private static AS4EncryptedKey GetEncryptedKey(
byte[] symmetricKey,
KeyEncryptionConfiguration keyEncryptionConfig)
{
return
(AS4EncryptedKey.CreateEncryptedKeyBuilderForKey(symmetricKey, keyEncryptionConfig)
.Build());
}
internal EncryptionStrategy(
KeyEncryptionConfiguration keyEncryptionConfig,
DataEncryptionConfiguration dataEncryptionConfig,
IEnumerable <Attachment> attachments)
{
_keyEncryptionConfig = keyEncryptionConfig;
_dataEncryptionConfig = dataEncryptionConfig;
_attachments = attachments.ToList();
}
/// <summary>
/// Start Encrypting AS4 Message
/// </summary>
/// <param name="messagingContext"></param>
/// <returns></returns>
public async Task <StepResult> ExecuteAsync(MessagingContext messagingContext)
{
if (messagingContext == null)
{
throw new ArgumentNullException(nameof(messagingContext));
}
if (messagingContext.AS4Message == null)
{
throw new InvalidOperationException(
$"{nameof(EncryptAS4MessageStep)} requires an AS4Message to encrypt but no AS4Message is present in the MessagingContext");
}
if (messagingContext.SendingPMode == null)
{
throw new InvalidOperationException(
$"{nameof(EncryptAS4MessageStep)} requires a SendingPMode to encrypt the AS4Message but no SendingPMode is present in the MessagingContext");
}
if (messagingContext.SendingPMode.Security?.Encryption == null ||
messagingContext.SendingPMode.Security.Encryption.IsEnabled == false)
{
Logger.Trace(
"No encryption of the AS4Message will happen because the " +
$"SendingPMode {messagingContext.SendingPMode?.Id} Security.Encryption.IsEnabled is disabled");
return(await StepResult.SuccessAsync(messagingContext));
}
Logger.Info(
$"(Outbound)[{messagingContext.AS4Message.GetPrimaryMessageId()}] Encrypt AS4Message with given encryption information " +
$"configured in the SendingPMode: {messagingContext.SendingPMode.Id}");
KeyEncryptionConfiguration keyEncryptionConfig = RetrieveKeyEncryptionConfig(messagingContext.SendingPMode);
Encryption encryptionSettings = messagingContext.SendingPMode.Security.Encryption;
var dataEncryptionConfig = new DataEncryptionConfiguration(
encryptionMethod: encryptionSettings.Algorithm,
algorithmKeySize: encryptionSettings.AlgorithmKeySize);
EncryptAS4Message(
messagingContext.AS4Message,
keyEncryptionConfig,
dataEncryptionConfig);
var journal = JournalLogEntry.CreateFrom(
messagingContext.AS4Message,
$"Encrypted using certificate {keyEncryptionConfig.EncryptionCertificate.FriendlyName} and "
+ $"key encryption method: {keyEncryptionConfig.EncryptionMethod}, key digest method: {keyEncryptionConfig.DigestMethod}, "
+ $"key mgf: {keyEncryptionConfig.Mgf} and Data encryption method: {dataEncryptionConfig.EncryptionMethod}, "
+ $" data encryption type: {dataEncryptionConfig.EncryptionType}, data transport algorithm: {dataEncryptionConfig.TransformAlgorithm}");
return(await StepResult
.Success(messagingContext)
.WithJournalAsync(journal));
}
public void FailsToEncrypt_IfInvalidKeySize()
{
// Arrange
AS4Message as4Message = CreateAS4Message();
var keyEncryptionConfig = new KeyEncryptionConfiguration(CreateEncryptionCertificate());
var dataEncryptionConfig = new DataEncryptionConfiguration(AS4.Model.PMode.Encryption.Default.Algorithm, -1);
// Act / Assert
Assert.ThrowsAny <Exception>(() => as4Message.Encrypt(keyEncryptionConfig, dataEncryptionConfig));
}
/// <summary>
/// Initializes a new instance of the <see cref="EncryptionStrategyBuilder"/> class for the specified <paramref name="as4Message"/>
/// </summary>
/// <param name="as4Message"></param>
/// <param name="keyConfiguration">The configuration that defines how the encryption-key must be encrypted</param>
public static EncryptionStrategyBuilder Create(AS4Message as4Message, KeyEncryptionConfiguration keyConfiguration)
{
if (as4Message == null)
{
throw new ArgumentNullException(nameof(as4Message));
}
if (keyConfiguration == null)
{
throw new ArgumentNullException(nameof(keyConfiguration));
}
return(new EncryptionStrategyBuilder(as4Message, keyConfiguration));
}
private static void EncryptAS4Message(
AS4Message message,
KeyEncryptionConfiguration keyEncryptionConfig,
DataEncryptionConfiguration dataEncryptionConfig)
{
try
{
message.Encrypt(keyEncryptionConfig, dataEncryptionConfig);
}
catch (Exception exception)
{
string description = $"Problems with encryption AS4Message: {exception}";
Logger.Error(description);
throw new CryptographicException(description, exception);
}
}
/// <summary>
/// Encrypts the AS4 Message using the specified <paramref name="keyEncryptionConfig"/>
/// and <paramref name="dataEncryptionConfig"/>
/// </summary>
/// <param name="keyEncryptionConfig"></param>
/// <param name="dataEncryptionConfig"></param>
public void Encrypt(KeyEncryptionConfiguration keyEncryptionConfig, DataEncryptionConfiguration dataEncryptionConfig)
{
if (keyEncryptionConfig == null)
{
throw new ArgumentNullException(nameof(keyEncryptionConfig));
}
if (dataEncryptionConfig == null)
{
throw new ArgumentNullException(nameof(dataEncryptionConfig));
}
var encryptor =
EncryptionStrategyBuilder
.Create(this, keyEncryptionConfig)
.WithDataEncryptionConfiguration(dataEncryptionConfig)
.Build();
SecurityHeader.Encrypt(encryptor);
}
public void ThenCreateAS4EncryptedKeySucceeds(string algorithm, string digest, string mgf)
{
byte[] encryptionKey = GenerateEncryptionKey();
var keyEncryption = new KeyEncryption
{
TransportAlgorithm = algorithm,
DigestAlgorithm = digest,
MgfAlgorithm = mgf
};
var keyEncryptionConfiguration = new KeyEncryptionConfiguration(GetCertificate(), keyEncryption);
AS4EncryptedKey key =
AS4EncryptedKey.CreateEncryptedKeyBuilderForKey(encryptionKey, keyEncryptionConfiguration)
.Build();
Assert.Equal(algorithm, key.GetEncryptionAlgorithm());
Assert.Equal(digest, key.GetDigestAlgorithm());
Assert.Equal(mgf, key.GetMaskGenerationFunction());
}
private EncryptionStrategyBuilder(AS4Message as4Message, KeyEncryptionConfiguration keyConfig)
{
_as4Message = as4Message;
_keyConfiguration = keyConfig;
}
