private static void ValidateClientEncryptionIncludedPath(
ClientEncryptionIncludedPath clientEncryptionIncludedPath,
int policyFormatVersion)
{
if (clientEncryptionIncludedPath == null)
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath));
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.Path))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.Path));
}
if (clientEncryptionIncludedPath.Path[0] != '/'
|| clientEncryptionIncludedPath.Path.LastIndexOf('/') != 0)
{
throw new ArgumentException($"Invalid path '{clientEncryptionIncludedPath.Path ?? string.Empty}'.");
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.ClientEncryptionKeyId))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.ClientEncryptionKeyId));
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.EncryptionType))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.EncryptionType));
}
if (string.Equals(clientEncryptionIncludedPath.Path.Substring(1), "id"))
{
if (policyFormatVersion < 2)
{
throw new ArgumentException($"Path: {clientEncryptionIncludedPath.Path} cannot be encrypted with PolicyFormatVersion: {policyFormatVersion}. Please use PolicyFormatVersion: 2. ");
}
if (clientEncryptionIncludedPath.EncryptionType != "Deterministic")
{
throw new ArgumentException($"Only Deterministic encryption type is supported for path: {clientEncryptionIncludedPath.Path}. ");
}
}
if (!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Deterministic") &&
!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Randomized"))
{
throw new ArgumentException("EncryptionType should be either 'Deterministic' or 'Randomized'. ", nameof(clientEncryptionIncludedPath));
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.EncryptionAlgorithm))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.EncryptionAlgorithm));
}
if (!string.Equals(clientEncryptionIncludedPath.EncryptionAlgorithm, "AEAD_AES_256_CBC_HMAC_SHA256"))
{
throw new ArgumentException("EncryptionAlgorithm should be 'AEAD_AES_256_CBC_HMAC_SHA256'. ", nameof(clientEncryptionIncludedPath));
}
}
private void ValidateClientEncryptionIncludedPath(ClientEncryptionIncludedPath clientEncryptionIncludedPath)
{
if (clientEncryptionIncludedPath == null)
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath));
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.Path))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.Path));
}
if (clientEncryptionIncludedPath.Path[0] != '/' ||
clientEncryptionIncludedPath.Path.LastIndexOf('/') != 0 ||
string.Equals(clientEncryptionIncludedPath.Path.Substring(1), "id"))
{
throw new ArgumentException($"Invalid path '{clientEncryptionIncludedPath.Path ?? string.Empty}'.");
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.ClientEncryptionKeyId))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.ClientEncryptionKeyId));
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.EncryptionType))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.EncryptionType));
}
if (!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Deterministic") &&
!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Randomized") &&
!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Plaintext"))
{
throw new ArgumentException("EncryptionType should be either 'Deterministic' or 'Randomized' or 'Plaintext'.", nameof(clientEncryptionIncludedPath));
}
if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.EncryptionAlgorithm))
{
throw new ArgumentNullException(nameof(clientEncryptionIncludedPath.EncryptionAlgorithm));
}
if (!string.Equals(clientEncryptionIncludedPath.EncryptionAlgorithm, "AEAD_AES_256_CBC_HMAC_SHA256"))
{
throw new ArgumentException("EncryptionAlgorithm should be 'AEAD_AES_256_CBC_HMAC_SHA256'.", nameof(clientEncryptionIncludedPath));
}
}
