AppStd/DigitalData.Core
Template
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(RSAFactory): params-Abhängigkeit durch Ersetzen von params.Defaults entfernt

Browse Source
This commit is contained in:
Developer 02 2025-03-14 09:37:24 +01:00
parent 6a12ad77ec
commit 8498dc0456
3 changed files with 91 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
DigitalData.Core.Security/Config/RSAFactoryParams.cs
View File

@ -6,13 +6,13 @@ namespace DigitalData.Core.Security.Config
{ {
public class RSAFactoryParams public class RSAFactoryParams
{ {
public int KeySizeInBits { get; init; } = 2048; public int KeySizeInBits { get; init; } = Default.KeySizeInBits;
public string PbePassword { internal get; init; } = Secrets.PBE_PASSWORD; public string PbePassword { internal get; init; } = Default.PbePassword;
public PbeEncryptionAlgorithm PbeEncryptionAlgorithm { get; init; } = PbeEncryptionAlgorithm.Aes256Cbc; public PbeEncryptionAlgorithm PbeEncryptionAlgorithm { get; init; } = Default.PbeEncryptionAlgorithm;
public HashAlgorithmName PbeHashAlgorithm { get; init; } = HashAlgorithmName.SHA256; public HashAlgorithmName PbeHashAlgorithm { get; init; } = Default.PbeHashAlgorithm;
// TODO: add as json converter to IConfigurIConfiguration.Config // TODO: add as json converter to IConfigurIConfiguration.Config
public string PbeHashAlgorithmName public string PbeHashAlgorithmName
@ -23,9 +23,9 @@ namespace DigitalData.Core.Security.Config
: new(value); : new(value);
} }
public int PbeIterationCount { get; init; } = 100_000; public int PbeIterationCount { get; init; } = Default.PbeIterationCount;
public string EncryptedPrivateKeyPemLabel { get; init; } = "ENCRYPTED PRIVATE KEY"; public string EncryptedPrivateKeyPemLabel { get; init; } = Default.EncryptedPrivateKeyPemLabel;
private readonly Lazy<PbeParameters> _lazyPbeParameters; private readonly Lazy<PbeParameters> _lazyPbeParameters;
@ -36,5 +36,22 @@ namespace DigitalData.Core.Security.Config
{ {
_lazyPbeParameters = new(() => new PbeParameters(PbeEncryptionAlgorithm, PbeHashAlgorithm, PbeIterationCount)); _lazyPbeParameters = new(() => new PbeParameters(PbeEncryptionAlgorithm, PbeHashAlgorithm, PbeIterationCount));
} }
public static class Default
{
public static readonly int KeySizeInBits = 2048;
public static readonly string PbePassword = Secrets.PBE_PASSWORD;
public static readonly PbeEncryptionAlgorithm PbeEncryptionAlgorithm = PbeEncryptionAlgorithm.Aes256Cbc;
public static readonly HashAlgorithmName PbeHashAlgorithm = HashAlgorithmName.SHA256;
public static readonly int PbeIterationCount = 100_000;
public static readonly string EncryptedPrivateKeyPemLabel = "ENCRYPTED PRIVATE KEY";
public static readonly PbeParameters PbeParameters = new(PbeEncryptionAlgorithm, PbeHashAlgorithm, PbeIterationCount);
}
} }
} }

49
DigitalData.Core.Security/CryptoFactory.cs
View File

@ -4,35 +4,38 @@ using DigitalData.Core.Security.RSAKey;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
namespace DigitalData.Core.Security namespace DigitalData.Core.Security;
public class CryptoFactory : RSAFactory, ICryptoFactory, IAsymmetricKeyFactory
{ {
public class CryptoFactory : RSAFactory<CryptoFactoryParams>, ICryptoFactory, IAsymmetricKeyFactory private readonly CryptoFactoryParams _params;
public IEnumerable<IAsymmetricDecryptor> Decryptors { get; }
/// <summary>
/// It is a separate decryptor for permanently stored encrypted data. It is assigned to the first Default decryptor by default.
/// </summary>
public IAsymmetricDecryptor VaultDecryptor { get; }
public IEnumerable<IAsymmetricTokenDescriptor> TokenDescriptors { get; init; } = new List<IAsymmetricTokenDescriptor>();
public CryptoFactory(IOptions<CryptoFactoryParams> cryptoFactoryParamsOptions, ILogger<CryptoFactory>? logger = null)
{ {
public IEnumerable<IAsymmetricDecryptor> Decryptors { get; } _params = cryptoFactoryParamsOptions.Value;
/// <summary>
/// It is a separate decryptor for permanently stored encrypted data. It is assigned to the first Default decryptor by default.
/// </summary>
public IAsymmetricDecryptor VaultDecryptor { get; }
public IEnumerable<IAsymmetricTokenDescriptor> TokenDescriptors { get; init; } = new List<IAsymmetricTokenDescriptor>(); logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
public CryptoFactory(IOptions<CryptoFactoryParams> options, ILogger<CryptoFactory>? logger = null) : base(options) if (!_params.Decryptors.Any())
{ throw new InvalidOperationException(
logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy")); "Any decryptor is not found. Ensure that at least one decryptor is configured in the provided parameters. " +
"This issue typically arises if the configuration for decryptors is incomplete or missing. " +
"Check the 'Decryptors' collection in the configuration and verify that it contains valid entries."
);
if (!_params.Decryptors.Any()) Decryptors = _params.Decryptors;
throw new InvalidOperationException(
"Any decryptor is not found. Ensure that at least one decryptor is configured in the provided parameters. " +
"This issue typically arises if the configuration for decryptors is incomplete or missing. " +
"Check the 'Decryptors' collection in the configuration and verify that it contains valid entries."
);
Decryptors = _params.Decryptors; TokenDescriptors = _params.TokenDescriptors;
TokenDescriptors = _params.TokenDescriptors; VaultDecryptor = _params.VaultDecryptor ?? Decryptors.First();
VaultDecryptor = _params.VaultDecryptor ?? Decryptors.First();
}
} }
} }

95
DigitalData.Core.Security/RSAKey/RSAFactory.cs
View File

@ -1,65 +1,54 @@
using DigitalData.Core.Abstractions.Security; using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config; using DigitalData.Core.Security.Config;
using Microsoft.Extensions.Options;
using System.Security.Cryptography; using System.Security.Cryptography;
namespace DigitalData.Core.Security.RSAKey namespace DigitalData.Core.Security.RSAKey;
public class RSAFactory : IAsymmetricKeyFactory
{ {
public class RSAFactory<TRSAFactoryParams> : IAsymmetricKeyFactory where TRSAFactoryParams : RSAFactoryParams public string CreatePrivateKeyPem(int? keySizeInBits = null, bool encrypt = false) => encrypt
? CreateEncryptedPrivateKeyPem(keySizeInBits: keySizeInBits)
: RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportRSAPrivateKeyPem();
public string CreateEncryptedPrivateKeyPem(
PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
HashAlgorithmName? hashAlgorithmName = null,
int? iterationCount = null,
int? keySizeInBits = null,
string? password = null)
{ {
protected readonly TRSAFactoryParams _params; password ??= RSAFactoryParams.Default.PbePassword;
public RSAFactory(IOptions<TRSAFactoryParams> options) var pbeParameters = new PbeParameters(
{ pbeEncryptionAlgorithm ?? RSAFactoryParams.Default.PbeEncryptionAlgorithm,
_params = options.Value; hashAlgorithmName ?? RSAFactoryParams.Default.PbeHashAlgorithm,
} iterationCount ?? RSAFactoryParams.Default.PbeIterationCount);
public string CreatePrivateKeyPem(int? keySizeInBits = null, bool encrypt = false) => encrypt var encryptedPrivateKey = RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
? CreateEncryptedPrivateKeyPem(keySizeInBits: keySizeInBits)
: RSA.Create(keySizeInBits ?? _params.KeySizeInBits).ExportRSAPrivateKeyPem();
public string CreateEncryptedPrivateKeyPem( var pemChars = PemEncoding.Write(RSAFactoryParams.Default.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
HashAlgorithmName? hashAlgorithmName = null,
int? iterationCount = null,
int? keySizeInBits = null,
string? password = null)
{
password ??= _params.PbePassword;
var pbeParameters = pbeEncryptionAlgorithm is null && hashAlgorithmName is null && iterationCount is null return new string(pemChars);
? new PbeParameters(
pbeEncryptionAlgorithm ?? _params.PbeEncryptionAlgorithm,
hashAlgorithmName ?? _params.PbeHashAlgorithm,
iterationCount ?? _params.PbeIterationCount)
: _params.PbeParameters;
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? _params.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
var pemChars = PemEncoding.Write(_params.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
return new string(pemChars);
}
public string CreateEncryptedPrivateKeyPem(
PbeParameters pbeParameters,
int? keySizeInBits = null,
string? password = null)
{
password ??= _params.PbePassword;
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? _params.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
var pemChars = PemEncoding.Write(_params.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
return new string(pemChars);
}
public IAsymmetricDecryptor CreateDecryptor(string pem, string? issuer = null, string? audience = null, bool encrypt = false, RSAEncryptionPadding? padding = null) => new RSADecryptor()
{
Content = pem,
IsEncrypted = encrypt,
Padding = padding ?? RSAEncryptionPadding.OaepSHA256
};
} }
public string CreateEncryptedPrivateKeyPem(
PbeParameters pbeParameters,
int? keySizeInBits = null,
string? password = null)
{
password ??= RSAFactoryParams.Default.PbePassword;
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
var pemChars = PemEncoding.Write(RSAFactoryParams.Default.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
return new string(pemChars);
}
public IAsymmetricDecryptor CreateDecryptor(string pem, string? issuer = null, string? audience = null, bool encrypt = false, RSAEncryptionPadding? padding = null) => new RSADecryptor()
{
Content = pem,
IsEncrypted = encrypt,
Padding = padding ?? RSAEncryptionPadding.OaepSHA256
};
} }