| | | 1 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | | 2 | | // Licensed under the MIT License. |
| | | 3 | | |
| | | 4 | | using System; |
| | | 5 | | using System.Collections.Generic; |
| | | 6 | | using System.IO; |
| | | 7 | | using System.Text; |
| | | 8 | | using System.Threading; |
| | | 9 | | using System.Threading.Tasks; |
| | | 10 | | using Azure.Storage.Cryptography; |
| | | 11 | | using Azure.Storage.Queues.Models; |
| | | 12 | | using Azure.Storage.Queues.Specialized; |
| | | 13 | | using Azure.Storage.Queues.Specialized.Models; |
| | | 14 | | |
| | | 15 | | namespace Azure.Storage.Queues |
| | | 16 | | { |
| | | 17 | | internal class QueueClientSideDecryptor |
| | | 18 | | { |
| | | 19 | | private readonly ClientSideDecryptor _decryptor; |
| | 0 | 20 | | public QueueClientSideEncryptionOptions Options { get; } |
| | | 21 | | |
| | 0 | 22 | | public QueueClientSideDecryptor(QueueClientSideEncryptionOptions options) |
| | | 23 | | { |
| | 0 | 24 | | _decryptor = new ClientSideDecryptor(options); |
| | 0 | 25 | | Options = options; |
| | 0 | 26 | | } |
| | | 27 | | |
| | | 28 | | public async Task<QueueMessage[]> ClientSideDecryptMessagesInternal(QueueMessage[] messages, bool async, Cancell |
| | | 29 | | { |
| | 0 | 30 | | var filteredMessages = new List<QueueMessage>(); |
| | 0 | 31 | | foreach (var message in messages) |
| | | 32 | | { |
| | | 33 | | try |
| | | 34 | | { |
| | 0 | 35 | | message.MessageText = await ClientSideDecryptInternal(message.MessageText, async, cancellationToken) |
| | 0 | 36 | | filteredMessages.Add(message); |
| | 0 | 37 | | } |
| | 0 | 38 | | catch (Exception e) when (Options.UsingDecryptionFailureHandler) |
| | | 39 | | { |
| | 0 | 40 | | Options.OnDecryptionFailed(message, e); |
| | 0 | 41 | | } |
| | 0 | 42 | | } |
| | 0 | 43 | | return filteredMessages.ToArray(); |
| | 0 | 44 | | } |
| | | 45 | | public async Task<PeekedMessage[]> ClientSideDecryptMessagesInternal(PeekedMessage[] messages, bool async, Cance |
| | | 46 | | { |
| | 0 | 47 | | var filteredMessages = new List<PeekedMessage>(); |
| | 0 | 48 | | foreach (var message in messages) |
| | | 49 | | { |
| | | 50 | | try |
| | | 51 | | { |
| | 0 | 52 | | message.MessageText = await ClientSideDecryptInternal(message.MessageText, async, cancellationToken) |
| | 0 | 53 | | filteredMessages.Add(message); |
| | 0 | 54 | | } |
| | 0 | 55 | | catch (Exception e) when (Options.UsingDecryptionFailureHandler) |
| | | 56 | | { |
| | 0 | 57 | | Options.OnDecryptionFailed(message, e); |
| | 0 | 58 | | } |
| | 0 | 59 | | } |
| | 0 | 60 | | return filteredMessages.ToArray(); |
| | 0 | 61 | | } |
| | | 62 | | |
| | | 63 | | private async Task<string> ClientSideDecryptInternal(string downloadedMessage, bool async, CancellationToken can |
| | | 64 | | { |
| | 0 | 65 | | if (!EncryptedMessageSerializer.TryDeserialize(downloadedMessage, out var encryptedMessage)) |
| | | 66 | | { |
| | 0 | 67 | | return downloadedMessage; // not recognized as client-side encrypted message |
| | | 68 | | } |
| | | 69 | | |
| | 0 | 70 | | var encryptedMessageStream = new MemoryStream(Convert.FromBase64String(encryptedMessage.EncryptedMessageText |
| | 0 | 71 | | var decryptedMessageStream = await _decryptor.DecryptInternal( |
| | 0 | 72 | | encryptedMessageStream, |
| | 0 | 73 | | encryptedMessage.EncryptionData, |
| | 0 | 74 | | ivInStream: false, |
| | 0 | 75 | | noPadding: false, |
| | 0 | 76 | | async: async, |
| | 0 | 77 | | cancellationToken).ConfigureAwait(false); |
| | | 78 | | // if we got back the stream we put in, then we couldn't decrypt and are supposed to return the original |
| | | 79 | | // message to the user |
| | 0 | 80 | | if (encryptedMessageStream == decryptedMessageStream) |
| | | 81 | | { |
| | 0 | 82 | | return downloadedMessage; |
| | | 83 | | } |
| | | 84 | | |
| | 0 | 85 | | return new StreamReader(decryptedMessageStream, Encoding.UTF8).ReadToEnd(); |
| | 0 | 86 | | } |
| | | 87 | | } |
| | | 88 | | } |