/// <remarks>
/// If there isn't any data that needs to be decrypted, input stream will be returned without any modification.
/// Else input stream will be disposed, and a new stream is returned.
/// In case of an exception, input stream won't be disposed, but position will be end of stream.
/// </remarks>
public static async Task <(Stream, DecryptionContext)> DecryptAsync(
Stream input,
Encryptor encryptor,
CosmosDiagnosticsContext diagnosticsContext,
CancellationToken cancellationToken)
{
if (input == null)
{
return(input, null);
}
Debug.Assert(input.CanSeek);
Debug.Assert(encryptor != null);
Debug.Assert(diagnosticsContext != null);
JObject itemJObj = EncryptionProcessor.RetrieveItem(input);
JObject encryptionPropertiesJObj = EncryptionProcessor.RetrieveEncryptionProperties(itemJObj);
if (encryptionPropertiesJObj == null)
{
input.Position = 0;
return(input, null);
}
EncryptionProperties encryptionProperties = encryptionPropertiesJObj.ToObject <EncryptionProperties>();
DecryptionContext decryptionContext;
switch (encryptionProperties.EncryptionAlgorithm)
{
case CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized:
decryptionContext = await EncryptionProcessor.MdeEncAlgoDecryptObjectAsync(
itemJObj,
encryptor,
encryptionProperties,
diagnosticsContext,
cancellationToken);
break;
case CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized:
decryptionContext = await EncryptionProcessor.LegacyEncAlgoDecryptContentAsync(
itemJObj,
encryptionProperties,
encryptor,
diagnosticsContext,
cancellationToken);
break;
default:
throw new NotSupportedException($"Encryption Algorithm : {encryptionProperties.EncryptionAlgorithm} is not supported.");
}
input.Dispose();
return(EncryptionProcessor.BaseSerializer.ToStream(itemJObj), decryptionContext);
}
public static async Task <(JObject, DecryptionContext)> DecryptAsync(
JObject document,
Encryptor encryptor,
CosmosDiagnosticsContext diagnosticsContext,
CancellationToken cancellationToken)
{
Debug.Assert(document != null);
Debug.Assert(encryptor != null);
JObject encryptionPropertiesJObj = EncryptionProcessor.RetrieveEncryptionProperties(document);
if (encryptionPropertiesJObj == null)
{
return(document, null);
}
EncryptionProperties encryptionProperties = encryptionPropertiesJObj.ToObject <EncryptionProperties>();
DecryptionContext decryptionContext;
switch (encryptionProperties.EncryptionAlgorithm)
{
case CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized:
decryptionContext = await EncryptionProcessor.MdeEncAlgoDecryptObjectAsync(
document,
encryptor,
encryptionProperties,
diagnosticsContext,
cancellationToken);
break;
case CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized:
decryptionContext = await EncryptionProcessor.LegacyEncAlgoDecryptContentAsync(
document,
encryptionProperties,
encryptor,
diagnosticsContext,
cancellationToken);
break;
default:
throw new NotSupportedException($"Encryption Algorithm : {encryptionProperties.EncryptionAlgorithm} is not supported.");
}
return(document, decryptionContext);
}
