internal EncryptionStrategy(
KeyEncryptionConfiguration keyEncryptionConfig,
DataEncryptionConfiguration dataEncryptionConfig,
IEnumerable <Attachment> attachments)
{
_keyEncryptionConfig = keyEncryptionConfig;
_dataEncryptionConfig = dataEncryptionConfig;
_attachments = attachments.ToList();
}
/// <summary>
/// Start Encrypting AS4 Message
/// </summary>
/// <param name="messagingContext"></param>
/// <returns></returns>
public async Task <StepResult> ExecuteAsync(MessagingContext messagingContext)
{
if (messagingContext == null)
{
throw new ArgumentNullException(nameof(messagingContext));
}
if (messagingContext.AS4Message == null)
{
throw new InvalidOperationException(
$"{nameof(EncryptAS4MessageStep)} requires an AS4Message to encrypt but no AS4Message is present in the MessagingContext");
}
if (messagingContext.SendingPMode == null)
{
throw new InvalidOperationException(
$"{nameof(EncryptAS4MessageStep)} requires a SendingPMode to encrypt the AS4Message but no SendingPMode is present in the MessagingContext");
}
if (messagingContext.SendingPMode.Security?.Encryption == null ||
messagingContext.SendingPMode.Security.Encryption.IsEnabled == false)
{
Logger.Trace(
"No encryption of the AS4Message will happen because the " +
$"SendingPMode {messagingContext.SendingPMode?.Id} Security.Encryption.IsEnabled is disabled");
return(await StepResult.SuccessAsync(messagingContext));
}
Logger.Info(
$"(Outbound)[{messagingContext.AS4Message.GetPrimaryMessageId()}] Encrypt AS4Message with given encryption information " +
$"configured in the SendingPMode: {messagingContext.SendingPMode.Id}");
KeyEncryptionConfiguration keyEncryptionConfig = RetrieveKeyEncryptionConfig(messagingContext.SendingPMode);
Encryption encryptionSettings = messagingContext.SendingPMode.Security.Encryption;
var dataEncryptionConfig = new DataEncryptionConfiguration(
encryptionMethod: encryptionSettings.Algorithm,
algorithmKeySize: encryptionSettings.AlgorithmKeySize);
EncryptAS4Message(
messagingContext.AS4Message,
keyEncryptionConfig,
dataEncryptionConfig);
var journal = JournalLogEntry.CreateFrom(
messagingContext.AS4Message,
$"Encrypted using certificate {keyEncryptionConfig.EncryptionCertificate.FriendlyName} and "
+ $"key encryption method: {keyEncryptionConfig.EncryptionMethod}, key digest method: {keyEncryptionConfig.DigestMethod}, "
+ $"key mgf: {keyEncryptionConfig.Mgf} and Data encryption method: {dataEncryptionConfig.EncryptionMethod}, "
+ $" data encryption type: {dataEncryptionConfig.EncryptionType}, data transport algorithm: {dataEncryptionConfig.TransformAlgorithm}");
return(await StepResult
.Success(messagingContext)
.WithJournalAsync(journal));
}
public void FailsToEncrypt_IfInvalidKeySize()
{
// Arrange
AS4Message as4Message = CreateAS4Message();
var keyEncryptionConfig = new KeyEncryptionConfiguration(CreateEncryptionCertificate());
var dataEncryptionConfig = new DataEncryptionConfiguration(AS4.Model.PMode.Encryption.Default.Algorithm, -1);
// Act / Assert
Assert.ThrowsAny <Exception>(() => as4Message.Encrypt(keyEncryptionConfig, dataEncryptionConfig));
}
private static void EncryptAS4Message(
AS4Message message,
KeyEncryptionConfiguration keyEncryptionConfig,
DataEncryptionConfiguration dataEncryptionConfig)
{
try
{
message.Encrypt(keyEncryptionConfig, dataEncryptionConfig);
}
catch (Exception exception)
{
string description = $"Problems with encryption AS4Message: {exception}";
Logger.Error(description);
throw new CryptographicException(description, exception);
}
}
/// <summary>
/// Encrypts the AS4 Message using the specified <paramref name="keyEncryptionConfig"/>
/// and <paramref name="dataEncryptionConfig"/>
/// </summary>
/// <param name="keyEncryptionConfig"></param>
/// <param name="dataEncryptionConfig"></param>
public void Encrypt(KeyEncryptionConfiguration keyEncryptionConfig, DataEncryptionConfiguration dataEncryptionConfig)
{
if (keyEncryptionConfig == null)
{
throw new ArgumentNullException(nameof(keyEncryptionConfig));
}
if (dataEncryptionConfig == null)
{
throw new ArgumentNullException(nameof(dataEncryptionConfig));
}
var encryptor =
EncryptionStrategyBuilder
.Create(this, keyEncryptionConfig)
.WithDataEncryptionConfiguration(dataEncryptionConfig)
.Build();
SecurityHeader.Encrypt(encryptor);
}
/// <summary>
/// Add a <paramref name="data"/> to the <see cref="EncryptedData"/>
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public EncryptedDataBuilder WithDataEncryptionConfiguration(DataEncryptionConfiguration data)
{
_data = data;
return(this);
}
/// <summary>
/// With the data encryption configuration.
/// </summary>
/// <param name="dataEncryptionConfig">The data encryption configuration.</param>
/// <returns></returns>
public EncryptionStrategyBuilder WithDataEncryptionConfiguration(
DataEncryptionConfiguration dataEncryptionConfig)
{
_dataConfiguration = dataEncryptionConfig;
return(this);
}
