76 lines
2.3 KiB
C#
76 lines
2.3 KiB
C#
using StellaOps.Cryptography;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
|
|
namespace StellaOps.Configuration;
|
|
|
|
/// <summary>
|
|
/// Options governing signed ack token issuance.
|
|
/// </summary>
|
|
public sealed partial class AuthorityAckTokenOptions
|
|
{
|
|
private readonly IList<AuthoritySigningAdditionalKeyOptions> _additionalKeys =
|
|
new List<AuthoritySigningAdditionalKeyOptions>();
|
|
|
|
/// <summary>
|
|
/// Determines whether ack tokens are enabled.
|
|
/// </summary>
|
|
public bool Enabled { get; set; } = true;
|
|
|
|
/// <summary>
|
|
/// DSSE payload type used for issued ack tokens.
|
|
/// </summary>
|
|
public string PayloadType { get; set; } = "application/vnd.stellaops.notify-ack-token+json";
|
|
|
|
/// <summary>
|
|
/// Default lifetime applied to tokens when a caller omits a value.
|
|
/// </summary>
|
|
public TimeSpan DefaultLifetime { get; set; } = TimeSpan.FromMinutes(15);
|
|
|
|
/// <summary>
|
|
/// Maximum lifetime permitted for ack tokens.
|
|
/// </summary>
|
|
public TimeSpan MaxLifetime { get; set; } = TimeSpan.FromMinutes(30);
|
|
|
|
/// <summary>
|
|
/// Signing algorithm identifier (defaults to ES256).
|
|
/// </summary>
|
|
public string Algorithm { get; set; } = SignatureAlgorithms.Es256;
|
|
|
|
/// <summary>
|
|
/// Signing key source used to load ack token keys.
|
|
/// </summary>
|
|
public string KeySource { get; set; } = "file";
|
|
|
|
/// <summary>
|
|
/// Active signing key identifier (kid) for ack tokens.
|
|
/// </summary>
|
|
public string ActiveKeyId { get; set; } = string.Empty;
|
|
|
|
/// <summary>
|
|
/// Path or handle to the active key material.
|
|
/// </summary>
|
|
public string KeyPath { get; set; } = string.Empty;
|
|
|
|
/// <summary>
|
|
/// Optional crypto provider hint.
|
|
/// </summary>
|
|
public string? Provider { get; set; }
|
|
|
|
/// <summary>
|
|
/// Optional JWKS cache lifetime override for ack keys.
|
|
/// </summary>
|
|
public TimeSpan JwksCacheLifetime { get; set; } = TimeSpan.FromMinutes(5);
|
|
|
|
/// <summary>
|
|
/// Additional (retired) keys retained for verification.
|
|
/// </summary>
|
|
public IList<AuthoritySigningAdditionalKeyOptions> AdditionalKeys => _additionalKeys;
|
|
|
|
/// <summary>
|
|
/// Metadata value emitted in JWKS use field (defaults to <c>notify-ack</c>).
|
|
/// </summary>
|
|
public string KeyUse { get; set; } = "notify-ack";
|
|
|
|
}
|