feat(AsymCryptParams): AfterCreate Ereignis für TokenDescriptions hinzugefügt.

- Eigenschaften SigningCredentials, SigningAlgorithm und SigningDigest zu TokenDescription hinzugefügt.
2024-12-20 01:16:56 +01:00 · 2024-12-20 01:16:56 +01:00 · 5469b20e4f
commit 5469b20e4f
parent 6f5b4efefb
2 changed files with 37 additions and 2 deletions
--- a/DigitalData.Core.Security/Config/AsymCryptParams.cs
+++ b/DigitalData.Core.Security/Config/AsymCryptParams.cs
@ -1,4 +1,5 @@
-using DigitalData.Core.Security.Cryptographer;
+using DigitalData.Core.Abstractions.Security;
 using DigitalData.Core.Security.Cryptographer;
 namespace DigitalData.Core.Security.Config
 {
@ -59,7 +60,10 @@ namespace DigitalData.Core.Security.Config
        public RSADecryptor? Vault { get; init; }
-        public AsymCryptParams() => AfterCreate += () =>
+        public AsymCryptParams()
        {
            // init decryptors
            AfterCreate += () =>
            {
                // Create root folder if it does not exist
                if (!Directory.Exists(PemDirectory))
@ -94,5 +98,19 @@ namespace DigitalData.Core.Security.Config
                    }
                }
            };
            // set signing credentials of token descriptions
            AfterCreate += () =>
            {
                foreach(var tDesc in TokenDescriptions)
                {
                    if (!Decryptors.TryGet(issuer: tDesc.Issuer, tDesc.Audience, out var decryptor) || decryptor is null)
                        throw new InvalidOperationException(
                            $"Decryptor for Issuer '{tDesc.Issuer}' and Audience '{tDesc.Audience}' could not be found or is null.");
                    tDesc.SigningCredentials = decryptor.CreateSigningCredentials(algorithm: tDesc.SigningAlgorithm, digest: tDesc.SigningDigest);
                }
            };
        }
    }
 }
--- a/DigitalData.Core.Security/Config/TokenDescription.cs
+++ b/DigitalData.Core.Security/Config/TokenDescription.cs
@ -69,5 +69,22 @@ namespace DigitalData.Core.Security.Config
        /// </remarks>
        /// </summary>
        public IDictionary<string, object> AdditionalInnerHeaderClaims { get; set; }
        /// <summary>
        /// Gets or sets the <see cref="SigningCredentials"/> used to create a security token.
        /// </summary>
        public SigningCredentials SigningCredentials { get; set; }
        /// <summary>
        /// Specifies the signature algorithm to be applied to the <see cref="SigningCredentials"/>.
        /// Default is <see cref="SecurityAlgorithms.RsaSha256"/>.
        /// </summary>
        public string SigningAlgorithm { get; init; } = SecurityAlgorithms.RsaSha256;
        /// <summary>
        /// Optionally specifies the digest algorithm to be applied during the signing process for the <see cref="SigningCredentials"/>.
        /// If not provided, the default algorithm is used.
        /// </summary>
        public string? SigningDigest = null;
    }
 }