private static JToken DecryptPayloadPath(JToken payload, string jsonPathIn, string jsonPathOut, JweConfig config)
{
JToken token = payload.SelectToken(jsonPathIn);
if (JsonUtils.IsNullOrEmptyJson(token))
{
// Nothing to decrypt
return(payload);
}
// Read and remove encrypted data and encryption fields at the given JSON path
string encryptedValue = ReadAndDeleteJsonKey(payload, token, config.EncryptedValueFieldName);
if (string.IsNullOrEmpty(encryptedValue))
{
// Nothing to decrypt
return(payload);
}
JweObject jweObject = JweObject.Parse(encryptedValue);
string decryptedValue = jweObject.Decrypt(config);
if ("$".Equals(jsonPathOut))
{
return(JObject.Parse(decryptedValue));
}
JsonUtils.CheckOrCreateOutObject(payload, jsonPathOut);
JsonUtils.AddDecryptedDataToPayload(payload, decryptedValue, jsonPathOut);
// Remove the input
token = payload.SelectToken(jsonPathIn);
if (null != token && token.Parent != null)
{
token.Parent.Remove();
}
return(payload);
}
private static JToken DecryptPayloadPath(JToken payloadToken, string jsonPathIn, string jsonPathOut,
FieldLevelEncryptionConfig config, FieldLevelEncryptionParams parameters)
{
if (payloadToken == null)
{
throw new ArgumentNullException(nameof(payloadToken));
}
if (jsonPathIn == null)
{
throw new ArgumentNullException(nameof(jsonPathIn));
}
if (jsonPathOut == null)
{
throw new ArgumentNullException(nameof(jsonPathOut));
}
var inJsonToken = payloadToken.SelectToken(jsonPathIn);
if (inJsonToken == null)
{
// Nothing to decrypt
return(payloadToken);
}
// Read and remove encrypted data and encryption fields at the given JSON path
JsonUtils.AssertIsObject(inJsonToken, jsonPathIn);
var encryptedValueJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.EncryptedValueFieldName);
if (IsNullOrEmptyJson(encryptedValueJsonToken))
{
// Nothing to decrypt
return(payloadToken);
}
if (!config.UseHttpPayloads() && parameters == null)
{
throw new InvalidOperationException("Encryption params have to be set when not stored in HTTP payloads!");
}
if (parameters == null)
{
// Read encryption params from the payload
var oaepDigestAlgorithmJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.OaepPaddingDigestAlgorithmFieldName);
var oaepDigestAlgorithm = IsNullOrEmptyJson(oaepDigestAlgorithmJsonToken) ? config.OaepPaddingDigestAlgorithm : oaepDigestAlgorithmJsonToken;
var encryptedKeyJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.EncryptedKeyFieldName);
var ivJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.IvFieldName);
ReadAndDeleteJsonKey(inJsonToken, config.EncryptionCertificateFingerprintFieldName);
ReadAndDeleteJsonKey(inJsonToken, config.EncryptionKeyFingerprintFieldName);
parameters = new FieldLevelEncryptionParams(config, ivJsonToken, encryptedKeyJsonToken, oaepDigestAlgorithm);
}
// Decrypt data
var encryptedValueBytes = EncodingUtils.DecodeValue(encryptedValueJsonToken, config.ValueEncoding);
var decryptedValueBytes = DecryptBytes(parameters.GetSecretKeyBytes(), parameters.GetIvBytes(), encryptedValueBytes);
// Add decrypted data at the given JSON path
var decryptedValue = JsonUtils.SanitizeJson(Encoding.UTF8.GetString(decryptedValueBytes));
if ("$".Equals(jsonPathOut))
{
// The decrypted JSON is the new body
return(JToken.Parse(decryptedValue));
}
else
{
JsonUtils.CheckOrCreateOutObject(payloadToken, jsonPathOut);
JsonUtils.AddDecryptedDataToPayload(payloadToken, decryptedValue, jsonPathOut);
// Remove the input if now empty
inJsonToken = payloadToken.SelectToken(jsonPathIn);
if (inJsonToken.Type == JTokenType.Object && !inJsonToken.HasValues)
{
inJsonToken.Parent.Remove();
}
}
return(payloadToken);
}
