }
                }

                TestHelper.AssertBuffersAreEqual(message.AsBytes, decryptedMessage.AsBytes);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
示例#3
0
        private void DoCloudQueueAddUpdateEncryptedMessageAPM(IKey key, DictionaryKeyResolver keyResolver)
        {
            CloudQueueClient client = GenerateCloudQueueClient();
            CloudQueue       queue  = client.GetQueueReference(GenerateNewQueueName());

            try
            {
                queue.CreateIfNotExists();

                string            messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message    = new CloudQueueMessage(messageStr);

                QueueEncryptionPolicy policy        = new QueueEncryptionPolicy(key, null);
                QueueRequestOptions   createOptions = new QueueRequestOptions()
                {
                    EncryptionPolicy = policy
                };

                using (AutoResetEvent waitHandle = new AutoResetEvent(false))
                {
                    // Add message
                    IAsyncResult result = queue.BeginAddMessage(message, null, null, createOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    queue.EndAddMessage(result);

                    policy = new QueueEncryptionPolicy(null, keyResolver);
                    QueueRequestOptions retrieveOptions = new QueueRequestOptions()
                    {
                        EncryptionPolicy = policy
                    };

                    // Retrieve message
                    result = queue.BeginGetMessage(null, retrieveOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    CloudQueueMessage retrMessage = queue.EndGetMessage(result);
                    Assert.AreEqual(messageStr, retrMessage.AsString);

                    // Update message
                    string updatedMessage = Guid.NewGuid().ToString("N");
                    retrMessage.SetMessageContent(updatedMessage);
                    result = queue.BeginUpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, createOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    queue.EndUpdateMessage(result);

                    // Retrieve updated message
                    result = queue.BeginGetMessage(null, retrieveOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    retrMessage = queue.EndGetMessage(result);
                    Assert.AreEqual(updatedMessage, retrMessage.AsString);
                }
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
示例#4
0
        private void DoCloudQueueAddUpdateEncryptedMessage(IKey key, DictionaryKeyResolver keyResolver)
        {
            CloudQueueClient client = GenerateCloudQueueClient();
            string           name   = GenerateNewQueueName();
            CloudQueue       queue  = client.GetQueueReference(name);

            try
            {
                queue.CreateIfNotExists();

                string            messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message    = new CloudQueueMessage(messageStr);

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(key, null);

                // Add message
                QueueRequestOptions createOptions = new QueueRequestOptions()
                {
                    EncryptionPolicy = policy
                };
                queue.AddMessage(message, null, null, createOptions, null);

                // Retrieve message
                QueueEncryptionPolicy retrPolicy      = new QueueEncryptionPolicy(null, keyResolver);
                QueueRequestOptions   retrieveOptions = new QueueRequestOptions()
                {
                    EncryptionPolicy = retrPolicy
                };
                CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);
                Assert.AreEqual(messageStr, retrMessage.AsString);

                // Update message
                string updatedMessage = Guid.NewGuid().ToString("N");
                retrMessage.SetMessageContent(updatedMessage);
                queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, createOptions, null);

                // Retrieve updated message
                retrMessage = queue.GetMessage(null, retrieveOptions, null);
                Assert.AreEqual(updatedMessage, retrMessage.AsString);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
示例#5
0
        public void CloudQueueAddUpdateEncryptedEncodedMessage()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            CloudQueueClient client = GenerateCloudQueueClient();
            string           name   = GenerateNewQueueName();
            CloudQueue       queue  = client.GetQueueReference(name);

            try
            {
                queue.CreateIfNotExists();

                byte[] messageBytes = new byte[100];
                Random rand         = new Random();
                rand.NextBytes(messageBytes);

                string            inputMessage = Convert.ToBase64String(messageBytes);
                CloudQueueMessage message      = new CloudQueueMessage(inputMessage);
                queue.EncodeMessage = false;

                QueueEncryptionPolicy policy  = new QueueEncryptionPolicy(aesKey, null);
                QueueRequestOptions   options = new QueueRequestOptions()
                {
                    EncryptionPolicy = policy
                };

                // Add message
                queue.AddMessage(message, null, null, options, null);

                // Retrieve message
                CloudQueueMessage retrMessage = queue.GetMessage(null, options, null);
                Assert.AreEqual(inputMessage, retrMessage.AsString);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
        private void DoCloudQueueAddUpdateEncryptedMessage(IKey key, DictionaryKeyResolver keyResolver)
        {
            CloudQueueClient client = GenerateCloudQueueClient();
            string name = GenerateNewQueueName();
            CloudQueue queue = client.GetQueueReference(name);
            try
            {
                queue.CreateIfNotExists();

                string messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message = new CloudQueueMessage(messageStr);

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(key, null);

                // Add message
                QueueRequestOptions createOptions = new QueueRequestOptions() { EncryptionPolicy = policy };
                queue.AddMessage(message, null, null, createOptions, null);

                // Retrieve message
                QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, keyResolver);
                QueueRequestOptions retrieveOptions = new QueueRequestOptions() { EncryptionPolicy = retrPolicy };
                CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);
                Assert.AreEqual(messageStr, retrMessage.AsString);

                // Update message
                string updatedMessage = Guid.NewGuid().ToString("N");
                retrMessage.SetMessageContent(updatedMessage);
                queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, createOptions, null);

                // Retrieve updated message
                retrMessage = queue.GetMessage(null, retrieveOptions, null);
                Assert.AreEqual(updatedMessage, retrMessage.AsString);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
示例#7
0
        public void CloudQueueAddEncrypted64KMessage()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            CloudQueueClient client = GenerateCloudQueueClient();
            string           name   = GenerateNewQueueName();
            CloudQueue       queue  = client.GetQueueReference(name);

            try
            {
                queue.CreateIfNotExists();

                string            inputMessage = new string('a', 64 * 1024);
                CloudQueueMessage message      = new CloudQueueMessage(inputMessage);
                queue.EncodeMessage = false;

                QueueEncryptionPolicy policy  = new QueueEncryptionPolicy(aesKey, null);
                QueueRequestOptions   options = new QueueRequestOptions()
                {
                    EncryptionPolicy = policy
                };

                // Add message
                queue.AddMessage(message, null, null, null, null);

                // Add encrypted Message
                TestHelper.ExpectedException <ArgumentException>(
                    () => queue.AddMessage(message, null, null, options, null),
                    "Adding an encrypted message that exceeds message limits should throw");
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
示例#8
0
        public void CloudQueueMessageEncryptionWithStrictMode()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            // Create the resolver to be used for unwrapping.
            DictionaryKeyResolver resolver = new DictionaryKeyResolver();

            resolver.Add(aesKey);

            CloudQueueClient client = GenerateCloudQueueClient();
            string           name   = GenerateNewQueueName();
            CloudQueue       queue  = client.GetQueueReference(name);

            try
            {
                queue.CreateIfNotExists();

                string            messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message    = new CloudQueueMessage(messageStr);

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);

                // Add message with policy.
                QueueRequestOptions createOptions = new QueueRequestOptions()
                {
                    EncryptionPolicy = policy
                };
                createOptions.RequireEncryption = true;

                queue.AddMessage(message, null, null, createOptions, null);

                // Set policy to null and add message while RequireEncryption flag is still set to true. This should throw.
                createOptions.EncryptionPolicy = null;

                TestHelper.ExpectedException <InvalidOperationException>(
                    () => queue.AddMessage(message, null, null, createOptions, null),
                    "Not specifying a policy when RequireEnryption is set to true should throw.");

                // Retrieve message
                QueueEncryptionPolicy retrPolicy      = new QueueEncryptionPolicy(null, resolver);
                QueueRequestOptions   retrieveOptions = new QueueRequestOptions()
                {
                    EncryptionPolicy = retrPolicy
                };
                retrieveOptions.RequireEncryption = true;

                CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);

                // Update message with plain text.
                string updatedMessage = Guid.NewGuid().ToString("N");
                retrMessage.SetMessageContent(updatedMessage);

                queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility);

                // Retrieve updated message with RequireEncryption flag but no metadata on the service. This should throw.
                TestHelper.ExpectedException <StorageException>(
                    () => queue.GetMessage(null, retrieveOptions, null),
                    "Retrieving with RequireEncryption set to true and no metadata on the service should fail.");

                // Set RequireEncryption to false and retrieve.
                retrieveOptions.RequireEncryption = false;
                queue.GetMessage(null, retrieveOptions, null);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
        public void CloudQueueMessageEncryptionWithStrictMode()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            // Create the resolver to be used for unwrapping.
            DictionaryKeyResolver resolver = new DictionaryKeyResolver();
            resolver.Add(aesKey);

            CloudQueueClient client = GenerateCloudQueueClient();
            string name = GenerateNewQueueName();
            CloudQueue queue = client.GetQueueReference(name);
            try
            {
                queue.CreateIfNotExists();

                string messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message = new CloudQueueMessage(messageStr);

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);

                // Add message with policy.
                QueueRequestOptions createOptions = new QueueRequestOptions() { EncryptionPolicy = policy };
                createOptions.RequireEncryption = true;

                queue.AddMessage(message, null, null, createOptions, null);

                // Set policy to null and add message while RequireEncryption flag is still set to true. This should throw.
                createOptions.EncryptionPolicy = null;

                TestHelper.ExpectedException<InvalidOperationException>(
                    () => queue.AddMessage(message, null, null, createOptions, null),
                    "Not specifying a policy when RequireEnryption is set to true should throw.");

                // Retrieve message
                QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, resolver);
                QueueRequestOptions retrieveOptions = new QueueRequestOptions() { EncryptionPolicy = retrPolicy };
                retrieveOptions.RequireEncryption = true;

                CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);

                // Update message with plain text.
                string updatedMessage = Guid.NewGuid().ToString("N");
                retrMessage.SetMessageContent(updatedMessage);

                queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility);

                // Retrieve updated message with RequireEncryption flag but no metadata on the service. This should throw.
                TestHelper.ExpectedException<StorageException>(
                    () => queue.GetMessage(null, retrieveOptions, null),
                    "Retrieving with RequireEncryption set to true and no metadata on the service should fail.");

                // Set RequireEncryption to false and retrieve.
                retrieveOptions.RequireEncryption = false;
                queue.GetMessage(null, retrieveOptions, null);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
        public void CloudQueueMessageValidateEncryption()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            CloudQueueClient client = GenerateCloudQueueClient();
            string name = GenerateNewQueueName();
            CloudQueue queue = client.GetQueueReference(name);
            try
            {
                queue.CreateIfNotExists();

                byte[] messageBytes = new byte[100];
                Random rand = new Random();
                rand.NextBytes(messageBytes);

                string inputMessage = Convert.ToBase64String(messageBytes);
                CloudQueueMessage message = new CloudQueueMessage(inputMessage);
                queue.EncodeMessage = false;

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);
                QueueRequestOptions options = new QueueRequestOptions() { EncryptionPolicy = policy };

                // Add message
                queue.AddMessage(message, null, null, options, null);

                // Retrieve message without decrypting
                CloudQueueMessage retrMessage = queue.GetMessage(null, null, null);

                // Decrypt locally
                CloudQueueMessage decryptedMessage;
                CloudQueueEncryptedMessage encryptedMessage = JsonConvert.DeserializeObject<CloudQueueEncryptedMessage>(retrMessage.AsString);
                EncryptionData encryptionData = encryptedMessage.EncryptionData;

                byte[] contentEncryptionKey = aesKey.UnwrapKeyAsync(encryptionData.WrappedContentKey.EncryptedKey, encryptionData.WrappedContentKey.Algorithm, CancellationToken.None).Result;

                using (AesCryptoServiceProvider myAes = new AesCryptoServiceProvider())
                {
                    myAes.Key = contentEncryptionKey;
                    myAes.IV = encryptionData.ContentEncryptionIV;

                    byte[] src = Convert.FromBase64String(encryptedMessage.EncryptedMessageContents);
                    using (ICryptoTransform decryptor = myAes.CreateDecryptor())
                    {
                        decryptedMessage = new CloudQueueMessage(decryptor.TransformFinalBlock(src, 0, src.Length));
                    }
                }

                TestHelper.AssertBuffersAreEqual(message.AsBytes, decryptedMessage.AsBytes);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
        public void CloudQueueAddEncrypted64KMessage()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            CloudQueueClient client = GenerateCloudQueueClient();
            string name = GenerateNewQueueName();
            CloudQueue queue = client.GetQueueReference(name);
            try
            {
                queue.CreateIfNotExists();

                string inputMessage = new string('a', 64 * 1024);
                CloudQueueMessage message = new CloudQueueMessage(inputMessage);
                queue.EncodeMessage = false;

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);
                QueueRequestOptions options = new QueueRequestOptions() { EncryptionPolicy = policy };

                // Add message
                queue.AddMessage(message, null, null, null, null);

                // Add encrypted Message
                TestHelper.ExpectedException<ArgumentException>(
                    () => queue.AddMessage(message, null, null, options, null),
                    "Adding an encrypted message that exceeds message limits should throw");
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
        public void CloudQueueAddUpdateEncryptedEncodedMessage()
        {
            // Create the Key to be used for wrapping.
            SymmetricKey aesKey = new SymmetricKey("symencryptionkey");

            CloudQueueClient client = GenerateCloudQueueClient();
            string name = GenerateNewQueueName();
            CloudQueue queue = client.GetQueueReference(name);
            try
            {
                queue.CreateIfNotExists();

                byte[] messageBytes = new byte[100];
                Random rand = new Random();
                rand.NextBytes(messageBytes);

                string inputMessage = Convert.ToBase64String(messageBytes);
                CloudQueueMessage message = new CloudQueueMessage(inputMessage);
                queue.EncodeMessage = false;

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(aesKey, null);
                QueueRequestOptions options = new QueueRequestOptions() { EncryptionPolicy = policy };

                // Add message
                queue.AddMessage(message, null, null, options, null);

                // Retrieve message
                CloudQueueMessage retrMessage = queue.GetMessage(null, options, null);
                Assert.AreEqual(inputMessage, retrMessage.AsString);
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }
        private void DoCloudQueueAddUpdateEncryptedMessageAPM(IKey key, DictionaryKeyResolver keyResolver)
        {
            CloudQueueClient client = GenerateCloudQueueClient();
            CloudQueue queue = client.GetQueueReference(GenerateNewQueueName());

            try
            {
                queue.CreateIfNotExists();

                string messageStr = Guid.NewGuid().ToString();
                CloudQueueMessage message = new CloudQueueMessage(messageStr);

                QueueEncryptionPolicy policy = new QueueEncryptionPolicy(key, null);
                QueueRequestOptions createOptions = new QueueRequestOptions() { EncryptionPolicy = policy };

                using (AutoResetEvent waitHandle = new AutoResetEvent(false))
                {
                    // Add message
                    IAsyncResult result = queue.BeginAddMessage(message, null, null, createOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    queue.EndAddMessage(result);

                    policy = new QueueEncryptionPolicy(null, keyResolver);
                    QueueRequestOptions retrieveOptions = new QueueRequestOptions() { EncryptionPolicy = policy };

                    // Retrieve message
                    result = queue.BeginGetMessage(null, retrieveOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    CloudQueueMessage retrMessage = queue.EndGetMessage(result);
                    Assert.AreEqual(messageStr, retrMessage.AsString);

                    // Update message
                    string updatedMessage = Guid.NewGuid().ToString("N");
                    retrMessage.SetMessageContent(updatedMessage);
                    result = queue.BeginUpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, createOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    queue.EndUpdateMessage(result);

                    // Retrieve updated message
                    result = queue.BeginGetMessage(null, retrieveOptions, null, ar => waitHandle.Set(), null);
                    waitHandle.WaitOne();
                    retrMessage = queue.EndGetMessage(result);
                    Assert.AreEqual(updatedMessage, retrMessage.AsString);
                }
            }
            finally
            {
                queue.DeleteIfExists();
            }
        }