private static JToken DecryptPayloadPath(JToken payload, string jsonPathIn, string jsonPathOut, JweConfig config)
        {
            JToken token = payload.SelectToken(jsonPathIn);

            if (JsonUtils.IsNullOrEmptyJson(token))
            {
                // Nothing to decrypt
                return(payload);
            }

            // Read and remove encrypted data and encryption fields at the given JSON path
            string encryptedValue = ReadAndDeleteJsonKey(payload, token, config.EncryptedValueFieldName);

            if (string.IsNullOrEmpty(encryptedValue))
            {
                // Nothing to decrypt
                return(payload);
            }
            JweObject jweObject      = JweObject.Parse(encryptedValue);
            string    decryptedValue = jweObject.Decrypt(config);

            if ("$".Equals(jsonPathOut))
            {
                return(JObject.Parse(decryptedValue));
            }

            JsonUtils.CheckOrCreateOutObject(payload, jsonPathOut);
            JsonUtils.AddDecryptedDataToPayload(payload, decryptedValue, jsonPathOut);

            // Remove the input
            token = payload.SelectToken(jsonPathIn);
            if (null != token && token.Parent != null)
            {
                token.Parent.Remove();
            }
            return(payload);
        }
Esempio n. 2
0
        private static JToken DecryptPayloadPath(JToken payloadToken, string jsonPathIn, string jsonPathOut,
                                                 FieldLevelEncryptionConfig config, FieldLevelEncryptionParams parameters)
        {
            if (payloadToken == null)
            {
                throw new ArgumentNullException(nameof(payloadToken));
            }
            if (jsonPathIn == null)
            {
                throw new ArgumentNullException(nameof(jsonPathIn));
            }
            if (jsonPathOut == null)
            {
                throw new ArgumentNullException(nameof(jsonPathOut));
            }

            var inJsonToken = payloadToken.SelectToken(jsonPathIn);

            if (inJsonToken == null)
            {
                // Nothing to decrypt
                return(payloadToken);
            }

            // Read and remove encrypted data and encryption fields at the given JSON path
            JsonUtils.AssertIsObject(inJsonToken, jsonPathIn);
            var encryptedValueJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.EncryptedValueFieldName);

            if (IsNullOrEmptyJson(encryptedValueJsonToken))
            {
                // Nothing to decrypt
                return(payloadToken);
            }

            if (!config.UseHttpPayloads() && parameters == null)
            {
                throw new InvalidOperationException("Encryption params have to be set when not stored in HTTP payloads!");
            }

            if (parameters == null)
            {
                // Read encryption params from the payload
                var oaepDigestAlgorithmJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.OaepPaddingDigestAlgorithmFieldName);
                var oaepDigestAlgorithm          = IsNullOrEmptyJson(oaepDigestAlgorithmJsonToken) ? config.OaepPaddingDigestAlgorithm : oaepDigestAlgorithmJsonToken;
                var encryptedKeyJsonToken        = ReadAndDeleteJsonKey(inJsonToken, config.EncryptedKeyFieldName);
                var ivJsonToken = ReadAndDeleteJsonKey(inJsonToken, config.IvFieldName);
                ReadAndDeleteJsonKey(inJsonToken, config.EncryptionCertificateFingerprintFieldName);
                ReadAndDeleteJsonKey(inJsonToken, config.EncryptionKeyFingerprintFieldName);
                parameters = new FieldLevelEncryptionParams(config, ivJsonToken, encryptedKeyJsonToken, oaepDigestAlgorithm);
            }

            // Decrypt data
            var encryptedValueBytes = EncodingUtils.DecodeValue(encryptedValueJsonToken, config.ValueEncoding);
            var decryptedValueBytes = DecryptBytes(parameters.GetSecretKeyBytes(), parameters.GetIvBytes(), encryptedValueBytes);

            // Add decrypted data at the given JSON path
            var decryptedValue = JsonUtils.SanitizeJson(Encoding.UTF8.GetString(decryptedValueBytes));

            if ("$".Equals(jsonPathOut))
            {
                // The decrypted JSON is the new body
                return(JToken.Parse(decryptedValue));
            }
            else
            {
                JsonUtils.CheckOrCreateOutObject(payloadToken, jsonPathOut);
                JsonUtils.AddDecryptedDataToPayload(payloadToken, decryptedValue, jsonPathOut);

                // Remove the input if now empty
                inJsonToken = payloadToken.SelectToken(jsonPathIn);
                if (inJsonToken.Type == JTokenType.Object && !inJsonToken.HasValues)
                {
                    inJsonToken.Parent.Remove();
                }
            }

            return(payloadToken);
        }