/// <summary>
/// Encrypts given plaintext using JWE and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="plaintext">Binary data to encrypt (not null)</param>
/// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param>
/// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param>
/// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to put in the JoseProtectedHeader.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encrypt(byte[] plaintext, IEnumerable <Recipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Compact, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
if (plaintext == null)
{
throw new ArgumentNullException(nameof(plaintext));
}
settings = GetSettings(settings);
IJweAlgorithm _enc = settings.Jwe(enc);
if (_enc == null)
{
throw new JoseException(string.Format("Unsupported JWE enc requested: {0}", enc));
}
IDictionary <string, object> joseProtectedHeader = Dictionaries.MergeHeaders(
new Dictionary <string, object> {
{ "enc", settings.JweHeaderValue(enc) }
},
extraHeaders);
byte[] cek = null;
var recipientsOut = new List <(byte[] EncryptedKey, IDictionary <string, object> Header)>();
foreach (var recipient in recipients)
{
IKeyManagement keys = settings.Jwa(recipient.Alg);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWE alg requested: {0}", recipient.Alg));
}
// joseHeader - is merge of headers
// - key management will read from (e.g. enc,apv,apu - ECDH-ES)
// - key management will write to (e.g. iv, tag - AesGcmKW)
IDictionary <string, object> joseHeader = Dictionaries.MergeHeaders(
joseProtectedHeader,
new Dictionary <string, object> {
{ "alg", settings.JwaHeaderValue(recipient.Alg) }
},
recipient.PerRecipientHeaders);
byte[] encryptedCek;
if (cek == null)
{
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, recipient.Key, joseHeader);
cek = contentKeys[0];
encryptedCek = contentKeys[1];
}
else
{
encryptedCek = keys.WrapKey(cek, recipient.Key, joseHeader);
}
// For the per-receipient header we want the headers from the result of IKeyManagements key wrapping.. but without the
// protected headers that were merged in
IDictionary <string, object> recipientHeader = joseHeader.Except(joseProtectedHeader).ToDictionary(x => x.Key, v => v.Value);
recipientsOut.Add((EncryptedKey: encryptedCek, Header: recipientHeader));
}
if (compression.HasValue)
{
joseProtectedHeader["zip"] = settings.CompressionHeader(compression.Value);
plaintext = settings.Compression(compression.Value).Compress(plaintext);
}
switch (mode)
{
case SerializationMode.Compact:
{
if (recipientsOut.Count != 1)
{
throw new JoseException("Only one recipient is supported by the JWE Compact Serialization.");
}
if (aad != null)
{
throw new JoseException("JWE AAD value is not valid for JWE Compact Serialization.");
}
joseProtectedHeader = Dictionaries.MergeHeaders(recipientsOut[0].Header, joseProtectedHeader);
byte[] header = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, plaintext, cek);
return(Compact.Serialize(header, recipientsOut[0].EncryptedKey, encParts[0], encParts[1], encParts[2]));
}
case SerializationMode.Json:
{
var protectedHeaderBytes = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeaderBytes));
var aadToEncrypt = aad == null ? asciiEncodedProtectedHeader : asciiEncodedProtectedHeader.Concat(new byte[] { 0x2E }).Concat(aad).ToArray();
byte[][] encParts = _enc.Encrypt(aadToEncrypt, plaintext, cek);
var toSerialize = new Dictionary <string, object>
{
{ "protected", Base64Url.Encode(protectedHeaderBytes) },
{ "iv", Base64Url.Encode(encParts[0]) },
{ "ciphertext", Base64Url.Encode(encParts[1]) },
{ "tag", Base64Url.Encode(encParts[2]) },
};
if (aad != null)
{
toSerialize["aad"] = Base64Url.Encode(aad);
}
if (recipientsOut.Count == 1)
{
toSerialize["header"] = recipientsOut.Select(r => r.Header).First();
toSerialize["encrypted_key"] = recipientsOut.Select(r => Base64Url.Encode(r.EncryptedKey)).First();
}
else
{
toSerialize["recipients"] = recipientsOut.Select(r => new
{
header = r.Header,
encrypted_key = Base64Url.Encode(r.EncryptedKey),
});
}
return(settings.JsonMapper.Serialize(toSerialize));
}
default:
throw new JoseException($"Unsupported serializtion mode: {mode}.");
}
}