using StellaOps.Cryptography; using System; using System.Collections.Generic; namespace StellaOps.Configuration; ///

/// Options governing signed ack token issuance. ///

public sealed partial class AuthorityAckTokenOptions { private readonly IList _additionalKeys = new List(); ///

/// Determines whether ack tokens are enabled. ///

public bool Enabled { get; set; } = true; ///

/// DSSE payload type used for issued ack tokens. ///

public string PayloadType { get; set; } = "application/vnd.stellaops.notify-ack-token+json"; ///

/// Default lifetime applied to tokens when a caller omits a value. ///

public TimeSpan DefaultLifetime { get; set; } = TimeSpan.FromMinutes(15); ///

/// Maximum lifetime permitted for ack tokens. ///

public TimeSpan MaxLifetime { get; set; } = TimeSpan.FromMinutes(30); ///

/// Signing algorithm identifier (defaults to ES256). ///

public string Algorithm { get; set; } = SignatureAlgorithms.Es256; ///

/// Signing key source used to load ack token keys. ///

public string KeySource { get; set; } = "file"; ///

/// Active signing key identifier (kid) for ack tokens. ///

public string ActiveKeyId { get; set; } = string.Empty; ///

/// Path or handle to the active key material. ///

public string KeyPath { get; set; } = string.Empty; ///

/// Optional crypto provider hint. ///

public string? Provider { get; set; } ///

/// Optional JWKS cache lifetime override for ack keys. ///

public TimeSpan JwksCacheLifetime { get; set; } = TimeSpan.FromMinutes(5); ///

/// Additional (retired) keys retained for verification. ///

public IList AdditionalKeys => _additionalKeys; ///

/// Metadata value emitted in JWKS use field (defaults to notify-ack). ///

public string KeyUse { get; set; } = "notify-ack"; }