eelke
07393f57fc
Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: #6
22 lines
No EOL
846 B
C#
22 lines
No EOL
846 B
C#
using FluentValidation;
|
|
using IdentityShroud.Core.Contracts;
|
|
|
|
namespace IdentityShroud.Api;
|
|
|
|
public class ClientCreateRequestValidator : AbstractValidator<ClientCreateRequest>
|
|
{
|
|
// most of standard ascii minus the control characters and space
|
|
private const string ClientIdPattern = "^[\x21-\x7E]+";
|
|
|
|
private string[] AllowedAlgorithms = [ "RS256", "ES256" ];
|
|
|
|
public ClientCreateRequestValidator()
|
|
{
|
|
RuleFor(e => e.ClientId).NotEmpty().MaximumLength(40).Matches(ClientIdPattern);
|
|
RuleFor(e => e.Name).MaximumLength(80);
|
|
RuleFor(e => e.Description).MaximumLength(2048);
|
|
RuleFor(e => e.SignatureAlgorithm)
|
|
.Must(v => v is null || AllowedAlgorithms.Contains(v))
|
|
.WithMessage($"SignatureAlgorithm must be one of {string.Join(", ", AllowedAlgorithms)} or null");
|
|
}
|
|
} |