Cleaned encryption project

889ad40f · Klaus Fischer · d961f1ad · 889ad40f · 889ad40f · 889ad40f
Commit 889ad40f authored 2 years ago by Klaus Fischer
--- a/Encryption/AspNetCoreEncryptor.cs
+++ b/Encryption/AspNetCoreEncryptor.cs
@@ -5,37 +5,32 @@ using IdentityModel.Jwk;
 namespace FitConnect.Encryption;
 public class AspNetCoreEncryptor : IEncryptor {
-    public string Encrypt(string plain, string key, out object? passOver) {
+    private readonly RSAEncryptionPadding _rsaEncryptionPadding = RSAEncryptionPadding.OaepSHA256;
-        var encryptionKey = new JsonWebKey(key);
-        var rsa = encryptionKey.ToRsaPublicKey();
+    public string Encrypt(string plain, string key, out object? passOver) {
+        var rsa = new JsonWebKey(key).ToRsaKey();
        passOver = rsa;
-        var cipher = rsa.Encrypt(Encoding.UTF8.GetBytes(plain), RSAEncryptionPadding.OaepSHA512);
+        var cipher = rsa.Encrypt(Encoding.UTF8.GetBytes(plain), _rsaEncryptionPadding);
        return Convert.ToBase64String(cipher);
    }
    public string Decrypt(string cipher, string key, object? passOver = null) {
-        var encryptionKey = new JsonWebKey(key);
+        var rsa = new JsonWebKey(key).ToRsaKey();
-        var rsa = encryptionKey.ToRsaPrivateKey();
-        var plain = rsa.Decrypt(Convert.FromBase64String(cipher), RSAEncryptionPadding.OaepSHA512);
+        var plain = rsa.Decrypt(Convert.FromBase64String(cipher), _rsaEncryptionPadding);
        return Encoding.UTF8.GetString(plain);
    }
    public byte[] Encrypt(byte[] plain, string key, out object? passOver) {
-        var encryptionKey = new JsonWebKey(key);
+        var rsa = new JsonWebKey(key).ToRsaKey();
-        var rsa = encryptionKey.ToRsaPublicKey();
        passOver = rsa;
-        return rsa.Encrypt(plain, RSAEncryptionPadding.OaepSHA512);
+        return rsa.Encrypt(plain, _rsaEncryptionPadding);
    }
    public byte[] Decrypt(byte[] cipher, string key, object? passOver = null) {
-        var encryptionKey = new JsonWebKey(key);
+        var rsa = new JsonWebKey(key).ToRsaKey();
-        var rsa = encryptionKey.ToRsaPrivateKey();
+        return rsa.Decrypt(cipher, _rsaEncryptionPadding);
-        return rsa.Decrypt(cipher, RSAEncryptionPadding.OaepSHA512);
    }
 }
--- a/Encryption/FitEncryption.cs
+++ b/Encryption/FitEncryption.cs
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
 using Microsoft.Extensions.Logging;
-using Microsoft.IdentityModel.Tokens;
 namespace FitConnect.Encryption;
@@ -63,6 +60,7 @@ public class FitEncryption {
        return _encryptor.Encrypt(plain, PrivateKeyDecryption, out var _);
    }
    public byte[] Encrypt(byte[] plain) {
        if (PrivateKeyDecryption == null) {
            throw new InvalidOperationException("PrivateKey is not provided");

--- a/Encryption/IEncryption.cs
+++ b/Encryption/IEncryption.cs
@@ -14,7 +14,6 @@ public interface IEncryption {
    /// <exception cref="Exception"></exception>
    void ImportCertificate(string certificatePath, string password);
-    byte[] DecryptData(byte[] data);
    string DecryptData(string data);
    byte[] ExportPublicKey();

--- a/Encryption/JsonWebKeyExtension.cs
+++ b/Encryption/JsonWebKeyExtension.cs
@@ -6,16 +6,7 @@ using IdentityModel.Jwk;
 namespace FitConnect.Encryption;
 public static class JsonWebKeyExtension {
-    public static RSA ToRsaPublicKey(this JsonWebKey jsonWebKey) {
+    public static RSA ToRsaKey(this JsonWebKey jsonWebKey) {
-        var rsa = RSA.Create();
-        rsa.ImportParameters(new RSAParameters {
-            Modulus = Base64Url.Decode(jsonWebKey.N),
-            Exponent = Base64Url.Decode(jsonWebKey.E)
-        });
-        return rsa;
-    }
-    public static RSA ToRsaPrivateKey(this JsonWebKey jsonWebKey) {
        var rsa = RSA.Create();
        rsa.ImportParameters(new RSAParameters {
            Modulus = Base64Url.Decode(jsonWebKey.N),
@@ -25,8 +16,9 @@ public static class JsonWebKeyExtension {
            Q = Base64Url.Decode(jsonWebKey.Q),
            DP = Base64Url.Decode(jsonWebKey.DP),
            DQ = Base64Url.Decode(jsonWebKey.DQ),
-            InverseQ = Base64Url.Decode(jsonWebKey.QI)
+            InverseQ = Base64Url.Decode(jsonWebKey.QI),
        });
+        //  = "RSA-OAEP-256";
        return rsa;
-    }
+    } 
 }
--- a/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithSelfSignedCertificateTest.cs
@@ -26,7 +26,6 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
    [OneTimeSetUp]
    public void OneTimeSetup() {
    }
    [OneTimeTearDown]
@@ -45,16 +44,13 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
        _sender = Sender.Create(
            FitConnectEndpoints.Create(FitConnectEndpoints.EndpointType.Development),
            _logger);
-        var certificate = new X509Certificate2("./certificate.pfx");
-        _sender.Encryption.ImportCertificate(certificate);
    }
    [Test]
    [Order(10)]
    public void CryptWithOutPublicKeyImport() {
-        cypher = _sender.Encryption.EncryptData(Encoding.UTF8.GetBytes(ToEncrypt));
+        cypher = _sender.Encryption.Encrypt(Encoding.UTF8.GetBytes(ToEncrypt));
        _logger.LogInformation("Cypher: {}", Convert.ToBase64String(cypher));
    }
@@ -62,14 +58,10 @@ public class SenderEncryptionWithSelfSignedCertificateTest {
    [Test]
    [Order(20)]
    public void Decrypt_ResultShouldMatchToEncrypt() {
-        var result = _sender.Encryption.DecryptData(cypher!);
+        var result = _sender.Encryption.Decrypt(cypher!);
        Encoding.UTF8.GetString(result).Should().Be(ToEncrypt);
    }
-    [Test]
-    public void ExportPrivateKey() {
-        var privateKey = _sender.Encryption.ExportPrivateKey();
-        _logger.LogInformation("Private key: {}", Convert.ToBase64String(privateKey));
-    }
 }
--- a/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
+++ b/EncryptionTests/SenderEncryptionWithoutCertificateTest.cs
@@ -32,7 +32,7 @@ public class SenderEncryptionWithoutCertificateTest {
    [Test]
    [Order(10)]
    public void EncryptData_ShouldNotThrowAnyException() {
-        var cypher = _sender.Encryption.EncryptData(Encoding.UTF8.GetBytes(ToEncrypt));
+        var cypher = _sender.Encryption.Encrypt(Encoding.UTF8.GetBytes(ToEncrypt));
        _cypherText = Convert.ToBase64String(cypher);
        _logger.LogInformation("Cypher: {}", _cypherText);
@@ -43,14 +43,9 @@ public class SenderEncryptionWithoutCertificateTest {
    [Order(20)]
    public void DecryptData_ShouldMatchToEncrypt() {
        var cypher = Convert.FromBase64String(_cypherText);
-        var plain = _sender.Encryption.DecryptData(cypher);
+        var plain = _sender.Encryption.Decrypt(cypher);
        Encoding.UTF8.GetString(plain).Should().Be(ToEncrypt);
    }
-    [Test]
-    public void ExportPrivateKey_ShouldNotThrowAnyException() {
-        var privateKey = _sender.Encryption.ExportPrivateKey();
-        _logger.LogInformation("Private key: {}", Convert.ToBase64String(privateKey));
-    }
 }
--- a/FitConnect/BaseClasses/FunctionalBaseClass.cs
+++ b/FitConnect/BaseClasses/FunctionalBaseClass.cs
@@ -8,7 +8,7 @@ using Microsoft.Extensions.Logging;
 namespace FitConnect.BaseClasses;
 public abstract class FunctionalBaseClass {
-    public readonly IEncryption Encryption;
+    public readonly FitEncryption Encryption;
    protected readonly ILogger? Logger;
    // protected readonly FitConnectApiService ApiService;
@@ -41,7 +41,6 @@ public abstract class FunctionalBaseClass {
        RouteService = routeService;
    }
-    public X509Certificate2 Certificate { get; }
    internal Client Owner { get; set; }

--- a/FitConnect/FluentSubscriber.cs
+++ b/FitConnect/FluentSubscriber.cs
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
+using FitConnect.Encryption;
 using FitConnect.Interfaces;
 using FitConnect.Models;
 using FitConnect.Services;
@@ -17,6 +18,7 @@ public class FluentSubscriber : Subscriber,
    IFluentSubscriberWithSubmission {
    private readonly string _privateKeyDecryption;
    private OAuthAccessToken? _token;
+    private FitEncryption _encryption;
    public FluentSubscriber(FitConnectEndpoints endpoints,
@@ -59,12 +61,12 @@ public class FluentSubscriber : Subscriber,
            Authenticate(Owner.ClientId, Owner.ClientSecret);
        var submission = (Submission)SubmissionService.GetSubmission(submissionId);
-        var metaDataString = Encryption.DecryptData(submission.EncryptedMetadata);
+        var metaDataString = Encryption.Decrypt(submission.EncryptedMetadata);
        if (metaDataString != null)
            submission.Metadata =
                JsonConvert.DeserializeObject<Metadata>(metaDataString);
-        var dataString = Encryption.DecryptData(submission.EncryptedData);
+        var dataString = Encryption.Decrypt(submission.EncryptedData);
        if (dataString != null)
            submission.Data =
                JsonConvert.DeserializeObject<Data>(dataString);
@@ -88,7 +90,7 @@ public class FluentSubscriber : Subscriber,
        foreach (var id in Submission!.Attachments.Select(a => a.Id)) {
            var encryptedAttachment = SubmissionService.GetAttachment(Submission.Id, id);
-            var content = Encryption.DecryptData(Convert.FromBase64String(encryptedAttachment));
+            var content = _encryption.Decrypt(Convert.FromBase64String(encryptedAttachment));
            // TODO where do I get the hash from the server to verify the attachment?
            var hash = MD5.Create(HashAlgorithmName.SHA512.ToString())?.ComputeHash(content) ??