eelke
07393f57fc
Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: #6
28 lines
No EOL
1 KiB
C#
28 lines
No EOL
1 KiB
C#
using System.Buffers;
|
|
using System.Buffers.Text;
|
|
using System.Text.Json;
|
|
using System.Text.Json.Serialization;
|
|
|
|
namespace IdentityShroud.Core.Helpers;
|
|
|
|
public class Base64UrlConverter : JsonConverter<byte[]>
|
|
{
|
|
public override byte[] Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
|
|
{
|
|
// GetValueSpan gives you the raw UTF-8 bytes of the JSON string value
|
|
if (reader.HasValueSequence)
|
|
{
|
|
var valueSequence = reader.ValueSequence.ToArray();
|
|
return Base64Url.DecodeFromUtf8(valueSequence);
|
|
}
|
|
return Base64Url.DecodeFromUtf8(reader.ValueSpan);
|
|
}
|
|
|
|
public override void Write(Utf8JsonWriter writer, byte[] value, JsonSerializerOptions options)
|
|
{
|
|
int encodedLength = Base64Url.GetEncodedLength(value.Length);
|
|
Span<byte> buffer = encodedLength <= 256 ? stackalloc byte[encodedLength] : new byte[encodedLength];
|
|
Base64Url.EncodeToUtf8(value, buffer);
|
|
writer.WriteStringValue(buffer);
|
|
}
|
|
} |