private async Task <ResponseMessage> ReadItemHelperAsync( string id, PartitionKey partitionKey, ItemRequestOptions requestOptions, bool decryptResponse, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { ResponseMessage responseMessage = await this.container.ReadItemStreamAsync( id, partitionKey, requestOptions, cancellationToken); if (decryptResponse) { (responseMessage.Content, _) = await EncryptionProcessor.DecryptAsync( responseMessage.Content, this.Encryptor, diagnosticsContext, cancellationToken); } return(responseMessage); }
private async Task <TransactionalBatchResponse> DecryptTransactionalBatchResponseAsync( TransactionalBatchResponse response, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { List <TransactionalBatchOperationResult> decryptedTransactionalBatchOperationResults = new List <TransactionalBatchOperationResult>(); for (int index = 0; index < response.Count; index++) { TransactionalBatchOperationResult result = response[index]; if (response.IsSuccessStatusCode && result.ResourceStream != null) { (Stream decryptedStream, _) = await EncryptionProcessor.DecryptAsync( result.ResourceStream, this.encryptor, diagnosticsContext, cancellationToken); result = new EncryptionTransactionalBatchOperationResult(response[index], decryptedStream); } decryptedTransactionalBatchOperationResults.Add(result); } return(new EncryptionTransactionalBatchResponse( decryptedTransactionalBatchOperationResults, response, this.cosmosSerializer)); }
internal static async Task <Stream> DeserializeAndDecryptResponseAsync( Stream content, Encryptor encryptor, CancellationToken cancellationToken) { JObject contentJObj = EncryptionProcessor.BaseSerializer.FromStream <JObject>(content); if (!(contentJObj.SelectToken(Constants.DocumentsResourcePropertyName) is JArray documents)) { throw new InvalidOperationException("Feed Response body contract was violated. Feed response did not have an array of Documents"); } foreach (JToken value in documents) { if (!(value is JObject document)) { continue; } CosmosDiagnosticsContext diagnosticsContext = CosmosDiagnosticsContext.Create(null); using (diagnosticsContext.CreateScope("EncryptionProcessor.DeserializeAndDecryptResponseAsync")) { await EncryptionProcessor.DecryptAsync( document, encryptor, diagnosticsContext, cancellationToken); } } // the contents of contentJObj get decrypted in place for MDE algorithm model, and for legacy model _ei property is removed // and corresponding decrypted properties are added back in the documents. return(EncryptionProcessor.BaseSerializer.ToStream(contentJObj)); }
private async Task <TransactionalBatchResponse> DecryptTransactionalBatchResponseAsync( TransactionalBatchResponse response, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { List <TransactionalBatchOperationResult> decryptedTransactionalBatchOperationResults = new List <TransactionalBatchOperationResult>(); foreach (TransactionalBatchOperationResult result in response) { if (response.IsSuccessStatusCode && result.ResourceStream != null) { (Stream decryptedStream, _) = await EncryptionProcessor.DecryptAsync( result.ResourceStream, this.encryptor, diagnosticsContext, cancellationToken); decryptedTransactionalBatchOperationResults.Add(new EncryptionTransactionalBatchOperationResult(result, decryptedStream)); } else { decryptedTransactionalBatchOperationResults.Add(result); } } return(new EncryptionTransactionalBatchResponse( decryptedTransactionalBatchOperationResults, response, this.cosmosSerializer)); }
private async Task <ResponseMessage> ReplaceItemHelperAsync( Stream streamPayload, string id, PartitionKey partitionKey, ItemRequestOptions requestOptions, bool decryptResponse, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { if (!(requestOptions is EncryptionItemRequestOptions encryptionItemRequestOptions) || encryptionItemRequestOptions.EncryptionOptions == null) { return(await this.container.ReplaceItemStreamAsync( streamPayload, id, partitionKey, requestOptions, cancellationToken)); } if (partitionKey == null) { throw new NotSupportedException($"{nameof(partitionKey)} cannot be null for operations using {nameof(EncryptionContainer)}."); } streamPayload = await EncryptionProcessor.EncryptAsync( streamPayload, this.Encryptor, encryptionItemRequestOptions.EncryptionOptions, diagnosticsContext, cancellationToken); ResponseMessage responseMessage = await this.container.ReplaceItemStreamAsync( streamPayload, id, partitionKey, requestOptions, cancellationToken); if (decryptResponse) { (responseMessage.Content, _) = await EncryptionProcessor.DecryptAsync( responseMessage.Content, this.Encryptor, diagnosticsContext, cancellationToken); } return(responseMessage); }
internal static async Task <Stream> DeserializeAndDecryptResponseAsync( Stream content, Encryptor encryptor, CancellationToken cancellationToken) { JObject contentJObj = EncryptionProcessor.BaseSerializer.FromStream <JObject>(content); JArray result = new JArray(); if (!(contentJObj.SelectToken(Constants.DocumentsResourcePropertyName) is JArray documents)) { throw new InvalidOperationException("Feed Response body contract was violated. Feed response did not have an array of Documents"); } foreach (JToken value in documents) { if (!(value is JObject document)) { result.Add(value); continue; } CosmosDiagnosticsContext diagnosticsContext = CosmosDiagnosticsContext.Create(null); using (diagnosticsContext.CreateScope("EncryptionProcessor.DeserializeAndDecryptResponseAsync")) { (JObject decryptedDocument, DecryptionContext _) = await EncryptionProcessor.DecryptAsync( document, encryptor, diagnosticsContext, cancellationToken); result.Add(decryptedDocument); } } JObject decryptedResponse = new JObject(); foreach (JProperty property in contentJObj.Properties()) { if (property.Name.Equals(Constants.DocumentsResourcePropertyName)) { decryptedResponse.Add(property.Name, (JToken)result); } else { decryptedResponse.Add(property.Name, property.Value); } } return(EncryptionProcessor.BaseSerializer.ToStream(decryptedResponse)); }
public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilder <T>( string processorName, ChangesHandler <T> onChangesDelegate) { CosmosDiagnosticsContext diagnosticsContext = CosmosDiagnosticsContext.Create(null); using (diagnosticsContext.CreateScope("GetChangeFeedProcessorBuilder")) { return(this.container.GetChangeFeedProcessorBuilder( processorName, async(IReadOnlyCollection <JObject> documents, CancellationToken cancellationToken) => { List <T> decryptItems = new List <T>(documents.Count); if (typeof(T) == typeof(DecryptableItem)) { foreach (JToken value in documents) { DecryptableItemCore item = new DecryptableItemCore( value, this.Encryptor, this.CosmosSerializer); decryptItems.Add((T)(object)item); } } else { foreach (JObject document in documents) { (JObject decryptedDocument, DecryptionContext _) = await EncryptionProcessor.DecryptAsync( document, this.Encryptor, diagnosticsContext, cancellationToken); decryptItems.Add(decryptedDocument.ToObject <T>()); } } // Call the original passed in delegate await onChangesDelegate(decryptItems, cancellationToken); })); } }
private async Task <ResponseMessage> CreateItemHelperAsync( Stream streamPayload, PartitionKey partitionKey, ItemRequestOptions requestOptions, bool decryptResponse, CosmosDiagnosticsContext diagnosticsContext, CancellationToken cancellationToken) { if (!(requestOptions is EncryptionItemRequestOptions encryptionItemRequestOptions) || encryptionItemRequestOptions.EncryptionOptions == null) { return(await this.container.CreateItemStreamAsync( streamPayload, partitionKey, requestOptions, cancellationToken)); } streamPayload = await EncryptionProcessor.EncryptAsync( streamPayload, this.Encryptor, encryptionItemRequestOptions.EncryptionOptions, diagnosticsContext, cancellationToken); ResponseMessage responseMessage = await this.container.CreateItemStreamAsync( streamPayload, partitionKey, requestOptions, cancellationToken); if (decryptResponse) { (responseMessage.Content, _) = await EncryptionProcessor.DecryptAsync( responseMessage.Content, this.Encryptor, diagnosticsContext, cancellationToken); } return(responseMessage); }