private static void SetupApiClient() { var signingKey = AuthenticationUtils.LoadSigningKey(SigningKeyPkcs12FilePath, SigningKeyAlias, SigningKeyPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); var encryptionCertificate = EncryptionUtils.LoadEncryptionCertificate(EncryptionCertificateFilePath); var decryptionKey = EncryptionUtils.LoadDecryptionKey(DecryptionKeyFilePath); var fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithEncryptionPath("$.fundingAccountInfo.encryptedPayload.encryptedData", "$.fundingAccountInfo.encryptedPayload") .WithEncryptionPath("$.encryptedPayload.encryptedData", "$.encryptedPayload") .WithDecryptionPath("$.tokenDetail", "$.tokenDetail.encryptedData") .WithDecryptionPath("$.encryptedPayload", "$.encryptedPayload.encryptedData") .WithEncryptionCertificate(encryptionCertificate) .WithDecryptionKey(decryptionKey) .WithOaepPaddingDigestAlgorithm("SHA-512") .WithEncryptedValueFieldName("encryptedData") .WithEncryptedKeyFieldName("encryptedKey") .WithIvFieldName("iv") .WithOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .WithEncryptionCertificateFingerprintFieldName("publicKeyFingerprint") .WithValueEncoding(FieldValueEncoding.Hex) .Build(); var config = Configuration.Default; config.BasePath = "https://sandbox.api.mastercard.com/mdes/"; config.ApiClient.RestClient.Authenticator = new RestSharpOAuth1Authenticator(ConsumerKey, signingKey, new Uri(config.BasePath)); config.ApiClient.EncryptionInterceptor = new RestSharpFieldLevelEncryptionInterceptor(fieldLevelEncryptionConfig); }
public void TestBuild_ShouldThrowArgumentException_WhenUnsupportedOaepPaddingDigestAlgorithm() { try { FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithOaepPaddingDigestAlgorithm("SHA-720") .Build(); } catch (Exception e) { Assert.AreEqual("Unsupported OAEP digest algorithm: SHA-720!", e.Message); throw; } }
public void TestBuild_ShouldThrowArgumentException_WhenNotDefiniteDecryptionPath() { try { FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithDecryptionPath("$.encryptedPayloads[*]", "$.payload") .WithDecryptionKey(TestUtils.GetTestDecryptionKey()) .Build(); } catch (Exception e) { Assert.AreEqual("JSON paths for decryption must point to a single item!", e.Message); throw; } }
internal static FieldLevelEncryptionConfigBuilder GetTestFieldLevelEncryptionConfigBuilder() { return(FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithEncryptionCertificate(GetTestEncryptionCertificate()) .WithDecryptionKey(GetTestDecryptionKey()) .WithOaepPaddingDigestAlgorithm("SHA-256") .WithEncryptedValueFieldName("encryptedValue") .WithEncryptedKeyFieldName("encryptedKey") .WithIvFieldName("iv") .WithOaepPaddingDigestAlgorithmFieldName("oaepHashingAlgorithm") .WithEncryptionCertificateFingerprintFieldName("encryptionCertificateFingerprint") .WithEncryptionCertificateFingerprint("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279") .WithEncryptionKeyFingerprintFieldName("encryptionKeyFingerprint") .WithEncryptionKeyFingerprint("761b003c1eade3a5490e5000d37887baa5e6ec0e226c07706e599451fc032a79") .WithValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding.Hex)); }
public void TestBuild_ShouldThrowArgumentException_WhenMissingBothIvFieldNameAndHeaderName() { try { FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithOaepPaddingDigestAlgorithm("SHA-512") .WithEncryptedValueFieldName("encryptedValue") .WithEncryptedKeyFieldName("encryptedKey") .WithValueEncoding(FieldValueEncoding.Hex) .Build(); } catch (Exception e) { Assert.AreEqual("At least one of IV field name or IV header name must be set!", e.Message); throw; } }
public void TestBuild_ShouldThrowArgumentException_WhenMissingEncryptedValueFieldName() { try { FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithOaepPaddingDigestAlgorithm("SHA-512") .WithEncryptedKeyFieldName("encryptedKey") .WithIvFieldName("iv") .WithValueEncoding(FieldValueEncoding.Hex) .Build(); } catch (Exception e) { Assert.AreEqual("Encrypted value field name cannot be null!", e.Message); throw; } }
public void TestBuild_Nominal() { var config = FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithEncryptionPath("$.payload", "$.encryptedPayload") .WithEncryptionCertificate(TestUtils.GetTestEncryptionCertificate()) .WithEncryptionCertificateFingerprint("97A2FFE9F0D48960EF31E87FCD7A55BF7843FB4A9EEEF01BDB6032AD6FEF146B") .WithEncryptionKeyFingerprint("F806B26BC4870E26986C70B6590AF87BAF4C2B56BB50622C51B12212DAFF2810") .WithEncryptionCertificateFingerprintFieldName("publicCertificateFingerprint") .WithEncryptionCertificateFingerprintHeaderName("x-public-certificate-fingerprint") .WithEncryptionKeyFingerprintFieldName("publicKeyFingerprint") .WithEncryptionKeyFingerprintHeaderName("x-public-key-fingerprint") .WithDecryptionPath("$.encryptedPayload", "$.payload") .WithDecryptionKey(TestUtils.GetTestDecryptionKey()) .WithOaepPaddingDigestAlgorithm("SHA-512") .WithOaepPaddingDigestAlgorithmFieldName("oaepPaddingDigestAlgorithm") .WithOaepPaddingDigestAlgorithmHeaderName("x-oaep-padding-digest-algorithm") .WithEncryptedValueFieldName("encryptedValue") .WithEncryptedKeyFieldName("encryptedKey") .WithEncryptedKeyHeaderName("x-encrypted-key") .WithIvFieldName("iv") .WithIvHeaderName("x-iv") .WithValueEncoding(FieldValueEncoding.Base64) .Build(); Assert.IsNotNull(config); Assert.AreEqual(1, config.EncryptionPaths.Count); Assert.IsNotNull(config.EncryptionCertificate); Assert.AreEqual("97A2FFE9F0D48960EF31E87FCD7A55BF7843FB4A9EEEF01BDB6032AD6FEF146B", config.EncryptionCertificateFingerprint); Assert.AreEqual("F806B26BC4870E26986C70B6590AF87BAF4C2B56BB50622C51B12212DAFF2810", config.EncryptionKeyFingerprint); Assert.AreEqual("publicCertificateFingerprint", config.EncryptionCertificateFingerprintFieldName); Assert.AreEqual("x-public-certificate-fingerprint", config.EncryptionCertificateFingerprintHeaderName); Assert.AreEqual("publicKeyFingerprint", config.EncryptionKeyFingerprintFieldName); Assert.AreEqual("x-public-key-fingerprint", config.EncryptionKeyFingerprintHeaderName); Assert.AreEqual(1, config.DecryptionPaths.Count); Assert.IsNotNull(config.DecryptionKey); Assert.AreEqual("SHA-512", config.OaepPaddingDigestAlgorithm); Assert.AreEqual("encryptedValue", config.EncryptedValueFieldName); Assert.AreEqual("encryptedKey", config.EncryptedKeyFieldName); Assert.AreEqual("x-encrypted-key", config.EncryptedKeyHeaderName); Assert.AreEqual("iv", config.IvFieldName); Assert.AreEqual("x-iv", config.IvHeaderName); Assert.AreEqual("oaepPaddingDigestAlgorithm", config.OaepPaddingDigestAlgorithmFieldName); Assert.AreEqual("x-oaep-padding-digest-algorithm", config.OaepPaddingDigestAlgorithmHeaderName); Assert.AreEqual(FieldValueEncoding.Base64, config.ValueEncoding); }
public void TestBuild_ShouldThrowArgumentException_WhenEncryptedKeyAndIvFieldNamesNotBothSetOrUnset() { try { FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithOaepPaddingDigestAlgorithm("SHA-512") .WithEncryptedValueFieldName("encryptedValue") .WithEncryptedKeyFieldName("encryptedKey") .WithEncryptedKeyHeaderName("x-encrypted-key") .WithIvHeaderName("x-iv") .WithValueEncoding(FieldValueEncoding.Hex) .Build(); } catch (Exception e) { Assert.AreEqual("IV field name and encrypted key field name must be both set or both unset!", e.Message); throw; } }
public void TestBuild_ShouldThrowArgumentException_WhenMissingEncryptionCertificate() { try { FieldLevelEncryptionConfigBuilder.AFieldLevelEncryptionConfig() .WithEncryptionPath("$.payload", "$.encryptedPayload") .WithOaepPaddingDigestAlgorithm("SHA-512") .WithEncryptedValueFieldName("encryptedValue") .WithEncryptedKeyFieldName("encryptedKey") .WithIvFieldName("iv") .WithValueEncoding(FieldValueEncoding.Hex) .Build(); } catch (Exception e) { Assert.AreEqual("Can't encrypt without encryption key!", e.Message); throw; } }