Standardize encryption key headers (#379)

Kyle Baley · web-flow · commit d86629164d20 · 2023-03-08T13:35:13.000-05:00
diff --git a/src/AcceptanceTests/When_using_Aes_without_incoming_key_identifier.cs b/src/AcceptanceTests/When_using_Aes_without_incoming_key_identifier.cs
@@ -91,7 +91,7 @@ class RemoveKeyIdentifierHeaderMutator : IMutateIncomingTransportMessages
         {
             public Task MutateIncoming(MutateIncomingTransportMessageContext context)
             {
-                context.Headers.Remove(EncryptionHeaders.AesKeyIdentifier);
+                context.Headers.Remove(EncryptionHeaders.EncryptionKeyIdentifier);
                 return Task.FromResult(0);
             }
         }
diff --git a/src/AcceptanceTests/When_using_Rijndael_without_incoming_key_identifier.cs b/src/AcceptanceTests/When_using_Rijndael_without_incoming_key_identifier.cs
@@ -95,7 +95,7 @@ class RemoveKeyIdentifierHeaderMutator : IMutateIncomingTransportMessages
         {
             public Task MutateIncoming(MutateIncomingTransportMessageContext context)
             {
-                context.Headers.Remove(EncryptionHeaders.RijndaelKeyIdentifier);
+                context.Headers.Remove(EncryptionHeaders.EncryptionKeyIdentifier);
                 return Task.FromResult(0);
             }
         }
diff --git a/src/MessageProperty/AesEncryptionService.cs b/src/MessageProperty/AesEncryptionService.cs
@@ -111,7 +111,7 @@ public string Decrypt(EncryptedValue encryptedValue, IIncomingLogicalMessageCont
             {
                 return DecryptUsingKeyIdentifier(encryptedValue, keyIdentifier);
             }
-            Log.Warn($"Encrypted message has no '{EncryptionHeaders.AesKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
+            Log.Warn($"Encrypted message has no '{EncryptionHeaders.EncryptionKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
             return DecryptUsingAllKeys(encryptedValue);
         }
 
@@ -252,16 +252,15 @@ static bool IsValidKey(byte[] key)
         /// </summary>
         protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageContext context)
         {
-            context.Headers[EncryptionHeaders.AesKeyIdentifier] = encryptionKeyIdentifier;
-            context.Headers[EncryptionHeaders.RijndaelKeyIdentifier] = encryptionKeyIdentifier;
+            context.Headers[EncryptionHeaders.EncryptionKeyIdentifier] = encryptionKeyIdentifier;
         }
 
         /// <summary>
         /// Tries to locate an encryption key identifier from an incoming message.
         /// </summary>
         protected internal virtual bool TryGetKeyIdentifierHeader(out string keyIdentifier, IIncomingLogicalMessageContext context)
         {
-            return context.Headers.TryGetValue(EncryptionHeaders.AesKeyIdentifier, out keyIdentifier);
+            return context.Headers.TryGetValue(EncryptionHeaders.EncryptionKeyIdentifier, out keyIdentifier);
         }
 
         /// <summary>
diff --git a/src/MessageProperty/EncryptionHeaders.cs b/src/MessageProperty/EncryptionHeaders.cs
@@ -8,10 +8,6 @@ public static class EncryptionHeaders
         /// <summary>
         /// The identifier to lookup the key to decrypt the encrypted data.
         /// </summary>
-        public const string RijndaelKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
-        /// <summary>
-        /// The AES identifier to lookup the key to decrypt the encrypted data.
-        /// </summary>
-        public const string AesKeyIdentifier = "NServiceBus.AesKeyIdentifier";
+        public const string EncryptionKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
     }
 }
diff --git a/src/MessageProperty/RijndaelEncryptionService.cs b/src/MessageProperty/RijndaelEncryptionService.cs
@@ -114,7 +114,7 @@ public string Decrypt(EncryptedValue encryptedValue, IIncomingLogicalMessageCont
             {
                 return DecryptUsingKeyIdentifier(encryptedValue, keyIdentifier);
             }
-            Log.Warn($"Encrypted message has no '{EncryptionHeaders.RijndaelKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
+            Log.Warn($"Encrypted message has no '{EncryptionHeaders.EncryptionKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
             return DecryptUsingAllKeys(encryptedValue);
         }
 
@@ -262,16 +262,15 @@ static bool IsValidKey(byte[] key)
         /// </summary>
         protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageContext context)
         {
-            context.Headers[EncryptionHeaders.RijndaelKeyIdentifier] = encryptionKeyIdentifier;
-            context.Headers[EncryptionHeaders.AesKeyIdentifier] = encryptionKeyIdentifier;
+            context.Headers[EncryptionHeaders.EncryptionKeyIdentifier] = encryptionKeyIdentifier;
         }
 
         /// <summary>
         /// Tries to locate an encryption key identfier from an incoming message.
         /// </summary>
         protected internal virtual bool TryGetKeyIdentifierHeader(out string keyIdentifier, IIncomingLogicalMessageContext context)
         {
-            return context.Headers.TryGetValue(EncryptionHeaders.RijndaelKeyIdentifier, out keyIdentifier);
+            return context.Headers.TryGetValue(EncryptionHeaders.EncryptionKeyIdentifier, out keyIdentifier);
         }
 
         /// <summary>
diff --git a/src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt b/src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt
@@ -39,8 +39,7 @@ namespace NServiceBus.Encryption.MessageProperty
     }
     public static class EncryptionHeaders
     {
-        public const string AesKeyIdentifier = "NServiceBus.AesKeyIdentifier";
-        public const string RijndaelKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
+        public const string EncryptionKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
     }
     public interface IEncryptionService
     {

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ class RemoveKeyIdentifierHeaderMutator : IMutateIncomingTransportMessages`
`91`	`91`	`{`
`92`	`92`	`public Task MutateIncoming(MutateIncomingTransportMessageContext context)`
`93`	`93`	`{`
`94`		`- context.Headers.Remove(EncryptionHeaders.AesKeyIdentifier);`
	`94`	`+ context.Headers.Remove(EncryptionHeaders.EncryptionKeyIdentifier);`
`95`	`95`	`return Task.FromResult(0);`
`96`	`96`	`}`
`97`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ class RemoveKeyIdentifierHeaderMutator : IMutateIncomingTransportMessages`
`95`	`95`	`{`
`96`	`96`	`public Task MutateIncoming(MutateIncomingTransportMessageContext context)`
`97`	`97`	`{`
`98`		`- context.Headers.Remove(EncryptionHeaders.RijndaelKeyIdentifier);`
	`98`	`+ context.Headers.Remove(EncryptionHeaders.EncryptionKeyIdentifier);`
`99`	`99`	`return Task.FromResult(0);`
`100`	`100`	`}`
`101`	`101`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ public string Decrypt(EncryptedValue encryptedValue, IIncomingLogicalMessageCont`
`111`	`111`	`{`
`112`	`112`	`return DecryptUsingKeyIdentifier(encryptedValue, keyIdentifier);`
`113`	`113`	`}`
`114`		`- Log.Warn($"Encrypted message has no '{EncryptionHeaders.AesKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");`
	`114`	`+ Log.Warn($"Encrypted message has no '{EncryptionHeaders.EncryptionKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");`
`115`	`115`	`return DecryptUsingAllKeys(encryptedValue);`
`116`	`116`	`}`
`117`	`117`
`@@ -252,16 +252,15 @@ static bool IsValidKey(byte[] key)`
`252`	`252`	`/// </summary>`
`253`	`253`	`protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageContext context)`
`254`	`254`	`{`
`255`		`- context.Headers[EncryptionHeaders.AesKeyIdentifier] = encryptionKeyIdentifier;`
`256`		`- context.Headers[EncryptionHeaders.RijndaelKeyIdentifier] = encryptionKeyIdentifier;`
	`255`	`+ context.Headers[EncryptionHeaders.EncryptionKeyIdentifier] = encryptionKeyIdentifier;`
`257`	`256`	`}`
`258`	`257`
`259`	`258`	`/// <summary>`
`260`	`259`	`/// Tries to locate an encryption key identifier from an incoming message.`
`261`	`260`	`/// </summary>`
`262`	`261`	`protected internal virtual bool TryGetKeyIdentifierHeader(out string keyIdentifier, IIncomingLogicalMessageContext context)`
`263`	`262`	`{`
`264`		`- return context.Headers.TryGetValue(EncryptionHeaders.AesKeyIdentifier, out keyIdentifier);`
	`263`	`+ return context.Headers.TryGetValue(EncryptionHeaders.EncryptionKeyIdentifier, out keyIdentifier);`
`265`	`264`	`}`
`266`	`265`
`267`	`266`	`/// <summary>`
Original file line number	Diff line number	Diff line change
`@@ -8,10 +8,6 @@ public static class EncryptionHeaders`
`8`	`8`	`/// <summary>`
`9`	`9`	`/// The identifier to lookup the key to decrypt the encrypted data.`
`10`	`10`	`/// </summary>`
`11`		`- public const string RijndaelKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";`
`12`		`- /// <summary>`
`13`		`- /// The AES identifier to lookup the key to decrypt the encrypted data.`
`14`		`- /// </summary>`
`15`		`- public const string AesKeyIdentifier = "NServiceBus.AesKeyIdentifier";`
	`11`	`+ public const string EncryptionKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";`
`16`	`12`	`}`
`17`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ public string Decrypt(EncryptedValue encryptedValue, IIncomingLogicalMessageCont`
`114`	`114`	`{`
`115`	`115`	`return DecryptUsingKeyIdentifier(encryptedValue, keyIdentifier);`
`116`	`116`	`}`
`117`		`- Log.Warn($"Encrypted message has no '{EncryptionHeaders.RijndaelKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");`
	`117`	`+ Log.Warn($"Encrypted message has no '{EncryptionHeaders.EncryptionKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");`
`118`	`118`	`return DecryptUsingAllKeys(encryptedValue);`
`119`	`119`	`}`
`120`	`120`
`@@ -262,16 +262,15 @@ static bool IsValidKey(byte[] key)`
`262`	`262`	`/// </summary>`
`263`	`263`	`protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageContext context)`
`264`	`264`	`{`
`265`		`- context.Headers[EncryptionHeaders.RijndaelKeyIdentifier] = encryptionKeyIdentifier;`
`266`		`- context.Headers[EncryptionHeaders.AesKeyIdentifier] = encryptionKeyIdentifier;`
	`265`	`+ context.Headers[EncryptionHeaders.EncryptionKeyIdentifier] = encryptionKeyIdentifier;`
`267`	`266`	`}`
`268`	`267`
`269`	`268`	`/// <summary>`
`270`	`269`	`/// Tries to locate an encryption key identfier from an incoming message.`
`271`	`270`	`/// </summary>`
`272`	`271`	`protected internal virtual bool TryGetKeyIdentifierHeader(out string keyIdentifier, IIncomingLogicalMessageContext context)`
`273`	`272`	`{`
`274`		`- return context.Headers.TryGetValue(EncryptionHeaders.RijndaelKeyIdentifier, out keyIdentifier);`
	`273`	`+ return context.Headers.TryGetValue(EncryptionHeaders.EncryptionKeyIdentifier, out keyIdentifier);`
`275`	`274`	`}`
`276`	`275`
`277`	`276`	`/// <summary>`
Original file line number	Diff line number	Diff line change
`@@ -39,8 +39,7 @@ namespace NServiceBus.Encryption.MessageProperty`
`39`	`39`	`}`
`40`	`40`	`public static class EncryptionHeaders`
`41`	`41`	`{`
`42`		`- public const string AesKeyIdentifier = "NServiceBus.AesKeyIdentifier";`
`43`		`- public const string RijndaelKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";`
	`42`	`+ public const string EncryptionKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";`
`44`	`43`	`}`
`45`	`44`	`public interface IEncryptionService`
`46`	`45`	`{`