using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Security;

namespace IdentityShroud.Core.Services;

/// <summary>
/// 
/// </summary>
public class EncryptionService : IEncryptionService
{
    private readonly byte[] encryptionKey;

    /// <summary>
    /// For easier usage in 
    /// </summary>
    /// <param name="encryptionKey">Encryption key as base64, must be 32 bytes</param>
    // public EncryptionService(string keyBase64)
    // {
    //     encryptionKey = Convert.FromBase64String(keyBase64);
    // }

    public EncryptionService(ISecretProvider secretProvider)
    {
        encryptionKey = Convert.FromBase64String(secretProvider.GetSecret("Master"));
    }

    public byte[] Encrypt(byte[] plain)
    {
        return AesGcmHelper.EncryptAesGcm(plain, encryptionKey);
    }

    public byte[] Decrypt(byte[] cipher)
    {
        return AesGcmHelper.DecryptAesGcm(cipher, encryptionKey);
    }
}