Skip to content

mastercard encryption #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

mastercard encryption #6

wants to merge 5 commits into from

Conversation

@mateusmrangel
Copy link

@mateusmrangel mateusmrangel commented Aug 8, 2023

Hello everyone
With this merge request, the lib will support MasterCard encryption. See the usage on the mastercard_encryption/mastercard_encryption_test.go file.
I used as a base the Java implementation of the client-encryption library
@mateusmrangel
Copy link
Author

mateusmrangel commented Aug 8, 2023

@danny-gallagher
@danny-gallagher
Copy link
Contributor

danny-gallagher commented Sep 5, 2023
edited
Loading

Hi @mateusmrangel,

Thanks for creating this PR! There are a couple of things that will need to be added before we can merge this PR.

  • If you take a look in "http_client_interceptor.go", you can see that we provide an interceptor which can be used alongside an openapi generated client to intercept and encrypt a request before it enters transit. We'll need to add support in this interceptor for Field Level Encryption.
  • The README will need to be updated to reflect the new Field Level Encryption functionality. (See the java library for how this should look)
  • The tests for this new addition should test all of the components of the library that the java library does.

If you have any questions, please feel free to reach out!
@karen-avetisyan-mc karen-avetisyan-mc marked this pull request as draft September 5, 2023 14:46
@karen-avetisyan-mc karen-avetisyan-mc marked this pull request as ready for review September 5, 2023 14:46
@karen-avetisyan-mc karen-avetisyan-mc marked this pull request as draft September 5, 2023 14:46
@mateusmrangel
Copy link
Author

mateusmrangel commented Sep 5, 2023

Hi @mateusmrangel,

Thanks for creating this PR! There are a couple of things that will need to be added before we can merge this PR.

  • If you take a look in "http_client_interceptor.go", you can see that we provide an interceptor which can be used alongside an openapi generated client to intercept and encrypt a request before it enters transit. We'll need to add support in this interceptor for Field Level Encryption.
  • The README will need to be updated to reflect the new Field Level Encryption functionality. (See the java library for how this should look)
  • The tests for this new addition should test all of the components of the library that the java library does.

If you have any questions, please feel free to reach out!

Ok, I am going to work on it
danny-gallagher
danny-gallagher reviewed Dec 6, 2023
View reviewed changes
mastercard_encryption/mastercard_encryption_test.go
encryptedPayload := EncryptPayload(payload, flConfig, params)
fmt.Println(encryptedPayload)

decryptedPayload := DecryptPayload(encryptedPayload, flConfig, params)
Copy link
Contributor

@danny-gallagher danny-gallagher Dec 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'params' for decrypting the payload should be extracted from the actual request body/headers as they are in our other libraries.
danny-gallagher
danny-gallagher reviewed Dec 6, 2023
View reviewed changes
field_level_encryption/field_level_encryption_params.go
func Generate(config *FieldLevelEncryptionConfig) *FieldLevelEncryptionParams {
//// Generate a random IV
ivParameterSpec := aes_encryption.GenerateCEK(16 * 8)
ivSpecValue := utils.HexUrlEncode(ivParameterSpec)
Copy link
Contributor

@danny-gallagher danny-gallagher Dec 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In our other libraries (Java for example), we allow the user to specify the FieldValueEncoding through the config. In your implementation it's hard coded to always use Hex.
danny-gallagher
danny-gallagher reviewed Dec 6, 2023
View reviewed changes
mastercard_encryption/mastercard_encryption.go
return jsonPayload.String()
}

func decryptPayloadPath(jsonPayload *gabs.Container, jsonPathIn string, jsonPathOut string, params *field_level_encryption.FieldLevelEncryptionParams) *gabs.Container {
Copy link
Contributor

@danny-gallagher danny-gallagher Dec 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 'jsonPathOut' isn't used in this function. This property should be used to include the encrypted payload in a specific path in the payload (See the Java encryption library)
danny-gallagher
danny-gallagher reviewed Dec 6, 2023
View reviewed changes
Copy link
Contributor

@danny-gallagher danny-gallagher left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In our other libraries, it's possible to include the encryption properties in the header of a request/response. You can see this functionality in the Java library for reference.

The functionality for this library should be identical to all of our other libraries.
You can include all the tests that are in our Java encryption library to ensure you're covering all possible cases.
@danny-gallagher
Copy link
Contributor

danny-gallagher commented Jan 8, 2024

Addressing this PR in the following PR: #14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@mateusmrangel @danny-gallagher