diff --git a/Encryption/AspNetCoreEncryptor.cs b/Encryption/AspNetCoreEncryptor.cs
index 82afe8c44a2f04abd51778eec26e30f4e4a5990c..e37e0d71947a47b7191d488cce40e0565b5ec4e3 100644
--- a/Encryption/AspNetCoreEncryptor.cs
+++ b/Encryption/AspNetCoreEncryptor.cs
@@ -5,37 +5,32 @@ using IdentityModel.Jwk;
namespace FitConnect.Encryption;
public class AspNetCoreEncryptor : IEncryptor {
- public string Encrypt(string plain, string key, out object? passOver) {
- var encryptionKey = new JsonWebKey(key);
- var rsa = encryptionKey.ToRsaPublicKey();
+ private readonly RSAEncryptionPadding _rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA256;
+ public string Encrypt(string plain, string key, out object? passOver) {
+ var rsa = new JsonWebKey(key).ToRsaKey();
passOver = rsa;
- var cipher = rsa.Encrypt(Encoding.UTF8.GetBytes(plain), RSAEncryptionPadding.OaepSHA512);
+ var cipher = rsa.Encrypt(Encoding.UTF8.GetBytes(plain), _rsaEncryptionPadding);
return Convert.ToBase64String(cipher);
}
public string Decrypt(string cipher, string key, object? passOver = null) {
- var encryptionKey = new JsonWebKey(key);
- var rsa = encryptionKey.ToRsaPrivateKey();
+ var rsa = new JsonWebKey(key).ToRsaKey();
- var plain = rsa.Decrypt(Convert.FromBase64String(cipher), RSAEncryptionPadding.OaepSHA512);
+ var plain = rsa.Decrypt(Convert.FromBase64String(cipher), _rsaEncryptionPadding);
return Encoding.UTF8.GetString(plain);
}
public byte[] Encrypt(byte[] plain, string key, out object? passOver) {
- var encryptionKey = new JsonWebKey(key);
- var rsa = encryptionKey.ToRsaPublicKey();
-
+ var rsa = new JsonWebKey(key).ToRsaKey();
passOver = rsa;
- return rsa.Encrypt(plain, RSAEncryptionPadding.OaepSHA512);
+ return rsa.Encrypt(plain, _rsaEncryptionPadding);
}
public byte[] Decrypt(byte[] cipher, string key, object? passOver = null) {
- var encryptionKey = new JsonWebKey(key);
- var rsa = encryptionKey.ToRsaPrivateKey();
-
- return rsa.Decrypt(cipher, RSAEncryptionPadding.OaepSHA512);
+ var rsa = new JsonWebKey(key).ToRsaKey();
+ return rsa.Decrypt(cipher, _rsaEncryptionPadding);
}
}
diff --git a/Encryption/FitEncryption.cs b/Encryption/FitEncryption.cs
index 9be480e38f33444a2621abc03a2af665d7f6180b..26f4d81636bf51db0835f8a49f51e78a512369a5 100644
--- a/Encryption/FitEncryption.cs
+++ b/Encryption/FitEncryption.cs
@@ -1,7 +1,4 @@
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
using Microsoft.Extensions.Logging;
-using Microsoft.IdentityModel.Tokens;
namespace FitConnect.Encryption;
@@ -63,6 +60,7 @@ public class FitEncryption {
return _encryptor.Encrypt(plain, PrivateKeyDecryption, out var _);
}
+
public byte[] Encrypt(byte[] plain) {
if (PrivateKeyDecryption == null) {
throw new InvalidOperationException("PrivateKey is not provided");
diff --git a/Encryption/IEncryption.cs b/Encryption/IEncryption.cs
index 42dcf6896b6a285af6578f1eac7bb833c3fd9739..585a698e3054728af3446bc7276c477941b33187 100644
--- a/Encryption/IEncryption.cs
+++ b/Encryption/IEncryption.cs
@@ -14,7 +14,6 @@ public interface IEncryption {
/// <exception cref="Exception"></exception>
void ImportCertificate(string certificatePath, string password);
- byte[] DecryptData(byte[] data);
string DecryptData(string data);
byte[] ExportPublicKey();
diff --git a/Encryption/JsonWebKeyExtension.cs b/Encryption/JsonWebKeyExtension.cs
index ec1db5103f19e3397f20131f4e4486ababd5f77f..cbebc8c619794b7498ccea70261b6beaf64969f1 100644
--- a/Encryption/JsonWebKeyExtension.cs
+++ b/Encryption/JsonWebKeyExtension.cs
@@ -6,16 +6,7 @@ using IdentityModel.Jwk;
namespace FitConnect.Encryption;
public static class JsonWebKeyExtension {
- public static RSA ToRsaPublicKey(this JsonWebKey jsonWebKey) {
- var rsa = RSA.Create();
- rsa.ImportParameters(new RSAParameters {
- Modulus = Base64Url.Decode(jsonWebKey.N),
- Exponent = Base64Url.Decode(jsonWebKey.E)
- });
- return rsa;
- }
-
- public static RSA ToRsaPrivateKey(this JsonWebKey jsonWebKey) {
+ public static RSA ToRsaKey(this JsonWebKey jsonWebKey) {
var rsa = RSA.Create();
rsa.ImportParameters(new RSAParameters {
Modulus = Base64Url.Decode(jsonWebKey.N),
@@ -25,8 +16,9 @@ public static class JsonWebKeyExtension {
Q = Base64Url.Decode(jsonWebKey.Q),
DP = Base64Url.Decode(jsonWebKey.DP),
DQ = Base64Url.Decode(jsonWebKey.DQ),
- InverseQ = Base64Url.Decode(jsonWebKey.QI)
+ InverseQ = Base64Url.Decode(jsonWebKey.QI),
});
+ // = "RSA-OAEP-256";
return rsa;
- }
+ }
}
diff --git a/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs b/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
index 140fec83498fb0beec2e0884327665d862fc2646..19e25d49934a8f41cdce22b7f95413a39f06747f 100644
--- a/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
@@ -26,7 +26,6 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
[OneTimeSetUp]
public void OneTimeSetup() {
-
}
[OneTimeTearDown]
@@ -45,16 +44,13 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
_sender = Sender.Create(
FitConnectEndpoints.Create(FitConnectEndpoints.EndpointType.Development),
_logger);
-
- var certificate = new X509Certificate2("./certificate.pfx");
- _sender.Encryption.ImportCertificate(certificate);
}
[Test]
[Order(10)]
public void CryptWithOutPublicKeyImport() {
- cypher = _sender.Encryption.EncryptData(Encoding.UTF8.GetBytes(ToEncrypt));
+ cypher = _sender.Encryption.Encrypt(Encoding.UTF8.GetBytes(ToEncrypt));
_logger.LogInformation("Cypher: {}", Convert.ToBase64String(cypher));
}
@@ -62,14 +58,10 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
[Test]
[Order(20)]
public void Decrypt_ResultShouldMatchToEncrypt() {
- var result = _sender.Encryption.DecryptData(cypher!);
+ var result = _sender.Encryption.Decrypt(cypher!);
Encoding.UTF8.GetString(result).Should().Be(ToEncrypt);
}
- [Test]
- public void ExportPrivateKey() {
- var privateKey = _sender.Encryption.ExportPrivateKey();
- _logger.LogInformation("Private key: {}", Convert.ToBase64String(privateKey));
- }
+
}
diff --git a/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs b/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
index 272bd452f4f3d56317e6dbb0faab20fe2333a4c8..2ae2dd76b1e1ef42790a48a21e29fb7a2718deec 100644
--- a/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
@@ -32,7 +32,7 @@ public class SenderEncryptionWithoutCertificateTest {
[Test]
[Order(10)]
public void EncryptData_ShouldNotThrowAnyException() {
- var cypher = _sender.Encryption.EncryptData(Encoding.UTF8.GetBytes(ToEncrypt));
+ var cypher = _sender.Encryption.Encrypt(Encoding.UTF8.GetBytes(ToEncrypt));
_cypherText = Convert.ToBase64String(cypher);
_logger.LogInformation("Cypher: {}", _cypherText);
@@ -43,14 +43,9 @@ public class SenderEncryptionWithoutCertificateTest {
[Order(20)]
public void DecryptData_ShouldMatchToEncrypt() {
var cypher = Convert.FromBase64String(_cypherText);
- var plain = _sender.Encryption.DecryptData(cypher);
+ var plain = _sender.Encryption.Decrypt(cypher);
Encoding.UTF8.GetString(plain).Should().Be(ToEncrypt);
}
- [Test]
- public void ExportPrivateKey_ShouldNotThrowAnyException() {
- var privateKey = _sender.Encryption.ExportPrivateKey();
- _logger.LogInformation("Private key: {}", Convert.ToBase64String(privateKey));
- }
}
diff --git a/FitConnect/BaseClasses/FunctionalBaseClass.cs b/FitConnect/BaseClasses/FunctionalBaseClass.cs
index 11fd4d2840f63151e6535ad30973b0edb2003013..7ab82efdcd307800672a6913b55900ec36f19e49 100644
--- a/FitConnect/BaseClasses/FunctionalBaseClass.cs
+++ b/FitConnect/BaseClasses/FunctionalBaseClass.cs
@@ -8,7 +8,7 @@ using Microsoft.Extensions.Logging;
namespace FitConnect.BaseClasses;
public abstract class FunctionalBaseClass {
- public readonly IEncryption Encryption;
+ public readonly FitEncryption Encryption;
protected readonly ILogger? Logger;
// protected readonly FitConnectApiService ApiService;
@@ -41,7 +41,6 @@ public abstract class FunctionalBaseClass {
RouteService = routeService;
}
- public X509Certificate2 Certificate { get; }
internal Client Owner { get; set; }
diff --git a/FitConnect/FluentSubscriber.cs b/FitConnect/FluentSubscriber.cs
index 51a37b7841aed67b7478073828f420a6a51c73d7..60bf3342f2f67d171cbc27fb538cd20ce2413929 100644
--- a/FitConnect/FluentSubscriber.cs
+++ b/FitConnect/FluentSubscriber.cs
@@ -1,5 +1,6 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
+using FitConnect.Encryption;
using FitConnect.Interfaces;
using FitConnect.Models;
using FitConnect.Services;
@@ -17,6 +18,7 @@ public class FluentSubscriber : Subscriber,
IFluentSubscriberWithSubmission {
private readonly string _privateKeyDecryption;
private OAuthAccessToken? _token;
+ private FitEncryption _encryption;
public FluentSubscriber(FitConnectEndpoints endpoints,
@@ -59,12 +61,12 @@ public class FluentSubscriber : Subscriber,
Authenticate(Owner.ClientId, Owner.ClientSecret);
var submission = (Submission)SubmissionService.GetSubmission(submissionId);
- var metaDataString = Encryption.DecryptData(submission.EncryptedMetadata);
+ var metaDataString = Encryption.Decrypt(submission.EncryptedMetadata);
if (metaDataString != null)
submission.Metadata =
JsonConvert.DeserializeObject<Metadata>(metaDataString);
- var dataString = Encryption.DecryptData(submission.EncryptedData);
+ var dataString = Encryption.Decrypt(submission.EncryptedData);
if (dataString != null)
submission.Data =
JsonConvert.DeserializeObject<Data>(dataString);
@@ -88,7 +90,7 @@ public class FluentSubscriber : Subscriber,
foreach (var id in Submission!.Attachments.Select(a => a.Id)) {
var encryptedAttachment = SubmissionService.GetAttachment(Submission.Id, id);
- var content = Encryption.DecryptData(Convert.FromBase64String(encryptedAttachment));
+ var content = _encryption.Decrypt(Convert.FromBase64String(encryptedAttachment));
// TODO where do I get the hash from the server to verify the attachment?
var hash = MD5.Create(HashAlgorithmName.SHA512.ToString())?.ComputeHash(content) ??