eelke/IdentityShroud
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek.

Browse source
This commit is contained in:
eelke 2026-02-26 16:53:02 +01:00
parent 644b005f2a
commit 650fe99990
36 changed files with 399 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

13
IdentityShroud.TestUtils/Substitutes/EncryptionServiceSubstitute.cs
View file

@ -1,18 +1,21 @@
using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Security;
namespace IdentityShroud.TestUtils.Substitutes;
public static class EncryptionServiceSubstitute
{
public static IEncryptionService CreatePassthrough()
public static KekId KeyId { get; } = KekId.NewId();
public static IDekEncryptionService CreatePassthrough()
{
var encryptionService = Substitute.For<IEncryptionService>();
var encryptionService = Substitute.For<IDekEncryptionService>();
encryptionService
.Encrypt(Arg.Any<ReadOnlyMemory<byte>>())
.Returns(x => new EncryptedValue("kid", x.ArgAt<ReadOnlyMemory<byte>>(0).ToArray()));
.Returns(x => new EncryptedDek(KeyId, x.ArgAt<ReadOnlyMemory<byte>>(0).ToArray()));
encryptionService
.Decrypt(Arg.Any<EncryptedValue>())
.Returns(x => x.ArgAt<EncryptedValue>(0).Value);
.Decrypt(Arg.Any<EncryptedDek>())
.Returns(x => x.ArgAt<EncryptedDek>(0).Value);
return encryptionService;
}
}