Merge pull request #13 from Mastercard/feature/jwe-support

Introducing JWE encryption support

Author: danny-gallagher

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.mastercard.developer</groupId>
     <artifactId>client-encryption</artifactId>
-    <version>1.5.1-SNAPSHOT</version>
+    <version>1.6.0-SNAPSHOT</version>
     <packaging>jar</packaging>
     <description>Library for Mastercard API compliant payload encryption/decryption</description>
     <url>https://github.com/Mastercard/client-encryption-java</url>
@@ -190,8 +190,8 @@
                     <artifactId>maven-compiler-plugin</artifactId>
                     <version>3.8.1</version>
                     <configuration>
-                        <source>1.7</source>
-                        <target>1.7</target>
+                        <source>1.8</source>
+                        <target>1.8</target>
                     </configuration>
                 </plugin>
             </plugins>

src/main/java/com/mastercard/developer/encryption/EncryptionConfig.java

@@ -0,0 +1,97 @@
+package com.mastercard.developer.encryption;
+
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.Collections;
+import java.util.Map;
+
+public abstract class EncryptionConfig {
+
+    protected EncryptionConfig() {
+    }
+
+    /**
+     * The different methods of encryption
+     */
+    public enum Scheme {
+        LEGACY,
+        JWE
+    }
+
+    /**
+     * The encryption scheme to be used
+     */
+    Scheme scheme = Scheme.LEGACY;
+
+    /**
+     * The SHA-256 hex-encoded digest of the key used for encryption (optional, the digest will be
+     * automatically computed if this field is null or empty).
+     * Example: "c3f8ef7053c4fb306f7476e7d1956f0aa992ff9dfdd5244b912a1d377ff3a84f"
+     */
+    String encryptionKeyFingerprint;
+
+    /**
+     * A certificate object whose public key will be used for encryption.
+     */
+    Certificate encryptionCertificate;
+
+    /**
+     * A private key object to be used for decryption.
+     */
+    PrivateKey decryptionKey;
+
+    /**
+     * A list of JSON paths to encrypt in request payloads.
+     * Example:
+     * <pre>
+     * new HashMap<>() {
+     *     {
+     *         put("$.path.to.element.to.be.encrypted", "$.path.to.object.where.to.store.encryption.fields");
+     *     }
+     * }
+     * </pre>
+     */
+    Map<String, String> encryptionPaths = Collections.emptyMap();
+
+    /**
+     * A list of JSON paths to decrypt in response payloads.
+     * Example:
+     * <pre>
+     * new HashMap<>() {
+     *     {
+     *         put("$.path.to.object.with.encryption.fields", "$.path.where.to.write.decrypted.element");
+     *     }
+     * }
+     * </pre>
+     */
+    Map<String, String> decryptionPaths = Collections.emptyMap();
+
+    /**
+     * The name of the payload field where to write/read the encrypted data value.
+     */
+    String encryptedValueFieldName = null;
+
+    public String getEncryptionKeyFingerprint() { return encryptionKeyFingerprint; }
+
+    public Certificate getEncryptionCertificate() {
+        return encryptionCertificate;
+    }
+
+    public PrivateKey getDecryptionKey() {
+        return decryptionKey;
+    }
+
+    public Scheme getScheme() { return scheme; }
+
+    Map<String, String> getEncryptionPaths() {
+        return encryptionPaths;
+    }
+
+    Map<String, String> getDecryptionPaths() {
+        return decryptionPaths;
+    }
+
+    String getEncryptedValueFieldName() {
+        return encryptedValueFieldName;
+    }
+}

src/main/java/com/mastercard/developer/encryption/EncryptionConfigBuilder.java

@@ -0,0 +1,58 @@
+package com.mastercard.developer.encryption;
+
+import com.jayway.jsonpath.JsonPath;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.mastercard.developer.utils.EncodingUtils.encodeBytes;
+import static com.mastercard.developer.utils.StringUtils.isNullOrEmpty;
+
+abstract class EncryptionConfigBuilder {
+
+    Certificate encryptionCertificate;
+    String encryptionKeyFingerprint;
+    PrivateKey decryptionKey;
+    FieldLevelEncryptionConfig.FieldValueEncoding fieldValueEncoding;
+    Map<String, String> encryptionPaths = new HashMap<>();
+    Map<String, String> decryptionPaths = new HashMap<>();
+    String encryptedValueFieldName;
+
+
+    void computeEncryptionKeyFingerprintWhenNeeded() throws EncryptionException {
+        try {
+            if (encryptionCertificate == null || !isNullOrEmpty(encryptionKeyFingerprint)) {
+                // No encryption certificate set or key fingerprint already provided
+                return;
+            }
+            byte[] keyFingerprintBytes = sha256digestBytes(encryptionCertificate.getPublicKey().getEncoded());
+            encryptionKeyFingerprint = encodeBytes(keyFingerprintBytes, FieldLevelEncryptionConfig.FieldValueEncoding.HEX);
+        } catch (Exception e) {
+            throw new EncryptionException("Failed to compute encryption key fingerprint!", e);
+        }
+    }
+
+    static byte[] sha256digestBytes(byte[] bytes) throws NoSuchAlgorithmException {
+        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
+        messageDigest.update(bytes);
+        return messageDigest.digest();
+    }
+
+    void checkJsonPathParameterValues() {
+        for (Map.Entry<String, String> entry : decryptionPaths.entrySet()) {
+            if (!JsonPath.isPathDefinite(entry.getKey()) || !JsonPath.isPathDefinite(entry.getValue())) {
+                throw new IllegalArgumentException("JSON paths for decryption must point to a single item!");
+            }
+        }
+
+        for (Map.Entry<String, String> entry : encryptionPaths.entrySet()) {
+            if (!JsonPath.isPathDefinite(entry.getKey()) || !JsonPath.isPathDefinite(entry.getValue())) {
+                throw new IllegalArgumentException("JSON paths for encryption must point to a single item!");
+            }
+        }
+    }
+}

src/main/java/com/mastercard/developer/encryption/EncryptionException.java

@@ -5,4 +5,8 @@ public class EncryptionException extends Exception {
     public EncryptionException(String message, Throwable cause) {
         super(message, cause);
     }
+
+    public EncryptionException(String message) {
+        super(message);
+    }
 }