Java Storage Client Library 4.0-alpha-1 Encryption Preview

Author: emgerner-msft

ChangeLog.txt

@@ -1,3 +1,6 @@
+2015.10.05 Version 4.0-alpha-1
+ * Added preview support for client side encryption for blobs, queues and tables.
+
 2015.10.05 Version 4.0.0
  * Removed deprecated table AtomPub support.
  * Removed deprecated constructors which take service clients in favor of constructors which take credentials.

microsoft-azure-storage-test/src/com/microsoft/azure/storage/DictionaryKeyResolver.java

@@ -0,0 +1,39 @@
+/**
+ * Copyright Microsoft Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.microsoft.azure.storage;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.Future;
+
+import org.apache.commons.lang3.concurrent.ConcurrentUtils;
+
+import com.microsoft.azure.keyvault.core.IKey;
+import com.microsoft.azure.keyvault.core.IKeyResolver;
+
+public class DictionaryKeyResolver implements IKeyResolver {
+    private Map<String, IKey> keys = new HashMap<String, IKey>();
+
+    public void add(IKey key)
+    {
+        this.keys.put(key.getKid(), key);
+    }
+
+    @Override
+    public Future<IKey> resolveKeyAsync(String keyId)
+    {
+        return ConcurrentUtils.constantFuture(this.keys.get(keyId));
+    }
+}

microsoft-azure-storage-test/src/com/microsoft/azure/storage/ServicePropertiesTests.java

@@ -830,7 +830,7 @@ else if (client.getClass().equals(CloudFileClient.class)) {
             fail();
         }
 
-        // Thread.sleep(30000);
+        Thread.sleep(30000);
     }
 
     private ServiceProperties callDownloadServiceProperties(ServiceClient client) throws StorageException {

microsoft-azure-storage-test/src/com/microsoft/azure/storage/TestHelper.java

@@ -19,14 +19,22 @@
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Random;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -37,6 +45,8 @@
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import com.microsoft.azure.keyvault.extensions.RsaKey;
+import com.microsoft.azure.keyvault.extensions.SymmetricKey;
 import com.microsoft.azure.storage.analytics.CloudAnalyticsClient;
 import com.microsoft.azure.storage.blob.CloudBlobClient;
 import com.microsoft.azure.storage.file.CloudFileClient;
@@ -193,16 +203,21 @@ public static URI securePortUri(URI uri, boolean useHttps, char service) throws
         return new URI(scheme, uri.getUserInfo(), uri.getHost(), port, uri.getPath(), uri.getQuery(), uri.getFragment());
     }
 
-    public static void assertStreamsAreEqual(ByteArrayInputStream src, ByteArrayInputStream dst) {
+    public static void assertStreamsAreEqual(InputStream src, InputStream dst) throws IOException {
         dst.reset();
         src.reset();
-        assertEquals(src.available(), dst.available());
 
-        while (src.available() > 0) {
-            assertEquals(src.read(), dst.read());
+        int next = src.read();
+        while (next != -1) {
+            assertEquals(next, dst.read());
+            next = src.read();
         }
 
-        assertFalse(dst.available() > 0);
+        next = dst.read();
+        while (next != -1) {
+            assertEquals(0, next);
+            next = dst.read();
+        }
     }
 
     public static void assertStreamsAreEqualAtIndex(ByteArrayInputStream src, ByteArrayInputStream dst, int srcIndex,
@@ -212,10 +227,6 @@ public static void assertStreamsAreEqualAtIndex(ByteArrayInputStream src, ByteAr
 
         dst.skip(dstIndex);
         src.skip(srcIndex);
-        byte[] srcBuffer = new byte[bufferSize];
-        byte[] destBuffer = new byte[bufferSize];
-        src.read(srcBuffer);
-        dst.read(destBuffer);
 
         for (int i = 0; i < length; i++) {
             assertEquals(src.read(), dst.read());
@@ -255,6 +266,23 @@ public static URI defiddler(URI uri) throws URISyntaxException {
             return uri;
         }
     }
+    
+    public static SymmetricKey getSymmetricKey() throws NoSuchAlgorithmException, NoSuchPaddingException,
+            InvalidKeyException {
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        keyGen.init(128);
+        SecretKey wrapKey = keyGen.generateKey();
+
+        return new SymmetricKey("symmKey1", wrapKey.getEncoded());
+    }
+    
+    public static RsaKey getRSAKey() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
+        final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+        keyGen.initialize(1024);
+        final KeyPair wrapKey = keyGen.generateKeyPair();
+
+        return new RsaKey("rsaKey1", wrapKey);
+    }
 
     public static void verifyServiceStats(ServiceStats stats) {
         assertNotNull(stats);

microsoft-azure-storage-test/src/com/microsoft/azure/storage/TestRunners.java

@@ -13,6 +13,7 @@
 import com.microsoft.azure.storage.blob.CloudBlobClientTests;
 import com.microsoft.azure.storage.blob.CloudBlobContainerTests;
 import com.microsoft.azure.storage.blob.CloudBlobDirectoryTests;
+import com.microsoft.azure.storage.blob.CloudBlobEncryptionTests;
 import com.microsoft.azure.storage.blob.CloudBlockBlobTests;
 import com.microsoft.azure.storage.blob.CloudPageBlobTests;
 import com.microsoft.azure.storage.blob.LeaseTests;
@@ -24,10 +25,12 @@
 import com.microsoft.azure.storage.file.FileSasTests;
 import com.microsoft.azure.storage.queue.CloudQueueClientGB18030Test;
 import com.microsoft.azure.storage.queue.CloudQueueClientTests;
+import com.microsoft.azure.storage.queue.CloudQueueEncryptionTests;
 import com.microsoft.azure.storage.queue.CloudQueueTests;
 import com.microsoft.azure.storage.table.TableBatchOperationTests;
 import com.microsoft.azure.storage.table.TableClientTests;
 import com.microsoft.azure.storage.table.TableDateTests;
+import com.microsoft.azure.storage.table.TableEncryptionTests;
 import com.microsoft.azure.storage.table.TableEscapingTests;
 import com.microsoft.azure.storage.table.TableODataTests;
 import com.microsoft.azure.storage.table.TableOperationTests;
@@ -98,19 +101,20 @@ public static class CoreTestSuite {
     @RunWith(Suite.class)
     @SuiteClasses({ BlobOutputStreamTests.class, CloudBlobClientTests.class, CloudBlobContainerTests.class, 
         CloudBlobDirectoryTests.class, CloudAppendBlobTests.class, CloudBlockBlobTests.class, CloudPageBlobTests.class,
-        LeaseTests.class, SasTests.class })
+        CloudBlobEncryptionTests.class, LeaseTests.class, SasTests.class })
     public static class BlobTestSuite {
     }
 
     @RunWith(Suite.class)
-    @SuiteClasses({ CloudQueueClientGB18030Test.class, CloudQueueClientTests.class, CloudQueueTests.class })
+    @SuiteClasses({ CloudQueueClientGB18030Test.class, CloudQueueClientTests.class, CloudQueueEncryptionTests.class,
+            CloudQueueTests.class })
     public static class QueueTestSuite {
     }
 
     @RunWith(Suite.class)
-    @SuiteClasses({ TableBatchOperationTests.class, TableClientTests.class, TableDateTests.class, TableEscapingTests.class,
-            TableODataTests.class, TableOperationTests.class, TableQueryTests.class, TableSerializerTests.class,
-            TableTests.class })
+    @SuiteClasses({ TableBatchOperationTests.class, TableClientTests.class, TableDateTests.class,
+            TableEncryptionTests.class, TableEscapingTests.class, TableODataTests.class, TableOperationTests.class,
+            TableQueryTests.class, TableSerializerTests.class, TableTests.class })
     public static class TableTestSuite {
     }
 
@@ -124,6 +128,11 @@ public static class FileTestSuite {
     @SuiteClasses({ CloudAnalyticsClientTests.class })
     public static class AnalyticsTestSuite {
     }
+    
+    @RunWith(Suite.class)
+    @SuiteClasses({ CloudBlobEncryptionTests.class, CloudQueueEncryptionTests.class, TableEncryptionTests.class })
+    public static class EncryptionTestSuite {
+    }
 
     @RunWith(Suite.class)
     @SuiteClasses({ CoreTestSuite.class, BlobTestSuite.class, QueueTestSuite.class, TableTestSuite.class,

microsoft-azure-storage-test/src/com/microsoft/azure/storage/blob/CloudAppendBlobTests.java

@@ -442,7 +442,7 @@ public void testAppendBlobDownloadRangeTest() throws URISyntaxException,
         ByteArrayOutputStream blobStream2 = new ByteArrayOutputStream();
         blob2.downloadRange(1024, new Long(1024), blobStream2);
         BlobTestHelper.assertStreamsAreEqualAtIndex(new ByteArrayInputStream(
-                blobStream2.toByteArray()), wholeBlob, 1024, 1024, 1024,
+                blobStream2.toByteArray()), wholeBlob, 0, 1024, 1024,
                 2 * 1024);
 
         BlobTestHelper.assertAreEqual(blob, blob2);