/// <summary>
/// Encrypts the provided data using the descriptor string specified
/// by <see cref="ProtectionDescriptor"/>.
/// </summary>
/// <param name="node">The data to encrypt.</param>
/// <returns>The encrypted form of the input data.</returns>
public override XmlNode Encrypt(XmlNode node)
{
if (node == null)
{
throw new ArgumentNullException(nameof(node));
}
// precondition checks
if (String.IsNullOrWhiteSpace(ProtectionDescriptor))
{
throw new InvalidOperationException("The ProtectionDescriptor property has not been initialized.");
}
// protect the data
byte[] unprotectedData = Encoding.UTF8.GetBytes(node.OuterXml);
byte[] protectedData = new ProtectionDescriptorClass(ProtectionDescriptor).ProtectSecret(unprotectedData);
// and turn it into the correct data format
return(XElementToXmlNode(
new XElement("EncryptedData",
new XComment($"Payload protected to protection descriptor '{ProtectionDescriptor}'"),
new XElement("CipherData",
new XElement("CipherValue", Convert.ToBase64String(protectedData))))));
}
/// <summary>
/// Decrypts the provided data which was previously encrypted
/// using <see cref="Encrypt(XmlNode)"/>.
/// </summary>
/// <param name="encryptedNode">The data to decrypt.</param>
/// <returns>The decrypted form of the input data.</returns>
public override XmlNode Decrypt(XmlNode encryptedNode)
{
if (encryptedNode == null)
{
throw new ArgumentNullException(nameof(encryptedNode));
}
// convert to usable type and extract protected payload
XElement encryptedElement = XmlNodeToXElement(encryptedNode);
string protectedBase64 = null;
if (encryptedElement.Name == "EncryptedData")
{
protectedBase64 = encryptedElement.Element("CipherData")?.Element("CipherValue")?.Value;
}
if (String.IsNullOrWhiteSpace(protectedBase64))
{
throw new ConfigurationErrorsException("The provided node is malformed.");
}
// unprotect the data
byte[] protectedData = Convert.FromBase64String(protectedBase64);
byte[] unprotectedData = ProtectionDescriptorClass.UnprotectSecret(protectedData);
string unprotectedXml = Encoding.UTF8.GetString(unprotectedData);
// turn this back into an XML doc
XmlDocument xmlDocument = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDocument.LoadXml(unprotectedXml);
return(xmlDocument.DocumentElement);
}
/// <summary>
/// Encrypts the provided data using the descriptor string specified
/// by <see cref="ProtectionDescriptor"/>.
/// </summary>
/// <param name="node">The data to encrypt.</param>
/// <returns>The encrypted form of the input data.</returns>
public override XmlNode Encrypt(XmlNode node)
{
if (node == null)
{
throw new ArgumentNullException(nameof(node));
}
// precondition checks
if (String.IsNullOrWhiteSpace(ProtectionDescriptor))
{
throw new InvalidOperationException("The ProtectionDescriptor property has not been initialized.");
}
// protect the data
byte[] unprotectedData = Encoding.UTF8.GetBytes(node.OuterXml);
byte[] protectedData = new ProtectionDescriptorClass(ProtectionDescriptor).ProtectSecret(unprotectedData);
// and turn it into the correct data format
return XElementToXmlNode(
new XElement("EncryptedData",
new XComment($"Payload protected to protection descriptor '{ProtectionDescriptor}'"),
new XElement("CipherData",
new XElement("CipherValue", Convert.ToBase64String(protectedData)))));
}
