Skip to content

Commit

Permalink
Merge in 'release/2.1' changes
Browse files Browse the repository at this point in the history
  • Loading branch information
dotnet-bot committed May 20, 2021
2 parents 2981743 + 569dbf9 commit fe37ada
Show file tree
Hide file tree
Showing 10 changed files with 147 additions and 91 deletions.
54 changes: 53 additions & 1 deletion .config/CredScanSuppressions.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,58 @@
{
"placeholder": "1qaz@WSX",
"_justification": "This is a fake password used in test code."
}
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\Extensions\\test\\TestFiles\\TestCert2.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DefaultBuilder\\test\\Microsoft.AspNetCore.FunctionalTests\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\DataProtection\\test\\TestFiles\\TestCert1.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\DataProtection\\DataProtection\\test\\TestFiles\\TestCert2.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Middleware\\WebSockets\\test\\ConformanceTests\\AutobahnTestApp\\TestResources\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\aspnetdevcert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.client.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.code_signing.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.multiple_usages.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\eku.server.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\no_extensions.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
{
"file": "\\src\\Servers\\Kestrel\\shared\\test\\TestCertificates\\testCert.pfx",
"_justification": "Legitimate UT certificate file with private key"
},
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
using System;
using System.Globalization;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using Microsoft.AspNetCore.Cryptography.Cng;
using Microsoft.AspNetCore.Cryptography.SafeHandles;
Expand Down Expand Up @@ -118,20 +119,20 @@ public void CreateAuthenticatedEncryptor_RoundTripsData_ManagedImplementation(
public void ExportToXml_ProducesCorrectPayload_Cbc()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm.HMACSHA512, masterKey);
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_CBC, ValidationAlgorithm.HMACSHA512, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(AuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='AES_192_CBC' />
<validation algorithm='HMACSHA512' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand All @@ -141,20 +142,20 @@ public void ExportToXml_ProducesCorrectPayload_Cbc()
public void ExportToXml_ProducesCorrectPayload_Gcm()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_GCM, ValidationAlgorithm.HMACSHA512, masterKey);
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = CreateDescriptor(EncryptionAlgorithm.AES_192_GCM, ValidationAlgorithm.HMACSHA512, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(AuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='AES_192_GCM' />
<!-- some comment here -->
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using Xunit;

namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
Expand All @@ -12,27 +13,27 @@ public class CngCbcAuthenticatedEncryptorDescriptorTests
public void ExportToXml_WithProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(new CngCbcAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048,
EncryptionAlgorithmProvider = "enc-alg-prov",
HashAlgorithm = "hash-alg",
HashAlgorithmProvider = "hash-alg-prov"
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' provider='enc-alg-prov' />
<hash algorithm='hash-alg' provider='hash-alg-prov' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand All @@ -42,25 +43,25 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload()
public void ExportToXml_WithoutProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngCbcAuthenticatedEncryptorDescriptor(new CngCbcAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048,
HashAlgorithm = "hash-alg"
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngCbcAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' />
<hash algorithm='hash-alg' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using System.Xml.Linq;
using Microsoft.AspNetCore.Cryptography;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
Expand All @@ -19,20 +20,21 @@ public class CngGcmAuthenticatedEncryptorDescriptorDeserializerTests
public void ImportFromXml_CreatesAppropriateDescriptor()
{
// Arrange
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(
new CngGcmAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = Constants.BCRYPT_AES_ALGORITHM,
EncryptionAlgorithmKeySize = 192,
EncryptionAlgorithmProvider = null
},
"k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret());
masterKey.ToSecret());
var control = CreateEncryptorInstanceFromDescriptor(descriptor);

const string xml = @"
var xml = $@"
<descriptor version='1' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<encryption algorithm='AES' keyLength='192' />
<masterKey enc:requiresEncryption='true'>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</masterKey>
<masterKey enc:requiresEncryption='true'>{masterKey}</masterKey>
</descriptor>";
var deserializedDescriptor = new CngGcmAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml));
var test = CreateEncryptorInstanceFromDescriptor(deserializedDescriptor as CngGcmAuthenticatedEncryptorDescriptor);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Text;
using Xunit;

namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
Expand All @@ -12,24 +13,24 @@ public class CngGcmAuthenticatedEncryptorDescriptorTests
public void ExportToXml_WithProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(new CngGcmAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048,
EncryptionAlgorithmProvider = "enc-alg-prov"
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' provider='enc-alg-prov' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand All @@ -39,23 +40,23 @@ public void ExportToXml_WithProviders_ProducesCorrectPayload()
public void ExportToXml_WithoutProviders_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new CngGcmAuthenticatedEncryptorDescriptor(new CngGcmAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = "enc-alg",
EncryptionAlgorithmKeySize = 2048
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(CngGcmAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
const string expectedXml = @"
var expectedXml = $@"
<descriptor>
<encryption algorithm='enc-alg' keyLength='2048' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

using System;
using System.Security.Cryptography;
using System.Text;
using Xunit;

namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel
Expand All @@ -13,28 +14,27 @@ public class ManagedAuthenticatedEncryptorDescriptorTests
public void ExportToXml_CustomTypes_ProducesCorrectPayload()
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new ManagedAuthenticatedEncryptorDescriptor(new ManagedAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithmType = typeof(MySymmetricAlgorithm),
EncryptionAlgorithmKeySize = 2048,
ValidationAlgorithmType = typeof(MyKeyedHashAlgorithm)
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
string expectedXml = string.Format(@"
var expectedXml = $@"
<descriptor>
<encryption algorithm='{0}' keyLength='2048' />
<validation algorithm='{1}' />
<encryption algorithm='{typeof(MySymmetricAlgorithm).AssemblyQualifiedName}' keyLength='2048' />
<validation algorithm='{typeof(MyKeyedHashAlgorithm).AssemblyQualifiedName}' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>",
typeof(MySymmetricAlgorithm).AssemblyQualifiedName, typeof(MyKeyedHashAlgorithm).AssemblyQualifiedName);
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
}

Expand All @@ -46,28 +46,27 @@ public void ExportToXml_CustomTypes_ProducesCorrectPayload()
public void ExportToXml_BuiltInTypes_ProducesCorrectPayload(Type encryptionAlgorithmType, Type validationAlgorithmType)
{
// Arrange
var masterKey = "k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==".ToSecret();
var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
var descriptor = new ManagedAuthenticatedEncryptorDescriptor(new ManagedAuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithmType = encryptionAlgorithmType,
EncryptionAlgorithmKeySize = 2048,
ValidationAlgorithmType = validationAlgorithmType
}, masterKey);
}, masterKey.ToSecret());

// Act
var retVal = descriptor.ExportToXml();

// Assert
Assert.Equal(typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer), retVal.DeserializerType);
string expectedXml = string.Format(@"
var expectedXml = $@"
<descriptor>
<encryption algorithm='{0}' keyLength='2048' />
<validation algorithm='{1}' />
<encryption algorithm='{encryptionAlgorithmType.Name}' keyLength='2048' />
<validation algorithm='{validationAlgorithmType.Name}' />
<masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
<value>k88VrwGLINfVAqzlAp7U4EAjdlmUG17c756McQGdjHU8Ajkfc/A3YOKdqlMcF6dXaIxATED+g2f62wkRRRRRzA==</value>
<value>{masterKey}</value>
</masterKey>
</descriptor>",
encryptionAlgorithmType.Name, validationAlgorithmType.Name);
</descriptor>";
XmlAssert.Equal(expectedXml, retVal.SerializedDescriptorElement);
}

Expand Down
Loading

0 comments on commit fe37ada

Please sign in to comment.