fix: session B — Go-faithful auth error states, NKey padding, permissions, signal disposal

2026-02-26 17:49:13 -05:00
parent 8c380e7ca6
commit a0c9c0094c
12 changed files with 97 additions and 46 deletions
--- a/dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.Auth.cs
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.Auth.cs
@@ -169,9 +169,13 @@ public sealed partial class NatsServer
                {
                    try
                    {
-                        var kp       = NATS.NKeys.KeyPair.FromPublicKey(nkeyPub.AsSpan());
-                        // Sig is base64url-encoded; nonce is raw bytes.
-                        var sigBytes = Convert.FromBase64String(sig.Replace('-', '+').Replace('_', '/'));
+                        var kp = NATS.NKeys.KeyPair.FromPublicKey(nkeyPub.AsSpan());
+                        // Sig is raw URL-safe base64; convert to standard base64 with padding.
+                        var padded = sig.Replace('-', '+').Replace('_', '/');
+                        var rem = padded.Length % 4;
+                        if (rem == 2) padded += "==";
+                        else if (rem == 3) padded += "=";
+                        var sigBytes = Convert.FromBase64String(padded);
                        var verified = kp.Verify(
                            new ReadOnlyMemory<byte>(nonce),
                            new ReadOnlyMemory<byte>(sigBytes));