From 0ff0de815993af3d57dbae121d18ead5f7035b49 Mon Sep 17 00:00:00 2001 From: Developer 02 Date: Wed, 20 Nov 2024 16:37:09 +0100 Subject: [PATCH] feat (CryptFactory.RSADecryptorKeyFormatter): aktualisiert, um die erforderlichen Parameter als Eingabe zu nehmen, anstatt IRSADecryptor direkt als Eingabe zu nehmen --- .../Security/ICryptFactory.cs | 14 ++++++++++- DigitalData.Core.Security/CryptFactory.cs | 24 ++++++++++++------- DigitalData.Core.Security/RSADecryptor.cs | 2 +- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/DigitalData.Core.Abstractions/Security/ICryptFactory.cs b/DigitalData.Core.Abstractions/Security/ICryptFactory.cs index d444062..186e919 100644 --- a/DigitalData.Core.Abstractions/Security/ICryptFactory.cs +++ b/DigitalData.Core.Abstractions/Security/ICryptFactory.cs @@ -18,7 +18,19 @@ namespace DigitalData.Core.Abstractions.Security string EncryptedPrivateKeyPemLabel { get; init; } - Func RSADecryptorKeyFormatter { get; } + /// + /// Gets the formatter function for generating RSA key names. + /// This formatter takes an issuer, audience, isPrivate, and optional version and separator + /// to produce a formatted string used for the key naming convention. + /// + /// A string representing the issuer of the key. It should not contain invalid file name characters or the separator. + /// A string representing the audience for which the key is intended. It should not contain invalid file name characters or the separator. + /// An bool to check if the key is private. + /// An instance of the interface, which is used to keep the version of Pbe password. + /// An optional string separator used to separate the issuer and audience. The default is "-_-". It should not be included in the issuer or audience strings. + /// A formatted string combining the issuer, audience, and separator, which adheres to valid file naming rules. + /// Thrown when the issuer, audience, or separator contains invalid characters or when the separator is present within the issuer or audience. + Func RSAKeyNameFormatter { get; } string CreateRSAPrivateKeyPem(int? keySizeInBits = null); diff --git a/DigitalData.Core.Security/CryptFactory.cs b/DigitalData.Core.Security/CryptFactory.cs index a682990..009cf2d 100644 --- a/DigitalData.Core.Security/CryptFactory.cs +++ b/DigitalData.Core.Security/CryptFactory.cs @@ -10,13 +10,13 @@ namespace DigitalData.Core.Security public IRSADecryptor this[string key] { get => _decryptors[key]; set => _decryptors[key] = value; } - public Func RSADecryptorKeyFormatter { get; } + public Func RSAKeyNameFormatter { get; } - public CryptFactory(ILogger logger, IDictionary decryptors, Func rsaDecryptorKeyFormatter) : base() + public CryptFactory(ILogger logger, IDictionary decryptors, Func rsaKeyNameFormatter) : base() { _decryptors = decryptors ?? new Dictionary(); - RSADecryptorKeyFormatter = rsaDecryptorKeyFormatter; + RSAKeyNameFormatter = rsaKeyNameFormatter; logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy")); } @@ -31,11 +31,13 @@ namespace DigitalData.Core.Security public static readonly IEnumerable KeyFileTags = new string[] { DefaultEncryptedPrivateKeyFileTag, DefaultPrivateKeyFileTag, DefaultPublicKeyFileTag }; + public static readonly string PEMFileExtension = ".pem"; + private static readonly Lazy> LazyLowerFileTags = new(() => KeyFileTags.Select(tag => tag.ToLower())); //TODO: make the validation using regex - public static string DefaultRSADecryptorKeyFormatter(IRSADecryptor decryptor, string issuer, string audience, string separator = "-_-") - { + public static string DefaultRSAKeyNameFormatter(string issuer, string audience, bool isPrivate = true, Version? passwordVersion = null, string separator = "-_-") + { void ValidateForbidden(string value, string paramName) { if (Path.GetInvalidFileNameChars().Any(value.Contains) || LazyLowerFileTags.Value.Any(tag => value.ToLower().Contains(tag))) @@ -58,12 +60,16 @@ namespace DigitalData.Core.Security var sb = new StringBuilder(issuer.Length + audience.Length + separator.Length * 2 + 20); sb.Append(issuer).Append(separator).Append(audience).Append(separator); - if (decryptor.HasEncryptedPem) - sb.Append("e-private").Append(separator).Append(decryptor.PasswordVersion); + if (passwordVersion is null && isPrivate) + sb.Append(DefaultPrivateKeyFileTag); + else if(isPrivate) + sb.Append(DefaultEncryptedPrivateKeyFileTag).Append(separator).Append(passwordVersion); + else if(passwordVersion is null) + sb.Append(DefaultPublicKeyFileTag); else - sb.Append("private"); + sb.Append(DefaultPublicKeyFileTag).Append(separator).Append(passwordVersion); - var rsaKey = sb.Append(".pem").ToString(); + var rsaKey = sb.Append(PEMFileExtension).ToString(); return rsaKey; } diff --git a/DigitalData.Core.Security/RSADecryptor.cs b/DigitalData.Core.Security/RSADecryptor.cs index 4c23da2..4e2ac03 100644 --- a/DigitalData.Core.Security/RSADecryptor.cs +++ b/DigitalData.Core.Security/RSADecryptor.cs @@ -17,7 +17,7 @@ namespace DigitalData.Core.Security private string? _password; - public Version? PasswordVersion { get; private init; } + public Version? PasswordVersion { get; private init; } = null; public bool HasEncryptedPem => _password is not null;