public void TestEncryption_BadCert() { Mock <ILogger> mockLogger = new Mock <ILogger>(); X509CertConfig certConfig = new X509CertConfig() { CertFile = "certnotfound.pfx" }; Assert.Throws <Exception>(() => DataEncryption.EncryptData(mockLogger.Object, certConfig, "Encrypt Me")); Assert.Throws <Exception>(() => DataEncryption.EncryptData(mockLogger.Object, certConfig, "Decrypt Me")); }
/// <summary> /// Decrypts an base64 encoded encryption string /// </summary> /// <param name="logger">Logger</param> /// <param name="x509CertConfig">X509 Certificate Configuration</param> /// <param name="encryptedValue">Base64 encoded value to decrypt</param> /// <returns>Cleartext Value</returns> public static string DecryptData(ILogger logger, X509CertConfig x509CertConfig, string encryptedValue) { /// Validate Arguments in public method if (logger == null) { throw new ArgumentNullException("logger"); } if (x509CertConfig == null) { throw new ArgumentNullException("x509CertConfig"); } if (String.IsNullOrEmpty(encryptedValue)) { // No decryption work needs to be done return(encryptedValue); } try { logger.LogDebug("Attempt to decrypt value"); using (X509Certificate2 cert = new X509Certificate2(x509CertConfig.CertFile, cCertPwd)) { if (cert == null) { throw new Exception("Unable to create X509Certificate2 using cert file " + x509CertConfig.CertFile); } using (RSA rsa = cert.GetRSAPrivateKey()) { byte[] valueBytes = Convert.FromBase64String(encryptedValue); return(Encoding.UTF8.GetString(rsa.Decrypt(valueBytes, RSAEncryptionPadding.OaepSHA512))); } } } catch (Exception e) { logger.LogError("Unable to perform decryption of the value using the X509 Certificate at the location: [{certFile}]. Reason: {reason}", x509CertConfig.CertFile, e.Message); throw new Exception("Unable to decrypt using certificate " + x509CertConfig.CertFile, e); } finally { logger.LogDebug("Finished attempt to decrypt value."); } }
public void TestEncryption_Positive(string value) { Mock <ILogger> mockLogger = new Mock <ILogger>(); X509CertConfig certConfig = new X509CertConfig() { CertFile = "pfl.pfx" }; var encVal = DataEncryption.EncryptData(mockLogger.Object, certConfig, value); Assert.NotNull(encVal); Assert.NotEqual(value, encVal); // Verifies that we are working with an encrypted string here Assert.True(encVal.Length > 0); var result = DataEncryption.DecryptData(mockLogger.Object, certConfig, encVal); Assert.NotNull(result); Assert.Equal(value, result); }
public void TestEncryption_Negative(string certFile, string value) { Mock <ILogger> mockLogger = new Mock <ILogger>(); X509CertConfig certConfig = new X509CertConfig() { CertFile = certFile }; // Encryption Methods Assert.Throws <ArgumentNullException>(() => DataEncryption.EncryptData(null, null, null)); Assert.Throws <ArgumentNullException>(() => DataEncryption.EncryptData(mockLogger.Object, null, value)); // Null or empty string in should be same coming out Assert.Equal(value, DataEncryption.EncryptData(mockLogger.Object, certConfig, value)); // Decryption Methods Assert.Throws <ArgumentNullException>(() => DataEncryption.DecryptData(null, null, null)); Assert.Throws <ArgumentNullException>(() => DataEncryption.DecryptData(mockLogger.Object, null, value)); // Null or empty string in should result in same coming out Assert.Equal(value, DataEncryption.DecryptData(mockLogger.Object, certConfig, value)); }
/// <summary> /// Constructor /// </summary> /// <param name="logger">Logger</param> /// <param name="pflLinkConfig">PFL Link Configuration</param> /// <param name="x509CertConfig">X509 Certificate Configuration for Sensitive Data decryption</param> public PflApiSvc(ILogger <PflApiSvc> logger, IOptionsSnapshot <PflLinkConfig> pflLinkConfig, IOptionsSnapshot <X509CertConfig> x509CertConfig) { _logger = logger ?? throw new ArgumentNullException("logger"); _pflLinkConfig = pflLinkConfig.Value ?? throw new ArgumentNullException("pflLinkConfig"); _x509CertConfig = x509CertConfig.Value ?? throw new ArgumentNullException("x509CertConfig"); }