private IList <IColumn> TransformChunk(IList <FileEncryptionSettings> readerSettings, IList <FileEncryptionSettings> writerSettings, IList <IColumn> sourceRowGroup)
{
List <IColumn> transformedColumns = new List <IColumn>();
for (int index = 0; index < sourceRowGroup.Count; index++)
{
FileEncryptionSettings readerColumnSettings = readerSettings[index];
FileEncryptionSettings writerColumnSettings = writerSettings[index];
IColumn column = sourceRowGroup[index];
if (ShouldEncrypt(readerColumnSettings, writerColumnSettings))
{
transformedColumns.Add(EncryptColumn(writerColumnSettings, column));
}
else if (ShouldDecrypt(readerColumnSettings, writerColumnSettings))
{
transformedColumns.Add(DecryptColumn(writerColumnSettings, column));
}
else if (ShouldRotate(readerColumnSettings, writerColumnSettings))
{
transformedColumns.Add(EncryptColumn(writerColumnSettings, DecryptColumn(readerColumnSettings, column)));
}
else
{
transformedColumns.Add(sourceRowGroup[index]);
}
}
return(transformedColumns);
}
private static Column <byte[]> EncryptColumn(FileEncryptionSettings writerColumnSettings, IColumn column)
{
byte[][] encryptedData = column.Data
.Encrypt(writerColumnSettings)
.ToArray();
return(new Column <byte[]>(encryptedData)
{
Name = column.Name
});
}
private static IColumn DecryptColumn(FileEncryptionSettings writerColumnSettings, IColumn column)
{
IList encryptedData = column.Data
.Decrypt(writerColumnSettings);
Type type = encryptedData.GetType().GenericTypeArguments[0];
IColumn encodedColumn = (IColumn)Activator.CreateInstance(typeof(Column <>).MakeGenericType(type), encryptedData);
encodedColumn.Name = column.Name;
return(encodedColumn);
}
private bool ShouldRotate(FileEncryptionSettings readerEncryptionSettings, FileEncryptionSettings writerEncryptionSettings)
{
return((readerEncryptionSettings != writerEncryptionSettings) &&
readerEncryptionSettings.EncryptionType != EncryptionType.Plaintext &&
writerEncryptionSettings.EncryptionType != EncryptionType.Plaintext &&
(HasDifferentDataEncryptionRootKey() || HasDifferentEncryptionType()));
bool HasDifferentDataEncryptionRootKey() => readerEncryptionSettings.DataEncryptionKey != writerEncryptionSettings.DataEncryptionKey &&
!readerEncryptionSettings.DataEncryptionKey.RootKeyEquals(writerEncryptionSettings.DataEncryptionKey);
bool HasDifferentEncryptionType() => readerEncryptionSettings.EncryptionType != writerEncryptionSettings.EncryptionType;
}
/// <summary>
/// Compiles a <see cref="CryptoMetadata"/> object from <see cref="List{T}"/>s of <see cref="IColumn"/>s and <see cref="FileEncryptionSettings"/>.
/// </summary>
/// <param name="columns">The <see cref="IColumn"/>s on which to compile metadata.</param>
/// <param name="encryptionSettings">The <see cref="FileEncryptionSettings"/> on which to compile metadata.</param>
/// <returns></returns>
public static CryptoMetadata CompileMetadata(IList <IColumn> columns, IList <FileEncryptionSettings> encryptionSettings)
{
if (columns.Count != encryptionSettings.Count)
{
throw new ArgumentException($"{nameof(columns)}.Count does not equal {nameof(encryptionSettings)}.Count");
}
CryptoMetadata cryptoMetadata = new CryptoMetadata();
for (int i = 0; i < columns.Count; i++)
{
FileEncryptionSettings settings = encryptionSettings[i];
if (settings.EncryptionType != EncryptionType.Plaintext)
{
ColumnEncryptionMetadata columnEncryptionInformation = new ColumnEncryptionMetadata()
{
ColumnName = columns[i].Name,
DataEncryptionKeyName = settings.DataEncryptionKey.Name,
ColumnIndex = encryptionSettings.IndexOf(settings),
EncryptionAlgorithm = DataEncryptionKeyAlgorithm.AEAD_AES_256_CBC_HMAC_SHA256,
EncryptionType = settings.EncryptionType,
Serializer = settings.GetSerializer()
};
DataEncryptionKeyMetadata columnKeyInformation = new DataEncryptionKeyMetadata()
{
KeyEncryptionKeyName = settings.DataEncryptionKey.KeyEncryptionKey.Name,
EncryptedDataEncryptionKey = settings.DataEncryptionKey.EncryptedValue.ToHexString(),
Name = settings.DataEncryptionKey.Name
};
KeyEncryptionKeyMetadata columnMasterKeyInformation = new KeyEncryptionKeyMetadata()
{
KeyPath = settings.DataEncryptionKey.KeyEncryptionKey.Path,
KeyProvider = settings.DataEncryptionKey.KeyEncryptionKey.KeyStoreProvider.ProviderName,
Name = settings.DataEncryptionKey.KeyEncryptionKey.Name
};
cryptoMetadata.ColumnEncryptionInformation.Add(columnEncryptionInformation);
cryptoMetadata.DataEncryptionKeyInformation.Add(columnKeyInformation);
cryptoMetadata.KeyEncryptionKeyInformation.Add(columnMasterKeyInformation);
}
}
return(cryptoMetadata);
}
private bool ShouldDecrypt(FileEncryptionSettings readerEncryptionSettings, FileEncryptionSettings writerEncryptionSettings)
{
return((readerEncryptionSettings != writerEncryptionSettings) &&
readerEncryptionSettings.EncryptionType != EncryptionType.Plaintext &&
writerEncryptionSettings.EncryptionType == EncryptionType.Plaintext);
}
