Added support for storing encryption parameters in HTTP headers (OkHttp and Okhttp2)

Author: jaaufauvre

src/main/java/com/mastercard/developer/encryption/FieldLevelEncryption.java

@@ -130,7 +130,6 @@ public static String decryptPayload(String payload, FieldLevelEncryptionConfig c
     private static void encryptPayloadPath(DocumentContext payloadContext, String jsonPathIn, String jsonPathOut,
                                            FieldLevelEncryptionConfig config, FieldLevelEncryptionParams params) throws GeneralSecurityException, EncryptionException {
 
-        JsonProvider jsonProvider = jsonPathConfig.jsonProvider();
         Object inJsonElement = readJsonElement(payloadContext, jsonPathIn);
         if (inJsonElement == null) {
             // Nothing to encrypt
@@ -158,7 +157,7 @@ private static void encryptPayloadPath(DocumentContext payloadContext, String js
             payloadContext.delete(jsonPathIn);
         } else {
             // Delete keys one by one
-            Collection<String> propertyKeys = new ArrayList<>(jsonProvider.getPropertyKeys(inJsonElement));
+            Collection<String> propertyKeys = new ArrayList<>(jsonEngine.getPropertyKeys(inJsonElement));
             for (String key : propertyKeys) {
                 payloadContext.delete(jsonPathIn + "." + key);
             }

src/main/java/com/mastercard/developer/interceptors/FeignFieldLevelEncryptionDecoder.java

@@ -44,7 +44,7 @@ public Object decode(Response response, Type type) throws IOException {
             // Decrypt fields & update headers
             String decryptedPayload;
             if (config.useHttpHeaders()) {
-                // Read encryption params in HTTP headers and delete headers
+                // Read encryption params from HTTP headers and delete headers
                 String ivValue = readHeader(response, config.getIvHeaderName());
                 response = removeHeader(response, config.getIvHeaderName());
                 String oaepPaddingDigestAlgorithmValue = readHeader(response, config.getOaepPaddingDigestAlgorithmHeaderName());

src/main/java/com/mastercard/developer/interceptors/OkHttp2FieldLevelEncryptionInterceptor.java

@@ -3,6 +3,7 @@
 import com.mastercard.developer.encryption.EncryptionException;
 import com.mastercard.developer.encryption.FieldLevelEncryption;
 import com.mastercard.developer.encryption.FieldLevelEncryptionConfig;
+import com.mastercard.developer.encryption.FieldLevelEncryptionParams;
 import com.squareup.okhttp.*;
 import okio.Buffer;
 
@@ -45,10 +46,25 @@ private static Request handleRequest(Request request, FieldLevelEncryptionConfig
                 requestPayload = buffer.readUtf8();
             }
 
-            // Encrypt fields
-            String encryptedPayload = FieldLevelEncryption.encryptPayload(requestPayload, config);
+            // Encrypt fields & update headers
+            String encryptedPayload;
+            Request.Builder requestBuilder = request.newBuilder();
+            if (config.useHttpHeaders()) {
+                // Generate encryption params and add them as HTTP headers
+                FieldLevelEncryptionParams params = FieldLevelEncryptionParams.generate(config);
+                updateHeader(requestBuilder, config.getIvHeaderName(), params.getIvValue());
+                updateHeader(requestBuilder, config.getEncryptedKeyHeaderName(), params.getEncryptedKeyValue());
+                updateHeader(requestBuilder, config.getEncryptionCertificateFingerprintHeaderName(), params.getEncryptionCertificateFingerprintValue());
+                updateHeader(requestBuilder, config.getEncryptionKeyFingerprintHeaderName(), params.getEncryptionKeyFingerprintValue());
+                updateHeader(requestBuilder, config.getOaepPaddingDigestAlgorithmHeaderName(), params.getOaepPaddingDigestAlgorithmValue());
+                encryptedPayload = FieldLevelEncryption.encryptPayload(requestPayload, config, params);
+            } else {
+                // Encryption params will be stored in the payload
+                encryptedPayload = FieldLevelEncryption.encryptPayload(requestPayload, config);
+            }
+
             RequestBody encryptedBody = RequestBody.create(requestBody.contentType(), encryptedPayload);
-            return request.newBuilder()
+            return requestBuilder
                     .method(request.method(), encryptedBody)
                     .header("Content-Length", String.valueOf(encryptedBody.contentLength()))
                     .build();
@@ -74,10 +90,29 @@ private static Response handleResponse(Response response, FieldLevelEncryptionCo
                 return response;
             }
 
-            // Decrypt fields
-            String decryptedPayload = FieldLevelEncryption.decryptPayload(responsePayload, config);
+            // Decrypt fields & update headers
+            String decryptedPayload;
+            Response.Builder responseBuilder = response.newBuilder();
+            if (config.useHttpHeaders()) {
+                // Read encryption params from HTTP headers and delete headers
+                String ivValue = response.header(config.getIvHeaderName(), null);
+                String oaepPaddingDigestAlgorithmValue = response.header(config.getOaepPaddingDigestAlgorithmHeaderName(), null);
+                String encryptedKeyValue = response.header(config.getEncryptedKeyHeaderName(), null);
+                removeHeader(responseBuilder, config.getIvHeaderName());
+                removeHeader(responseBuilder, config.getEncryptedKeyHeaderName());
+                removeHeader(responseBuilder, config.getOaepPaddingDigestAlgorithmHeaderName());
+                removeHeader(responseBuilder, config.getEncryptionCertificateFingerprintHeaderName());
+                removeHeader(responseBuilder, config.getEncryptionKeyFingerprintHeaderName());
+                FieldLevelEncryptionParams params = new FieldLevelEncryptionParams(ivValue, encryptedKeyValue, oaepPaddingDigestAlgorithmValue,
+                                                                                   null, null, config);
+                decryptedPayload = FieldLevelEncryption.decryptPayload(responsePayload, config, params);
+            } else {
+                // Encryption params are stored in the payload
+                decryptedPayload = FieldLevelEncryption.decryptPayload(responsePayload, config);
+            }
+
             try (ResponseBody decryptedBody = ResponseBody.create(responseBody.contentType(), decryptedPayload)) {
-                return response.newBuilder()
+                return responseBuilder
                         .body(decryptedBody)
                         .header("Content-Length", String.valueOf(decryptedBody.contentLength()))
                         .build();
@@ -86,4 +121,20 @@ private static Response handleResponse(Response response, FieldLevelEncryptionCo
             throw new IOException("Failed to intercept and decrypt response!", e);
         }
     }
+
+    private static void removeHeader(Response.Builder responseBuilder, String name) {
+        if (name == null) {
+            // Do nothing
+            return;
+        }
+        responseBuilder.removeHeader(name);
+    }
+
+    private static void updateHeader(Request.Builder requestBuilder, String name, String value) {
+        if (name == null) {
+            // Do nothing
+            return;
+        }
+        requestBuilder.header(name, value);
+    }
 }

src/main/java/com/mastercard/developer/interceptors/OkHttpFieldLevelEncryptionInterceptor.java

@@ -3,6 +3,7 @@
 import com.mastercard.developer.encryption.EncryptionException;
 import com.mastercard.developer.encryption.FieldLevelEncryption;
 import com.mastercard.developer.encryption.FieldLevelEncryptionConfig;
+import com.mastercard.developer.encryption.FieldLevelEncryptionParams;
 import okhttp3.*;
 import okio.Buffer;
 
@@ -45,10 +46,25 @@ private static Request handleRequest(Request request, FieldLevelEncryptionConfig
                 requestPayload = buffer.readUtf8();
             }
 
-            // Encrypt fields
-            String encryptedPayload = FieldLevelEncryption.encryptPayload(requestPayload, config);
+            // Encrypt fields & update headers
+            String encryptedPayload;
+            Request.Builder requestBuilder = request.newBuilder();
+            if (config.useHttpHeaders()) {
+                // Generate encryption params and add them as HTTP headers
+                FieldLevelEncryptionParams params = FieldLevelEncryptionParams.generate(config);
+                updateHeader(requestBuilder, config.getIvHeaderName(), params.getIvValue());
+                updateHeader(requestBuilder, config.getEncryptedKeyHeaderName(), params.getEncryptedKeyValue());
+                updateHeader(requestBuilder, config.getEncryptionCertificateFingerprintHeaderName(), params.getEncryptionCertificateFingerprintValue());
+                updateHeader(requestBuilder, config.getEncryptionKeyFingerprintHeaderName(), params.getEncryptionKeyFingerprintValue());
+                updateHeader(requestBuilder, config.getOaepPaddingDigestAlgorithmHeaderName(), params.getOaepPaddingDigestAlgorithmValue());
+                encryptedPayload = FieldLevelEncryption.encryptPayload(requestPayload, config, params);
+            } else {
+                // Encryption params will be stored in the payload
+                encryptedPayload = FieldLevelEncryption.encryptPayload(requestPayload, config);
+            }
+
             RequestBody encryptedBody = RequestBody.create(requestBody.contentType(), encryptedPayload);
-            return request.newBuilder()
+            return requestBuilder
                     .method(request.method(), encryptedBody)
                     .header("Content-Length", String.valueOf(encryptedBody.contentLength()))
                     .build();
@@ -74,10 +90,29 @@ private static Response handleResponse(Response response, FieldLevelEncryptionCo
                 return response;
             }
 
-            // Decrypt fields
-            String decryptedPayload = FieldLevelEncryption.decryptPayload(responsePayload, config);
+            // Decrypt fields & update headers
+            String decryptedPayload;
+            Response.Builder responseBuilder = response.newBuilder();
+            if (config.useHttpHeaders()) {
+                // Read encryption params from HTTP headers and delete headers
+                String ivValue = response.header(config.getIvHeaderName(), null);
+                String oaepPaddingDigestAlgorithmValue = response.header(config.getOaepPaddingDigestAlgorithmHeaderName(), null);
+                String encryptedKeyValue = response.header(config.getEncryptedKeyHeaderName(), null);
+                removeHeader(responseBuilder, config.getIvHeaderName());
+                removeHeader(responseBuilder, config.getEncryptedKeyHeaderName());
+                removeHeader(responseBuilder, config.getOaepPaddingDigestAlgorithmHeaderName());
+                removeHeader(responseBuilder, config.getEncryptionCertificateFingerprintHeaderName());
+                removeHeader(responseBuilder, config.getEncryptionKeyFingerprintHeaderName());
+                FieldLevelEncryptionParams params = new FieldLevelEncryptionParams(ivValue, encryptedKeyValue, oaepPaddingDigestAlgorithmValue,
+                                                                                   null, null, config);
+                decryptedPayload = FieldLevelEncryption.decryptPayload(responsePayload, config, params);
+            } else {
+                // Encryption params are stored in the payload
+                decryptedPayload = FieldLevelEncryption.decryptPayload(responsePayload, config);
+            }
+
             try (ResponseBody decryptedBody = ResponseBody.create(responseBody.contentType(), decryptedPayload)) {
-                return response.newBuilder()
+                return responseBuilder
                         .body(decryptedBody)
                         .header("Content-Length", String.valueOf(decryptedBody.contentLength()))
                         .build();
@@ -86,4 +121,20 @@ private static Response handleResponse(Response response, FieldLevelEncryptionCo
             throw new IOException("Failed to intercept and decrypt response!", e);
         }
     }
+
+    private static void removeHeader(Response.Builder responseBuilder, String name) {
+        if (name == null) {
+            // Do nothing
+            return;
+        }
+        responseBuilder.removeHeader(name);
+    }
+
+    private static void updateHeader(Request.Builder requestBuilder, String name, String value) {
+        if (name == null) {
+            // Do nothing
+            return;
+        }
+        requestBuilder.header(name, value);
+    }
 }

src/main/java/com/mastercard/developer/json/JsonEngine.java

@@ -3,6 +3,8 @@
 import com.jayway.jsonpath.JsonPath;
 import com.jayway.jsonpath.spi.json.JsonProvider;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -95,7 +97,15 @@ public boolean isJsonObject(Object jsonElement) {
     public boolean isNullOrEmptyJson(Object jsonElement) {
         return jsonElement == null
                 || isNullOrEmpty(toJsonString(jsonElement))
-                || 0 == jsonElement.getClass().getFields().length;
+                || "{}".equals(toJsonString(jsonElement))
+                || Object.class.equals(jsonElement.getClass());
+    }
+
+    public Collection<String> getPropertyKeys(Object jsonElement) {
+        if (isNullOrEmptyJson(jsonElement)) {
+            return Collections.emptyList();
+        }
+        return getJsonProvider().getPropertyKeys(jsonElement);
     }
 
     /**

src/test/java/com/mastercard/developer/interceptor/FeignFieldLevelEncryptionDecoderTest.java

@@ -23,6 +23,7 @@
 import static com.mastercard.developer.test.TestUtils.getTestFieldLevelEncryptionConfigBuilder;
 import static com.mastercard.developer.utils.FeignUtils.readHeader;
 import static org.hamcrest.core.Is.isA;
+import static org.junit.Assert.*;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.*;
 
@@ -70,7 +71,7 @@ public void testDecode_ShouldDecryptResponsePayloadAndUpdateContentLengthHeader(
         Response responseValue = responseCaptor.getValue();
         String payload = Util.toString(responseValue.body().asReader());
         assertPayloadEquals("{\"data\":\"string\"}", payload);
-        Assert.assertEquals(String.valueOf(payload.length()), readHeader(responseValue, "Content-Length"));
+        assertEquals(String.valueOf(payload.length()), readHeader(responseValue, "Content-Length"));
     }
 
     @Test
@@ -188,12 +189,12 @@ public void testDecode_ShouldDecryptResponsePayloadAndRemoveEncryptionHttpHeader
         Response responseValue = responseCaptor.getValue();
         String payload = Util.toString(responseValue.body().asReader());
         assertPayloadEquals("{\"data\":\"string\"}", payload);
-        Assert.assertEquals(String.valueOf(payload.length()), readHeader(responseValue, "Content-Length"));
-        Assert.assertNull(readHeader(responseValue, "x-iv"));
-        Assert.assertNull(readHeader(responseValue, "x-encrypted-key"));
-        Assert.assertNull(readHeader(responseValue, "x-oaep-padding-digest-algorithm"));
-        Assert.assertNull(readHeader(responseValue, "x-encryption-key-fingerprint"));
-        Assert.assertNull(readHeader(responseValue, "x-encryption-certificate-fingerprint"));
+        assertEquals(String.valueOf(payload.length()), readHeader(responseValue, "Content-Length"));
+        assertNull(readHeader(responseValue, "x-iv"));
+        assertNull(readHeader(responseValue, "x-encrypted-key"));
+        assertNull(readHeader(responseValue, "x-oaep-padding-digest-algorithm"));
+        assertNull(readHeader(responseValue, "x-encryption-key-fingerprint"));
+        assertNull(readHeader(responseValue, "x-encryption-certificate-fingerprint"));
     }
 
     private static Response.Body buildResponseBody(String payload) {

src/test/java/com/mastercard/developer/interceptor/FeignFieldLevelEncryptionEncoderTest.java

@@ -17,6 +17,7 @@
 
 import static com.mastercard.developer.test.TestUtils.getTestFieldLevelEncryptionConfigBuilder;
 import static org.hamcrest.core.Is.isA;
+import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
 
 public class FeignFieldLevelEncryptionEncoderTest {
@@ -48,8 +49,8 @@ public void testEncode_ShouldEncryptRequestPayloadAndUpdateContentLengthHeader()
         verify(request).body(encryptedPayloadCaptor.capture());
         verify(request).header(eq("Content-Length"), anyString());
         String encryptedPayload = encryptedPayloadCaptor.getValue();
-        Assert.assertFalse(encryptedPayload.contains("foo"));
-        Assert.assertTrue(encryptedPayload.contains("encryptedFoo"));
+        assertFalse(encryptedPayload.contains("foo"));
+        assertTrue(encryptedPayload.contains("encryptedFoo"));
     }
 
     @Test
@@ -149,8 +150,8 @@ public void testEncode_ShouldEncryptRequestPayloadAndAddEncryptionHttpHeaders_Wh
         verify(request).body(encryptedPayloadCaptor.capture());
         verify(request).header(eq("Content-Length"), anyString());
         String encryptedPayload = encryptedPayloadCaptor.getValue();
-        Assert.assertFalse(encryptedPayload.contains("foo"));
-        Assert.assertTrue(encryptedPayload.contains("encryptedFoo"));
+        assertFalse(encryptedPayload.contains("foo"));
+        assertTrue(encryptedPayload.contains("encryptedFoo"));
         verify(request).header(eq("x-iv"), anyString());
         verify(request).header(eq("x-encrypted-key"), anyString());
         verify(request).header("x-oaep-padding-digest-algorithm", "SHA256");