Added RestSharp encryption/decryption interceptor

Author: jaaufauvre

Mastercard.Developer.ClientEncryption.Core/Encryption/FieldLevelEncryption.cs

@@ -345,7 +345,8 @@ private static string SanitizeJson(string json)
         {
             return json.Replace("\n", string.Empty)
                 .Replace("\r", string.Empty)
-                .Replace("\t", string.Empty);
+                .Replace("\t", string.Empty)
+                .Replace(Environment.NewLine, string.Empty);
         }
 
         private static JToken AsPrimitiveValue(string value)

Mastercard.Developer.ClientEncryption.Core/Encryption/FieldLevelEncryptionConfig.cs

@@ -138,8 +138,13 @@ internal FieldLevelEncryptionConfig() {}
         public FieldValueEncoding ValueEncoding { get; internal set; }
 
         /// <summary>
-        /// If the encryption parameters must be written to/read from HTTP headers.
+        /// If the encryption parameters must be written to/read from HTTP payloads.
         /// </summary>
         public bool UseHttpPayloads() => !string.IsNullOrEmpty(EncryptedKeyFieldName) && !string.IsNullOrEmpty(IvFieldName);
+
+        /// <summary>
+        /// If the encryption parameters must be written to/read from HTTP headers.
+        /// </summary>
+        public bool UseHttpHeaders() => !string.IsNullOrEmpty(EncryptedKeyHeaderName) && !string.IsNullOrEmpty(IvHeaderName);
     }
 }

Mastercard.Developer.ClientEncryption.RestSharp/Interceptors/RestSharpFieldLevelEncryptionInterceptor.cs

@@ -0,0 +1,166 @@
+using System;
+using System.Linq;
+using System.Reflection;
+using Mastercard.Developer.ClientEncryption.Core.Encryption;
+using RestSharp.Portable;
+
+namespace Mastercard.Developer.ClientEncryption.RestSharp.Interceptors
+{
+    /// <summary>
+    /// A class for encrypting RestSharp requests and decrypting RestSharp responses.
+    /// </summary>
+    public class RestSharpFieldLevelEncryptionInterceptor
+    {
+        private readonly FieldLevelEncryptionConfig _config;
+
+        public RestSharpFieldLevelEncryptionInterceptor(FieldLevelEncryptionConfig config)
+        {
+            _config = config;
+        }
+
+        /// <summary>
+        ///  Encrypt RestSharp request payloads.
+        /// </summary>
+        /// <param name="request">A RestSharp request object</param>
+        public void InterceptRequest(IRestRequest request)
+        {
+            if (request == null) throw new ArgumentNullException(nameof(request));
+
+            try
+            {
+                // Check request actually has a payload
+                var bodyParam = request.Parameters.FirstOrDefault(param => param.Type == ParameterType.RequestBody);
+                if (bodyParam == null)
+                {
+                    // Nothing to encrypt
+                    return;
+                }
+                var payload = bodyParam.Value.ToString();
+                if (string.IsNullOrEmpty(payload))
+                {
+                    // Nothing to encrypt
+                    return;
+                }
+
+                // Encrypt fields & update headers
+                string encryptedPayload;
+                if (_config.UseHttpHeaders())
+                {
+                    // Generate encryption params and add them as HTTP headers
+                    var parameters = FieldLevelEncryptionParams.Generate(_config);
+                    UpdateRequestHeader(request, _config.IvHeaderName, parameters.IvValue);
+                    UpdateRequestHeader(request, _config.EncryptedKeyHeaderName, parameters.EncryptedKeyValue);
+                    UpdateRequestHeader(request, _config.EncryptionCertificateFingerprintHeaderName, parameters.EncryptionCertificateFingerprintValue);
+                    UpdateRequestHeader(request, _config.EncryptionKeyFingerprintHeaderName, parameters.EncryptionKeyFingerprintValue);
+                    UpdateRequestHeader(request, _config.OaepPaddingDigestAlgorithmHeaderName, parameters.OaepPaddingDigestAlgorithmValue);
+                    encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, _config, parameters);
+                }
+                else
+                {
+                    // Encryption params will be stored in the payload
+                    encryptedPayload = FieldLevelEncryption.EncryptPayload(payload, _config);
+                }
+
+                // Update body and content length
+                bodyParam.Value = encryptedPayload;
+                UpdateRequestHeader(request, "Content-Length", encryptedPayload.Length);
+            }
+            catch (EncryptionException)
+            {
+                throw;
+            }
+            catch (Exception e)
+            {
+                throw new EncryptionException("Failed to intercept and encrypt request!", e);
+            }
+        }
+
+        /// <summary>
+        /// Decrypt RestSharp response payloads.
+        /// </summary>
+        /// <param name="response">A RestSharp response object</param>
+        public void InterceptResponse(IRestResponse response)
+        {
+            if (response == null) throw new ArgumentNullException(nameof(response));
+
+            try
+            {
+                // Read response payload
+                var encryptedPayload = response.Content;
+                if (string.IsNullOrEmpty(encryptedPayload))
+                {
+                    // Nothing to decrypt
+                    return;
+                }
+
+                // Decrypt fields & update headers
+                string decryptedPayload;
+                if (_config.UseHttpHeaders())
+                {
+                    // Read encryption params from HTTP headers and delete headers
+                    var ivValue = ReadAndRemoveHeader(response, _config.IvHeaderName);
+                    var encryptedKeyValue = ReadAndRemoveHeader(response, _config.EncryptedKeyHeaderName);
+                    var oaepPaddingDigestAlgorithmValue = ReadAndRemoveHeader(response, _config.OaepPaddingDigestAlgorithmHeaderName);
+                    ReadAndRemoveHeader(response, _config.EncryptionCertificateFingerprintHeaderName);
+                    ReadAndRemoveHeader(response, _config.EncryptionKeyFingerprintHeaderName);
+                    var parameters = new FieldLevelEncryptionParams(_config, ivValue, encryptedKeyValue, oaepPaddingDigestAlgorithmValue);
+                    decryptedPayload = FieldLevelEncryption.DecryptPayload(encryptedPayload, _config, parameters);
+                }
+                else
+                {
+                    // Encryption params are stored in the payload
+                    decryptedPayload = FieldLevelEncryption.DecryptPayload(encryptedPayload, _config);
+                }
+
+                // Update body and content length
+                var contentTypeInfo = response.GetType().GetTypeInfo().GetDeclaredField("_content");
+                contentTypeInfo.SetValue(response, new Lazy<string>(() => decryptedPayload));
+                UpdateResponseHeader(response, "Content-Length", decryptedPayload.Length.ToString());
+            }
+            catch (EncryptionException)
+            {
+                throw;
+            }
+            catch (Exception e)
+            {
+                throw new EncryptionException("Failed to intercept and decrypt response!", e);
+            }
+        }
+
+        private static void UpdateRequestHeader(IRestRequest request, string name, object value)
+        {
+            if (string.IsNullOrEmpty(name))
+            {
+                // Do nothing
+                return;
+            }
+
+            request.AddOrUpdateHeader(name, value);
+        }
+
+        private static void UpdateResponseHeader(IRestResponse response, string name, string value)
+        {
+            if (string.IsNullOrEmpty(name))
+            {
+                // Do nothing
+                return;
+            }
+
+            response.Headers.Remove(name);
+            response.Headers.Add(name, value);
+        }
+
+        private static string ReadAndRemoveHeader(IRestResponse response, string name)
+        {
+            if (string.IsNullOrEmpty(name) || !response.Headers.Contains(name))
+            {
+                // Do nothing
+                return null;
+            }
+            
+            var value = response.Headers.GetValue(name);
+            response.Headers.Remove(name);            
+            return value;
+        }
+    }
+}

Mastercard.Developer.ClientEncryption.RestSharp/Mastercard.Developer.ClientEncryption.RestSharp.csproj

@@ -0,0 +1,35 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard1.3</TargetFramework>
+    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <Version>1.0.0</Version>
+    <Product>Mastercard.Developer.ClientEncryption.RestSharp</Product>
+    <Authors>Mastercard</Authors>
+    <Company>Mastercard</Company>
+    <PackageLicenseFile>LICENSE</PackageLicenseFile>
+    <PackageProjectUrl>https://github.com/Mastercard/client-encryption-csharp</PackageProjectUrl>
+    <PackageReleaseNotes>See: https://github.com/Mastercard/client-encryption-csharp/releases</PackageReleaseNotes>
+    <RepositoryUrl>https://github.com/Mastercard/client-encryption-csharp</RepositoryUrl>
+    <Description>Library for Mastercard API compliant payload encryption/decryption</Description>
+    <!-- See: https://docs.microsoft.com/en-us/dotnet/standard/library-guidance/strong-naming -->
+    <SignAssembly>true</SignAssembly>
+    <AssemblyOriginatorKeyFile>../Identity.snk</AssemblyOriginatorKeyFile>
+    <AssemblyVersion>1.0.0.0</AssemblyVersion> <!-- Frozen -->
+    <FileVersion>1.0.0.0</FileVersion> <!-- Same version as the package version -->
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="../LICENSE" Pack="true" PackagePath="" />
+    <None Include="../README.md" Pack="true" PackagePath="" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="FubarCoder.RestSharp.Portable.Core" Version="4.0.6" /> <!-- Minimum version, inclusive -->
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Mastercard.Developer.ClientEncryption.Core\Mastercard.Developer.ClientEncryption.Core.csproj" />
+  </ItemGroup>
+
+</Project>