using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Security;

namespace IdentityShroud.Core.Services;

/// <summary>
/// 
/// </summary>
/// <param name="encryptionKey">Encryption key as base64, must be 32 bytes</param>
public class EncryptionService(string keyBase64) : IEncryptionService
{
    private readonly byte[] encryptionKey = Convert.FromBase64String(keyBase64);

    public byte[] Encrypt(byte[] plain)
    {
        return AesGcmHelper.EncryptAesGcm(plain, encryptionKey);
    }

    public byte[] Decrypt(byte[] cipher)
    {
        return AesGcmHelper.DecryptAesGcm(cipher, encryptionKey);
    }
}