/// <summary>
/// Encrypt RestSharp request payloads.
/// </summary>
/// <param name="request">A RestSharp request object</param>
public void InterceptRequest(IRestRequest request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
try
{
// Check request actually has a payload
var bodyParam = request.Parameters.FirstOrDefault(param => param.Type == ParameterType.RequestBody);
if (bodyParam == null)
{
// Nothing to encrypt
return;
}
var payload = bodyParam.Value.ToString();
if (string.IsNullOrEmpty(payload))
{
// Nothing to encrypt
return;
}
// Encrypt fields & update headers
string encryptedPayload;
if (_config.UseHttpHeaders())
{
// Generate encryption params and add them as HTTP headers
var parameters = FieldLevelEncryptionParams.Generate(_config);
UpdateRequestHeader(request, _config.IvHeaderName, parameters.IvValue);
UpdateRequestHeader(request, _config.EncryptedKeyHeaderName, parameters.EncryptedKeyValue);
UpdateRequestHeader(request, _config.EncryptionCertificateFingerprintHeaderName, _config.EncryptionCertificateFingerprint);
UpdateRequestHeader(request, _config.EncryptionKeyFingerprintHeaderName, _config.EncryptionKeyFingerprint);
UpdateRequestHeader(request, _config.OaepPaddingDigestAlgorithmHeaderName, parameters.OaepPaddingDigestAlgorithmValue);
encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, _config, parameters);
}
else
{
// Encryption params will be stored in the payload
encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, _config);
}
// Update body and content length
bodyParam.Value = encryptedPayload;
UpdateRequestHeader(request, "Content-Length", encryptedPayload.Length);
}
catch (EncryptionException)
{
throw;
}
catch (Exception e)
{
throw new EncryptionException("Failed to intercept and encrypt request!", e);
}
}
/// <summary>
/// Decrypt RestSharp response payloads.
/// </summary>
/// <param name="response">A RestSharp response object</param>
public void InterceptResponse(IRestResponse response)
{
if (response == null)
{
throw new ArgumentNullException(nameof(response));
}
try
{
// Read response payload
var encryptedPayload = response.Content;
if (string.IsNullOrEmpty(encryptedPayload))
{
// Nothing to decrypt
return;
}
// Decrypt fields & update headers
string decryptedPayload;
if (_config.UseHttpHeaders())
{
// Read encryption params from HTTP headers and delete headers
var ivValue = ReadAndRemoveHeader(response, _config.IvHeaderName);
var encryptedKeyValue = ReadAndRemoveHeader(response, _config.EncryptedKeyHeaderName);
var oaepPaddingDigestAlgorithmValue = ReadAndRemoveHeader(response, _config.OaepPaddingDigestAlgorithmHeaderName);
ReadAndRemoveHeader(response, _config.EncryptionCertificateFingerprintHeaderName);
ReadAndRemoveHeader(response, _config.EncryptionKeyFingerprintHeaderName);
var parameters = new FieldLevelEncryptionParams(_config, ivValue, encryptedKeyValue, oaepPaddingDigestAlgorithmValue);
decryptedPayload = FieldLevelEncryption.DecryptPayload(encryptedPayload, _config, parameters);
}
else
{
// Encryption params are stored in the payload
decryptedPayload = FieldLevelEncryption.DecryptPayload(encryptedPayload, _config);
}
// Update body and content length
var contentTypeInfo = response.GetType().GetTypeInfo().GetDeclaredField("_content");
contentTypeInfo.SetValue(response, new Lazy <string>(() => decryptedPayload));
}
catch (EncryptionException)
{
throw;
}
catch (Exception e)
{
throw new EncryptionException("Failed to intercept and decrypt response!", e);
}
}
/// <summary>
/// Decrypt a RestSharp response payload
/// </summary>
/// <param name="response">A RestSharp response object</param>
/// <param name="encryptedPayload">The encrypted payload to be decrypted</param>
/// <returns>The decrypted payload</returns>
internal override string DecryptPayload(IRestResponse response, string encryptedPayload)
{
// Decrypt fields & update headers
string decryptedPayload;
if (_config.UseHttpHeaders())
{
// Read encryption params from HTTP headers and delete headers
var ivValue = ReadAndRemoveHeader(response, _config.IvHeaderName);
var encryptedKeyValue = ReadAndRemoveHeader(response, _config.EncryptedKeyHeaderName);
var oaepPaddingDigestAlgorithmValue = ReadAndRemoveHeader(response, _config.OaepPaddingDigestAlgorithmHeaderName);
ReadAndRemoveHeader(response, _config.EncryptionCertificateFingerprintHeaderName);
ReadAndRemoveHeader(response, _config.EncryptionKeyFingerprintHeaderName);
var parameters = new FieldLevelEncryptionParams(_config, ivValue, encryptedKeyValue, oaepPaddingDigestAlgorithmValue);
decryptedPayload = FieldLevelEncryption.DecryptPayload(encryptedPayload, _config, parameters);
}
else
{
// Encryption params are stored in the payload
decryptedPayload = FieldLevelEncryption.DecryptPayload(encryptedPayload, _config);
}
return(decryptedPayload);
}
/// <summary>
/// Encrypt a RestSharp request payload.
/// </summary>
/// <param name="request">A RestSharp request object</param>
/// <param name="payload">The payload to be encrypted</param>
/// <returns>The encrypted payload</returns>
internal override string EncryptPayload(IRestRequest request, string payload)
{
// Encrypt fields & update headers
string encryptedPayload;
if (_config.UseHttpHeaders())
{
// Generate encryption params and add them as HTTP headers
var parameters = FieldLevelEncryptionParams.Generate(_config);
UpdateRequestHeader(request, _config.IvHeaderName, parameters.IvValue);
UpdateRequestHeader(request, _config.EncryptedKeyHeaderName, parameters.EncryptedKeyValue);
UpdateRequestHeader(request, _config.EncryptionCertificateFingerprintHeaderName, _config.EncryptionCertificateFingerprint);
UpdateRequestHeader(request, _config.EncryptionKeyFingerprintHeaderName, _config.EncryptionKeyFingerprint);
UpdateRequestHeader(request, _config.OaepPaddingDigestAlgorithmHeaderName, parameters.OaepPaddingDigestAlgorithmValue);
encryptedPayload = FieldLevelEncryption.EncryptPayload(payload.ToString(), _config, parameters);
}
else
{
// Encryption params will be stored in the payload
encryptedPayload = FieldLevelEncryption.EncryptPayload(payload.ToString(), _config);
}
return(encryptedPayload);
}
internal static void AssertDecryptedPayloadEquals(string expectedPayload, string encryptedPayload, FieldLevelEncryptionConfig config)
{
var payloadString = FieldLevelEncryption.DecryptPayload(encryptedPayload, config);
AssertPayloadEquals(expectedPayload, payloadString);
}
