public string Decrypt(JweConfig config) { byte[] unwrappedKey = RsaEncryption.UnwrapSecretKey(config, Base64Utils.URLDecode(EncryptedKey), "SHA-256"); if (unwrappedKey == null) { throw new EncryptionException(String.Format("Failed to unwrap key {0}", EncryptedKey)); } string encryptionMethod = Header.Enc; byte[] plaintext; if (A256GCM.Equals(encryptionMethod)) { plaintext = AesGcm.Decrypt(unwrappedKey, this); } else if (A128CBC_HS256.Equals(encryptionMethod)) { plaintext = AesCbc.Decrypt(unwrappedKey, this); } else { throw new EncryptionException(String.Format("Encryption method {0} is not supported", encryptionMethod)); } return(Encoding.UTF8.GetString(plaintext)); }
public static string Encrypt(JweConfig config, String payload, JweHeader header) { byte[] cek = AesEncryption.GenerateCek(256); byte[] encryptedSecretKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), cek, "SHA-256"); string encryptedKey = Base64Utils.URLEncode(encryptedSecretKeyBytes); byte[] iv = AesEncryption.GenerateIV(); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); string headerString = header.Json.ToString(); string encodedHeader = Base64Utils.URLEncode(Encoding.UTF8.GetBytes(headerString)); byte[] aad = Encoding.ASCII.GetBytes(encodedHeader); var encrypted = AesGcm.Encrypt(cek, iv, payloadBytes, aad); return(Serialize(encodedHeader, encryptedKey, Base64Utils.URLEncode(iv), Base64Utils.URLEncode(encrypted.Ciphertext), Base64Utils.URLEncode(encrypted.AuthTag))); }
public static string DecryptPayload(string payload, JweConfig config) { try { // Parse the given payload JToken json = JObject.Parse(payload); // Perform decryption foreach (var entry in config.DecryptionPaths) { string jsonPathIn = entry.Key; string jsonPathOut = entry.Value; json = DecryptPayloadPath(json, jsonPathIn, jsonPathOut, config); } return(json.ToString()); } catch (Exception ex) { throw new EncryptionException("Payload decryption failed!", ex); } }
private static JToken DecryptPayloadPath(JToken payload, string jsonPathIn, string jsonPathOut, JweConfig config) { JToken token = payload.SelectToken(jsonPathIn); if (JsonUtils.IsNullOrEmptyJson(token)) { // Nothing to decrypt return(payload); } // Read and remove encrypted data and encryption fields at the given JSON path string encryptedValue = ReadAndDeleteJsonKey(payload, token, config.EncryptedValueFieldName); if (string.IsNullOrEmpty(encryptedValue)) { // Nothing to decrypt return(payload); } JweObject jweObject = JweObject.Parse(encryptedValue); string decryptedValue = jweObject.Decrypt(config); if ("$".Equals(jsonPathOut)) { return(JObject.Parse(decryptedValue)); } JsonUtils.CheckOrCreateOutObject(payload, jsonPathOut); JsonUtils.AddDecryptedDataToPayload(payload, decryptedValue, jsonPathOut); // Remove the input token = payload.SelectToken(jsonPathIn); if (null != token && token.Parent != null) { token.Parent.Remove(); } return(payload); }
private static JToken EncryptPayloadPath(JToken json, string jsonPathIn, string jsonPathOut, JweConfig config) { JToken token = json.SelectToken(jsonPathIn); if (JsonUtils.IsNullOrEmptyJson(token)) { // Nothing to encrypt return(json); } // Encode and encrypt string inJsonString = JsonUtils.SanitizeJson(token.ToString(Formatting.None)); JweHeader header = new JweHeader(ALGORITHM, ENCRYPTION, config.EncryptionKeyFingerprint, CONTENT_TYPE); string encrypted = JweObject.Encrypt(config, inJsonString, header); // Delete data in the clear if ("$".Equals(jsonPathIn)) { // Create a new object json = JObject.Parse("{}"); } else { token.Parent.Remove(); } JsonUtils.CheckOrCreateOutObject(json, jsonPathOut); var outJsonToken = json.SelectToken(jsonPathOut) as JObject; JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedValueFieldName, encrypted); return(outJsonToken); }
/// <summary> /// Constructor. /// </summary> public RestSharpJweEncryptionInterceptor(JweConfig config) { _config = config; }