zitadel/internal/domain/authn_key.go

package domain

import (
	"github.com/zitadel/logging"

	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/errors"
)

type authNKey interface {
	SetPublicKey([]byte)
	SetPrivateKey([]byte)
	expiration
}

type AuthNKeyType int32

const (
	AuthNKeyTypeNONE AuthNKeyType = iota
	AuthNKeyTypeJSON

	keyCount
)

func (k AuthNKeyType) Valid() bool {
	return k >= 0 && k < keyCount
}

func (key *MachineKey) GenerateNewMachineKeyPair(keySize int) error {
	privateKey, publicKey, err := crypto.GenerateKeyPair(keySize)
	if err != nil {
		return err
	}
	key.PublicKey, err = crypto.PublicKeyToBytes(publicKey)
	if err != nil {
		return err
	}
	key.PrivateKey = crypto.PrivateKeyToBytes(privateKey)
	return nil
}

func SetNewAuthNKeyPair(key authNKey, keySize int) error {
	privateKey, publicKey, err := NewAuthNKeyPair(keySize)
	if err != nil {
		return err
	}
	key.SetPrivateKey(privateKey)
	key.SetPublicKey(publicKey)
	return nil
}

func NewAuthNKeyPair(keySize int) (privateKey, publicKey []byte, err error) {
	private, public, err := crypto.GenerateKeyPair(keySize)
	if err != nil {
		logging.Log("AUTHN-Ud51I").WithError(err).Error("unable to create authn key pair")
		return nil, nil, errors.ThrowInternal(err, "AUTHN-gdg2l", "Errors.Project.CouldNotGenerateClientSecret")
	}
	publicKey, err = crypto.PublicKeyToBytes(public)
	if err != nil {
		logging.Log("AUTHN-Dbb35").WithError(err).Error("unable to convert public key")
		return nil, nil, errors.ThrowInternal(err, "AUTHN-Bne3f", "Errors.Project.CouldNotGenerateClientSecret")
	}
	privateKey = crypto.PrivateKeyToBytes(private)
	return privateKey, publicKey, nil
}
feat: add apis and application keys (#1327) * feat: add apis and application keys * VerifyOIDCClientSecret * Update internal/v2/repository/project/api_config.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/v2/repository/project/key.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix append ApplicationKeyWriteModel Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-02-22 11:27:47 +00:00			`package domain`

			`import (`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/logging"`
feat: add apis and application keys (#1327) * feat: add apis and application keys * VerifyOIDCClientSecret * Update internal/v2/repository/project/api_config.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/v2/repository/project/key.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix append ApplicationKeyWriteModel Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-02-22 11:27:47 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/crypto"`
			`"github.com/zitadel/zitadel/internal/errors"`
feat: add apis and application keys (#1327) * feat: add apis and application keys * VerifyOIDCClientSecret * Update internal/v2/repository/project/api_config.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/v2/repository/project/key.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix append ApplicationKeyWriteModel Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-02-22 11:27:47 +00:00			`)`

			`type authNKey interface {`
feat: Instance create (#4502) * feat(instance): implement create instance with direct machine user and credentials * fix: deprecated add endpoint and variable declaration * fix(instance): update logic for pats and machinekeys * fix(instance): unit test corrections and additional unit test for pats and machinekeys * fix(instance-create): include review changes * fix(instance-create): linter fixes * move iframe usage to solution scenarios configurations * Revert "move iframe usage to solution scenarios configurations" This reverts commit 9db31f3808e6dfcae9907bc574c072436a19865a. * fix merge * fix: add review suggestions Co-authored-by: Livio Spring <livio.a@gmail.com> * fix: add review changes * fix: add review changes for default definitions * fix: add review changes for machinekey details * fix: add machinekey output when setup with machineuser * fix: add changes from review * fix instance converter for machine and allow overwriting of further machine fields Co-authored-by: Livio Spring <livio.a@gmail.com> 2022-12-09 13:04:33 +00:00			`SetPublicKey([]byte)`
			`SetPrivateKey([]byte)`
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`expiration`
feat: add apis and application keys (#1327) * feat: add apis and application keys * VerifyOIDCClientSecret * Update internal/v2/repository/project/api_config.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/v2/repository/project/key.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix append ApplicationKeyWriteModel Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-02-22 11:27:47 +00:00			`}`

			`type AuthNKeyType int32`

			`const (`
fix: add authnkeys projection (#2801) * begin authn keys * single table for state change * add key type * rename migration * format imports * fix test 2021-12-08 15:16:48 +00:00			`AuthNKeyTypeNONE AuthNKeyType = iota`
feat: add apis and application keys (#1327) * feat: add apis and application keys * VerifyOIDCClientSecret * Update internal/v2/repository/project/api_config.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/v2/repository/project/key.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix append ApplicationKeyWriteModel Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-02-22 11:27:47 +00:00			`AuthNKeyTypeJSON`

			`keyCount`
			`)`

			`func (k AuthNKeyType) Valid() bool {`
			`return k >= 0 && k < keyCount`
			`}`

			`func (key *MachineKey) GenerateNewMachineKeyPair(keySize int) error {`
			`privateKey, publicKey, err := crypto.GenerateKeyPair(keySize)`
			`if err != nil {`
			`return err`
			`}`
			`key.PublicKey, err = crypto.PublicKeyToBytes(publicKey)`
			`if err != nil {`
			`return err`
			`}`
			`key.PrivateKey = crypto.PrivateKeyToBytes(privateKey)`
			`return nil`
			`}`

			`func SetNewAuthNKeyPair(key authNKey, keySize int) error {`
			`privateKey, publicKey, err := NewAuthNKeyPair(keySize)`
			`if err != nil {`
			`return err`
			`}`
feat: Instance create (#4502) * feat(instance): implement create instance with direct machine user and credentials * fix: deprecated add endpoint and variable declaration * fix(instance): update logic for pats and machinekeys * fix(instance): unit test corrections and additional unit test for pats and machinekeys * fix(instance-create): include review changes * fix(instance-create): linter fixes * move iframe usage to solution scenarios configurations * Revert "move iframe usage to solution scenarios configurations" This reverts commit 9db31f3808e6dfcae9907bc574c072436a19865a. * fix merge * fix: add review suggestions Co-authored-by: Livio Spring <livio.a@gmail.com> * fix: add review changes * fix: add review changes for default definitions * fix: add review changes for machinekey details * fix: add machinekey output when setup with machineuser * fix: add changes from review * fix instance converter for machine and allow overwriting of further machine fields Co-authored-by: Livio Spring <livio.a@gmail.com> 2022-12-09 13:04:33 +00:00			`key.SetPrivateKey(privateKey)`
			`key.SetPublicKey(publicKey)`
feat: add apis and application keys (#1327) * feat: add apis and application keys * VerifyOIDCClientSecret * Update internal/v2/repository/project/api_config.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/v2/repository/project/key.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix append ApplicationKeyWriteModel Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-02-22 11:27:47 +00:00			`return nil`
			`}`

			`func NewAuthNKeyPair(keySize int) (privateKey, publicKey []byte, err error) {`
			`private, public, err := crypto.GenerateKeyPair(keySize)`
			`if err != nil {`
			`logging.Log("AUTHN-Ud51I").WithError(err).Error("unable to create authn key pair")`
			`return nil, nil, errors.ThrowInternal(err, "AUTHN-gdg2l", "Errors.Project.CouldNotGenerateClientSecret")`
			`}`
			`publicKey, err = crypto.PublicKeyToBytes(public)`
			`if err != nil {`
			`logging.Log("AUTHN-Dbb35").WithError(err).Error("unable to convert public key")`
			`return nil, nil, errors.ThrowInternal(err, "AUTHN-Bne3f", "Errors.Project.CouldNotGenerateClientSecret")`
			`}`
			`privateKey = crypto.PrivateKeyToBytes(private)`
			`return privateKey, publicKey, nil`
			`}`