2021-02-12 15:51:12 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2021-08-09 06:55:48 +00:00
|
|
|
"time"
|
|
|
|
|
|
2021-02-12 15:51:12 +00:00
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
|
|
|
"github.com/caos/zitadel/internal/crypto"
|
2021-02-23 14:13:04 +00:00
|
|
|
"github.com/caos/zitadel/internal/domain"
|
|
|
|
|
keypair "github.com/caos/zitadel/internal/repository/keypair"
|
2021-02-12 15:51:12 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
oidcUser = "OIDC"
|
|
|
|
|
)
|
|
|
|
|
|
2021-02-24 10:17:39 +00:00
|
|
|
func (c *Commands) GenerateSigningKeyPair(ctx context.Context, algorithm string) error {
|
2021-02-12 15:51:12 +00:00
|
|
|
ctx = setOIDCCtx(ctx)
|
2021-02-24 10:17:39 +00:00
|
|
|
privateCrypto, publicCrypto, err := crypto.GenerateEncryptedKeyPair(c.keySize, c.keyAlgorithm)
|
2021-02-12 15:51:12 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2021-02-24 10:17:39 +00:00
|
|
|
keyID, err := c.idGenerator.Next()
|
2021-02-12 15:51:12 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-24 10:17:39 +00:00
|
|
|
privateKeyExp := time.Now().UTC().Add(c.privateKeyLifetime)
|
|
|
|
|
publicKeyExp := time.Now().UTC().Add(c.publicKeyLifetime)
|
2021-02-12 15:51:12 +00:00
|
|
|
|
|
|
|
|
keyPairWriteModel := NewKeyPairWriteModel(keyID, domain.IAMID)
|
|
|
|
|
keyAgg := KeyPairAggregateFromWriteModel(&keyPairWriteModel.WriteModel)
|
2022-01-03 08:19:07 +00:00
|
|
|
_, err = c.eventstore.Push(ctx, keypair.NewAddedEvent(
|
2021-02-18 13:48:27 +00:00
|
|
|
ctx,
|
|
|
|
|
keyAgg,
|
|
|
|
|
domain.KeyUsageSigning,
|
|
|
|
|
algorithm,
|
|
|
|
|
privateCrypto, publicCrypto,
|
|
|
|
|
privateKeyExp, publicKeyExp))
|
|
|
|
|
return err
|
2021-02-12 15:51:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func setOIDCCtx(ctx context.Context) context.Context {
|
|
|
|
|
return authz.SetCtxData(ctx, authz.CtxData{UserID: oidcUser, OrgID: domain.IAMID})
|
|
|
|
|
}
|
