azure-activedirectory-identitymodel-extensions-for-dotnet icon indicating copy to clipboard operation
azure-activedirectory-identitymodel-extensions-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

AuthenticatedEncryptionProvider is impossible to override

Open gislikonrad opened this issue 5 years ago • 3 comments

The call to GetAlgorithmParameters in the constructor throws an exception on any algorithm that isn't supported by default.

gislikonrad avatar Nov 12 '20 10:11 gislikonrad

I can see how adding this feature would be useful. I've gone ahead and labeled this as an enhancement.

mafurman avatar Nov 19 '20 00:11 mafurman

@gislikonrad would a simple virtual be enough?

brentschmaltz avatar Nov 24 '20 16:11 brentschmaltz

Technically, yes, for my use case it would be. But is it enough?

Looking at an old PR for Saml2EncryptedAssertion (#1025), you can see what had to be done in the AuthenticatedEncryptionProvider to enable AesGcm encryption. Making AuthenticatedEncryptionProvider more abstract and having a class inherit it for AesCbc encryption specifically, for example AesCbcAuthenticatedEncryptionProvider, would be the more extendable way to do this. Then, in theory, an AesGcmAuthenticatedEncryptionProvider could be implemented.

Since the current AuthenticatedEncryptionProvider is impossible to override, then I'm thinking that this wouldn't break anything.

gislikonrad avatar Nov 24 '20 18:11 gislikonrad