< Summary - Kestrun — Combined Coverage

Information
Class: Public.JWT.Protect-KrJWTPayload
Assembly: Kestrun.PowerShell.Public
File(s): /home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/JWT/Protect-KrJWTPayload.ps1
Tag: Kestrun/Kestrun@9d3a582b2d63930269564a7591aa77ef297cadeb
Line coverage
0%
Covered lines: 0
Uncovered lines: 8
Coverable lines: 8
Total lines: 109
Line coverage: 0%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100

Metrics

Method
Protect-KrJWTPayload()

File(s)

/home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/JWT/Protect-KrJWTPayload.ps1

#LineLine coverage
 1<#
 2    .SYNOPSIS
 3        Encrypts the JWT payload using a secret, PEM file, or X509 certificate.
 4
 5    .DESCRIPTION
 6        Protect-KrJWTPayload configures a JWT token builder to encrypt the payload using a variety of key sources:
 7        - Base64Url-encoded secret
 8        - Hexadecimal key
 9        - Raw byte array
 10        - PEM file containing an RSA public key
 11        - X509 certificate
 12
 13        The function ensures confidentiality of the JWT payload by applying encryption with the specified key and algori
 14
 15    .PARAMETER Builder
 16        The JWT token builder to modify.
 17
 18    .PARAMETER HexadecimalKey
 19        The hexadecimal key used to encrypt the JWT token payload.
 20
 21    .PARAMETER Base64Url
 22        The Base64Url-encoded secret used to encrypt the JWT token payload.
 23
 24    .PARAMETER KeyBytes
 25        The byte array used to encrypt the JWT token payload.
 26
 27    .PARAMETER KeyAlg
 28        The key algorithm to use for encryption (e.g., "HS256", "RS256"). Optional.
 29
 30    .PARAMETER EncAlg
 31        The encryption algorithm to use (e.g., "A256GCM"). Optional.
 32
 33    .PARAMETER PemPath
 34        The path to a PEM file containing the RSA public key for encryption.
 35
 36    .PARAMETER X509Certificate
 37        The X509 certificate used for encryption.
 38
 39    .OUTPUTS
 40        [Kestrun.Jwt.JwtTokenBuilder]
 41        Returns the modified JWT token builder with encryption applied.
 42
 43    .EXAMPLE
 44        $builder = New-KrJWTTokenBuilder | Protect-KrJWTPayload -Base64Url "your_base64_url_secret"
 45        $builder | Protect-KrJWTPayload -HexadecimalKey "a1b2c3d4e5f6"
 46        $builder | Protect-KrJWTPayload -KeyBytes (Get-Content -Path "C:\path\to\key.bin" -Encoding Byte)
 47        $builder | Protect-KrJWTPayload -KeyAlg "HS256" -EncAlg "A256GCM"
 48        $builder | Protect-KrJWTPayload -PemPath "C:\path\to\key.pem"
 49        $builder | Protect-KrJWTPayload -X509Certificate (Get-Item "C:\path\to\certificate.pfx")
 50
 51    .NOTES
 52        This function is part of the Kestrun.Jwt module and is used to build and protect JWT tokens.
 53        Internally maps to JwtTokenBuilder.EncryptWithSecretB64, EncryptWithSecretHex, EncryptWithSecret,
 54        EncryptWithPemPublic, and EncryptWithCertificate methods.
 55
 56    .LINK
 57        https://docs.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken
 58#>
 59function Protect-KrJWTPayload {
 60    [KestrunRuntimeApi('Everywhere')]
 61    [CmdletBinding(DefaultParameterSetName = 'Base64Url')]
 62    [OutputType([Kestrun.Jwt.JwtTokenBuilder])]
 63    param(
 64        [Parameter(Mandatory = $true, ValueFromPipeline)]
 65        [Kestrun.Jwt.JwtTokenBuilder] $Builder,
 66        [Parameter(Mandatory = $true, ParameterSetName = 'HexadecimalKey')]
 67        [string] $HexadecimalKey,
 68        [Parameter(Mandatory = $true, ParameterSetName = 'Base64Url')]
 69        [string] $Base64Url,
 70        [Parameter(Mandatory = $true, ParameterSetName = 'Bytes')]
 71        [byte[]] $KeyBytes,
 72        [Parameter(Mandatory = $false)]
 73        [string] $KeyAlg = '',
 74        [Parameter(Mandatory = $false)]
 75        [string] $EncAlg = '',
 76        [Parameter(Mandatory = $true, ParameterSetName = 'PemPath')]
 77        [string] $PemPath,
 78        [Parameter(Mandatory = $true, ParameterSetName = 'Certificate')]
 79        [System.Security.Cryptography.X509Certificates.X509Certificate2] $X509Certificate
 80    )
 81
 82    process {
 083        switch ($PSCmdlet.ParameterSetName) {
 84            'Base64Url' {
 085                $Builder.EncryptWithSecretB64($Base64Url, $KeyAlg, $EncAlg) | Out-Null
 86                break
 87            }
 88            'HexadecimalKey' {
 089                $Builder.EncryptWithSecretHex($HexadecimalKey, $KeyAlg, $EncAlg) | Out-Null
 90                break
 91            }
 92            'Bytes' {
 093                $Builder.EncryptWithSecret($KeyBytes, $KeyAlg, $EncAlg) | Out-Null
 94                break
 95            }
 96            'PemPath' {
 097                $resolvedPath = Resolve-KrPath -Path $PemPath -KestrunRoot
 098                $Builder.EncryptWithPemPublic($resolvedPath, $KeyAlg, $EncAlg) | Out-Null
 99                break
 100            }
 101            'Certificate' {
 0102                $Builder.EncryptWithCertificate($X509Certificate, $KeyAlg, $EncAlg) | Out-Null
 103                break
 104            }
 105        }
 0106        return $Builder
 107    }
 108}
 109
Generated by: ReportGenerator 5.4.12.0
09/10/2025 - 19:58:59
GitHub | reportgenerator.io

Methods/Properties

Protect-KrJWTPayload()