DigitalData.Core/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs

using DigitalData.Core.Abstractions.Security;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography;

namespace DigitalData.Core.Security.RSAKey
{
    public class RSAPrivateKey : RSAKeyBase, IAsymmetricPrivateKey, IAsymmetricKey
    {
        private string? _pem;

        public override string Content
        {
#pragma warning disable CS8603 // Possible null reference return.
            get => _pem;
#pragma warning restore CS8603 // Possible null reference return.
            init
            {
                _pem = value;
                Init();
            }
        }

        public bool IsPemNull => _pem is null;

        public bool IsEncrypted { get; init; }

        private readonly Lazy<IAsymmetricPublicKey> _lazyPublicKey;

        public IAsymmetricPublicKey PublicKey => _lazyPublicKey.Value;

        private PrivateKeyTokenDescriptor? _tokenDescriptor;

        private readonly Lazy<PrivateKeyTokenDescriptor?> _descriptorInitiator;

        public PrivateKeyTokenDescriptor? TokenDescriptor { get => _descriptorInitiator.Value; init => _tokenDescriptor = value; }

        public RSAPrivateKey()
        {
            _lazyPublicKey = new(() => new RSAPublicKey()
            {
                Content = RSA.ExportRSAPublicKeyPem(),
                Padding = Padding
            });

            _descriptorInitiator = new(() =>
            {
                if(_tokenDescriptor is not null)
                {
                    _tokenDescriptor.Issuer = Issuer;
                    _tokenDescriptor.Audience = Audience;
                    _tokenDescriptor.SigningCredentials = CreateSigningCredentials();
                }
                return _tokenDescriptor;
            });
        }

        internal void SetPem(string pem)
        {
            _pem = pem;
            Init();
        }

        private void Init()
        {
            if (string.IsNullOrEmpty(_pem))
                throw PemIsNullException;

            if (IsEncrypted)
                RSA.ImportFromEncryptedPem(Content, Secrets.PBE_PASSWORD.AsSpan());
            else
                RSA.ImportFromPem(Content);
        }

        private InvalidOperationException PemIsNullException => new($"Content is null or empty. Issuer: {Issuer}, Audience: {Audience}.");

        public SigningCredentials CreateSigningCredentials(string algorithm = SecurityAlgorithms.RsaSha256, string? digest = null)
            => digest is null ? new(SecurityKey, algorithm) : new(SecurityKey, algorithm, digest);
    }
}