mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-15 18:58:36 +00:00
171 lines
4.6 KiB
Go
171 lines
4.6 KiB
Go
|
package webkey
|
||
|
|
|
||
|
|
import (
|
||
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
||
|
|
|
||
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
||
|
|
"github.com/zitadel/zitadel/internal/domain"
|
||
|
|
"github.com/zitadel/zitadel/internal/query"
|
||
|
|
webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
|
||
|
|
)
|
||
|
|
|
||
|
|
func createWebKeyRequestToConfig(req *webkey.CreateWebKeyRequest) crypto.WebKeyConfig {
|
||
|
|
switch config := req.GetKey().(type) {
|
||
|
|
case *webkey.CreateWebKeyRequest_Rsa:
|
||
|
|
return rsaToCrypto(config.Rsa)
|
||
|
|
case *webkey.CreateWebKeyRequest_Ecdsa:
|
||
|
|
return ecdsaToCrypto(config.Ecdsa)
|
||
|
|
case *webkey.CreateWebKeyRequest_Ed25519:
|
||
|
|
return new(crypto.WebKeyED25519Config)
|
||
|
|
default:
|
||
|
|
return rsaToCrypto(nil)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func rsaToCrypto(config *webkey.RSA) *crypto.WebKeyRSAConfig {
|
||
|
|
out := new(crypto.WebKeyRSAConfig)
|
||
|
|
|
||
|
|
switch config.GetBits() {
|
||
|
|
case webkey.RSABits_RSA_BITS_UNSPECIFIED:
|
||
|
|
out.Bits = crypto.RSABits2048
|
||
|
|
case webkey.RSABits_RSA_BITS_2048:
|
||
|
|
out.Bits = crypto.RSABits2048
|
||
|
|
case webkey.RSABits_RSA_BITS_3072:
|
||
|
|
out.Bits = crypto.RSABits3072
|
||
|
|
case webkey.RSABits_RSA_BITS_4096:
|
||
|
|
out.Bits = crypto.RSABits4096
|
||
|
|
default:
|
||
|
|
out.Bits = crypto.RSABits2048
|
||
|
|
}
|
||
|
|
|
||
|
|
switch config.GetHasher() {
|
||
|
|
case webkey.RSAHasher_RSA_HASHER_UNSPECIFIED:
|
||
|
|
out.Hasher = crypto.RSAHasherSHA256
|
||
|
|
case webkey.RSAHasher_RSA_HASHER_SHA256:
|
||
|
|
out.Hasher = crypto.RSAHasherSHA256
|
||
|
|
case webkey.RSAHasher_RSA_HASHER_SHA384:
|
||
|
|
out.Hasher = crypto.RSAHasherSHA384
|
||
|
|
case webkey.RSAHasher_RSA_HASHER_SHA512:
|
||
|
|
out.Hasher = crypto.RSAHasherSHA512
|
||
|
|
default:
|
||
|
|
out.Hasher = crypto.RSAHasherSHA256
|
||
|
|
}
|
||
|
|
|
||
|
|
return out
|
||
|
|
}
|
||
|
|
|
||
|
|
func ecdsaToCrypto(config *webkey.ECDSA) *crypto.WebKeyECDSAConfig {
|
||
|
|
out := new(crypto.WebKeyECDSAConfig)
|
||
|
|
|
||
|
|
switch config.GetCurve() {
|
||
|
|
case webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED:
|
||
|
|
out.Curve = crypto.EllipticCurveP256
|
||
|
|
case webkey.ECDSACurve_ECDSA_CURVE_P256:
|
||
|
|
out.Curve = crypto.EllipticCurveP256
|
||
|
|
case webkey.ECDSACurve_ECDSA_CURVE_P384:
|
||
|
|
out.Curve = crypto.EllipticCurveP384
|
||
|
|
case webkey.ECDSACurve_ECDSA_CURVE_P512:
|
||
|
|
out.Curve = crypto.EllipticCurveP512
|
||
|
|
default:
|
||
|
|
out.Curve = crypto.EllipticCurveP256
|
||
|
|
}
|
||
|
|
|
||
|
|
return out
|
||
|
|
}
|
||
|
|
|
||
|
|
func webKeyDetailsListToPb(list []query.WebKeyDetails) []*webkey.WebKey {
|
||
|
|
out := make([]*webkey.WebKey, len(list))
|
||
|
|
for i := range list {
|
||
|
|
out[i] = webKeyDetailsToPb(&list[i])
|
||
|
|
}
|
||
|
|
return out
|
||
|
|
}
|
||
|
|
|
||
|
|
func webKeyDetailsToPb(details *query.WebKeyDetails) *webkey.WebKey {
|
||
|
|
out := &webkey.WebKey{
|
||
|
|
Id: details.KeyID,
|
||
|
|
CreationDate: timestamppb.New(details.CreationDate),
|
||
|
|
ChangeDate: timestamppb.New(details.ChangeDate),
|
||
|
|
State: webKeyStateToPb(details.State),
|
||
|
|
}
|
||
|
|
|
||
|
|
switch config := details.Config.(type) {
|
||
|
|
case *crypto.WebKeyRSAConfig:
|
||
|
|
out.Key = &webkey.WebKey_Rsa{
|
||
|
|
Rsa: webKeyRSAConfigToPb(config),
|
||
|
|
}
|
||
|
|
case *crypto.WebKeyECDSAConfig:
|
||
|
|
out.Key = &webkey.WebKey_Ecdsa{
|
||
|
|
Ecdsa: webKeyECDSAConfigToPb(config),
|
||
|
|
}
|
||
|
|
case *crypto.WebKeyED25519Config:
|
||
|
|
out.Key = &webkey.WebKey_Ed25519{
|
||
|
|
Ed25519: new(webkey.ED25519),
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return out
|
||
|
|
}
|
||
|
|
|
||
|
|
func webKeyStateToPb(state domain.WebKeyState) webkey.State {
|
||
|
|
switch state {
|
||
|
|
case domain.WebKeyStateUnspecified:
|
||
|
|
return webkey.State_STATE_UNSPECIFIED
|
||
|
|
case domain.WebKeyStateInitial:
|
||
|
|
return webkey.State_STATE_INITIAL
|
||
|
|
case domain.WebKeyStateActive:
|
||
|
|
return webkey.State_STATE_ACTIVE
|
||
|
|
case domain.WebKeyStateInactive:
|
||
|
|
return webkey.State_STATE_INACTIVE
|
||
|
|
case domain.WebKeyStateRemoved:
|
||
|
|
return webkey.State_STATE_REMOVED
|
||
|
|
default:
|
||
|
|
return webkey.State_STATE_UNSPECIFIED
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func webKeyRSAConfigToPb(config *crypto.WebKeyRSAConfig) *webkey.RSA {
|
||
|
|
out := new(webkey.RSA)
|
||
|
|
|
||
|
|
switch config.Bits {
|
||
|
|
case crypto.RSABitsUnspecified:
|
||
|
|
out.Bits = webkey.RSABits_RSA_BITS_UNSPECIFIED
|
||
|
|
case crypto.RSABits2048:
|
||
|
|
out.Bits = webkey.RSABits_RSA_BITS_2048
|
||
|
|
case crypto.RSABits3072:
|
||
|
|
out.Bits = webkey.RSABits_RSA_BITS_3072
|
||
|
|
case crypto.RSABits4096:
|
||
|
|
out.Bits = webkey.RSABits_RSA_BITS_4096
|
||
|
|
}
|
||
|
|
|
||
|
|
switch config.Hasher {
|
||
|
|
case crypto.RSAHasherUnspecified:
|
||
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_UNSPECIFIED
|
||
|
|
case crypto.RSAHasherSHA256:
|
||
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA256
|
||
|
|
case crypto.RSAHasherSHA384:
|
||
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA384
|
||
|
|
case crypto.RSAHasherSHA512:
|
||
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA512
|
||
|
|
}
|
||
|
|
|
||
|
|
return out
|
||
|
|
}
|
||
|
|
|
||
|
|
func webKeyECDSAConfigToPb(config *crypto.WebKeyECDSAConfig) *webkey.ECDSA {
|
||
|
|
out := new(webkey.ECDSA)
|
||
|
|
|
||
|
|
switch config.Curve {
|
||
|
|
case crypto.EllipticCurveUnspecified:
|
||
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED
|
||
|
|
case crypto.EllipticCurveP256:
|
||
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P256
|
||
|
|
case crypto.EllipticCurveP384:
|
||
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P384
|
||
|
|
case crypto.EllipticCurveP512:
|
||
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P512
|
||
|
|
}
|
||
|
|
|
||
|
|
return out
|
||
|
|
}
|