private static JToken EncryptPayloadPath(JToken json, string jsonPathIn, string jsonPathOut, JweConfig config)
        {
            JToken token = json.SelectToken(jsonPathIn);

            if (JsonUtils.IsNullOrEmptyJson(token))
            {
                // Nothing to encrypt
                return(json);
            }

            // Encode and encrypt
            string    inJsonString = JsonUtils.SanitizeJson(token.ToString(Formatting.None));
            JweHeader header       = new JweHeader(ALGORITHM, ENCRYPTION, config.EncryptionKeyFingerprint, CONTENT_TYPE);
            string    encrypted    = JweObject.Encrypt(config, inJsonString, header);

            // Delete data in the clear
            if ("$".Equals(jsonPathIn))
            {
                // Create a new object
                json = JObject.Parse("{}");
            }
            else
            {
                token.Parent.Remove();
            }

            JsonUtils.CheckOrCreateOutObject(json, jsonPathOut);
            var outJsonToken = json.SelectToken(jsonPathOut) as JObject;

            JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedValueFieldName, encrypted);
            return(outJsonToken);
        }
        private static JToken DecryptPayloadPath(JToken payload, string jsonPathIn, string jsonPathOut, JweConfig config)
        {
            JToken token = payload.SelectToken(jsonPathIn);

            if (JsonUtils.IsNullOrEmptyJson(token))
            {
                // Nothing to decrypt
                return(payload);
            }

            // Read and remove encrypted data and encryption fields at the given JSON path
            string encryptedValue = ReadAndDeleteJsonKey(payload, token, config.EncryptedValueFieldName);

            if (string.IsNullOrEmpty(encryptedValue))
            {
                // Nothing to decrypt
                return(payload);
            }
            JweObject jweObject      = JweObject.Parse(encryptedValue);
            string    decryptedValue = jweObject.Decrypt(config);

            if ("$".Equals(jsonPathOut))
            {
                return(JObject.Parse(decryptedValue));
            }

            JsonUtils.CheckOrCreateOutObject(payload, jsonPathOut);
            JsonUtils.AddDecryptedDataToPayload(payload, decryptedValue, jsonPathOut);

            // Remove the input
            token = payload.SelectToken(jsonPathIn);
            if (null != token && token.Parent != null)
            {
                token.Parent.Remove();
            }
            return(payload);
        }
Exemple #3
0
        private static JToken DecryptPayloadPath(JToken payloadToken, string jsonPathIn, string jsonPathOut,
                                                 FieldLevelEncryptionConfig config, FieldLevelEncryptionParams parameters)
        {
            if (payloadToken == null)
            {
                throw new ArgumentNullException(nameof(payloadToken));
            }
            if (jsonPathIn == null)
            {
                throw new ArgumentNullException(nameof(jsonPathIn));
            }
            if (jsonPathOut == null)
            {
                throw new ArgumentNullException(nameof(jsonPathOut));
            }

            var inJsonToken = payloadToken.SelectToken(jsonPathIn);

            if (inJsonToken == null)
            {
                // Nothing to decrypt
                return(payloadToken);
            }

            // Read and remove encrypted data and encryption fields at the given JSON path
            JsonUtils.AssertIsObject(inJsonToken, jsonPathIn);
            var encryptedValueJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.EncryptedValueFieldName);

            if (IsNullOrEmptyJson(encryptedValueJsonToken))
            {
                // Nothing to decrypt
                return(payloadToken);
            }

            if (!config.UseHttpPayloads() && parameters == null)
            {
                throw new InvalidOperationException("Encryption params have to be set when not stored in HTTP payloads!");
            }

            if (parameters == null)
            {
                // Read encryption params from the payload
                var oaepDigestAlgorithmJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.OaepPaddingDigestAlgorithmFieldName);
                var oaepDigestAlgorithm          = IsNullOrEmptyJson(oaepDigestAlgorithmJsonToken) ? config.OaepPaddingDigestAlgorithm : oaepDigestAlgorithmJsonToken;
                var encryptedKeyJsonToken        = ReadAndDeleteJsonKey(inJsonToken, config.EncryptedKeyFieldName);
                var ivJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.IvFieldName);
                ReadAndDeleteJsonKey(inJsonToken, config.EncryptionCertificateFingerprintFieldName);
                ReadAndDeleteJsonKey(inJsonToken, config.EncryptionKeyFingerprintFieldName);
                parameters = new FieldLevelEncryptionParams(config, ivJsonToken, encryptedKeyJsonToken, oaepDigestAlgorithm);
            }

            // Decrypt data
            var encryptedValueBytes = EncodingUtils.DecodeValue(encryptedValueJsonToken, config.ValueEncoding);
            var decryptedValueBytes = DecryptBytes(parameters.GetSecretKeyBytes(), parameters.GetIvBytes(), encryptedValueBytes);

            // Add decrypted data at the given JSON path
            var decryptedValue = JsonUtils.SanitizeJson(Encoding.UTF8.GetString(decryptedValueBytes));

            if ("$".Equals(jsonPathOut))
            {
                // The decrypted JSON is the new body
                return(JToken.Parse(decryptedValue));
            }
            else
            {
                JsonUtils.CheckOrCreateOutObject(payloadToken, jsonPathOut);
                JsonUtils.AddDecryptedDataToPayload(payloadToken, decryptedValue, jsonPathOut);

                // Remove the input if now empty
                inJsonToken = payloadToken.SelectToken(jsonPathIn);
                if (inJsonToken.Type == JTokenType.Object && !inJsonToken.HasValues)
                {
                    inJsonToken.Parent.Remove();
                }
            }

            return(payloadToken);
        }
Exemple #4
0
        private static JToken EncryptPayloadPath(JToken payloadToken, string jsonPathIn, string jsonPathOut,
                                                 FieldLevelEncryptionConfig config, FieldLevelEncryptionParams parameters)
        {
            if (payloadToken == null)
            {
                throw new ArgumentNullException(nameof(payloadToken));
            }
            if (jsonPathIn == null)
            {
                throw new ArgumentNullException(nameof(jsonPathIn));
            }
            if (jsonPathOut == null)
            {
                throw new ArgumentNullException(nameof(jsonPathOut));
            }

            var inJsonToken = payloadToken.SelectToken(jsonPathIn);

            if (inJsonToken == null)
            {
                // Nothing to encrypt
                return(payloadToken);
            }

            if (parameters == null)
            {
                // Generate encryption params
                parameters = FieldLevelEncryptionParams.Generate(config);
            }

            // Encrypt data at the given JSON path
            var inJsonString        = JsonUtils.SanitizeJson(inJsonToken.ToString());
            var inJsonBytes         = Encoding.ASCII.GetBytes(inJsonString);
            var encryptedValueBytes = EncryptBytes(parameters.GetSecretKeyBytes(), parameters.GetIvBytes(), inJsonBytes);
            var encryptedValue      = EncodingUtils.EncodeBytes(encryptedValueBytes, config.ValueEncoding);

            // Delete data in clear
            if (!"$".Equals(jsonPathIn))
            {
                inJsonToken.Parent.Remove();
            }
            else
            {
                // We need a JObject (we can't work with a JArray for instance)
                payloadToken = JObject.Parse("{}");
            }

            // Add encrypted data and encryption fields at the given JSON path
            JsonUtils.CheckOrCreateOutObject(payloadToken, jsonPathOut);
            var outJsonToken = payloadToken.SelectToken(jsonPathOut) as JObject;

            JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedValueFieldName, encryptedValue);
            if (!string.IsNullOrEmpty(config.IvFieldName))
            {
                JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.IvFieldName, parameters.IvValue);
            }
            if (!string.IsNullOrEmpty(config.EncryptedKeyFieldName))
            {
                JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedKeyFieldName, parameters.EncryptedKeyValue);
            }
            if (!string.IsNullOrEmpty(config.EncryptionCertificateFingerprintFieldName))
            {
                JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptionCertificateFingerprintFieldName, config.EncryptionCertificateFingerprint);
            }
            if (!string.IsNullOrEmpty(config.EncryptionKeyFingerprintFieldName))
            {
                JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptionKeyFingerprintFieldName, config.EncryptionKeyFingerprint);
            }
            if (!string.IsNullOrEmpty(config.OaepPaddingDigestAlgorithmFieldName))
            {
                JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.OaepPaddingDigestAlgorithmFieldName, parameters.OaepPaddingDigestAlgorithmValue);
            }

            return(payloadToken);
        }