/// <summary>
/// Decrypts the specified cipher text.
/// </summary>
/// <param name="cipherText">The cipher text.</param>
/// <param name="encryptKey">
/// An object to used to look up invokation-specific encryption parameters.
/// </param>
/// <param name="serializationState">
/// An object that holds an arbitrary value that is passed to one or more decrypt
/// operations within a single serialization operation.
/// </param>
/// <returns>The decrypted text.</returns>
public string Decrypt(string cipherText, object encryptKey, SerializationState serializationState)
{
var decryptor =
serializationState == null
? _crypto.GetDecryptor(encryptKey)
: serializationState.Get(() => _crypto.GetDecryptor(encryptKey));
var plainText = decryptor.Decrypt(cipherText);
return(plainText);
}
/// <summary>
/// Decrypts the specified cipher text.
/// </summary>
/// <param name="cipherText">The cipher text.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or null to use the default credential.
/// </param>
/// <param name="serializationState">
/// An object that holds an arbitrary value that is passed to one or more decrypt
/// operations within a single serialization operation.
/// </param>
/// <returns>The decrypted text.</returns>
public string Decrypt(string cipherText, string credentialName, SerializationState serializationState)
{
var decryptor = serializationState.Get(() => _crypto.GetDecryptor(credentialName?.ToString()));
var plainText = decryptor.Decrypt(cipherText);
return(plainText);
}
/// <summary>
/// Decrypts the fields, specified by JSONPath, that are contained in the given json document string.
/// </summary>
/// <param name="crypto">
/// The instance of <see cref="ICrypto"/> that ultimately responsible for performing decryption operations
/// on field values.
/// </param>
/// <param name="jsonString">A string containing an json document.</param>
/// <param name="jsonPathsToDecrypt">One or more JSONPaths of the fields to decrypt.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or null to use the default credential.
/// </param>
/// <returns>The same json document, except with the specified fields decrypted.</returns>
public static string DecryptJson(this ICrypto crypto, string jsonString, IEnumerable <string> jsonPathsToDecrypt, string credentialName = null)
{
if (crypto == null)
{
throw new ArgumentNullException(nameof(crypto));
}
if (jsonString == null)
{
throw new ArgumentNullException(nameof(jsonString));
}
if (jsonPathsToDecrypt == null)
{
throw new ArgumentNullException(nameof(jsonPathsToDecrypt));
}
var token = JToken.Parse(jsonString);
var decryptor = new Lazy <IDecryptor>(() => crypto.GetDecryptor(credentialName));
var anyPaths = false;
foreach (var jsonPath in jsonPathsToDecrypt)
{
if (jsonPath == null)
{
throw new ArgumentException($"{nameof(jsonPathsToDecrypt)} cannot have null items.", nameof(jsonPathsToDecrypt));
}
anyPaths = true;
foreach (var match in token.SelectTokens(jsonPath).ToArray())
{
var decryptedToken = JToken.Parse(decryptor.Value.Decrypt(match.Value <string>()));
if (ReferenceEquals(token, match))
{
token = decryptedToken;
continue;
}
switch (match.Parent)
{
case JProperty property:
property.Value = decryptedToken;
break;
case JArray array:
array[array.IndexOf(match)] = decryptedToken;
break;
}
}
}
if (!anyPaths)
{
throw new ArgumentException($"{nameof(jsonPathsToDecrypt)} must have at least one item.", nameof(jsonPathsToDecrypt));
}
return(token.ToString(Formatting.None));
}
/// <summary>
/// Decrypts the fields, specified by XPath, that are contained in the given xml document string.
/// </summary>
/// <param name="crypto">
/// The instance of <see cref="ICrypto"/> that ultimately responsible for performing decryption operations
/// on field values.
/// </param>
/// <param name="xmlString">A string containing an xml document.</param>
/// <param name="xpathsToDecrypt">One or more XPaths of the fields to decrypt.</param>
/// <param name="credentialName">
/// The name of the credential to use for this encryption operation,
/// or null to use the default credential.
/// </param>
/// <returns>The same xml document, except with the specified fields decrypted.</returns>
public static string DecryptXml(this ICrypto crypto, string xmlString, IEnumerable <string> xpathsToDecrypt, string credentialName = null)
{
if (crypto == null)
{
throw new ArgumentNullException(nameof(crypto));
}
if (xmlString == null)
{
throw new ArgumentNullException(nameof(xmlString));
}
if (xpathsToDecrypt == null)
{
throw new ArgumentNullException(nameof(xpathsToDecrypt));
}
var doc = new XmlDocument();
doc.LoadXml(xmlString);
var navigator = doc.CreateNavigator();
var decryptor = new Lazy <IDecryptor>(() => crypto.GetDecryptor(credentialName));
var anyPaths = false;
foreach (var xpath in xpathsToDecrypt)
{
if (xpath == null)
{
throw new ArgumentException($"{nameof(xpathsToDecrypt)} cannot have null items.", nameof(xpathsToDecrypt));
}
anyPaths = true;
foreach (XPathNavigator match in navigator.Select(xpath))
{
var decrypted = decryptor.Value.Decrypt(match.InnerXml);
if (decrypted != match.InnerXml)
{
try
{
match.InnerXml = decrypted;
}
catch
{
match.SetValue(decrypted);
}
}
}
}
if (!anyPaths)
{
throw new ArgumentException($"{nameof(xpathsToDecrypt)} must have at least one item.", nameof(xpathsToDecrypt));
}
return(doc.OuterXml);
}
/// <summary> /// Gets an instance of <see cref="IDecryptor"/> using the default credential. /// </summary> /// <param name="crypto">An <see cref="ICrypto"/>.</param> /// <returns>An object that can be used for decryption operations.</returns> public static IDecryptor GetDecryptor(this ICrypto crypto) => crypto.GetDecryptor(null);
/// <summary> /// Gets an instance of <see cref="IDecryptor"/> using the default credential. /// </summary> /// <param name="crypto">An <see cref="ICrypto"/>.</param> /// <returns>An object that can be used for decryption operations.</returns> public static IDecryptor GetDecryptor(this ICrypto crypto) => crypto?.GetDecryptor(null) ?? throw new ArgumentNullException(nameof(crypto));