2022-04-12 14:20:17 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"time"
|
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/command/preparation"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
2022-04-12 14:20:17 +00:00
|
|
|
)
|
|
|
|
|
2023-07-10 08:07:10 +00:00
|
|
|
type cryptoCodeFunc func(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCode, error)
|
2023-05-24 10:22:00 +00:00
|
|
|
|
2023-07-10 08:07:10 +00:00
|
|
|
type CryptoCode struct {
|
2023-04-26 05:47:57 +00:00
|
|
|
Crypted *crypto.CryptoValue
|
|
|
|
Plain string
|
|
|
|
Expiry time.Duration
|
|
|
|
}
|
|
|
|
|
2023-07-10 08:07:10 +00:00
|
|
|
func newCryptoCode(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCode, error) {
|
2023-05-24 10:22:00 +00:00
|
|
|
gen, config, err := secretGenerator(ctx, filter, typ, alg)
|
2022-04-12 14:20:17 +00:00
|
|
|
if err != nil {
|
2023-04-26 05:47:57 +00:00
|
|
|
return nil, err
|
2022-04-12 14:20:17 +00:00
|
|
|
}
|
2023-05-24 10:22:00 +00:00
|
|
|
crypted, plain, err := crypto.NewCode(gen)
|
2022-04-12 14:20:17 +00:00
|
|
|
if err != nil {
|
2023-04-26 05:47:57 +00:00
|
|
|
return nil, err
|
2022-04-12 14:20:17 +00:00
|
|
|
}
|
2023-07-10 08:07:10 +00:00
|
|
|
return &CryptoCode{
|
2023-05-24 10:22:00 +00:00
|
|
|
Crypted: crypted,
|
|
|
|
Plain: plain,
|
|
|
|
Expiry: config.Expiry,
|
|
|
|
}, nil
|
|
|
|
}
|
2023-04-26 05:47:57 +00:00
|
|
|
|
2023-05-24 10:22:00 +00:00
|
|
|
func verifyCryptoCode(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto, creation time.Time, expiry time.Duration, crypted *crypto.CryptoValue, plain string) error {
|
|
|
|
gen, _, err := secretGenerator(ctx, filter, typ, alg)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return crypto.VerifyCode(creation, expiry, crypted, plain, gen)
|
2022-04-12 14:20:17 +00:00
|
|
|
}
|
|
|
|
|
2023-05-24 10:22:00 +00:00
|
|
|
func secretGenerator(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (crypto.Generator, *crypto.GeneratorConfig, error) {
|
|
|
|
config, err := secretGeneratorConfig(ctx, filter, typ)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2022-04-12 14:20:17 +00:00
|
|
|
switch a := alg.(type) {
|
|
|
|
case crypto.HashAlgorithm:
|
2023-05-24 10:22:00 +00:00
|
|
|
return crypto.NewHashGenerator(*config, a), config, nil
|
2022-04-12 14:20:17 +00:00
|
|
|
case crypto.EncryptionAlgorithm:
|
2023-05-24 10:22:00 +00:00
|
|
|
return crypto.NewEncryptionGenerator(*config, a), config, nil
|
|
|
|
default:
|
|
|
|
return nil, nil, errors.ThrowInternalf(nil, "COMMA-RreV6", "Errors.Internal unsupported crypto algorithm type %T", a)
|
2022-04-12 14:20:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func secretGeneratorConfig(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType) (*crypto.GeneratorConfig, error) {
|
|
|
|
wm := NewInstanceSecretGeneratorConfigWriteModel(ctx, typ)
|
|
|
|
events, err := filter(ctx, wm.Query())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
wm.AppendEvents(events...)
|
|
|
|
if err := wm.Reduce(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &crypto.GeneratorConfig{
|
|
|
|
Length: wm.Length,
|
|
|
|
Expiry: wm.Expiry,
|
|
|
|
IncludeLowerLetters: wm.IncludeLowerLetters,
|
|
|
|
IncludeUpperLetters: wm.IncludeUpperLetters,
|
|
|
|
IncludeDigits: wm.IncludeDigits,
|
|
|
|
IncludeSymbols: wm.IncludeSymbols,
|
|
|
|
}, nil
|
|
|
|
}
|
2023-08-23 08:04:29 +00:00
|
|
|
|
|
|
|
func secretGeneratorConfigWithDefault(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, defaultGenerator *crypto.GeneratorConfig) (*crypto.GeneratorConfig, error) {
|
|
|
|
wm := NewInstanceSecretGeneratorConfigWriteModel(ctx, typ)
|
|
|
|
events, err := filter(ctx, wm.Query())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
wm.AppendEvents(events...)
|
|
|
|
if err := wm.Reduce(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if wm.State != domain.SecretGeneratorStateActive {
|
|
|
|
return defaultGenerator, nil
|
|
|
|
}
|
|
|
|
return &crypto.GeneratorConfig{
|
|
|
|
Length: wm.Length,
|
|
|
|
Expiry: wm.Expiry,
|
|
|
|
IncludeLowerLetters: wm.IncludeLowerLetters,
|
|
|
|
IncludeUpperLetters: wm.IncludeUpperLetters,
|
|
|
|
IncludeDigits: wm.IncludeDigits,
|
|
|
|
IncludeSymbols: wm.IncludeSymbols,
|
|
|
|
}, nil
|
|
|
|
}
|