public IDictionary <String, Object> Encrypt(IDictionary <String, Object> map)
{
//requestMap is a SmartMap it offers a easy way to do nested lookups.
SmartMap smartMap = new SmartMap(map);
if (this.publicKey != null)
{
foreach (String fieldToEncrypt in configuration.FieldsToEncrypt)
{
if (smartMap.ContainsKey(fieldToEncrypt))
{
String payload = null;
// 1) extract the encryptedData from map
Object tmpObjectToEncrypt = smartMap.Get(fieldToEncrypt);
smartMap.Remove(fieldToEncrypt);
if (tmpObjectToEncrypt.GetType() == typeof(Dictionary <String, Object>))
{
// 2) create json string
payload = JsonConvert.SerializeObject(tmpObjectToEncrypt);
// 3) escaping the string
payload = CryptUtil.SanitizeJson(payload);
}
else
{
payload = tmpObjectToEncrypt.ToString();
}
Tuple <byte[], byte[], byte[]> aesResult = CryptUtil.EncryptAES(System.Text.Encoding.UTF8.GetBytes(payload), configuration.SymmetricKeysize, configuration.SymmetricMode, configuration.SymmetricPadding);
// 4) generate random iv
byte[] ivBytes = aesResult.Item1;
// 5) generate AES SecretKey
byte[] secretKeyBytes = aesResult.Item2;
// 6) encrypt payload
byte[] encryptedDataBytes = aesResult.Item3;
String ivValue = CryptUtil.Encode(ivBytes, configuration.DataEncoding);
String encryptedDataValue = CryptUtil.Encode(encryptedDataBytes, configuration.DataEncoding);
// 7) encrypt secretKey with issuer key
byte[] encryptedSecretKey = CryptUtil.EncrytptRSA(secretKeyBytes, this.publicKey, configuration.OaepEncryptionPadding);
String encryptedKeyValue = CryptUtil.Encode(encryptedSecretKey, configuration.DataEncoding);
String fingerprintHexString = publicKeyFingerPrint;
String baseKey = "";
if (fieldToEncrypt.IndexOf(".") > 0)
{
baseKey = fieldToEncrypt.Substring(0, fieldToEncrypt.IndexOf("."));
baseKey += ".";
}
if (configuration.PublicKeyFingerprintFiledName != null)
{
smartMap.Add(baseKey + configuration.PublicKeyFingerprintFiledName, fingerprintHexString);
}
if (configuration.OaepHashingAlgorithmFieldName != null)
{
smartMap.Add(baseKey + configuration.OaepHashingAlgorithmFieldName, configuration.OaepHashingAlgorithm);
}
smartMap.Add(baseKey + configuration.IvFieldName, ivValue);
smartMap.Add(baseKey + configuration.EncryptedKeyFiledName, encryptedKeyValue);
smartMap.Add(baseKey + configuration.EncryptedDataFieldName, encryptedDataValue);
break;
}
}
}
return(smartMap);
}
public IDictionary <String, Object> Decrypt(IDictionary <String, Object> map)
{
SmartMap smartMap = new SmartMap(map);
foreach (String fieldToDecrypt in configuration.FieldsToDecrypt)
{
if (smartMap.ContainsKey(fieldToDecrypt))
{
String baseKey = "";
if (fieldToDecrypt.IndexOf(".") > 0)
{
baseKey = fieldToDecrypt.Substring(0, fieldToDecrypt.LastIndexOf("."));
baseKey += ".";
}
//need to read the key
String encryptedKey = (String)smartMap.Get(baseKey + configuration.EncryptedKeyFiledName);
smartMap.Remove(baseKey + configuration.EncryptedKeyFiledName);
byte[] encryptedKeyByteArray = CryptUtil.Decode(encryptedKey, configuration.DataEncoding);
//need to decryt with RSA
byte[] secretKeyBytes = null;
if (smartMap.ContainsKey(baseKey + configuration.OaepHashingAlgorithmFieldName))
{
string oaepHashingAlgorithm = (String)smartMap.Get(baseKey + configuration.OaepHashingAlgorithmFieldName);
oaepHashingAlgorithm = oaepHashingAlgorithm.Replace("SHA", "SHA-");
RSAEncryptionPadding customEncryptionPadding = configuration.OaepEncryptionPadding;
if (oaepHashingAlgorithm.Equals("SHA-256"))
{
customEncryptionPadding = RSAEncryptionPadding.OaepSHA256;
}
else if (oaepHashingAlgorithm.Equals("SHA-512"))
{
customEncryptionPadding = RSAEncryptionPadding.OaepSHA512;
}
secretKeyBytes = CryptUtil.DecryptRSA(encryptedKeyByteArray, this.privateKey, customEncryptionPadding);
}
else
{
secretKeyBytes = CryptUtil.DecryptRSA(encryptedKeyByteArray, this.privateKey, configuration.OaepEncryptionPadding);
}
//need to read the iv
String ivString = (String)smartMap.Get(baseKey + configuration.IvFieldName);
smartMap.Remove(baseKey + configuration.IvFieldName);
byte[] ivByteArray = CryptUtil.Decode(ivString.ToString(), configuration.DataEncoding);
// remove the field that are not required in the map
if (smartMap.ContainsKey(configuration.PublicKeyFingerprintFiledName))
{
smartMap.Remove(configuration.PublicKeyFingerprintFiledName);
}
//need to decrypt the data
String encryptedData = (String)smartMap.Get(baseKey + configuration.EncryptedDataFieldName);
smartMap.Remove(baseKey + configuration.EncryptedDataFieldName);
byte[] encryptedDataByteArray = CryptUtil.Decode(encryptedData, configuration.DataEncoding);
byte[] decryptedDataByteArray = CryptUtil.DecryptAES(ivByteArray, secretKeyBytes, encryptedDataByteArray, configuration.SymmetricKeysize, configuration.SymmetricMode, configuration.SymmetricPadding);
String decryptedDataString = System.Text.Encoding.UTF8.GetString(decryptedDataByteArray);
if (decryptedDataString.StartsWith("{"))
{
Dictionary <String, Object> decryptedDataMap = JsonConvert.DeserializeObject <Dictionary <String, Object> >(decryptedDataString);
foreach (KeyValuePair <String, Object> entry in decryptedDataMap)
{
smartMap.Add(baseKey + configuration.EncryptedDataFieldName + "." + entry.Key, entry.Value);
}
}
else
{
smartMap.Add(baseKey + configuration.EncryptedDataFieldName, decryptedDataString);
}
break;
}
}
return(smartMap);
}
