private static JToken EncryptPayloadPath(JToken json, string jsonPathIn, string jsonPathOut, JweConfig config)
{
JToken token = json.SelectToken(jsonPathIn);
if (JsonUtils.IsNullOrEmptyJson(token))
{
// Nothing to encrypt
return(json);
}
// Encode and encrypt
string inJsonString = JsonUtils.SanitizeJson(token.ToString(Formatting.None));
JweHeader header = new JweHeader(ALGORITHM, ENCRYPTION, config.EncryptionKeyFingerprint, CONTENT_TYPE);
string encrypted = JweObject.Encrypt(config, inJsonString, header);
// Delete data in the clear
if ("$".Equals(jsonPathIn))
{
// Create a new object
json = JObject.Parse("{}");
}
else
{
token.Parent.Remove();
}
JsonUtils.CheckOrCreateOutObject(json, jsonPathOut);
var outJsonToken = json.SelectToken(jsonPathOut) as JObject;
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedValueFieldName, encrypted);
return(outJsonToken);
}
private static JToken EncryptPayloadPath(JToken payloadToken, string jsonPathIn, string jsonPathOut,
FieldLevelEncryptionConfig config, FieldLevelEncryptionParams parameters)
{
if (payloadToken == null)
{
throw new ArgumentNullException(nameof(payloadToken));
}
if (jsonPathIn == null)
{
throw new ArgumentNullException(nameof(jsonPathIn));
}
if (jsonPathOut == null)
{
throw new ArgumentNullException(nameof(jsonPathOut));
}
var inJsonToken = payloadToken.SelectToken(jsonPathIn);
if (inJsonToken == null)
{
// Nothing to encrypt
return(payloadToken);
}
if (parameters == null)
{
// Generate encryption params
parameters = FieldLevelEncryptionParams.Generate(config);
}
// Encrypt data at the given JSON path
var inJsonString = JsonUtils.SanitizeJson(inJsonToken.ToString());
var inJsonBytes = Encoding.ASCII.GetBytes(inJsonString);
var encryptedValueBytes = EncryptBytes(parameters.GetSecretKeyBytes(), parameters.GetIvBytes(), inJsonBytes);
var encryptedValue = EncodingUtils.EncodeBytes(encryptedValueBytes, config.ValueEncoding);
// Delete data in clear
if (!"$".Equals(jsonPathIn))
{
inJsonToken.Parent.Remove();
}
else
{
// We need a JObject (we can't work with a JArray for instance)
payloadToken = JObject.Parse("{}");
}
// Add encrypted data and encryption fields at the given JSON path
JsonUtils.CheckOrCreateOutObject(payloadToken, jsonPathOut);
var outJsonToken = payloadToken.SelectToken(jsonPathOut) as JObject;
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedValueFieldName, encryptedValue);
if (!string.IsNullOrEmpty(config.IvFieldName))
{
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.IvFieldName, parameters.IvValue);
}
if (!string.IsNullOrEmpty(config.EncryptedKeyFieldName))
{
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedKeyFieldName, parameters.EncryptedKeyValue);
}
if (!string.IsNullOrEmpty(config.EncryptionCertificateFingerprintFieldName))
{
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptionCertificateFingerprintFieldName, config.EncryptionCertificateFingerprint);
}
if (!string.IsNullOrEmpty(config.EncryptionKeyFingerprintFieldName))
{
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptionKeyFingerprintFieldName, config.EncryptionKeyFingerprint);
}
if (!string.IsNullOrEmpty(config.OaepPaddingDigestAlgorithmFieldName))
{
JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.OaepPaddingDigestAlgorithmFieldName, parameters.OaepPaddingDigestAlgorithmValue);
}
return(payloadToken);
}
