public void TestEncryption_BadCert()
{
Mock <ILogger> mockLogger = new Mock <ILogger>();
X509CertConfig certConfig = new X509CertConfig()
{
CertFile = "certnotfound.pfx"
};
Assert.Throws <Exception>(() => DataEncryption.EncryptData(mockLogger.Object, certConfig, "Encrypt Me"));
Assert.Throws <Exception>(() => DataEncryption.EncryptData(mockLogger.Object, certConfig, "Decrypt Me"));
}
/// <summary>
/// Decrypts an base64 encoded encryption string
/// </summary>
/// <param name="logger">Logger</param>
/// <param name="x509CertConfig">X509 Certificate Configuration</param>
/// <param name="encryptedValue">Base64 encoded value to decrypt</param>
/// <returns>Cleartext Value</returns>
public static string DecryptData(ILogger logger, X509CertConfig x509CertConfig, string encryptedValue)
{
/// Validate Arguments in public method
if (logger == null)
{
throw new ArgumentNullException("logger");
}
if (x509CertConfig == null)
{
throw new ArgumentNullException("x509CertConfig");
}
if (String.IsNullOrEmpty(encryptedValue))
{
// No decryption work needs to be done
return(encryptedValue);
}
try
{
logger.LogDebug("Attempt to decrypt value");
using (X509Certificate2 cert = new X509Certificate2(x509CertConfig.CertFile, cCertPwd))
{
if (cert == null)
{
throw new Exception("Unable to create X509Certificate2 using cert file " + x509CertConfig.CertFile);
}
using (RSA rsa = cert.GetRSAPrivateKey())
{
byte[] valueBytes = Convert.FromBase64String(encryptedValue);
return(Encoding.UTF8.GetString(rsa.Decrypt(valueBytes, RSAEncryptionPadding.OaepSHA512)));
}
}
}
catch (Exception e)
{
logger.LogError("Unable to perform decryption of the value using the X509 Certificate at the location: [{certFile}]. Reason: {reason}", x509CertConfig.CertFile, e.Message);
throw new Exception("Unable to decrypt using certificate " + x509CertConfig.CertFile, e);
}
finally
{
logger.LogDebug("Finished attempt to decrypt value.");
}
}
public void TestEncryption_Positive(string value)
{
Mock <ILogger> mockLogger = new Mock <ILogger>();
X509CertConfig certConfig = new X509CertConfig()
{
CertFile = "pfl.pfx"
};
var encVal = DataEncryption.EncryptData(mockLogger.Object, certConfig, value);
Assert.NotNull(encVal);
Assert.NotEqual(value, encVal); // Verifies that we are working with an encrypted string here
Assert.True(encVal.Length > 0);
var result = DataEncryption.DecryptData(mockLogger.Object, certConfig, encVal);
Assert.NotNull(result);
Assert.Equal(value, result);
}
public void TestEncryption_Negative(string certFile, string value)
{
Mock <ILogger> mockLogger = new Mock <ILogger>();
X509CertConfig certConfig = new X509CertConfig()
{
CertFile = certFile
};
// Encryption Methods
Assert.Throws <ArgumentNullException>(() => DataEncryption.EncryptData(null, null, null));
Assert.Throws <ArgumentNullException>(() => DataEncryption.EncryptData(mockLogger.Object, null, value));
// Null or empty string in should be same coming out
Assert.Equal(value, DataEncryption.EncryptData(mockLogger.Object, certConfig, value));
// Decryption Methods
Assert.Throws <ArgumentNullException>(() => DataEncryption.DecryptData(null, null, null));
Assert.Throws <ArgumentNullException>(() => DataEncryption.DecryptData(mockLogger.Object, null, value));
// Null or empty string in should result in same coming out
Assert.Equal(value, DataEncryption.DecryptData(mockLogger.Object, certConfig, value));
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="logger">Logger</param>
/// <param name="pflLinkConfig">PFL Link Configuration</param>
/// <param name="x509CertConfig">X509 Certificate Configuration for Sensitive Data decryption</param>
public PflApiSvc(ILogger <PflApiSvc> logger, IOptionsSnapshot <PflLinkConfig> pflLinkConfig, IOptionsSnapshot <X509CertConfig> x509CertConfig)
{
_logger = logger ?? throw new ArgumentNullException("logger");
_pflLinkConfig = pflLinkConfig.Value ?? throw new ArgumentNullException("pflLinkConfig");
_x509CertConfig = x509CertConfig.Value ?? throw new ArgumentNullException("x509CertConfig");
}
