mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-10 03:43:40 +00:00
121 lines
2.5 KiB
Go
121 lines
2.5 KiB
Go
|
package model
|
||
|
|
||
|
import (
|
||
|
"time"
|
||
|
|
||
|
"github.com/caos/zitadel/internal/crypto"
|
||
|
"github.com/caos/zitadel/internal/errors"
|
||
|
"github.com/caos/zitadel/internal/model"
|
||
|
)
|
||
|
|
||
|
type KeyView struct {
|
||
|
ID string
|
||
|
Private bool
|
||
|
Expiry time.Time
|
||
|
Algorithm string
|
||
|
Usage KeyUsage
|
||
|
Key *crypto.CryptoValue
|
||
|
Sequence uint64
|
||
|
}
|
||
|
|
||
|
type SigningKey struct {
|
||
|
ID string
|
||
|
Algorithm string
|
||
|
Key interface{}
|
||
|
}
|
||
|
|
||
|
type PublicKey struct {
|
||
|
ID string
|
||
|
Algorithm string
|
||
|
Usage KeyUsage
|
||
|
Key interface{}
|
||
|
}
|
||
|
|
||
|
type KeySearchRequest struct {
|
||
|
Offset uint64
|
||
|
Limit uint64
|
||
|
SortingColumn KeySearchKey
|
||
|
Asc bool
|
||
|
Queries []*KeySearchQuery
|
||
|
}
|
||
|
|
||
|
type KeySearchKey int32
|
||
|
|
||
|
const (
|
||
|
KEYSEARCHKEY_UNSPECIFIED KeySearchKey = iota
|
||
|
KEYSEARCHKEY_ID
|
||
|
KEYSEARCHKEY_PRIVATE
|
||
|
KEYSEARCHKEY_EXPIRY
|
||
|
KEYSEARCHKEY_USAGE
|
||
|
)
|
||
|
|
||
|
type KeySearchQuery struct {
|
||
|
Key KeySearchKey
|
||
|
Method model.SearchMethod
|
||
|
Value interface{}
|
||
|
}
|
||
|
|
||
|
type KeySearchResponse struct {
|
||
|
Offset uint64
|
||
|
Limit uint64
|
||
|
TotalResult uint64
|
||
|
Result []*KeyView
|
||
|
}
|
||
|
|
||
|
func (r *KeySearchRequest) EnsureLimit(limit uint64) {
|
||
|
if r.Limit == 0 || r.Limit > limit {
|
||
|
r.Limit = limit
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func SigningKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*SigningKey, error) {
|
||
|
if key.Usage != KeyUsageSigning || !key.Private {
|
||
|
return nil, errors.ThrowInvalidArgument(nil, "MODEL-5HBdh", "key must be private signing key")
|
||
|
}
|
||
|
keyData, err := crypto.Decrypt(key.Key, alg)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
privateKey, err := crypto.BytesToPrivateKey(keyData)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return &SigningKey{
|
||
|
ID: key.ID,
|
||
|
Algorithm: key.Algorithm,
|
||
|
Key: privateKey,
|
||
|
}, nil
|
||
|
}
|
||
|
|
||
|
func PublicKeysFromKeyView(keys []*KeyView, alg crypto.EncryptionAlgorithm) ([]*PublicKey, error) {
|
||
|
converted := make([]*PublicKey, len(keys))
|
||
|
var err error
|
||
|
for i, key := range keys {
|
||
|
converted[i], err = PublicKeyFromKeyView(key, alg)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
}
|
||
|
return converted, nil
|
||
|
|
||
|
}
|
||
|
func PublicKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*PublicKey, error) {
|
||
|
if key.Private {
|
||
|
return nil, errors.ThrowInvalidArgument(nil, "MODEL-dTZa2", "key must be public")
|
||
|
}
|
||
|
keyData, err := crypto.Decrypt(key.Key, alg)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
publicKey, err := crypto.BytesToPublicKey(keyData)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return &PublicKey{
|
||
|
ID: key.ID,
|
||
|
Algorithm: key.Algorithm,
|
||
|
Usage: key.Usage,
|
||
|
Key: publicKey,
|
||
|
}, nil
|
||
|
}
|