From 4aacc3f650ed4f8dc3ddbd9049987299bfa1bcde Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Mon, 16 Dec 2024 12:56:30 +0100
Subject: [PATCH] =?UTF-8?q?feat(AsymCryptService):=20Vault.get=20RSADecryp?=
 =?UTF-8?q?tor=20hinzugef=C3=BCgt=20=20-=20Optionen=20aktualisiert,=20um?=
 =?UTF-8?q?=20Vault-Parameter=20hinzuf=C3=BCgen=20zu=20k=C3=B6nnen.=20Wenn?=
 =?UTF-8?q?=20es=20null=20ist,=20ist=20Vault=20der=20erste=20Entschl=C3=BC?=
 =?UTF-8?q?sseler.=20=20-=20Standard-Entschl=C3=BCssler=20entfernt.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Security/IAsymCryptService.cs             |  2 +-
 DigitalData.Core.Security/AsymCryptService.cs | 25 +++++++++++++------
 .../Config/AsymCryptParams.cs                 |  2 ++
 .../Cryptographer/RSACryptographer.cs         |  1 +
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs b/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs
index 9e71c3a..0f85ab1 100644
--- a/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs
+++ b/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs
@@ -4,7 +4,7 @@
     {
         IEnumerable<IRSADecryptor> Decryptors { get; }
 
-        IRSADecryptor Default { get; }
+        IRSADecryptor Vault { get; }
 
         IRSADecryptor this[string key] { get; }
 
diff --git a/DigitalData.Core.Security/AsymCryptService.cs b/DigitalData.Core.Security/AsymCryptService.cs
index e5d24a4..3eafa0a 100644
--- a/DigitalData.Core.Security/AsymCryptService.cs
+++ b/DigitalData.Core.Security/AsymCryptService.cs
@@ -10,14 +10,12 @@ namespace DigitalData.Core.Security
     public class AsymCryptService<TAsymCryptParams> : RSAFactory<TAsymCryptParams>, IAsymCryptService<TAsymCryptParams>, IRSAFactory<TAsymCryptParams>, IEnumerable<IRSADecryptor>
         where TAsymCryptParams : AsymCryptParams
     {
-        public IEnumerable<IRSADecryptor> Decryptors => _params.Decryptors;
-
-        public IRSADecryptor Default => Decryptors.FirstOrDefault()
-            ?? throw new InvalidOperationException(
-                "No default decryptor is available. Ensure that at least one decryptor is configured in the provided parameters. " +
-                "This issue typically arises if the configuration for decryptors is incomplete or missing. " +
-                "Check the 'Decryptors' collection in the configuration and verify that it contains valid entries."
-            );
+        public IEnumerable<IRSADecryptor> Decryptors { get; }
+        
+        /// <summary>
+        /// It is a separate decryptor for permanently stored encrypted data. It is assigned to the first Default decryptor by default.
+        /// </summary>
+        public IRSADecryptor Vault { get; }
 
         public IRSADecryptor this[string key]
         {
@@ -36,6 +34,17 @@ namespace DigitalData.Core.Security
         public AsymCryptService(IOptions<TAsymCryptParams> options, ILogger<AsymCryptService<TAsymCryptParams>>? logger = null) : base(options)
         {
             logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
+
+            if (!_params.Decryptors.Any())
+                throw new InvalidOperationException(
+                    "Any decryptor is not found. Ensure that at least one decryptor is configured in the provided parameters. " +
+                    "This issue typically arises if the configuration for decryptors is incomplete or missing. " +
+                    "Check the 'Decryptors' collection in the configuration and verify that it contains valid entries."
+                );
+
+            Decryptors = _params.Decryptors;
+
+            Vault = _params.Vault ?? Decryptors.First();
         }
 
         public IEnumerator<IRSADecryptor> GetEnumerator() => Decryptors.GetEnumerator();
diff --git a/DigitalData.Core.Security/Config/AsymCryptParams.cs b/DigitalData.Core.Security/Config/AsymCryptParams.cs
index c8befa1..fc4ce19 100644
--- a/DigitalData.Core.Security/Config/AsymCryptParams.cs
+++ b/DigitalData.Core.Security/Config/AsymCryptParams.cs
@@ -36,6 +36,8 @@ namespace DigitalData.Core.Security.Config
 
         public IEnumerable<RSADecryptor> Decryptors { get; init; } = new List<RSADecryptor>();
 
+        public RSADecryptor? Vault { get; init; }
+
         public override void OnDeserialized()
         {
             base.OnDeserialized();
diff --git a/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs b/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs
index ac438f5..a32d484 100644
--- a/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs
+++ b/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs
@@ -3,6 +3,7 @@ using System.Security.Cryptography;
 
 namespace DigitalData.Core.Security.Cryptographer
 {
+    //TODO: Abstract RSA for future updates (using ECC, El Gamal or Lattice-based Cryptography)
     public class RSACryptographer : IRSACryptographer
     {
         public virtual string Pem { get; init; }