DigitalData.Core/DigitalData.Core.Security/Services/RSAFactory.cs

using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config;
using DigitalData.Core.Security.RSAKey;
using System.Security.Cryptography;

namespace DigitalData.Core.Security.Services;

public class RSAFactory : IAsymmetricKeyFactory
{
    public static readonly RSAFactory Static = new();

    public string CreatePrivateKeyPem(int? keySizeInBits = null, bool encrypt = false) => encrypt
        ? CreateEncryptedPrivateKeyPem(keySizeInBits: keySizeInBits)
        : RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportRSAPrivateKeyPem();

    public string CreateEncryptedPrivateKeyPem(
        PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
        HashAlgorithmName? hashAlgorithmName = null,
        int? iterationCount = null,
        int? keySizeInBits = null,
        string? password = null)
    {
        password ??= RSAFactoryParams.Default.PbePassword;

        var pbeParameters = new PbeParameters(
                pbeEncryptionAlgorithm ?? RSAFactoryParams.Default.PbeEncryptionAlgorithm,
                hashAlgorithmName ?? RSAFactoryParams.Default.PbeHashAlgorithm,
                iterationCount ?? RSAFactoryParams.Default.PbeIterationCount);

        var encryptedPrivateKey = RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);

        var pemChars = PemEncoding.Write(RSAFactoryParams.Default.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);

        return new string(pemChars);
    }

    public string CreateEncryptedPrivateKeyPem(
        PbeParameters pbeParameters,
        int? keySizeInBits = null,
        string? password = null)
    {
        password ??= RSAFactoryParams.Default.PbePassword;

        var encryptedPrivateKey = RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);

        var pemChars = PemEncoding.Write(RSAFactoryParams.Default.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);

        return new string(pemChars);
    }

    public IAsymmetricDecryptor CreateDecryptor(string pem, string? issuer = null, string? audience = null, bool encrypt = false, RSAEncryptionPadding? padding = null) => new RSADecryptor()
    {
        Content = pem,
        IsEncrypted = encrypt,
        Padding = padding ?? RSAEncryptionPadding.OaepSHA256
    };
}