New Metastore and SessionFactory

csharp/AppEncryption/AppEncryption.IntegrationTests/AppEncryption.IntegrationTests.csproj

@@ -11,14 +11,14 @@
         <WarningsNotAsErrors>NU1901;NU1902;NU1903;NU1904</WarningsNotAsErrors>
     </PropertyGroup>
     <ItemGroup Label="Package References">
-        <PackageReference Include="AWSSDK.SecurityToken" Version="4.0.5.10" />
-        <PackageReference Include="coverlet.msbuild" Version="6.0.4">
+        <PackageReference Include="AWSSDK.SecurityToken" Version="4.0.5.12" />
+        <PackageReference Include="coverlet.msbuild" Version="8.0.0">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="MySql.Data" Version="9.6.0" />
         <PackageReference Include="NetEscapades.Configuration.Yaml" Version="3.1.0" />
-        <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="10.0.3" />
+        <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="10.0.5" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.3.0" />
         <PackageReference Include="Moq" Version="4.20.72" />
         <PackageReference Include="xunit" Version="2.9.3" />
@@ -33,6 +33,8 @@
     </ItemGroup>
     <ItemGroup Label="Project References">
         <ProjectReference Include="../AppEncryption/AppEncryption.csproj" />
+        <ProjectReference Include="../AppEncryption.PlugIns.Aws/AppEncryption.PlugIns.Aws.csproj" />
+        <ProjectReference Include="../AppEncryption.PlugIns.Testing/AppEncryption.PlugIns.Testing.csproj" />
         <ProjectReference Include="../AppEncryption.Tests/AppEncryption.Tests.csproj" />
     </ItemGroup>
     <ItemGroup>

csharp/AppEncryption/AppEncryption.IntegrationTests/ConfigFixture.cs

@@ -5,6 +5,7 @@
 using GoDaddy.Asherah.AppEncryption.IntegrationTests.TestHelpers;
 using GoDaddy.Asherah.AppEncryption.Kms;
 using GoDaddy.Asherah.AppEncryption.Persistence;
+using GoDaddy.Asherah.AppEncryption.PlugIns.Testing.Kms;
 using GoDaddy.Asherah.Crypto.Exceptions;
 using Microsoft.Extensions.Configuration;
 using MySql.Data.MySqlClient;
@@ -48,7 +49,7 @@ public ConfigFixture()
             Metastore = CreateMetastore();
         }
 
-        public KeyManagementService KeyManagementService { get; }
+        public IKeyManagementService KeyManagementService { get; }
 
         public IMetastore<JObject> Metastore { get; }
 
@@ -98,7 +99,7 @@ private IMetastore<JObject> CreateMetastore()
             return new InMemoryMetastoreImpl<JObject>();
         }
 
-        private KeyManagementService CreateKeyManagementService()
+        private IKeyManagementService CreateKeyManagementService()
         {
             if (KmsType.Equals(KeyManagementAws, StringComparison.OrdinalIgnoreCase))
             {
@@ -124,7 +125,7 @@ private KeyManagementService CreateKeyManagementService()
                     .Build();
             }
 
-            return new StaticKeyManagementServiceImpl(KeyManagementStaticMasterKey);
+            return new StaticKeyManagementService(KeyManagementStaticMasterKey);
         }
     }
 }

csharp/AppEncryption/AppEncryption.IntegrationTests/Regression/AppEncryptionParameterizedTest.cs

@@ -213,7 +213,7 @@ private object[] GenerateMocks(KeyState cacheIK, KeyState metaIK, KeyState cache
                     cacheSK + "CacheSK_" + metaSK + "MetaSK_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset() + "_" + Random.Next(),
                     DefaultProductId);
 
-                KeyManagementService kms = configFixture.KeyManagementService;
+                IKeyManagementService kms = configFixture.KeyManagementService;
 
                 CryptoKeyHolder cryptoKeyHolder = CryptoKeyHolder.GenerateIKSK();
 

csharp/AppEncryption/AppEncryption.IntegrationTests/Regression/Core/EncryptionSessionTest.cs

@@ -0,0 +1,103 @@
+using System;
+using System.Threading.Tasks;
+using GoDaddy.Asherah.AppEncryption.Core;
+using GoDaddy.Asherah.AppEncryption.IntegrationTests.Utils;
+using Xunit;
+
+using static GoDaddy.Asherah.AppEncryption.IntegrationTests.TestHelpers.Constants;
+
+namespace GoDaddy.Asherah.AppEncryption.IntegrationTests.Regression.Core
+{
+    [Collection("Configuration collection")]
+    public class EncryptionSessionTest : IDisposable
+    {
+        private readonly byte[] payload;
+        private readonly GoDaddy.Asherah.AppEncryption.Core.SessionFactory sessionFactory;
+        private readonly string partitionId;
+        private readonly IEncryptionSession encryptionSession;
+
+        public EncryptionSessionTest(ConfigFixture configFixture)
+        {
+            payload = PayloadGenerator.CreateDefaultRandomBytePayload();
+            sessionFactory = CoreSessionFactoryGenerator.CreateDefaultSessionFactory(
+                configFixture.KeyManagementService);
+            partitionId = DefaultPartitionId + "_" + DateTimeUtils.GetCurrentTimeAsUtcIsoDateTimeOffset();
+            encryptionSession = sessionFactory.GetSession(partitionId);
+        }
+
+        public void Dispose()
+        {
+            encryptionSession?.Dispose();
+            sessionFactory?.Dispose();
+        }
+
+        [Fact]
+        private void EncryptDecrypt()
+        {
+            byte[] dataRowRecord = encryptionSession.Encrypt(payload);
+            byte[] decryptedPayload = encryptionSession.Decrypt(dataRowRecord);
+
+            Assert.Equal(payload, decryptedPayload);
+        }
+
+        [Fact]
+        private void EncryptDecryptSameSessionMultipleRounds()
+        {
+            int iterations = 40;
+            for (int i = 0; i < iterations; i++)
+            {
+                byte[] dataRowRecord = encryptionSession.Encrypt(payload);
+                byte[] decryptedPayload = encryptionSession.Decrypt(dataRowRecord);
+
+                Assert.Equal(payload, decryptedPayload);
+            }
+        }
+
+        [Fact]
+        private void EncryptDecryptWithDifferentSession()
+        {
+            byte[] dataRowRecord = encryptionSession.Encrypt(payload);
+
+            using (IEncryptionSession otherSession = sessionFactory.GetSession(partitionId))
+            {
+                byte[] decryptedPayload = otherSession.Decrypt(dataRowRecord);
+                Assert.Equal(payload, decryptedPayload);
+            }
+        }
+
+        [Fact]
+        private void EncryptDecryptWithDifferentPayloads()
+        {
+            byte[] otherPayload = PayloadGenerator.CreateDefaultRandomBytePayload();
+            byte[] dataRowRecord1 = encryptionSession.Encrypt(payload);
+            byte[] dataRowRecord2 = encryptionSession.Encrypt(otherPayload);
+
+            byte[] decryptedPayload1 = encryptionSession.Decrypt(dataRowRecord1);
+            byte[] decryptedPayload2 = encryptionSession.Decrypt(dataRowRecord2);
+
+            Assert.Equal(payload, decryptedPayload1);
+            Assert.Equal(otherPayload, decryptedPayload2);
+        }
+
+        [Fact]
+        private async Task EncryptAsyncDecryptAsync()
+        {
+            byte[] dataRowRecord = await encryptionSession.EncryptAsync(payload);
+            byte[] decryptedPayload = await encryptionSession.DecryptAsync(dataRowRecord);
+
+            Assert.Equal(payload, decryptedPayload);
+        }
+
+        [Fact]
+        private async Task EncryptAsyncDecryptWithDifferentSession()
+        {
+            byte[] dataRowRecord = await encryptionSession.EncryptAsync(payload);
+
+            using (IEncryptionSession otherSession = sessionFactory.GetSession(partitionId))
+            {
+                byte[] decryptedPayload = await otherSession.DecryptAsync(dataRowRecord);
+                Assert.Equal(payload, decryptedPayload);
+            }
+        }
+    }
+}

csharp/AppEncryption/AppEncryption.IntegrationTests/Regression/DynamoDbGlobalTableTest.cs

@@ -5,13 +5,13 @@
 using GoDaddy.Asherah.AppEncryption.IntegrationTests.Utils;
 using GoDaddy.Asherah.AppEncryption.Persistence;
 using GoDaddy.Asherah.AppEncryption.Tests;
-using GoDaddy.Asherah.AppEncryption.Tests.AppEncryption.Persistence;
+using GoDaddy.Asherah.AppEncryption.Tests.Fixtures;
 using Xunit;
 
 namespace GoDaddy.Asherah.AppEncryption.IntegrationTests.Regression
 {
     [Collection("Configuration collection")]
-    public class DynamoDbGlobalTableTest : IClassFixture<DynamoDBContainerFixture>, IClassFixture<MetricsFixture>, IDisposable
+    public class DynamoDbGlobalTableTest : IClassFixture<DynamoDbContainerFixture>, IClassFixture<MetricsFixture>, IDisposable
     {
         private const string PartitionKey = "Id";
         private const string SortKey = "Created";
@@ -23,7 +23,7 @@ public class DynamoDbGlobalTableTest : IClassFixture<DynamoDBContainerFixture>,
 
         private AmazonDynamoDBClient tempDynamoDbClient;
 
-        public DynamoDbGlobalTableTest(DynamoDBContainerFixture dynamoDbContainerFixture, ConfigFixture configFixture)
+        public DynamoDbGlobalTableTest(DynamoDbContainerFixture dynamoDbContainerFixture, ConfigFixture configFixture)
         {
             serviceUrl = dynamoDbContainerFixture.GetServiceUrl();
             this.configFixture = configFixture;

csharp/AppEncryption/AppEncryption.IntegrationTests/Regression/Metastore/DynamoDbGlobalTableTest.cs

@@ -0,0 +1,163 @@
+using System;
+using System.Collections.Generic;
+using Amazon.DynamoDBv2;
+using Amazon.DynamoDBv2.Model;
+using GoDaddy.Asherah.AppEncryption.Core;
+using GoDaddy.Asherah.AppEncryption.IntegrationTests.Utils;
+using GoDaddy.Asherah.AppEncryption.PlugIns.Aws.Metastore;
+using GoDaddy.Asherah.AppEncryption.Tests.Fixtures;
+using Xunit;
+
+namespace GoDaddy.Asherah.AppEncryption.IntegrationTests.Regression.Metastore
+{
+    [Collection("Configuration collection")]
+    public class DynamoDbGlobalTableTest : IClassFixture<DynamoDbContainerFixture>, IDisposable
+    {
+        private const string PartitionKey = "Id";
+        private const string SortKey = "Created";
+        private const string DefaultTableName = "EncryptionKey";
+        private const string DefaultRegion = "us-west-2";
+
+        private readonly ConfigFixture _configFixture;
+        private readonly string _serviceUrl;
+        private readonly AmazonDynamoDBClient _tempDynamoDbClient;
+
+        public DynamoDbGlobalTableTest(DynamoDbContainerFixture dynamoDbContainerFixture, ConfigFixture configFixture)
+        {
+            _serviceUrl = dynamoDbContainerFixture.GetServiceUrl();
+            _configFixture = configFixture;
+
+            var amazonDynamoDbConfig = new AmazonDynamoDBConfig
+            {
+                ServiceURL = _serviceUrl,
+                AuthenticationRegion = DefaultRegion,
+            };
+            _tempDynamoDbClient = new AmazonDynamoDBClient(amazonDynamoDbConfig);
+            var request = new CreateTableRequest
+            {
+                TableName = DefaultTableName,
+                AttributeDefinitions = new List<AttributeDefinition>
+                {
+                    new AttributeDefinition(PartitionKey, ScalarAttributeType.S),
+                    new AttributeDefinition(SortKey, ScalarAttributeType.N),
+                },
+                KeySchema = new List<KeySchemaElement>
+                {
+                    new KeySchemaElement(PartitionKey, KeyType.HASH),
+                    new KeySchemaElement(SortKey, KeyType.RANGE),
+                },
+                ProvisionedThroughput = new ProvisionedThroughput(1L, 1L),
+            };
+            _tempDynamoDbClient.CreateTableAsync(request).Wait();
+        }
+
+        public void Dispose()
+        {
+            try
+            {
+                _tempDynamoDbClient?.DeleteTableAsync(DefaultTableName).Wait();
+            }
+            catch (AggregateException)
+            {
+                // Table may not exist.
+            }
+        }
+
+        private GoDaddy.Asherah.AppEncryption.Core.SessionFactory GetSessionFactory(bool withKeySuffix, string region)
+        {
+            var options = new DynamoDbMetastoreOptions
+            {
+                KeyRecordTableName = DefaultTableName,
+                KeySuffix = withKeySuffix ? region : string.Empty,
+            };
+
+            // Reuse the same client so both "regions" hit the same table (global table simulation).
+            var metastore = DynamoDbMetastore.NewBuilder()
+                .WithDynamoDbClient(_tempDynamoDbClient)
+                .WithOptions(options)
+                .Build();
+
+            return CoreSessionFactoryGenerator.CreateDefaultSessionFactory(
+                _configFixture.KeyManagementService,
+                metastore);
+        }
+
+        [Fact]
+        private void TestRegionSuffix()
+        {
+            byte[] originalPayload = PayloadGenerator.CreateDefaultRandomBytePayload();
+            byte[] dataRowRecordBytes;
+            byte[] decryptedBytes;
+
+            using (var sessionFactory = GetSessionFactory(true, DefaultRegion))
+            {
+                using (IEncryptionSession session = sessionFactory.GetSession("shopper123"))
+                {
+                    dataRowRecordBytes = session.Encrypt(originalPayload);
+                }
+            }
+
+            using (var sessionFactory = GetSessionFactory(true, DefaultRegion))
+            {
+                using (IEncryptionSession session = sessionFactory.GetSession("shopper123"))
+                {
+                    decryptedBytes = session.Decrypt(dataRowRecordBytes);
+                }
+            }
+
+            Assert.Equal(originalPayload, decryptedBytes);
+        }
+
+        [Fact]
+        private void TestRegionSuffixBackwardCompatibility()
+        {
+            byte[] originalPayload = PayloadGenerator.CreateDefaultRandomBytePayload();
+            byte[] dataRowRecordBytes;
+            byte[] decryptedBytes;
+
+            using (var sessionFactory = GetSessionFactory(false, DefaultRegion))
+            {
+                using (IEncryptionSession session = sessionFactory.GetSession("shopper123"))
+                {
+                    dataRowRecordBytes = session.Encrypt(originalPayload);
+                }
+            }
+
+            using (var sessionFactory = GetSessionFactory(true, DefaultRegion))
+            {
+                using (IEncryptionSession session = sessionFactory.GetSession("shopper123"))
+                {
+                    decryptedBytes = session.Decrypt(dataRowRecordBytes);
+                }
+            }
+
+            Assert.Equal(originalPayload, decryptedBytes);
+        }
+
+        [Fact]
+        private void TestCrossRegionDecryption()
+        {
+            byte[] originalPayload = PayloadGenerator.CreateDefaultRandomBytePayload();
+            byte[] dataRowRecordBytes;
+            byte[] decryptedBytes;
+
+            using (var sessionFactory = GetSessionFactory(true, DefaultRegion))
+            {
+                using (IEncryptionSession session = sessionFactory.GetSession("shopper123"))
+                {
+                    dataRowRecordBytes = session.Encrypt(originalPayload);
+                }
+            }
+
+            using (var sessionFactory = GetSessionFactory(true, "us-east-1"))
+            {
+                using (IEncryptionSession session = sessionFactory.GetSession("shopper123"))
+                {
+                    decryptedBytes = session.Decrypt(dataRowRecordBytes);
+                }
+            }
+
+            Assert.Equal(originalPayload, decryptedBytes);
+        }
+    }
+}