[ExpectedException(typeof(EncryptionException))] // THEN
public void TestInterceptRequest_ShouldThrowEncryptionException_WhenEncryptionFails()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.WithEncryptionCertificate(TestUtils.GetTestInvalidEncryptionCertificate()) // Invalid certificate
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service",
Parameters =
{
new Parameter {
Type = RequestBody, Encoding = Encoding.UTF8, Value = "{\"foo\":\"bar\"}"
}
}
};
try
{
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
}
catch (Exception e)
{
// THEN
Assert.AreEqual("Failed to wrap secret key!", e.Message);
throw;
}
}
[ExpectedException(typeof(EncryptionException))] // THEN
public void TestInterceptRequest_ShouldThrowEncryptionException_WhenEncryptionFails()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.WithEncryptionCertificate(TestUtils.GetTestInvalidEncryptionCertificate()) // Invalid certificate
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service"
};
request.AddParameter("param1", "{\"foo\":\"bar\"}", ParameterType.RequestBody);
try
{
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
}
catch (Exception e)
{
// THEN
Assert.AreEqual("Payload encryption failed!", e.Message);
throw;
}
}
public void TestInterceptRequest_ShouldEncryptRequestPayloadAndUpdateContentLengthHeader()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service"
};
request.AddParameter("param1", "{\"foo\":\"bar\"}", ParameterType.RequestBody);
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
// THEN
var encryptedPayloadParam = request.Parameters.FirstOrDefault(param => param.Type == ParameterType.RequestBody);
Assert.IsNotNull(encryptedPayloadParam);
var encryptedPayload = encryptedPayloadParam.Value?.ToString();
Assert.IsNotNull(encryptedPayload);
Assert.IsFalse(encryptedPayload.Contains("foo"));
Assert.IsTrue(encryptedPayload.Contains("encryptedFoo"));
var contentLengthHeaderParam = request.Parameters.FirstOrDefault(param => param.Type == ParameterType.HttpHeader);
Assert.IsNotNull(contentLengthHeaderParam);
Assert.AreEqual(encryptedPayload.Length.ToString(), contentLengthHeaderParam.Value);
}
public void TestInterceptRequest_ShouldDoNothing_WhenNoPayload()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.Build();
var request = new RestRequest
{
Method = Method.GET,
Resource = "/service"
};
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
}
public void TestInterceptRequest_ShouldEncryptRequestPayloadAndAddEncryptionHttpHeaders_WhenRequestedInConfig()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder()
.WithEncryptionPath("$.foo", "$.encryptedFoo")
.WithIvHeaderName("x-iv")
.WithEncryptedKeyHeaderName("x-encrypted-key")
.WithOaepPaddingDigestAlgorithmHeaderName("x-oaep-padding-digest-algorithm")
.WithEncryptionCertificateFingerprintHeaderName("x-encryption-certificate-fingerprint")
.WithEncryptionKeyFingerprintHeaderName("x-encryption-key-fingerprint")
.Build();
var request = new RestRequest
{
Method = Method.POST,
Resource = "/service",
Parameters =
{
new Parameter {
Type = RequestBody, Encoding = Encoding.UTF8, Value = "{\"foo\":\"bar\"}"
}
}
};
// WHEN
var instanceUnderTest = new RestSharpFieldLevelEncryptionInterceptor(config);
instanceUnderTest.InterceptRequest(request);
// THEN
var encryptedPayloadParam = request.Parameters.FirstOrDefault(param => param.Type == RequestBody);
Assert.IsNotNull(encryptedPayloadParam);
var encryptedPayload = encryptedPayloadParam.Value.ToString();
Assert.IsNotNull(encryptedPayload);
Assert.IsFalse(encryptedPayload.Contains("foo"));
Assert.IsTrue(encryptedPayload.Contains("encryptedFoo"));
Assert.AreEqual(encryptedPayload.Length, request.Parameters.Find(HttpHeader, "Content-Length").First().Value);
Assert.IsNotNull(request.Parameters.Find(HttpHeader, "x-iv").First());
Assert.IsNotNull(request.Parameters.Find(HttpHeader, "x-encrypted-key").First());
Assert.AreEqual("SHA256", request.Parameters.Find(HttpHeader, "x-oaep-padding-digest-algorithm").First().Value);
Assert.AreEqual("80810fc13a8319fcf0e2ec322c82a4c304b782cc3ce671176343cfe8160c2279", request.Parameters.Find(HttpHeader, "x-encryption-certificate-fingerprint").First().Value);
Assert.AreEqual("761b003c1eade3a5490e5000d37887baa5e6ec0e226c07706e599451fc032a79", request.Parameters.Find(HttpHeader, "x-encryption-key-fingerprint").First().Value);
}
