From c0530cdffdb7e8e30dba01d6af002c917f976cce Mon Sep 17 00:00:00 2001
From: Whit Waldo <whit.waldo@innovian.net>
Date: Wed, 3 Jan 2024 15:12:27 -0600
Subject: [PATCH] Updated encrypt/decrypt options so the streaming block size
 no longer uses a uint. Added validation in its place to ensure the value
 provided is never less than or equal to 0.

Signed-off-by: Whit Waldo <whit.waldo@innovian.net>
---
 src/Dapr.Client/CryptographyOptions.cs | 27 +++++++++++++++++++++++---
 src/Dapr.Client/DaprClientGrpc.cs      |  8 ++++----
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/Dapr.Client/CryptographyOptions.cs b/src/Dapr.Client/CryptographyOptions.cs
index bee394d54..58d91ca43 100644
--- a/src/Dapr.Client/CryptographyOptions.cs
+++ b/src/Dapr.Client/CryptographyOptions.cs
@@ -1,4 +1,6 @@
 #nullable enable
+using System;
+
 namespace Dapr.Client
 {
     /// <summary>
@@ -20,14 +22,23 @@ public EncryptionOptions(KeyWrapAlgorithm keyWrapAlgorithm)
         /// </summary>
         public KeyWrapAlgorithm KeyWrapAlgorithm { get; set; }
 
+        private int streamingBlockSizeInBytes = 4 * 1024; // 4 KB
         /// <summary>
         /// The size of the block in bytes used to send data to the sidecar for cryptography operations.
         /// </summary>
         /// <remarks>
         /// This defaults to 4KB and generally should not exceed 64KB.
         /// </remarks>
-        public uint StreamingBlockSizeInBytes { get; set; } = 4 * 1024;
-
+        public int StreamingBlockSizeInBytes
+        {
+            get => streamingBlockSizeInBytes;
+            set
+            {
+                ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(value, 0, nameof(value));
+                streamingBlockSizeInBytes = value;
+            }
+        }
+        
         /// <summary>
         /// The optional name (and optionally a version) of the key specified to use during decryption.
         /// </summary>
@@ -44,9 +55,19 @@ public EncryptionOptions(KeyWrapAlgorithm keyWrapAlgorithm)
     /// </summary>
     public class DecryptionOptions
     {
+        private int streamingBlockSizeInBytes = 4 * 1024; // 4KB
         /// <summary>
         /// The size of the block in bytes used to send data to the sidecar for cryptography operations.
         /// </summary>
-        public uint StreamingBlockSizeInBytes { get; set; } = 4 * 1024;
+        public int StreamingBlockSizeInBytes
+        {
+            get => streamingBlockSizeInBytes;
+            set
+            {
+                ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(value, 0, nameof(value));
+                
+                streamingBlockSizeInBytes = value;
+            }
+        }
     }
 }
diff --git a/src/Dapr.Client/DaprClientGrpc.cs b/src/Dapr.Client/DaprClientGrpc.cs
index 0b1d212cf..141b7dc70 100644
--- a/src/Dapr.Client/DaprClientGrpc.cs
+++ b/src/Dapr.Client/DaprClientGrpc.cs
@@ -1413,7 +1413,7 @@ private async Task<ReadOnlyMemory<byte>> EncryptAsync(string vaultResourceName,
             {
                 //Stream the plaintext data to the sidecar in chunks
                 Task.FromResult(SendPlaintextStreamAsync(plaintextStream,
-                    (int)encryptionOptions.StreamingBlockSizeInBytes, duplexStream, encryptRequestOptions,
+                    encryptionOptions.StreamingBlockSizeInBytes, duplexStream, encryptRequestOptions,
                     cancellationToken)),
                 //At the same time, retrieve the encrypted response from the sidecar
                 Task.FromResult(RetrieveEncryptedStreamAsync(duplexStream, cancellationToken))
@@ -1469,7 +1469,7 @@ public override async IAsyncEnumerable<byte[]> EncryptStreamAsync(string vaultRe
             var tasks = new Task<IAsyncEnumerable<byte[]>>[]
             {
                 //Stream the plaintext data to the sidecar in chunks
-                Task.FromResult(SendPlaintextStreamAsync(plaintextStream, (int)encryptionOptions.StreamingBlockSizeInBytes, duplexStream, encryptRequestOptions, cancellationToken)),
+                Task.FromResult(SendPlaintextStreamAsync(plaintextStream, encryptionOptions.StreamingBlockSizeInBytes, duplexStream, encryptRequestOptions, cancellationToken)),
                 //At the same time, retrieve the encrypted response from the sidecar
                 Task.FromResult(RetrieveEncryptedStreamAsync(duplexStream, cancellationToken))
             };
@@ -1562,7 +1562,7 @@ public override async IAsyncEnumerable<byte[]> DecryptStreamAsync(string vaultRe
             var tasks = new Task<IAsyncEnumerable<byte[]>>[]
             {
                 //Stream the plaintext data to the sidecar in chunks
-                Task.FromResult(SendCiphertextStreamAsync(ciphertextStream, (int)decryptionOptions.StreamingBlockSizeInBytes, duplexStream, decryptRequestOptions, cancellationToken)),
+                Task.FromResult(SendCiphertextStreamAsync(ciphertextStream, decryptionOptions.StreamingBlockSizeInBytes, duplexStream, decryptRequestOptions, cancellationToken)),
                 //At the same time, retrieve the encrypted response from the sidecar
                 Task.FromResult(RetrieveDecryptedStreamAsync(duplexStream, cancellationToken))
             };
@@ -1674,7 +1674,7 @@ private async Task<ReadOnlyMemory<byte>> DecryptAsync(string vaultResourceName,
             var tasks = new Task<IAsyncEnumerable<byte[]>>[]
             {
                 Task.FromResult(SendCiphertextStreamAsync(ciphertextStream,
-                    (int)decryptionOptions.StreamingBlockSizeInBytes, duplexStream, decryptRequestOptions,
+                    decryptionOptions.StreamingBlockSizeInBytes, duplexStream, decryptRequestOptions,
                     cancellationToken)),
                 Task.FromResult(RetrieveDecryptedStreamAsync(duplexStream, cancellationToken))
             };