[ExpectedException(typeof(EncryptionException))] // THEN
public void TestInterceptResponse_ShouldThrowEncryptionException_WhenDecryptionFails()
{
// GIVEN
const string encryptedPayload = "{" +
" \"encryptedData\": {" +
" \"iv\": \"a2c494ca28dec4f3d6ce7d68b1044cfe\"," +
" \"encryptedKey\": \"NOT A VALID KEY!\"," +
" \"encryptedValue\": \"0672589113046bf692265b6ea6088184\"" +
" }" +
"}";
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithDecryptionPath("$.encryptedData", "$.data")
.Build();
var response = new RestResponseDouble
{
Content = encryptedPayload
};
try
{
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptResponse(response);
}
catch (Exception e)
{
// THEN
Assert.AreEqual("Failed to decode and unwrap the provided secret key value!", e.Message);
throw;
}
}
[ExpectedException(typeof(EncryptionException))] // THEN
public void TestInterceptRequest_ShouldThrowEncryptionException_WhenEncryptionFails()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.WithEncryptionCertificate(TestUtils.GetTestInvalidEncryptionCertificate()) // Invalid certificate
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service",
Parameters =
{
new Parameter {
Type = RequestBody, Encoding = Encoding.UTF8, Value = "{\"foo\":\"bar\"}"
}
}
};
try
{
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
}
catch (Exception e)
{
// THEN
Assert.AreEqual("Failed to wrap secret key!", e.Message);
throw;
}
}
public void TestInterceptResponse_ShouldDecryptResponsePayload()
{
// GIVEN
const string encryptedPayload = "{" +
" \"encryptedData\": {" +
" \"iv\": \"a32059c51607d0d02e823faecda5fb15\"," +
" \"encryptedKey\": \"a31cfe7a7981b72428c013270619554c1d645c04b9d51c7eaf996f55749ef62fd7c7f8d334f95913be41ae38c46d192670fd1acb84ebb85a00cd997f1a9a3f782229c7bf5f0fdf49fe404452d7ed4fd41fbb95b787d25893fbf3d2c75673cecc8799bbe3dd7eb4fe6d3f744b377572cdf8aba1617194e10475b6cd6a8dd4fb8264f8f51534d8f7ac7c10b4ce9c44d15066724b03a0ab0edd512f9e6521fdb5841cd6964e457d6b4a0e45ba4aac4e77d6bbe383d6147e751fa88bc26278bb9690f9ee84b17123b887be2dcef0873f4f9f2c895d90e23456fafb01b99885e31f01a3188f0ad47edf22999cc1d0ddaf49e1407375117b5d66f1f185f2b57078d255\"," +
" \"encryptedValue\": \"21d754bdb4567d35d58720c9f8364075\"," +
" \"oaepHashingAlgorithm\": \"SHA256\"" +
" }" +
"}";
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithDecryptionPath("$.encryptedData", "$.data")
.Build();
var response = new RestResponseDouble
{
Content = encryptedPayload,
Headers = new GenericHttpHeaders {
{ "Content-Length", "100" }
}
};
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptResponse(response);
// THEN
var payload = response.Content;
TestUtils.AssertPayloadEquals("{\"data\":\"string\"}", payload);
}
[ExpectedException(typeof(EncryptionException))] // THEN
public void TestInterceptRequest_ShouldThrowEncryptionException_WhenEncryptionFails()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.WithEncryptionCertificate(TestUtils.GetTestInvalidEncryptionCertificate()) // Invalid certificate
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service"
};
request.AddParameter("param1", "{\"foo\":\"bar\"}", ParameterType.RequestBody);
try
{
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
}
catch (Exception e)
{
// THEN
Assert.AreEqual("Payload encryption failed!", e.Message);
throw;
}
}
public void TestInterceptRequest_ShouldEncryptRequestPayloadAndUpdateContentLengthHeader()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service"
};
request.AddParameter("param1", "{\"foo\":\"bar\"}", ParameterType.RequestBody);
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
// THEN
var encryptedPayloadParam = request.Parameters.FirstOrDefault(param => param.Type == ParameterType.RequestBody);
Assert.IsNotNull(encryptedPayloadParam);
var encryptedPayload = encryptedPayloadParam.Value?.ToString();
Assert.IsNotNull(encryptedPayload);
Assert.IsFalse(encryptedPayload.Contains("foo"));
Assert.IsTrue(encryptedPayload.Contains("encryptedFoo"));
var contentLengthHeaderParam = request.Parameters.FirstOrDefault(param => param.Type == ParameterType.HttpHeader);
Assert.IsNotNull(contentLengthHeaderParam);
Assert.AreEqual(encryptedPayload.Length.ToString(), contentLengthHeaderParam.Value);
}
public void TestInterceptResponse_ShouldDoNothing_WhenNoPayload()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder().Build();
var response = new RestResponseDouble(null, null);
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptResponse(response);
}
public void TestInterceptResponse_ShouldDecryptResponsePayloadAndRemoveEncryptionHttpHeaders_WhenRequestedInConfig()
{
// GIVEN
const string encryptedPayload = "{" +
" \"encryptedData\": {" +
" \"encryptedValue\": \"21d754bdb4567d35d58720c9f8364075\"" +
" }" +
"}";
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithDecryptionPath("$.encryptedData", "$.data")
.WithIvHeaderName("x-iv")
.WithEncryptedKeyHeaderName("x-encrypted-key")
.WithOaepPaddingDigestAlgorithmHeaderName("x-oaep-padding-digest-algorithm")
.WithEncryptionCertificateFingerprintHeaderName("x-encryption-certificate-fingerprint")
.WithEncryptionKeyFingerprintHeaderName("x-encryption-key-fingerprint")
.Build();
Parameter[] param =
{
new Parameter("x-iv", "a32059c51607d0d02e823faecda5fb15", ParameterType.HttpHeader),
new Parameter("x-encrypted-key",
"a31cfe7a7981b72428c013270619554c1d645c04b9d51c7eaf996f55749ef62fd7c7f8d334f95913be41ae38c46d192670fd1acb84ebb85a00cd997f1a9a3f782229c7bf5f0fdf49fe404452d7ed4fd41fbb95b787d25893fbf3d2c75673cecc8799bbe3dd7eb4fe6d3f744b377572cdf8aba1617194e10475b6cd6a8dd4fb8264f8f51534d8f7ac7c10b4ce9c44d15066724b03a0ab0edd512f9e6521fdb5841cd6964e457d6b4a0e45ba4aac4e77d6bbe383d6147e751fa88bc26278bb9690f9ee84b17123b887be2dcef0873f4f9f2c895d90e23456fafb01b99885e31f01a3188f0ad47edf22999cc1d0ddaf49e1407375117b5d66f1f185f2b57078d255",
ParameterType.HttpHeader),
new Parameter("x-oaep-padding-digest-algorithm", "SHA256", ParameterType.HttpHeader),
new Parameter("x-encryption-key-fingerprint",
"761b003c1eade3a5490e5000d37887baa5e6ec0e226c07706e599451fc032a79", ParameterType.HttpHeader),
new Parameter("x-encryption-certificate-fingerprint",
"80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279", ParameterType.HttpHeader)
};
var response = new RestResponseDouble(param, encryptedPayload);
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptResponse(response);
// THEN
var payload = response.Content;
TestUtils.AssertPayloadEquals("{\"data\":\"string\"}", payload);
var headers = response.Headers.ToList();
Assert.IsNull(headers.Find(h => h.Name == "x-iv"));
Assert.IsNull(headers.Find(h => h.Name == "x-encrypted-key"));
Assert.IsNull(headers.Find(h => h.Name == "x-oaep-padding-digest-algorithm"));
Assert.IsNull(headers.Find(h => h.Name == "x-encryption-key-fingerprint"));
Assert.IsNull(headers.Find(h => h.Name == "x-encryption-certificate-fingerprint"));
}
public void TestInterceptRequest_ShouldDoNothing_WhenNoPayload()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.Build();
var request = new RestRequest
{
Method = Method.GET,
Resource = "/service"
};
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
}
public void TestInterceptRequest_ShouldEncryptRequestPayloadAndAddEncryptionHttpHeaders_WhenRequestedInConfig()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.WithIvHeaderName("x-iv")
.WithEncryptedKeyHeaderName("x-encrypted-key")
.WithOaepPaddingDigestAlgorithmHeaderName("x-oaep-padding-digest-algorithm")
.WithEncryptionCertificateFingerprintHeaderName("x-encryption-certificate-fingerprint")
.WithEncryptionKeyFingerprintHeaderName("x-encryption-key-fingerprint")
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service",
Parameters =
{
new Parameter {
Type = RequestBody, Encoding = Encoding.UTF8, Value = "{\"foo\":\"bar\"}"
}
}
};
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
// THEN
var encryptedPayloadParam = request.Parameters.FirstOrDefault(param => param.Type == RequestBody);
Assert.IsNotNull(encryptedPayloadParam);
var encryptedPayload = encryptedPayloadParam.Value.ToString();
Assert.IsNotNull(encryptedPayload);
Assert.IsFalse(encryptedPayload.Contains("foo"));
Assert.IsTrue(encryptedPayload.Contains("encryptedFoo"));
Assert.AreEqual(encryptedPayload.Length, request.Parameters.Find(HttpHeader, "Content-Length").First().Value);
Assert.IsNotNull(request.Parameters.Find(HttpHeader, "x-iv").First());
Assert.IsNotNull(request.Parameters.Find(HttpHeader, "x-encrypted-key").First());
Assert.AreEqual("SHA256", request.Parameters.Find(HttpHeader, "x-oaep-padding-digest-algorithm").First().Value);
Assert.AreEqual("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279", request.Parameters.Find(HttpHeader, "x-encryption-certificate-fingerprint").First().Value);
Assert.AreEqual("761b003c1eade3a5490e5000d37887baa5e6ec0e226c07706e599451fc032a79", request.Parameters.Find(HttpHeader, "x-encryption-key-fingerprint").First().Value);
}
