private static void SetupApiClient()
{
var signingKey = AuthenticationUtils.LoadSigningKey(SigningKeyPkcs12FilePath, SigningKeyAlias, SigningKeyPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var encryptionCertificate = EncryptionUtils.LoadEncryptionCertificate(EncryptionCertificateFilePath);
var decryptionKey = EncryptionUtils.LoadDecryptionKey(DecryptionKeyFilePath);
var fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithEncryptionPath("$.fundingAccountInfo.encryptedPayload.encryptedData", "$.fundingAccountInfo.encryptedPayload")
.WithEncryptionPath("$.encryptedPayload.encryptedData", "$.encryptedPayload")
.WithDecryptionPath("$.tokenDetail", "$.tokenDetail.encryptedData")
.WithDecryptionPath("$.encryptedPayload", "$.encryptedPayload.encryptedData")
.WithEncryptionCertificate(encryptionCertificate)
.WithDecryptionKey(decryptionKey)
.WithOaepPaddingDigestAlgorithm("SHA-512")
.WithEncryptedValueFieldName("encryptedData")
.WithEncryptedKeyFieldName("encryptedKey")
.WithIvFieldName("iv")
.WithOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm")
.WithEncryptionCertificateFingerprintFieldName("publicKeyFingerprint")
.WithValueEncoding(FieldValueEncoding.Hex)
.Build();
var config = Configuration.Default;
config.BasePath = "https://sandbox.api.mastercard.com/mdes/";
config.ApiClient.RestClient.Authenticator = new RestSharpOAuth1Authenticator(ConsumerKey, signingKey, new Uri(config.BasePath));
config.ApiClient.EncryptionInterceptor = new RestSharpFieldLevelEncryptionInterceptor(fieldLevelEncryptionConfig);
}
public void TestBuild_ShouldThrowArgumentException_WhenUnsupportedOaepPaddingDigestAlgorithm()
{
try
{
FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithOaepPaddingDigestAlgorithm("SHA-720")
.Build();
}
catch (Exception e)
{
Assert.AreEqual("Unsupported OAEP digest algorithm: SHA-720!", e.Message);
throw;
}
}
public void TestBuild_ShouldThrowArgumentException_WhenNotDefiniteDecryptionPath()
{
try
{
FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithDecryptionPath("$.encryptedPayloads[*]", "$.payload")
.WithDecryptionKey(TestUtils.GetTestDecryptionKey())
.Build();
}
catch (Exception e)
{
Assert.AreEqual("JSON paths for decryption must point to a single item!", e.Message);
throw;
}
}
internal static FieldLevelEncryptionConfigBuilder GetTestFieldLevelEncryptionConfigBuilder()
{
return(FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithEncryptionCertificate(GetTestEncryptionCertificate())
.WithDecryptionKey(GetTestDecryptionKey())
.WithOaepPaddingDigestAlgorithm("SHA-256")
.WithEncryptedValueFieldName("encryptedValue")
.WithEncryptedKeyFieldName("encryptedKey")
.WithIvFieldName("iv")
.WithOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm")
.WithEncryptionCertificateFingerprintFieldName("encryptionCertificateFingerprint")
.WithEncryptionCertificateFingerprint("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279")
.WithEncryptionKeyFingerprintFieldName("encryptionKeyFingerprint")
.WithEncryptionKeyFingerprint("761b003c1eade3a5490e5000d37887baa5e6ec0e226c07706e599451fc032a79")
.WithValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding.Hex));
}
public void TestBuild_ShouldThrowArgumentException_WhenMissingBothIvFieldNameAndHeaderName()
{
try
{
FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithOaepPaddingDigestAlgorithm("SHA-512")
.WithEncryptedValueFieldName("encryptedValue")
.WithEncryptedKeyFieldName("encryptedKey")
.WithValueEncoding(FieldValueEncoding.Hex)
.Build();
}
catch (Exception e)
{
Assert.AreEqual("At least one of IV field name or IV header name must be set!", e.Message);
throw;
}
}
public void TestBuild_ShouldThrowArgumentException_WhenMissingEncryptedValueFieldName()
{
try
{
FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithOaepPaddingDigestAlgorithm("SHA-512")
.WithEncryptedKeyFieldName("encryptedKey")
.WithIvFieldName("iv")
.WithValueEncoding(FieldValueEncoding.Hex)
.Build();
}
catch (Exception e)
{
Assert.AreEqual("Encrypted value field name cannot be null!", e.Message);
throw;
}
}
public void TestBuild_Nominal()
{
var config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithEncryptionPath("$.payload", "$.encryptedPayload")
.WithEncryptionCertificate(TestUtils.GetTestEncryptionCertificate())
.WithEncryptionCertificateFingerprint("97A2FFE9F0D48960EF31E87FCD7A55BF7843FB4A9EEEF01BDB6032AD6FEF146B")
.WithEncryptionKeyFingerprint("F806B26BC4870E26986C70B6590AF87BAF4C2B56BB50622C51B12212DAFF2810")
.WithEncryptionCertificateFingerprintFieldName("publicCertificateFingerprint")
.WithEncryptionCertificateFingerprintHeaderName("x-public-certificate-fingerprint")
.WithEncryptionKeyFingerprintFieldName("publicKeyFingerprint")
.WithEncryptionKeyFingerprintHeaderName("x-public-key-fingerprint")
.WithDecryptionPath("$.encryptedPayload", "$.payload")
.WithDecryptionKey(TestUtils.GetTestDecryptionKey())
.WithOaepPaddingDigestAlgorithm("SHA-512")
.WithOaepPaddingDigestAlgorithmFieldName("oaepPaddingDigestAlgorithm")
.WithOaepPaddingDigestAlgorithmHeaderName("x-oaep-padding-digest-algorithm")
.WithEncryptedValueFieldName("encryptedValue")
.WithEncryptedKeyFieldName("encryptedKey")
.WithEncryptedKeyHeaderName("x-encrypted-key")
.WithIvFieldName("iv")
.WithIvHeaderName("x-iv")
.WithValueEncoding(FieldValueEncoding.Base64)
.Build();
Assert.IsNotNull(config);
Assert.AreEqual(1, config.EncryptionPaths.Count);
Assert.IsNotNull(config.EncryptionCertificate);
Assert.AreEqual("97A2FFE9F0D48960EF31E87FCD7A55BF7843FB4A9EEEF01BDB6032AD6FEF146B", config.EncryptionCertificateFingerprint);
Assert.AreEqual("F806B26BC4870E26986C70B6590AF87BAF4C2B56BB50622C51B12212DAFF2810", config.EncryptionKeyFingerprint);
Assert.AreEqual("publicCertificateFingerprint", config.EncryptionCertificateFingerprintFieldName);
Assert.AreEqual("x-public-certificate-fingerprint", config.EncryptionCertificateFingerprintHeaderName);
Assert.AreEqual("publicKeyFingerprint", config.EncryptionKeyFingerprintFieldName);
Assert.AreEqual("x-public-key-fingerprint", config.EncryptionKeyFingerprintHeaderName);
Assert.AreEqual(1, config.DecryptionPaths.Count);
Assert.IsNotNull(config.DecryptionKey);
Assert.AreEqual("SHA-512", config.OaepPaddingDigestAlgorithm);
Assert.AreEqual("encryptedValue", config.EncryptedValueFieldName);
Assert.AreEqual("encryptedKey", config.EncryptedKeyFieldName);
Assert.AreEqual("x-encrypted-key", config.EncryptedKeyHeaderName);
Assert.AreEqual("iv", config.IvFieldName);
Assert.AreEqual("x-iv", config.IvHeaderName);
Assert.AreEqual("oaepPaddingDigestAlgorithm", config.OaepPaddingDigestAlgorithmFieldName);
Assert.AreEqual("x-oaep-padding-digest-algorithm", config.OaepPaddingDigestAlgorithmHeaderName);
Assert.AreEqual(FieldValueEncoding.Base64, config.ValueEncoding);
}
public void TestBuild_ShouldThrowArgumentException_WhenEncryptedKeyAndIvFieldNamesNotBothSetOrUnset()
{
try
{
FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithOaepPaddingDigestAlgorithm("SHA-512")
.WithEncryptedValueFieldName("encryptedValue")
.WithEncryptedKeyFieldName("encryptedKey")
.WithEncryptedKeyHeaderName("x-encrypted-key")
.WithIvHeaderName("x-iv")
.WithValueEncoding(FieldValueEncoding.Hex)
.Build();
}
catch (Exception e)
{
Assert.AreEqual("IV field name and encrypted key field name must be both set or both unset!", e.Message);
throw;
}
}
public void TestBuild_ShouldThrowArgumentException_WhenMissingEncryptionCertificate()
{
try
{
FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig()
.WithEncryptionPath("$.payload", "$.encryptedPayload")
.WithOaepPaddingDigestAlgorithm("SHA-512")
.WithEncryptedValueFieldName("encryptedValue")
.WithEncryptedKeyFieldName("encryptedKey")
.WithIvFieldName("iv")
.WithValueEncoding(FieldValueEncoding.Hex)
.Build();
}
catch (Exception e)
{
Assert.AreEqual("Can't encrypt without encryption key!", e.Message);
throw;
}
}
