From d86629164d20470cb35ef0ec0a88ade6c0c25299 Mon Sep 17 00:00:00 2001
From: Kyle Baley <kyle.baley@particular.net>
Date: Wed, 8 Mar 2023 18:35:13 +0000
Subject: [PATCH] Standardize encryption key headers (#379)

---
 .../When_using_Aes_without_incoming_key_identifier.cs      | 2 +-
 .../When_using_Rijndael_without_incoming_key_identifier.cs | 2 +-
 src/MessageProperty/AesEncryptionService.cs                | 7 +++----
 src/MessageProperty/EncryptionHeaders.cs                   | 6 +-----
 src/MessageProperty/RijndaelEncryptionService.cs           | 7 +++----
 src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt  | 3 +--
 6 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/src/AcceptanceTests/When_using_Aes_without_incoming_key_identifier.cs b/src/AcceptanceTests/When_using_Aes_without_incoming_key_identifier.cs
index fe75dd8..16133f9 100644
--- a/src/AcceptanceTests/When_using_Aes_without_incoming_key_identifier.cs
+++ b/src/AcceptanceTests/When_using_Aes_without_incoming_key_identifier.cs
@@ -91,7 +91,7 @@ class RemoveKeyIdentifierHeaderMutator : IMutateIncomingTransportMessages
         {
             public Task MutateIncoming(MutateIncomingTransportMessageContext context)
             {
-                context.Headers.Remove(EncryptionHeaders.AesKeyIdentifier);
+                context.Headers.Remove(EncryptionHeaders.EncryptionKeyIdentifier);
                 return Task.FromResult(0);
             }
         }
diff --git a/src/AcceptanceTests/When_using_Rijndael_without_incoming_key_identifier.cs b/src/AcceptanceTests/When_using_Rijndael_without_incoming_key_identifier.cs
index ed3d8cd..54edf15 100644
--- a/src/AcceptanceTests/When_using_Rijndael_without_incoming_key_identifier.cs
+++ b/src/AcceptanceTests/When_using_Rijndael_without_incoming_key_identifier.cs
@@ -95,7 +95,7 @@ class RemoveKeyIdentifierHeaderMutator : IMutateIncomingTransportMessages
         {
             public Task MutateIncoming(MutateIncomingTransportMessageContext context)
             {
-                context.Headers.Remove(EncryptionHeaders.RijndaelKeyIdentifier);
+                context.Headers.Remove(EncryptionHeaders.EncryptionKeyIdentifier);
                 return Task.FromResult(0);
             }
         }
diff --git a/src/MessageProperty/AesEncryptionService.cs b/src/MessageProperty/AesEncryptionService.cs
index 59e74ef..3c6b5ca 100644
--- a/src/MessageProperty/AesEncryptionService.cs
+++ b/src/MessageProperty/AesEncryptionService.cs
@@ -111,7 +111,7 @@ public string Decrypt(EncryptedValue encryptedValue, IIncomingLogicalMessageCont
             {
                 return DecryptUsingKeyIdentifier(encryptedValue, keyIdentifier);
             }
-            Log.Warn($"Encrypted message has no '{EncryptionHeaders.AesKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
+            Log.Warn($"Encrypted message has no '{EncryptionHeaders.EncryptionKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
             return DecryptUsingAllKeys(encryptedValue);
         }
 
@@ -252,8 +252,7 @@ static bool IsValidKey(byte[] key)
         /// </summary>
         protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageContext context)
         {
-            context.Headers[EncryptionHeaders.AesKeyIdentifier] = encryptionKeyIdentifier;
-            context.Headers[EncryptionHeaders.RijndaelKeyIdentifier] = encryptionKeyIdentifier;
+            context.Headers[EncryptionHeaders.EncryptionKeyIdentifier] = encryptionKeyIdentifier;
         }
 
         /// <summary>
@@ -261,7 +260,7 @@ protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageCo
         /// </summary>
         protected internal virtual bool TryGetKeyIdentifierHeader(out string keyIdentifier, IIncomingLogicalMessageContext context)
         {
-            return context.Headers.TryGetValue(EncryptionHeaders.AesKeyIdentifier, out keyIdentifier);
+            return context.Headers.TryGetValue(EncryptionHeaders.EncryptionKeyIdentifier, out keyIdentifier);
         }
 
         /// <summary>
diff --git a/src/MessageProperty/EncryptionHeaders.cs b/src/MessageProperty/EncryptionHeaders.cs
index 558d37f..3579c91 100644
--- a/src/MessageProperty/EncryptionHeaders.cs
+++ b/src/MessageProperty/EncryptionHeaders.cs
@@ -8,10 +8,6 @@ public static class EncryptionHeaders
         /// <summary>
         /// The identifier to lookup the key to decrypt the encrypted data.
         /// </summary>
-        public const string RijndaelKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
-        /// <summary>
-        /// The AES identifier to lookup the key to decrypt the encrypted data.
-        /// </summary>
-        public const string AesKeyIdentifier = "NServiceBus.AesKeyIdentifier";
+        public const string EncryptionKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
     }
 }
\ No newline at end of file
diff --git a/src/MessageProperty/RijndaelEncryptionService.cs b/src/MessageProperty/RijndaelEncryptionService.cs
index 840f336..829e7e8 100644
--- a/src/MessageProperty/RijndaelEncryptionService.cs
+++ b/src/MessageProperty/RijndaelEncryptionService.cs
@@ -114,7 +114,7 @@ public string Decrypt(EncryptedValue encryptedValue, IIncomingLogicalMessageCont
             {
                 return DecryptUsingKeyIdentifier(encryptedValue, keyIdentifier);
             }
-            Log.Warn($"Encrypted message has no '{EncryptionHeaders.RijndaelKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
+            Log.Warn($"Encrypted message has no '{EncryptionHeaders.EncryptionKeyIdentifier}' header. Possibility of data corruption. Upgrade endpoints that send message with encrypted properties.");
             return DecryptUsingAllKeys(encryptedValue);
         }
 
@@ -262,8 +262,7 @@ static bool IsValidKey(byte[] key)
         /// </summary>
         protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageContext context)
         {
-            context.Headers[EncryptionHeaders.RijndaelKeyIdentifier] = encryptionKeyIdentifier;
-            context.Headers[EncryptionHeaders.AesKeyIdentifier] = encryptionKeyIdentifier;
+            context.Headers[EncryptionHeaders.EncryptionKeyIdentifier] = encryptionKeyIdentifier;
         }
 
         /// <summary>
@@ -271,7 +270,7 @@ protected internal virtual void AddKeyIdentifierHeader(IOutgoingLogicalMessageCo
         /// </summary>
         protected internal virtual bool TryGetKeyIdentifierHeader(out string keyIdentifier, IIncomingLogicalMessageContext context)
         {
-            return context.Headers.TryGetValue(EncryptionHeaders.RijndaelKeyIdentifier, out keyIdentifier);
+            return context.Headers.TryGetValue(EncryptionHeaders.EncryptionKeyIdentifier, out keyIdentifier);
         }
 
         /// <summary>
diff --git a/src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt b/src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt
index 27a1570..4378d33 100644
--- a/src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt
+++ b/src/Tests/ApprovalFiles/APIApprovals.Approve.approved.txt
@@ -39,8 +39,7 @@ namespace NServiceBus.Encryption.MessageProperty
     }
     public static class EncryptionHeaders
     {
-        public const string AesKeyIdentifier = "NServiceBus.AesKeyIdentifier";
-        public const string RijndaelKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
+        public const string EncryptionKeyIdentifier = "NServiceBus.RijndaelKeyIdentifier";
     }
     public interface IEncryptionService
     {