/// <summary>
/// Encrypts the specified plain text.
/// </summary>
/// <param name="plainText">The plain text.</param>
/// <param name="encryptKey">
/// An object to used to look up invokation-specific encryption parameters.
/// </param>
/// <param name="serializationState">
/// An object that holds an arbitrary value that is passed to one or more encrypt
/// operations within a single serialization operation.
/// </param>
/// <returns></returns>
public string Encrypt(string plainText, object encryptKey, SerializationState serializationState)
{
var encryptor =
serializationState == null
? _crypto.GetEncryptor(encryptKey)
: serializationState.Get(() => _crypto.GetEncryptor(encryptKey));
var cipherText = encryptor.Encrypt(plainText);
return(cipherText);
}
/// <summary>
/// Encrypts the specified plain text.
/// </summary>
/// <param name="plainText">The plain text.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or null to use the default credential.
/// </param>
/// <param name="serializationState">
/// An object that holds an arbitrary value that is passed to one or more encrypt
/// operations within a single serialization operation.
/// </param>
/// <returns>The encrypted text.</returns>
public string Encrypt(string plainText, string credentialName, SerializationState serializationState)
{
var encryptor = serializationState.Get(() => _crypto.GetEncryptor(credentialName?.ToString()));
var cipherText = encryptor.Encrypt(plainText);
return(cipherText);
}
/// <summary>
/// Encrypts the fields, specified by XPath, that are contained in the given xml document string.
/// </summary>
/// <param name="crypto">
/// The instance of <see cref="ICrypto"/> that ultimately responsible for performing encryption operations
/// on field values.
/// </param>
/// <param name="xmlString">A string containing an xml document.</param>
/// <param name="xpathsToEncrypt">One or more XPaths of the fields to encrypt.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or <c>null</c> to use the default credential.
/// </param>
/// <returns>The same xml document, except with the specified fields encrypted.</returns>
public static string EncryptXml(this ICrypto crypto, string xmlString, IEnumerable <string> xpathsToEncrypt, string?credentialName = null)
{
if (crypto is null)
{
throw new ArgumentNullException(nameof(crypto));
}
if (xmlString is null)
{
throw new ArgumentNullException(nameof(xmlString));
}
if (xpathsToEncrypt is null)
{
throw new ArgumentNullException(nameof(xpathsToEncrypt));
}
#if NET48
var doc = new XmlDocument()
{
XmlResolver = null
};
var sreader = new StringReader(xmlString);
using var reader = XmlReader.Create(sreader, new XmlReaderSettings()
{
XmlResolver = null
});
doc.Load(reader);
#else
var doc = new XmlDocument();
doc.LoadXml(xmlString);
#endif
var navigator = doc.CreateNavigator() !;
var encryptor = crypto.GetEncryptor(credentialName);
var anyPaths = false;
foreach (var xpath in xpathsToEncrypt)
{
if (xpath is null)
{
throw new ArgumentException($"{nameof(xpathsToEncrypt)} cannot have null items.", nameof(xpathsToEncrypt));
}
anyPaths = true;
foreach (XPathNavigator?match in navigator.Select(xpath))
{
// If there are any child elements, or the value contains escaped characters...
if (match !.HasChildren && match.Value != match.InnerXml)
{
// ...encrypt the InnerXml property.
var plaintext = match.InnerXml;
// SetValue throws if the navigator has any child elements.
while (match.MoveToFirstChild())
{
match.DeleteSelf();
}
match.SetValue(encryptor.Encrypt(plaintext));
}
/// <summary>
/// Encrypts the fields, specified by JSONPath, that are contained in the given json document string.
/// </summary>
/// <param name="crypto">
/// The instance of <see cref="ICrypto"/> that ultimately responsible for performing encryption operations
/// on field values.
/// </param>
/// <param name="jsonString">A string containing an json document.</param>
/// <param name="jsonPathsToEncrypt">One or more JSONPaths of the fields to encrypt.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or null to use the default credential.
/// </param>
/// <returns>The same json document, except with the specified fields encrypted.</returns>
public static string EncryptJson(this ICrypto crypto, string jsonString, IEnumerable <string> jsonPathsToEncrypt, string credentialName = null)
{
if (crypto == null)
{
throw new ArgumentNullException(nameof(crypto));
}
if (jsonString == null)
{
throw new ArgumentNullException(nameof(jsonString));
}
if (jsonPathsToEncrypt == null)
{
throw new ArgumentNullException(nameof(jsonPathsToEncrypt));
}
var token = JToken.Parse(jsonString);
var encryptor = new Lazy <IEncryptor>(() => crypto.GetEncryptor(credentialName));
var anyPaths = false;
foreach (var jsonPath in jsonPathsToEncrypt)
{
if (jsonPath == null)
{
throw new ArgumentException($"{nameof(jsonPathsToEncrypt)} cannot have null items.", nameof(jsonPathsToEncrypt));
}
anyPaths = true;
foreach (var match in token.SelectTokens(jsonPath).ToArray())
{
var encryptedToken = JToken.Parse("\"" + encryptor.Value.Encrypt(match.ToString(Formatting.None)) + "\"");
if (ReferenceEquals(token, match))
{
return(encryptedToken.ToString(Formatting.None));
}
switch (match.Parent)
{
case JProperty property:
property.Value = encryptedToken;
break;
case JArray array:
array[array.IndexOf(match)] = encryptedToken;
break;
}
}
}
if (!anyPaths)
{
throw new ArgumentException($"{nameof(jsonPathsToEncrypt)} must have at least one item.", nameof(jsonPathsToEncrypt));
}
return(token.ToString(Formatting.None));
}
/// <summary> /// Gets an instance of <see cref="IEncryptor"/> using the default credential. /// </summary> /// <param name="crypto">An <see cref="ICrypto"/>.</param> /// <returns>An object that can be used for encryption operations.</returns> public static IEncryptor GetEncryptor(this ICrypto crypto) => crypto.GetEncryptor(null);
/// <summary> /// Gets an instance of <see cref="IEncryptor"/> using the default credential. /// </summary> /// <param name="crypto">An <see cref="ICrypto"/>.</param> /// <returns>An object that can be used for encryption operations.</returns> public static IEncryptor GetEncryptor(this ICrypto crypto) => crypto?.GetEncryptor(null) ?? throw new ArgumentNullException(nameof(crypto));
/// <summary>
/// Encrypts the fields, specified by XPath, that are contained in the given xml document string.
/// </summary>
/// <param name="crypto">
/// The instance of <see cref="ICrypto"/> that ultimately responsible for performing encryption operations
/// on field values.
/// </param>
/// <param name="xmlString">A string containing an xml document.</param>
/// <param name="xpathsToEncrypt">One or more XPaths of the fields to encrypt.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or null to use the default credential.
/// </param>
/// <returns>The same xml document, except with the specified fields encrypted.</returns>
public static string EncryptXml(this ICrypto crypto, string xmlString, IEnumerable <string> xpathsToEncrypt, string credentialName = null)
{
if (crypto == null)
{
throw new ArgumentNullException(nameof(crypto));
}
if (xmlString == null)
{
throw new ArgumentNullException(nameof(xmlString));
}
if (xpathsToEncrypt == null)
{
throw new ArgumentNullException(nameof(xpathsToEncrypt));
}
var doc = new XmlDocument();
doc.LoadXml(xmlString);
var navigator = doc.CreateNavigator();
var encryptor = new Lazy <IEncryptor>(() => crypto.GetEncryptor(credentialName));
var anyPaths = false;
foreach (var xpath in xpathsToEncrypt)
{
if (xpath == null)
{
throw new ArgumentException($"{nameof(xpathsToEncrypt)} cannot have null items.", nameof(xpathsToEncrypt));
}
anyPaths = true;
foreach (XPathNavigator match in navigator.Select(xpath))
{
// If there are any child elements, or the value contains escaped characters...
if (match.HasChildren && match.Value != match.InnerXml)
{
// ...encrypt the InnerXml property.
var plaintext = match.InnerXml;
// SetValue throws if the navigator has any child elements.
while (match.MoveToFirstChild())
{
match.DeleteSelf();
}
match.SetValue(encryptor.Value.Encrypt(plaintext));
}
else
{
// Else, this is a plain value, so encrypt the Value property.
match.SetValue(encryptor.Value.Encrypt(match.Value));
}
}
}
if (!anyPaths)
{
throw new ArgumentException($"{nameof(xpathsToEncrypt)} must have at least one item.", nameof(xpathsToEncrypt));
}
return(doc.OuterXml);
}
