Merge pull request #53 from Mastercard/docs/update-readme

Update README

README.md

@@ -61,14 +61,25 @@ As part of this set up, you'll receive credentials for your app:
 
 #### One-Click Import
 To import two ready to be used "sandbox" and "production" environments:
-1. Click [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json)
+1. Depending on your use case, click either of these:
+   - No encryption: 
+ [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json) 
+
+   - Mastercard Encryption: 
+ [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-mastercard-encryption-insomnia-workspace.json)  
+
+   - JWE Encryption: 
+ [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-jwe-encryption-insomnia-workspace.json)  
 2. Click "Run Import Mastercard Workspace"
 
 Alternatively, you can:
 1. Go to Application > Preferences > Data
 2. Click "Import Data"
 3. Click "From URL"
-4. Type: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json
+4. Input either of these depending on your use case:  
+    - No encryption: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json
+    - Mastercard encryption: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-mastercard-encryption-insomnia-workspace.json
+    - JWE encryption: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-jwe-encryption-insomnia-workspace.json
 5. Click "Fetch and Import"
 
 ![](https://user-images.githubusercontent.com/3964455/68041294-2d966300-fcc8-11e9-887a-cfadf183c4c1.gif)
@@ -116,7 +127,9 @@ From now on, an `Authorization` header will be automatically added to every requ
 
 ### Encryption <a name="encryption"></a>
 This plugin can take care of encrypting requests and/or decrypting response payloads. To enable encryption support, 
-you need to configure in the environment the `encryptionConfig` property:
+you need to configure in the environment the `encryptionConfig` property.    
+
+Here's a quick example for Mastercard Encryption:  
 
 ```jsonc
 {
@@ -176,7 +189,14 @@ As an alternative to providing the `privateKey` in the `encryptionConfig`, you c
   }
 }
 ```
-For further details on the configuration object and predefined service configurations, please checkout this [page](https://github.com/Mastercard/client-encryption-nodejs/wiki). 
+
+[See more examples here](docs/encryption-examples.md).
+
+Both Mastercard encryption and JWE encryption are supported.   
+For more details on the encryption configurations, checkout these links:  
+ - [Mastercard Encryption](https://github.com/Mastercard/client-encryption-nodejs/blob/main/README.md#configuring-the-field-level-encryption)
+ - [JWE Encryption](https://github.com/Mastercard/client-encryption-nodejs/blob/main/README.md#configuring-the-jwe-encryption)
+
 
 ## Further Reading <a name="further-reading"></a>
 

docs/configuration-examples.md

@@ -0,0 +1,256 @@
+# Example Configurations
+
+Example configurations for Insomnia. Make sure to remove the comments before using.
+
+- [Authentication](#authentication)  
+- [Mastercard Encryption](#mastercard-encryption)  
+  * [Real world example](#mastercard-encryption-real-world-example)
+- [JWE Encryption](#jwe-encryption)
+  * [Real world example](#jwe-encryption-real-world-example)
+- [Notes](#notes)
+
+## Authentication
+
+```json
+{
+  "mastercard": {
+    "consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
+    "keyAlias": "keyalias",
+    "keystoreP12Path": "/path/to/auth-keystore.p12",
+    "keystorePassword": "keystorepassword",
+
+    // domains to which this config should be applied to.
+    "appliesTo": [
+      "mastercard.com"
+    ]
+  }
+}
+```
+
+## Mastercard Encryption
+```json
+{
+  "mastercard": {
+    "consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
+    "keyAlias": "keyalias",
+    "keystoreP12Path": "/path/to/auth-keystore.p12",
+    "keystorePassword": "keystorepassword",
+
+    // domains to which this config should be applied to.
+    "appliesTo": [
+      "mastercard.com"
+    ],
+
+    "encryptionConfig": {
+      "paths": [
+        {
+          "path": "/*",
+          "toEncrypt": [
+            {
+              // path to the element to be encrypted in request JSON.
+              // use "$" for encrypting the whole request.
+              "element": "path.to.element.to.be.encrypted",
+              // path to object where encryption fields are to be stored in request JSON.
+              // use "$" for the root of the JSON object.
+              "obj": "path.to.encrypted.output.element"
+            }
+          ],
+          "toDecrypt": [
+            {
+              // path to object with encryption fields in response JSON.
+              // use "$" for the root of the JSON.
+              "element": "path.to.element.to.be.decrypted", 
+
+              // path to element where decrypted fields are to be stored in the response JSON.
+              // use "$" for the root of the JSON object.
+              "obj": "path.to.decryption.output"
+            }
+          ]
+        }
+      ],
+      "oaepPaddingDigestAlgorithm": "SHA-256",
+      "dataEncoding": "hex",  // "hex" or "base64"
+      "ivFieldName": "iv",
+      "encryptedKeyFieldName": "encryptedKey",
+      "encryptedValueFieldName": "encryptedValue",
+      "oaepHashingAlgorithmFieldName": "oaepHashingAlgorithm",
+      "publicKeyFingerprintFieldName": "publicKeyFingerprint",
+      "publicKeyFingerprintType": "certificate", // "certificate" or "publicKey"
+      "publicKeyFingerprint": "0000000000000000000000000000000000000000000000000000000000000000",
+      "encryptionCertificate": "/path/to/encryption-certificate.pem",
+      "keyStore": "/path/to/decryption-keystore.p12",
+      "keyStoreAlias": "decryption-keyalias",
+      "keyStorePassword": "decryption-keystorepassword"
+    }
+  }
+}
+```
+### Mastercard Encryption Real world example  
+
+This is a real world example for an API which uses Mastercard Encryption.
+```json
+{
+  "mastercard": {
+    "consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
+    "keyAlias": "keyalias",
+    "keystoreP12Path": "/path/to/auth-keystore.p12",
+    "keystorePassword": "keystorepassword",
+    "encryptionConfig": {
+      "paths": [
+        {
+          "path": "$",
+          "toEncrypt": [
+            {
+              "element": "$",
+              "obj": "$"
+            }
+          ],
+          "toDecrypt": [
+            {
+              "element": "$",
+              "obj": "$"
+            }
+          ]
+        }
+      ],
+      "oaepPaddingDigestAlgorithm": "SHA-256",
+      "dataEncoding": "base64",
+      "ivFieldName": "iv",
+      "encryptedKeyFieldName": "encryptedKey",
+      "encryptedValueFieldName": "encryptedValue",
+      "oaepHashingAlgorithmFieldName": "oaepPaddingDigestAlgorithm",
+      "publicKeyFingerprintFieldName": "publicKeyFingerprint",
+      "publicKeyFingerprintType": "certificate",
+      "publicKeyFingerprint": "0000000000000000000000000000000000000000000000000000000000000000",
+      "encryptionCertificate": "/path/to/encryption-certificate.pem",
+      "keyStore": "/path/to/decryption-keystore.p12",
+      "keyStoreAlias": "decryption-keyalias",
+      "keyStorePassword": "decryption-keystorepassword"
+    }
+  }
+}
+```
+
+## JWE Encryption
+```json
+{
+  "mastercard": {
+    "consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
+    "keyAlias": "keyalias",
+    "keystoreP12Path": "/path/to/auth-keystore.p12",
+    "keystorePassword": "keystorepassword",
+
+    // domains to which this config should be applied to.
+    "appliesTo": [
+      "mastercard.com"
+    ],
+
+    "encryptionConfig": {
+      "paths": [
+        {
+          "path": "/*",
+          "toEncrypt": [
+            {
+              // path to the element to be encrypted in request JSON.
+              // use "$" for encrypting the whole request.
+              "element": "path.to.element.to.be.encrypted",
+              // path to object where encryption fields are to be stored in request JSON.
+              // use "$ for the root of the JSON object.
+              "obj": "path.to.encrypted.output.element"
+            }
+          ],
+          "toDecrypt": [
+            {
+              // path to object with encryption fields in response JSON.
+              // use "$ for the root of the JSON.
+              "element": "path.to.element.to.be.decrypted", 
+
+              // path to element where decrypted fields are to be stored in the response JSON.
+              // use "$" for the root of the JSON object.
+              "obj": "path.to.decryption.output"
+            }
+          ]
+        }
+      ],
+      "mode": "JWE",
+      "encryptedValueFieldName": "encryptedData",
+      "encryptionCertificate": "/path/to/encryption-certificate.pem",
+      "keyStore": "/path/to/decryption-keystore.p12",
+      "keyStoreAlias": "decryption-keyalias",
+      "keyStorePassword": "decryption-keystorepassword"
+    }
+  }
+}
+```
+
+### JWE Encryption Real World Example
+This is a real world example for an API which uses JWE Encryption.
+```json
+{
+	"mastercard": {
+		"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
+		"keyAlias": "keyalias",
+		"keystoreP12Path": "/path/to/auth-keystore.p12",
+		"keystorePassword": "keystorepassword",
+		"appliesTo": [
+			"mastercard.com"
+		],
+		"encryptionConfig": {
+			"paths": [
+				{
+					"path": "/*",
+					"toEncrypt": [
+						{
+							"element": "sensitiveData",
+							"obj": "encryptedValue"
+						}
+					],
+					"toDecrypt": [
+						{
+							"element": "encryptedValue",
+							"obj": "sensitiveData"
+						}
+					]
+				}
+			],
+			"mode": "JWE",
+			"encryptedValueFieldName": "encryptedValue",
+			"encryptionCertificate": "/path/to/encryption-certificate.pem",
+			"keyStore": "/path/to/decryption-keystore.p12",
+			"keyStoreAlias": "keyalias",
+			"keyStorePassword": "keystorepassword"
+		}
+	}
+}
+```
+
+## Notes
+Instead of providing the `keyStore`, `keyStoreAlias` and `keyStorePassword`,
+```json
+{
+  "mastercard": {
+    // ... //
+    "encryptionConfig": {
+      // ... //
+      "encryptionCertificate": "/path/to/encryption-certificate.pem",
+      "keyStore": "/path/to/decryption-keystore.p12",
+      "keyStoreAlias": "decryption-keyalias",
+      "keyStorePassword": "decryption-keystorepassword"
+    }
+  }
+}
+```
+you can also directly provide the `privateKey` from the decryption key store:
+```json
+{
+  "mastercard": {
+    // ... //
+    "encryptionConfig": {
+      // ... //
+      "encryptionCertificate": "/path/to/encryption-certificate.pem",
+      "privateKey": "/path/to/private/key"
+    }
+  }
+}
+```
+