refactor(IAsymmetricTokenDescriptor): Erforderliche Proportionen für SecurityTokenDescriptor-Zuordnung hinzugefügt.

2025-01-09 19:16:56 +01:00 · 2025-01-09 19:16:56 +01:00 · 8acbbaeb2e
commit 8acbbaeb2e
parent 60e1ec78b3
2 changed files with 61 additions and 3 deletions
--- a/DigitalData.Core.Abstractions/Security/IAsymmetricTokenDescriptor.cs
+++ b/DigitalData.Core.Abstractions/Security/IAsymmetricTokenDescriptor.cs
@ -2,12 +2,71 @@

 namespace DigitalData.Core.Abstractions.Security
 {
+    /// <summary>
+    /// Contains some information which used to create a security token. Designed to abstract <see cref="SecurityTokenDescriptor"/>
+    /// </summary>
    public interface IAsymmetricTokenDescriptor : IAsymmetricPrivateKey, IUniqueSecurityContext
    {
        string? ApiRoute { get; }

-        SecurityKey SecurityKey { get; }
+        #region SecurityTokenDescriptor Map
+        /// <summary>
+        /// Defines the compression algorithm that will be used to compress the JWT token payload.
+        /// </summary>
+        public string CompressionAlgorithm { get; }

-        SigningCredentials SigningCredentials { get; }
+        /// <summary>
+        /// Gets or sets the <see cref="EncryptingCredentials"/> used to create a encrypted security token.
+        /// </summary>
+        public EncryptingCredentials EncryptingCredentials { get; }
+
+        /// <summary>
+        /// Gets or sets the value of the 'expiration' claim. This value should be in UTC.
+        /// </summary>
+        public DateTime? Expires { get; }
+
+        /// <summary>
+        /// Gets or sets the time the security token was issued. This value should be in UTC.
+        /// </summary>
+        public DateTime? IssuedAt { get; }
+
+        /// <summary>
+        /// Gets or sets the notbefore time for the security token. This value should be in UTC.
+        /// </summary>
+        public DateTime? NotBefore { get; }
+
+        /// <summary>
+        /// Gets or sets the token type.
+        /// <remarks> If provided, this will be added as the value for the 'typ' header parameter. In the case of a JWE, this will be added to both the inner (JWS) and the outer token (JWE) header. By default, the value used is 'JWT'.
+        /// If <see cref="AdditionalHeaderClaims"/> also contains 'typ' header claim value, it will override the TokenType provided here.
+        /// This value is used only for JWT tokens and not for SAML/SAML2 tokens</remarks>
+        /// </summary>
+        public string TokenType { get; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="Dictionary{TKey, TValue}"/> which contains any custom header claims that need to be added to the JWT token header.
+        /// The 'alg', 'kid', 'x5t', 'enc', and 'zip' claims are added by default based on the <see cref="SigningCredentials"/>,
+        /// <see cref="EncryptingCredentials"/>, and/or <see cref="CompressionAlgorithm"/> provided and SHOULD NOT be included in this dictionary as this
+        /// will result in an exception being thrown. 
+        /// <remarks> These claims are only added to the outer header (in case of a JWE).</remarks>
+        /// </summary>
+        public IDictionary<string, object> AdditionalHeaderClaims { get; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="Dictionary{TKey, TValue}"/> which contains any custom header claims that need to be added to the inner JWT token header.
+        /// The 'alg', 'kid', 'x5t', 'enc', and 'zip' claims are added by default based on the <see cref="SigningCredentials"/>,
+        /// <see cref="EncryptingCredentials"/>, and/or <see cref="CompressionAlgorithm"/> provided and SHOULD NOT be included in this dictionary as this
+        /// will result in an exception being thrown. 
+        /// <remarks>
+        /// For JsonWebTokenHandler, these claims are merged with <see cref="AdditionalHeaderClaims"/> while adding to the inner JWT header.
+        /// </remarks>
+        /// </summary>
+        public IDictionary<string, object> AdditionalInnerHeaderClaims { get; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="SigningCredentials"/> used to create a security token.
+        /// </summary>
+        public SigningCredentials SigningCredentials { get; }
+        #endregion SecurityTokenDescriptor
    }
 }
--- a/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
+++ b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
@ -1,6 +1,5 @@
 using DigitalData.Core.Abstractions.Security;
 using Microsoft.IdentityModel.Tokens;
-using System.Security.Cryptography;

 namespace DigitalData.Core.Security.RSAKey
 {