Compare commits
5 Commits
1b210714fd
...
683b95c205
| Author | SHA1 | Date | |
|---|---|---|---|
|
683b95c205 | ||
|
|
f28b43cc06 | ||
|
|
777a8a73ac | ||
|
|
77fc06991b | ||
|
|
eeb50e837d |
@@ -4,19 +4,19 @@ namespace DigitalData.Core.Abstractions.Security
|
||||
{
|
||||
public interface ICryptFactory
|
||||
{
|
||||
public int KeySizeInBits { get; init; }
|
||||
int KeySizeInBits { get; init; }
|
||||
|
||||
public string PbePassword { init; }
|
||||
string PbePassword { init; }
|
||||
|
||||
public PbeEncryptionAlgorithm PbeEncryptionAlgorithm { get; init; }
|
||||
PbeEncryptionAlgorithm PbeEncryptionAlgorithm { get; init; }
|
||||
|
||||
public HashAlgorithmName PbeHashAlgorithmName { get; init; }
|
||||
HashAlgorithmName PbeHashAlgorithmName { get; init; }
|
||||
|
||||
public int PbeIterationCount { get; init; }
|
||||
int PbeIterationCount { get; init; }
|
||||
|
||||
public PbeParameters PbeParameters { get; }
|
||||
PbeParameters PbeParameters { get; }
|
||||
|
||||
public string EncryptedPrivateKeyPemLabel { get; init; }
|
||||
string EncryptedPrivateKeyPemLabel { get; init; }
|
||||
|
||||
string CreateRSAPrivateKeyPem(int? keySizeInBits = null);
|
||||
|
||||
@@ -26,5 +26,9 @@ namespace DigitalData.Core.Abstractions.Security
|
||||
PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
|
||||
HashAlgorithmName? hashAlgorithmName = null,
|
||||
int? iterationCount = null);
|
||||
|
||||
IRSADecryptor this[string key] { get; }
|
||||
|
||||
bool TryGetRSADecryptor(string key, out IRSADecryptor? decryptor);
|
||||
}
|
||||
}
|
||||
@@ -17,5 +17,28 @@ namespace DigitalData.Core.Security.Extensions
|
||||
|
||||
public static IRSAEncryptor? GetEncryptor(this IDictionary<string, IRSAEncryptor> pairs, string issuer, string audience)
|
||||
=> pairs.TryGetEncryptor(issuer: issuer, audience: audience, out var encryptor) ? encryptor : null;
|
||||
|
||||
public static IRSADecryptor GetRSADecryptor(this ICryptFactory factory, string issuer, string audience)
|
||||
=> factory[$"{issuer}:{audience}"];
|
||||
|
||||
public static bool TryGetRSADecryptor(this ICryptFactory factory, string issuer, string audience, out IRSADecryptor? decryptor)
|
||||
=> factory.TryGetRSADecryptor($"{issuer}:{audience}", out decryptor);
|
||||
|
||||
public static IRSAEncryptor GetRSAEncryptor(this ICryptFactory factory, string issuer, string audience)
|
||||
=> factory[$"{issuer}:{audience}"].Encryptor;
|
||||
|
||||
public static bool TryGetRSADecryptor(this ICryptFactory factory, string issuer, string audience, out IRSAEncryptor? encryptor)
|
||||
{
|
||||
if(factory.TryGetRSADecryptor($"{issuer}:{audience}", out var decryptor) && decryptor is not null)
|
||||
{
|
||||
encryptor = decryptor.Encryptor;
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
encryptor = null;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,62 +1,21 @@
|
||||
using DigitalData.Core.Abstractions.Security;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace DigitalData.Core.Security
|
||||
{
|
||||
public class CryptFactory : ICryptFactory
|
||||
public class CryptFactory : RSAFactory, ICryptFactory
|
||||
{
|
||||
private static readonly Lazy<CryptFactory> LazyInstance = new (() => new ());
|
||||
private readonly IDictionary<string, IRSADecryptor> _decryptors;
|
||||
|
||||
public static CryptFactory Instance => LazyInstance.Value;
|
||||
public IRSADecryptor this[string key] { get => _decryptors[key]; set => _decryptors[key] = value; }
|
||||
|
||||
public int KeySizeInBits { get; init; } = 2048;
|
||||
|
||||
public string PbePassword { private get; init; } = Secrets.PBE_PASSWORD;
|
||||
|
||||
public PbeEncryptionAlgorithm PbeEncryptionAlgorithm { get; init; } = PbeEncryptionAlgorithm.Aes256Cbc;
|
||||
|
||||
public HashAlgorithmName PbeHashAlgorithmName { get; init; } = HashAlgorithmName.SHA256;
|
||||
|
||||
public int PbeIterationCount { get; init; } = 100_000;
|
||||
|
||||
private readonly Lazy<PbeParameters> _lazyPbeParameters;
|
||||
|
||||
public PbeParameters PbeParameters => _lazyPbeParameters.Value;
|
||||
|
||||
public string EncryptedPrivateKeyPemLabel { get; init; } = "ENCRYPTED PRIVATE KEY";
|
||||
|
||||
public CryptFactory(ILogger<CryptFactory>? logger = null)
|
||||
public CryptFactory(ILogger<CryptFactory> logger, IDictionary<string, IRSADecryptor> decryptors) : base()
|
||||
{
|
||||
_lazyPbeParameters = new(() => new PbeParameters(PbeEncryptionAlgorithm, PbeHashAlgorithmName, PbeIterationCount));
|
||||
_decryptors = decryptors ?? new Dictionary<string, IRSADecryptor>();
|
||||
|
||||
logger?.LogInformation("CryptFactory initialized. Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
|
||||
logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
|
||||
}
|
||||
|
||||
public string CreateRSAPrivateKeyPem(int? keySizeInBits = null)
|
||||
=> RSA.Create(keySizeInBits ?? KeySizeInBits).ExportRSAPrivateKeyPem();
|
||||
|
||||
public string CreateEncryptedPrivateKeyPem(
|
||||
int? keySizeInBits = null,
|
||||
string? password = null,
|
||||
PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
|
||||
HashAlgorithmName? hashAlgorithmName = null,
|
||||
int? iterationCount = null)
|
||||
{
|
||||
password ??= PbePassword;
|
||||
|
||||
var pbeParameters = (pbeEncryptionAlgorithm is null && hashAlgorithmName is null && iterationCount is null)
|
||||
? new PbeParameters(
|
||||
pbeEncryptionAlgorithm ?? PbeEncryptionAlgorithm,
|
||||
hashAlgorithmName ?? PbeHashAlgorithmName,
|
||||
iterationCount ?? PbeIterationCount)
|
||||
: PbeParameters;
|
||||
|
||||
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
|
||||
|
||||
var pemChars = PemEncoding.Write(EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
|
||||
|
||||
return new string(pemChars);
|
||||
}
|
||||
public bool TryGetRSADecryptor(string key, out IRSADecryptor? decryptor) => _decryptors.TryGetValue(key, out decryptor);
|
||||
}
|
||||
}
|
||||
@@ -8,7 +8,7 @@ namespace DigitalData.Core.Security
|
||||
{
|
||||
public static IServiceCollection AddSecurity(this IServiceCollection services)
|
||||
{
|
||||
services.TryAddScoped<ICryptFactory>(_ => CryptFactory.Instance);
|
||||
services.TryAddScoped<ICryptFactory, CryptFactory>();
|
||||
|
||||
return services;
|
||||
}
|
||||
|
||||
@@ -10,19 +10,18 @@ namespace DigitalData.Core.Security
|
||||
|
||||
public bool IsEncrypted => Password is not null;
|
||||
|
||||
public IRSAEncryptor Encryptor
|
||||
{
|
||||
get
|
||||
{
|
||||
return new RSAEncryptor()
|
||||
{
|
||||
Pem = _rsa.ExportRSAPublicKeyPem(),
|
||||
Padding = Padding
|
||||
};
|
||||
}
|
||||
}
|
||||
private readonly Lazy<IRSAEncryptor> _lazyEncryptor;
|
||||
|
||||
internal RSADecryptor() { }
|
||||
public IRSAEncryptor Encryptor => _lazyEncryptor.Value;
|
||||
|
||||
internal RSADecryptor()
|
||||
{
|
||||
_lazyEncryptor = new(() => new RSAEncryptor()
|
||||
{
|
||||
Pem = _rsa.ExportRSAPublicKeyPem(),
|
||||
Padding = Padding
|
||||
});
|
||||
}
|
||||
|
||||
[OnDeserialized]
|
||||
private void OnDeserialized(StreamingContext context) => Init();
|
||||
|
||||
58
DigitalData.Core.Security/RSAFactory.cs
Normal file
58
DigitalData.Core.Security/RSAFactory.cs
Normal file
@@ -0,0 +1,58 @@
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace DigitalData.Core.Security
|
||||
{
|
||||
public class RSAFactory
|
||||
{
|
||||
private static readonly Lazy<RSAFactory> LazyInstance = new(() => new());
|
||||
|
||||
public static RSAFactory Static => LazyInstance.Value;
|
||||
|
||||
public int KeySizeInBits { get; init; } = 2048;
|
||||
|
||||
public string PbePassword { private get; init; } = Secrets.PBE_PASSWORD;
|
||||
|
||||
public PbeEncryptionAlgorithm PbeEncryptionAlgorithm { get; init; } = PbeEncryptionAlgorithm.Aes256Cbc;
|
||||
|
||||
public HashAlgorithmName PbeHashAlgorithmName { get; init; } = HashAlgorithmName.SHA256;
|
||||
|
||||
public int PbeIterationCount { get; init; } = 100_000;
|
||||
|
||||
private readonly Lazy<PbeParameters> _lazyPbeParameters;
|
||||
|
||||
public PbeParameters PbeParameters => _lazyPbeParameters.Value;
|
||||
|
||||
public string EncryptedPrivateKeyPemLabel { get; init; } = "ENCRYPTED PRIVATE KEY";
|
||||
|
||||
internal RSAFactory()
|
||||
{
|
||||
_lazyPbeParameters = new(() => new PbeParameters(PbeEncryptionAlgorithm, PbeHashAlgorithmName, PbeIterationCount));
|
||||
}
|
||||
|
||||
public string CreateRSAPrivateKeyPem(int? keySizeInBits = null)
|
||||
=> RSA.Create(keySizeInBits ?? KeySizeInBits).ExportRSAPrivateKeyPem();
|
||||
|
||||
public string CreateEncryptedPrivateKeyPem(
|
||||
int? keySizeInBits = null,
|
||||
string? password = null,
|
||||
PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
|
||||
HashAlgorithmName? hashAlgorithmName = null,
|
||||
int? iterationCount = null)
|
||||
{
|
||||
password ??= PbePassword;
|
||||
|
||||
var pbeParameters = (pbeEncryptionAlgorithm is null && hashAlgorithmName is null && iterationCount is null)
|
||||
? new PbeParameters(
|
||||
pbeEncryptionAlgorithm ?? PbeEncryptionAlgorithm,
|
||||
hashAlgorithmName ?? PbeHashAlgorithmName,
|
||||
iterationCount ?? PbeIterationCount)
|
||||
: PbeParameters;
|
||||
|
||||
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
|
||||
|
||||
var pemChars = PemEncoding.Write(EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
|
||||
|
||||
return new string(pemChars);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user