fix(RSAFactory): Dateiname und seine Erweiterung aus der Methode DefaultRSAKeyNameFormatter entfernt

- password und PasswordVersion initter entfernt.

DigitalData.Core.Abstractions/Security/ICryptFactory.cs

@@ -18,6 +18,20 @@ namespace DigitalData.Core.Abstractions.Security
 
         string EncryptedPrivateKeyPemLabel { get; init; }
 
+        /// <summary>
+        /// Gets the formatter function for generating RSA key names.
+        /// This formatter takes an issuer, audience, isPrivate, and optional version and separator
+        /// to produce a formatted string used for the key naming convention.
+        /// </summary>
+        /// <param name="issuer">A string representing the issuer of the key. It should not contain invalid file name characters or the separator.</param>
+        /// <param name="audience">A string representing the audience for which the key is intended. It should not contain invalid file name characters or the separator.</param>
+        /// <param name="isPrivate">An bool to check if the key is private.</param>
+        /// <param name="version">An instance of the <see cref="Version?"/> interface, which is used to keep the version of Pbe password.</param>
+        /// <param name="separator">An optional string separator used to separate the issuer and audience. The default is "-_-". It should not be included in the issuer or audience strings.</param>
+        /// <returns>A formatted string combining the issuer, audience, and separator, which adheres to valid file naming rules.</returns>
+        /// <exception cref="ArgumentException">Thrown when the issuer, audience, or separator contains invalid characters or when the separator is present within the issuer or audience.</exception>
+        Func<string, string, bool, Version?, string?, string> RSAKeyNameFormatter { get; }
+
         string CreateRSAPrivateKeyPem(int? keySizeInBits = null);
 
         string CreateEncryptedPrivateKeyPem(

DigitalData.Core.Abstractions/Security/IRSADecryptor.cs

@@ -2,12 +2,16 @@
 {
     public interface IRSADecryptor : IRSACryptographer
     {
-        public string? Password { get; init; }
+        (string Value, Version Version) VersionedPassword { init; }
 
-        public IRSAEncryptor Encryptor { get; }
+        Version? PasswordVersion { get; }
 
-        public byte[] Decrypt(byte[] data);
+        bool HasEncryptedPem { get; }
 
-        public string Decrypt(string data);
+        IRSAEncryptor Encryptor { get; }
+
+        byte[] Decrypt(byte[] data);
+
+        string Decrypt(string data);
     }
 }

DigitalData.Core.Security.Extensions/RSAExtensions.cs

@@ -1,4 +1,5 @@
 using DigitalData.Core.Abstractions.Security;
+using System.Collections.Concurrent;
 using System.Security.Cryptography;
 
 namespace DigitalData.Core.Security.Extensions
@@ -12,32 +13,53 @@ namespace DigitalData.Core.Security.Extensions
             return rsa;
         }
 
-        public static bool TryGetEncryptor(this IDictionary<string, IRSAEncryptor> pairs, string issuer, string audience, out IRSAEncryptor? encryptor) 
+        public static IRSADecryptor GetRSADecryptor(this ICryptFactory factory, string issuer, string audience, Version? version = null, string? seperator = null)
-            => pairs.TryGetValue($"{issuer}:{audience}", out encryptor);
+            => factory[factory.RSAKeyNameFormatter(issuer, audience, true, version, seperator)];
 
-        public static IRSAEncryptor? GetEncryptor(this IDictionary<string, IRSAEncryptor> pairs, string issuer, string audience) 
+        public static bool TryGetRSADecryptor(this ICryptFactory factory, string issuer, string audience, out IRSADecryptor? decryptor, Version? version = null, string? seperator = null)
-            => pairs.TryGetEncryptor(issuer: issuer, audience: audience, out var encryptor) ? encryptor : null;
+            => factory.TryGetRSADecryptor(factory.RSAKeyNameFormatter(issuer, audience, true, version, seperator), out decryptor);
 
-        public static IRSADecryptor GetRSADecryptor(this ICryptFactory factory, string issuer, string audience)
+        private static string CreatePath(string filename, string? directory = null)
-            => factory[$"{issuer}:{audience}"];
-
-        public static bool TryGetRSADecryptor(this ICryptFactory factory, string issuer, string audience, out IRSADecryptor? decryptor)
-            => factory.TryGetRSADecryptor($"{issuer}:{audience}", out decryptor);
-
-        public static IRSAEncryptor GetRSAEncryptor(this ICryptFactory factory, string issuer, string audience)
-            => factory[$"{issuer}:{audience}"].Encryptor;
-
-        public static bool TryGetRSADecryptor(this ICryptFactory factory, string issuer, string audience, out IRSAEncryptor? encryptor)
         {
-            if(factory.TryGetRSADecryptor($"{issuer}:{audience}", out var decryptor) && decryptor is not null)
+            directory ??= Environment.CurrentDirectory;
+
+            if (!Directory.Exists(directory))
             {
-                encryptor = decryptor.Encryptor;
+                Directory.CreateDirectory(directory);
-                return true;
             }
-            else
+
+            return Path.Combine(directory, $"{filename}.pem");
+        }
+
+        private static readonly ConcurrentDictionary<string, SemaphoreSlim> FileLocks = new();
+
+        public static void SavePem(this IRSACryptographer decryptor, string key, string? directory = null)
         {
-                encryptor = null;
+            var filePath = CreatePath(filename: key, directory : directory);
-                return false;
+            var fileLock = FileLocks.GetOrAdd(filePath, _ => new (1, 1));
+            fileLock.Wait();
+            try
+            {
+                File.WriteAllText(filePath, decryptor.Pem);
+            }
+            finally
+            {
+                fileLock.Release();
+            }
+        }
+
+        public static async Task SavePemAsync(this IRSACryptographer decryptor, string key, string? directory = null)
+        {
+            var filePath = CreatePath(filename: key, directory: directory);
+            var fileLock = FileLocks.GetOrAdd(filePath, _ => new (1, 1));
+            await fileLock.WaitAsync();
+            try
+            {
+                await File.WriteAllTextAsync(filePath, decryptor.Pem);
+            }
+            finally
+            {
+                fileLock.Release();
             }
         }
     }

DigitalData.Core.Security/CryptFactory.cs

@@ -9,10 +9,14 @@ namespace DigitalData.Core.Security
 
         public IRSADecryptor this[string key] { get => _decryptors[key]; set => _decryptors[key] = value; }
 
-        public CryptFactory(ILogger<CryptFactory> logger, IDictionary<string, IRSADecryptor> decryptors) : base()
+        public Func<string, string, bool, Version?, string?, string> RSAKeyNameFormatter { get; }
+
+        public CryptFactory(ILogger<CryptFactory> logger, IDictionary<string, IRSADecryptor> decryptors, Func<string, string, bool, Version?, string?, string> rsaKeyNameFormatter) : base()
         {
             _decryptors = decryptors ?? new Dictionary<string, IRSADecryptor>();
 
+            RSAKeyNameFormatter = rsaKeyNameFormatter;
+
             logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
         }
 

DigitalData.Core.Security/RSACryptographer.cs

@@ -9,7 +9,7 @@ namespace DigitalData.Core.Security
 
         public RSAEncryptionPadding Padding { get; init; } = RSAEncryptionPadding.OaepSHA256;
 
-        protected readonly RSA _rsa = RSA.Create();
+        protected virtual RSA RSA { get; } = RSA.Create();
 
         internal RSACryptographer() { }
     }

DigitalData.Core.Security/RSADecryptor.cs

@@ -1,46 +1,58 @@
 using DigitalData.Core.Abstractions.Security;
 using DigitalData.Core.Security.Extensions;
-using System.Runtime.Serialization;
+using System.Security.Cryptography;
 
 namespace DigitalData.Core.Security
 {
     public class RSADecryptor : RSACryptographer, IRSADecryptor, IRSACryptographer
     {
-        public string? Password { get; init; }
+        public (string Value, Version Version) VersionedPassword
+        {
+            init
+            {
+                _password = value.Value;
+                PasswordVersion = value.Version;
+            }
+        }
 
-        public bool IsEncrypted => Password is not null;
+        private string? _password;
+
+        public Version? PasswordVersion { get; private init; } = null;
+
+        public bool HasEncryptedPem => _password is not null;
+
+        public bool IsEncrypted => _password is not null;
 
         private readonly Lazy<IRSAEncryptor> _lazyEncryptor;
 
         public IRSAEncryptor Encryptor => _lazyEncryptor.Value;
 
-        internal RSADecryptor() 
+        private readonly Lazy<RSA> lazyRSA;
+
+        protected override RSA RSA => lazyRSA.Value;
+
+        public RSADecryptor() 
         {
             _lazyEncryptor = new(() => new RSAEncryptor()
             {
-                Pem = _rsa.ExportRSAPublicKeyPem(),
+                Pem = RSA.ExportRSAPublicKeyPem(),
                 Padding = Padding
             });
+
+            lazyRSA = new(() =>
+            {
+                var rsa = RSA.Create();
+                if (_password is null)
+                    RSA.ImportFromPem(Pem);
+                else
+                    RSA.ImportFromEncryptedPem(Pem, _password.AsSpan());
+
+                return rsa;
+            });
         }
         
-        [OnDeserialized]
+        public byte[] Decrypt(byte[] data) => RSA.Decrypt(data, Padding);
-        private void OnDeserialized(StreamingContext context) => Init();
 
-        private IRSADecryptor Init()
+        public string Decrypt(string data) => RSA.Decrypt(data.Base64ToByte(), Padding).BytesToString();
-        {
-            if (string.IsNullOrWhiteSpace(Pem))
-                throw new InvalidOperationException("Pem cannot be null or empty.");
-
-            if (Password is null)
-                _rsa.ImportFromPem(Pem);
-            else
-                _rsa.ImportFromEncryptedPem(Pem, Password.AsSpan());
-
-            return this;
-        }
-
-        public byte[] Decrypt(byte[] data) => _rsa.Decrypt(data, Padding);
-
-        public string Decrypt(string data) => _rsa.Decrypt(data.Base64ToByte(), Padding).BytesToString();
     }
 }

DigitalData.Core.Security/RSAEncryptor.cs

@@ -10,17 +10,14 @@ namespace DigitalData.Core.Security
             get => base.Pem;            
             init
             {
-                if (string.IsNullOrWhiteSpace(Pem))
+                RSA.ImportFromPem(base.Pem);
-                    throw new InvalidOperationException("Pem cannot be null or empty.");
-
-                _rsa.ImportFromPem(base.Pem);
                 base.Pem = value;
             }
         }
 
-        public byte[] Encrypt(byte[] data) => _rsa.Encrypt(data, Padding);
+        public byte[] Encrypt(byte[] data) => RSA.Encrypt(data, Padding);
 
-        public string Encrypt(string data) => _rsa.Encrypt(data.Base64ToByte(), Padding).BytesToString();
+        public string Encrypt(string data) => RSA.Encrypt(data.Base64ToByte(), Padding).BytesToString();
 
         public bool Verify(string data, string signature) => Encrypt(data) == signature;
     }

DigitalData.Core.Security/RSAFactory.cs

@@ -1,4 +1,5 @@
 using System.Security.Cryptography;
+using System.Text;
 
 namespace DigitalData.Core.Security
 {
@@ -8,6 +9,57 @@ namespace DigitalData.Core.Security
 
         public static RSAFactory Static => LazyInstance.Value;
 
+        public static readonly string DefaultEncryptedPrivateKeyFileTag = "enc-private";
+
+        public static readonly string DefaultPrivateKeyFileTag = "private";
+
+        public static readonly string DefaultPublicKeyFileTag = "public";
+
+        public static readonly IEnumerable<string> KeyFileTags = new string[] { DefaultEncryptedPrivateKeyFileTag, DefaultPrivateKeyFileTag, DefaultPublicKeyFileTag };
+
+        private static readonly Lazy<IEnumerable<string>> LazyLowerFileTags = new(() => KeyFileTags.Select(tag => tag.ToLower()));
+
+        public static readonly string DefaultRSAKeyNameSeparator = "-_-";
+
+        //TODO: make the validation using regex
+        public static string DefaultRSAKeyNameFormatter(string issuer, string audience, bool isPrivate = true, Version? passwordVersion = null, string? separator = null)
+        {
+            separator ??= DefaultRSAKeyNameSeparator;
+
+            void ValidateForbidden(string value, string paramName)
+            {
+                if (Path.GetInvalidFileNameChars().Any(value.Contains) || LazyLowerFileTags.Value.Any(tag => value.ToLower().Contains(tag)))
+                    throw new ArgumentException($"RSA decryptor key name creation is forbidden. The {paramName} contains forbidden characters that are not allowed in file naming.", paramName);
+            }
+
+            static void ValidateSeparator(string value, string paramName, string separator)
+            {
+                if (value.Contains(separator))
+                    throw new ArgumentException($"RSA decryptor key name creation is forbidden. The {paramName} contains separator characters ({separator}) that are not allowed in file naming.", paramName);
+            }
+
+            ValidateForbidden(issuer, nameof(issuer));
+            ValidateForbidden(audience, nameof(audience));
+            ValidateForbidden(separator, nameof(separator));
+
+            ValidateSeparator(issuer, nameof(issuer), separator);
+            ValidateSeparator(audience, nameof(audience), separator);
+
+            var sb = new StringBuilder(issuer.Length + audience.Length + separator.Length * 2 + 20);
+            sb.Append(issuer).Append(separator).Append(audience).Append(separator);
+
+            if (passwordVersion is null && isPrivate)
+                sb.Append(DefaultPrivateKeyFileTag);
+            else if (isPrivate)
+                sb.Append(DefaultEncryptedPrivateKeyFileTag).Append(separator).Append(passwordVersion);
+            else if (passwordVersion is null)
+                sb.Append(DefaultPublicKeyFileTag);
+            else
+                sb.Append(DefaultPublicKeyFileTag).Append(separator).Append(passwordVersion);
+
+            return sb.ToString();
+        }
+
         public int KeySizeInBits { get; init; } = 2048;
 
         public string PbePassword { private get; init; } = Secrets.PBE_PASSWORD;