feat(AsymCryptParams): AfterCreate Ereignis für TokenDescriptions hinzugefügt.

- Eigenschaften SigningCredentials, SigningAlgorithm und SigningDigest zu TokenDescription hinzugefügt.
2024-12-20 01:16:56 +01:00 · 2024-12-20 01:16:56 +01:00 · 5469b20e4f
commit 5469b20e4f
parent 6f5b4efefb
2 changed files with 37 additions and 2 deletions
--- a/DigitalData.Core.Security/Config/AsymCryptParams.cs
+++ b/DigitalData.Core.Security/Config/AsymCryptParams.cs
@ -1,4 +1,5 @@
-using DigitalData.Core.Security.Cryptographer;
+using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Security.Cryptographer;

 namespace DigitalData.Core.Security.Config
 {
@ -59,7 +60,10 @@ namespace DigitalData.Core.Security.Config

        public RSADecryptor? Vault { get; init; }

-        public AsymCryptParams() => AfterCreate += () =>
+        public AsymCryptParams()
+        {
+            // init decryptors
+            AfterCreate += () =>
            {
                // Create root folder if it does not exist
                if (!Directory.Exists(PemDirectory))
@ -94,5 +98,19 @@ namespace DigitalData.Core.Security.Config
                    }
                }
            };
+
+            // set signing credentials of token descriptions
+            AfterCreate += () =>
+            {
+                foreach(var tDesc in TokenDescriptions)
+                {
+                    if (!Decryptors.TryGet(issuer: tDesc.Issuer, tDesc.Audience, out var decryptor) || decryptor is null)
+                        throw new InvalidOperationException(
+                            $"Decryptor for Issuer '{tDesc.Issuer}' and Audience '{tDesc.Audience}' could not be found or is null.");
+
+                    tDesc.SigningCredentials = decryptor.CreateSigningCredentials(algorithm: tDesc.SigningAlgorithm, digest: tDesc.SigningDigest);
+                }
+            };
+        }
    }
 }
--- a/DigitalData.Core.Security/Config/TokenDescription.cs
+++ b/DigitalData.Core.Security/Config/TokenDescription.cs
@ -69,5 +69,22 @@ namespace DigitalData.Core.Security.Config
        /// </remarks>
        /// </summary>
        public IDictionary<string, object> AdditionalInnerHeaderClaims { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="SigningCredentials"/> used to create a security token.
+        /// </summary>
+        public SigningCredentials SigningCredentials { get; set; }
+
+        /// <summary>
+        /// Specifies the signature algorithm to be applied to the <see cref="SigningCredentials"/>.
+        /// Default is <see cref="SecurityAlgorithms.RsaSha256"/>.
+        /// </summary>
+        public string SigningAlgorithm { get; init; } = SecurityAlgorithms.RsaSha256;
+
+        /// <summary>
+        /// Optionally specifies the digest algorithm to be applied during the signing process for the <see cref="SigningCredentials"/>.
+        /// If not provided, the default algorithm is used.
+        /// </summary>
+        public string? SigningDigest = null;
    }
 }