Skip to content

Commit

Permalink
Client Encryption : Adds support to expose Type in EncryptionKeyWrapM…
Browse files Browse the repository at this point in the history 
…etadata constructor. (Azure#2283)

* Exposes Type in EncryptionKeyWrapMetadata.

* Update ContainerSettingsTests.cs

* Update EncryptionKeyWrapMetadata.cs

* Removed algorithm from metadata

* Removed private set.

* Update DotNetPreviewSDKAPI.json

* Make Type Public. Revert public set.

* Updated Comment description

Co-authored-by: j82w <j82w@users.noreply.github.com>
  • Loading branch information
@kr-santosh @j82w
kr-santosh and j82w authored Mar 23, 2021
1 parent 3eebc5f commit a9a7100
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 29 deletions.
31 changes: 13 additions & 18 deletions Microsoft.Azure.Cosmos/src/Resource/ClientEncryptionKey/EncryptionKeyWrapMetadata.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,36 +25,33 @@ private EncryptionKeyWrapMetadata()

/// <summary>
/// Creates a new instance of key wrap metadata.
/// </summary>
/// </summary>
/// <param name="type">ProviderName of KeyStoreProvider.</param>
/// <param name="name">Name of the metadata.</param>
/// <param name="value">Value of the metadata.</param>
public EncryptionKeyWrapMetadata(string name, string value)
: this(type: "custom", name: name, value: value)
public EncryptionKeyWrapMetadata(string type, string name, string value)
{
this.Type = type ?? throw new ArgumentNullException(nameof(type));
this.Name = name ?? throw new ArgumentNullException(nameof(name));
this.Value = value ?? throw new ArgumentNullException(nameof(value));
}

/// <summary>
/// Creates a new instance of key wrap metadata based on an existing instance.
/// </summary>
/// <param name="source">Existing instance from which to initialize.</param>
public EncryptionKeyWrapMetadata(EncryptionKeyWrapMetadata source)
: this(source?.Type, source?.Name, source?.Value, source?.Algorithm)
: this(source?.Type, source?.Name, source?.Value)
{
}

internal EncryptionKeyWrapMetadata(string type, string name, string value, string algorithm = null)
{
this.Type = type ?? throw new ArgumentNullException(nameof(type));
this.Name = name ?? throw new ArgumentNullException(nameof(name));
this.Value = value ?? throw new ArgumentNullException(nameof(value));
this.Algorithm = algorithm;
}

/// <summary>
/// Serialized form of metadata.
/// Note: This value is saved in the Cosmos DB service.
/// Implementors of derived implementations should ensure that this does not have (private) key material or credential information.
/// </summary>
[JsonProperty(PropertyName = "type", NullValueHandling = NullValueHandling.Ignore)]
internal string Type { get; private set; }

[JsonProperty(PropertyName = "algorithm", NullValueHandling = NullValueHandling.Ignore)]
internal string Algorithm { get; private set; }
public string Type { get; private set; }

/// <summary>
/// Serialized form of metadata.
Expand Down Expand Up @@ -84,7 +81,6 @@ public override int GetHashCode()
{
int hashCode = 1265339359;
hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Type);
hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Algorithm);
hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Name);
hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Value);
return hashCode;
Expand All @@ -101,7 +97,6 @@ public bool Equals(EncryptionKeyWrapMetadata other)
{
return other != null &&
this.Type == other.Type &&
this.Algorithm == other.Algorithm &&
this.Name == other.Name &&
this.Value == other.Value;
}
Expand Down
5 changes: 3 additions & 2 deletions Microsoft.Azure.Cosmos/src/Resource/Settings/ClientEncryptionPolicy.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,10 @@ private void ValidateClientEncryptionIncludedPath(ClientEncryptionIncludedPath c
}

if (!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Deterministic") &&
!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Randomized"))
!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Randomized") &&
!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Plaintext"))
{
throw new ArgumentException("EncryptionType should be either 'Deterministic' or 'Randomized'.", nameof(clientEncryptionIncludedPath));
throw new ArgumentException("EncryptionType should be either 'Deterministic' or 'Randomized' or 'Plaintext'.", nameof(clientEncryptionIncludedPath));
}

if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.EncryptionAlgorithm))
Expand Down
13 changes: 7 additions & 6 deletions Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosDatabaseTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,7 +416,7 @@ public async Task EncryptionCreateReplaceCek()
Assert.IsNotNull(cekProperties.ResourceId);

Assert.AreEqual(
new EncryptionKeyWrapMetadata("metadataName", "metadataValue"),
new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"),
cekProperties.EncryptionKeyWrapMetadata);

// Use a different client instance to avoid (unintentional) cache impact
Expand All @@ -433,7 +433,7 @@ public async Task EncryptionCreateReplaceCek()
Assert.IsNotNull(cekProperties.ResourceId);

Assert.AreEqual(
new EncryptionKeyWrapMetadata("metadataName", "updatedMetadataValue"),
new EncryptionKeyWrapMetadata("custom", "metadataName", "updatedMetadataValue"),
cekProperties.EncryptionKeyWrapMetadata);

// Use a different client instance to avoid (unintentional) cache impact
Expand All @@ -454,7 +454,7 @@ private static async Task<ClientEncryptionKeyProperties> CreateCekAsync(Database
rngCsp.GetBytes(rawCek);
}

ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("metadataName", "metadataValue"));
ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"));

ClientEncryptionKeyResponse cekResponse = await databaseCore.CreateClientEncryptionKeyAsync(cekProperties);

Expand Down Expand Up @@ -482,7 +482,7 @@ private static async Task<ClientEncryptionKeyProperties> ReplaceCekAsync(Databas
rngCsp.GetBytes(rawCek);
}

ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("metadataName", "updatedMetadataValue"));
ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("custom", "metadataName", "updatedMetadataValue"));

ClientEncryptionKeyResponse cekResponse = await cek.ReplaceAsync(cekProperties);
Assert.AreEqual(HttpStatusCode.OK, cekResponse.StatusCode);
Expand Down Expand Up @@ -513,7 +513,7 @@ public async Task VerifyCekFeedIterator()
rngCsp.GetBytes(rawCek1);
}

ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek1, new EncryptionKeyWrapMetadata("metadataName", "metadataValue"));
ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek1, new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"));

ClientEncryptionKeyResponse cekResponse = await databaseCore.CreateClientEncryptionKeyAsync(cekProperties);

Expand All @@ -528,7 +528,7 @@ public async Task VerifyCekFeedIterator()
rngCsp.GetBytes(rawCek2);
}

cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek2, new EncryptionKeyWrapMetadata("metadataName", "metadataValue"));
cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek2, new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"));

cekResponse = await databaseCore.CreateClientEncryptionKeyAsync(cekProperties);

Expand All @@ -552,6 +552,7 @@ public async Task VerifyCekFeedIterator()
{
readDekIds.Add(clientEncryptionKeyProperties.Id);
Assert.AreEqual("AEAD_AES_256_CBC_HMAC_SHA256", clientEncryptionKeyProperties.EncryptionAlgorithm);
Assert.AreEqual(cekProperties.EncryptionKeyWrapMetadata.Type, clientEncryptionKeyProperties.EncryptionKeyWrapMetadata.Type);
Assert.AreEqual(cekProperties.EncryptionKeyWrapMetadata.Name, clientEncryptionKeyProperties.EncryptionKeyWrapMetadata.Name);
Assert.AreEqual(cekProperties.EncryptionKeyWrapMetadata.Value, clientEncryptionKeyProperties.EncryptionKeyWrapMetadata.Value);
}
Expand Down
2 changes: 1 addition & 1 deletion ....Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/Fluent/ContainerSettingsTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -677,7 +677,7 @@ public async Task WithClientEncryptionPolicyFailureTest()
}
catch (ArgumentException ex)
{
Assert.IsTrue(ex.Message.Contains("EncryptionType should be either 'Deterministic' or 'Randomized'."));
Assert.IsTrue(ex.Message.Contains("EncryptionType should be either 'Deterministic' or 'Randomized' or 'Plaintext'."));
}

path1.EncryptionType = "Deterministic";
Expand Down
18 changes: 16 additions & 2 deletions Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/Contracts/DotNetPreviewSDKAPI.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -801,6 +801,13 @@
],
"MethodInfo": "System.String get_Name();IsAbstract:False;IsStatic:False;IsVirtual:False;IsGenericMethod:False;IsConstructor:False;IsFinal:False;"
},
"System.String get_Type()[System.Runtime.CompilerServices.CompilerGeneratedAttribute()]": {
"Type": "Method",
"Attributes": [
"CompilerGeneratedAttribute"
],
"MethodInfo": "System.String get_Type();IsAbstract:False;IsStatic:False;IsVirtual:False;IsGenericMethod:False;IsConstructor:False;IsFinal:False;"
},
"System.String get_Value()[System.Runtime.CompilerServices.CompilerGeneratedAttribute()]": {
"Type": "Method",
"Attributes": [
Expand All @@ -815,6 +822,13 @@
],
"MethodInfo": "System.String Name;CanRead:True;CanWrite:True;System.String get_Name();IsAbstract:False;IsStatic:False;IsVirtual:False;IsGenericMethod:False;IsConstructor:False;IsFinal:False;"
},
"System.String Type[Newtonsoft.Json.JsonPropertyAttribute(NullValueHandling = 1, PropertyName = \"type\")]": {
"Type": "Property",
"Attributes": [
"JsonPropertyAttribute"
],
"MethodInfo": "System.String Type;CanRead:True;CanWrite:True;System.String get_Type();IsAbstract:False;IsStatic:False;IsVirtual:False;IsGenericMethod:False;IsConstructor:False;IsFinal:False;"
},
"System.String Value[Newtonsoft.Json.JsonPropertyAttribute(NullValueHandling = 1, PropertyName = \"value\")]": {
"Type": "Property",
"Attributes": [
Expand All @@ -827,10 +841,10 @@
"Attributes": [],
"MethodInfo": "[Void .ctor(Microsoft.Azure.Cosmos.EncryptionKeyWrapMetadata), Void .ctor(Microsoft.Azure.Cosmos.EncryptionKeyWrapMetadata)]"
},
"Void .ctor(System.String, System.String)": {
"Void .ctor(System.String, System.String, System.String)": {
"Type": "Constructor",
"Attributes": [],
"MethodInfo": "[Void .ctor(System.String, System.String), Void .ctor(System.String, System.String)]"
"MethodInfo": "[Void .ctor(System.String, System.String, System.String), Void .ctor(System.String, System.String, System.String)]"
}
},
"NestedTypes": {}
Expand Down

0 comments on commit a9a7100

Please sign in to comment.