eelke/IdentityShroud
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Implement jwks endpoint and add test for it.

Browse source 
This also let to some improvements/cleanups of the other tests and fixtures.
This commit is contained in:
eelke 2026-02-15 19:06:09 +01:00
parent a80c133e2a
commit ccb06b260c
24 changed files with 353 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

23
IdentityShroud.Core/Security/AesGcmHelper.cs
View file

@ -7,14 +7,22 @@ public static class AesGcmHelper
public static byte[] EncryptAesGcm(byte[] plaintext, byte[] key)
{
using var aes = new AesGcm(key);
byte[] nonce = RandomNumberGenerator.GetBytes(AesGcm.NonceByteSizes.MaxSize);
byte[] ciphertext = new byte[plaintext.Length];
byte[] tag = new byte[AesGcm.TagByteSizes.MaxSize];
int tagSize = AesGcm.TagByteSizes.MaxSize;
using var aes = new AesGcm(key, tagSize);
Span<byte> nonce = stackalloc byte[AesGcm.NonceByteSizes.MaxSize];
RandomNumberGenerator.Fill(nonce);
Span<byte> ciphertext = stackalloc byte[plaintext.Length];
Span<byte> tag = stackalloc byte[tagSize];
aes.Encrypt(nonce, plaintext, ciphertext, tag);
// Return concatenated nonce|ciphertext|tag (or store separately)
return nonce.Concat(ciphertext).Concat(tag).ToArray();
// Return concatenated nonce|ciphertext|tag
var result = new byte[nonce.Length + ciphertext.Length + tag.Length];
nonce.CopyTo(result.AsSpan(0, nonce.Length));
ciphertext.CopyTo(result.AsSpan(nonce.Length, ciphertext.Length));
tag.CopyTo(result.AsSpan(nonce.Length + ciphertext.Length, tag.Length));
return result;
}
// --------------------------------------------------------------------
@ -44,11 +52,10 @@ public static class AesGcmHelper
ReadOnlySpan<byte> nonce = new(payload, 0, nonceSize);
ReadOnlySpan<byte> ciphertext = new(payload, nonceSize, payload.Length - nonceSize - tagSize);
ReadOnlySpan<byte> tag = new(payload, payload.Length - tagSize, tagSize);
byte[] plaintext = new byte[ciphertext.Length];
using var aes = new AesGcm(key);
using var aes = new AesGcm(key, tagSize);
try
{
aes.Decrypt(nonce, ciphertext, tag, plaintext);