| | | 1 | | using System.Collections.ObjectModel; |
| | | 2 | | |
| | | 3 | | namespace AsiBackbone.Core.Signing; |
| | | 4 | | |
| | | 5 | | /// <summary> |
| | | 6 | | /// Provides host expectations used while evaluating signature verification policy. |
| | | 7 | | /// </summary> |
| | | 8 | | /// <remarks> |
| | | 9 | | /// The context is provider-neutral. It can carry expected key references, policy identifiers, and request metadata with |
| | | 10 | | /// </remarks> |
| | | 11 | | public sealed class VerificationPolicyContext |
| | | 12 | | { |
| | 1 | 13 | | private static readonly IReadOnlyDictionary<string, string> EmptyMetadata = |
| | 1 | 14 | | new ReadOnlyDictionary<string, string>( |
| | 1 | 15 | | new Dictionary<string, string>(StringComparer.Ordinal)); |
| | | 16 | | |
| | 9 | 17 | | private VerificationPolicyContext( |
| | 9 | 18 | | string? purpose, |
| | 9 | 19 | | string? expectedKeyId, |
| | 9 | 20 | | string? expectedKeyVersion, |
| | 9 | 21 | | string? expectedPolicyVersion, |
| | 9 | 22 | | string? expectedPolicyHash, |
| | 9 | 23 | | string? requiredProvider, |
| | 9 | 24 | | string? requiredHashAlgorithm, |
| | 9 | 25 | | IReadOnlyDictionary<string, string> metadata) |
| | | 26 | | { |
| | 9 | 27 | | Purpose = NormalizeOptional(purpose); |
| | 9 | 28 | | ExpectedKeyId = NormalizeOptional(expectedKeyId); |
| | 9 | 29 | | ExpectedKeyVersion = NormalizeOptional(expectedKeyVersion); |
| | 9 | 30 | | ExpectedPolicyVersion = NormalizeOptional(expectedPolicyVersion); |
| | 9 | 31 | | ExpectedPolicyHash = NormalizeOptional(expectedPolicyHash); |
| | 9 | 32 | | RequiredProvider = NormalizeOptional(requiredProvider); |
| | 9 | 33 | | RequiredHashAlgorithm = NormalizeOptional(requiredHashAlgorithm); |
| | 9 | 34 | | Metadata = metadata; |
| | 9 | 35 | | } |
| | | 36 | | |
| | | 37 | | /// <summary> |
| | | 38 | | /// Gets a context with no additional host expectations. |
| | | 39 | | /// </summary> |
| | 28 | 40 | | public static VerificationPolicyContext Default { get; } = new(null, null, null, null, null, null, null, EmptyMetada |
| | | 41 | | |
| | | 42 | | /// <summary> |
| | | 43 | | /// Gets the host-defined verification purpose. |
| | | 44 | | /// </summary> |
| | 20 | 45 | | public string? Purpose { get; } |
| | | 46 | | |
| | | 47 | | /// <summary> |
| | | 48 | | /// Gets the expected signing key identifier, when required by host policy. |
| | | 49 | | /// </summary> |
| | 25 | 50 | | public string? ExpectedKeyId { get; } |
| | | 51 | | |
| | | 52 | | /// <summary> |
| | | 53 | | /// Gets the expected signing key version, when required by host policy. |
| | | 54 | | /// </summary> |
| | 24 | 55 | | public string? ExpectedKeyVersion { get; } |
| | | 56 | | |
| | | 57 | | /// <summary> |
| | | 58 | | /// Gets the expected policy version, when the signed metadata is expected to carry one. |
| | | 59 | | /// </summary> |
| | 21 | 60 | | public string? ExpectedPolicyVersion { get; } |
| | | 61 | | |
| | | 62 | | /// <summary> |
| | | 63 | | /// Gets the expected policy hash, when the signed metadata is expected to carry one. |
| | | 64 | | /// </summary> |
| | 20 | 65 | | public string? ExpectedPolicyHash { get; } |
| | | 66 | | |
| | | 67 | | /// <summary> |
| | | 68 | | /// Gets the required signing provider descriptor, when required by host policy. |
| | | 69 | | /// </summary> |
| | 23 | 70 | | public string? RequiredProvider { get; } |
| | | 71 | | |
| | | 72 | | /// <summary> |
| | | 73 | | /// Gets the required hash algorithm descriptor, when required by host policy. |
| | | 74 | | /// </summary> |
| | 30 | 75 | | public string? RequiredHashAlgorithm { get; } |
| | | 76 | | |
| | | 77 | | /// <summary> |
| | | 78 | | /// Gets additional provider-neutral verification request metadata. |
| | | 79 | | /// </summary> |
| | 25 | 80 | | public IReadOnlyDictionary<string, string> Metadata { get; } |
| | | 81 | | |
| | | 82 | | /// <summary> |
| | | 83 | | /// Gets a value indicating whether additional metadata is present. |
| | | 84 | | /// </summary> |
| | 3 | 85 | | public bool HasMetadata => Metadata.Count > 0; |
| | | 86 | | |
| | | 87 | | /// <summary> |
| | | 88 | | /// Creates a provider-neutral verification policy context. |
| | | 89 | | /// </summary> |
| | | 90 | | public static VerificationPolicyContext Create( |
| | | 91 | | string? purpose = null, |
| | | 92 | | string? expectedKeyId = null, |
| | | 93 | | string? expectedKeyVersion = null, |
| | | 94 | | string? expectedPolicyVersion = null, |
| | | 95 | | string? expectedPolicyHash = null, |
| | | 96 | | string? requiredProvider = null, |
| | | 97 | | string? requiredHashAlgorithm = null, |
| | | 98 | | IReadOnlyDictionary<string, string>? metadata = null) |
| | | 99 | | { |
| | 8 | 100 | | return new VerificationPolicyContext( |
| | 8 | 101 | | purpose, |
| | 8 | 102 | | expectedKeyId, |
| | 8 | 103 | | expectedKeyVersion, |
| | 8 | 104 | | expectedPolicyVersion, |
| | 8 | 105 | | expectedPolicyHash, |
| | 8 | 106 | | requiredProvider, |
| | 8 | 107 | | requiredHashAlgorithm, |
| | 8 | 108 | | NormalizeMetadata(metadata)); |
| | | 109 | | } |
| | | 110 | | |
| | | 111 | | private static string? NormalizeOptional(string? value) |
| | | 112 | | { |
| | 63 | 113 | | return string.IsNullOrWhiteSpace(value) |
| | 63 | 114 | | ? null |
| | 63 | 115 | | : value.Trim(); |
| | | 116 | | } |
| | | 117 | | |
| | | 118 | | private static IReadOnlyDictionary<string, string> NormalizeMetadata( |
| | | 119 | | IReadOnlyDictionary<string, string>? metadata) |
| | | 120 | | { |
| | 8 | 121 | | if (metadata is null || metadata.Count == 0) |
| | | 122 | | { |
| | 6 | 123 | | return EmptyMetadata; |
| | | 124 | | } |
| | | 125 | | |
| | 2 | 126 | | Dictionary<string, string> normalizedMetadata = new(StringComparer.Ordinal); |
| | | 127 | | |
| | 12 | 128 | | foreach (KeyValuePair<string, string> item in metadata) |
| | | 129 | | { |
| | 4 | 130 | | if (string.IsNullOrWhiteSpace(item.Key)) |
| | | 131 | | { |
| | | 132 | | continue; |
| | | 133 | | } |
| | | 134 | | |
| | 2 | 135 | | normalizedMetadata[item.Key.Trim()] = item.Value?.Trim() ?? string.Empty; |
| | | 136 | | } |
| | | 137 | | |
| | 2 | 138 | | return normalizedMetadata.Count == 0 |
| | 2 | 139 | | ? EmptyMetadata |
| | 2 | 140 | | : new ReadOnlyDictionary<string, string>(normalizedMetadata); |
| | | 141 | | } |
| | | 142 | | } |