2021-02-22 11:27:47 +00:00
|
|
|
package domain
|
|
|
|
|
|
|
|
import (
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/logging"
|
2021-02-22 11:27:47 +00:00
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
2023-12-08 14:30:55 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2021-02-22 11:27:47 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type authNKey interface {
|
2022-12-09 13:04:33 +00:00
|
|
|
SetPublicKey([]byte)
|
|
|
|
SetPrivateKey([]byte)
|
2022-02-08 08:37:28 +00:00
|
|
|
expiration
|
2021-02-22 11:27:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type AuthNKeyType int32
|
|
|
|
|
|
|
|
const (
|
2021-12-08 15:16:48 +00:00
|
|
|
AuthNKeyTypeNONE AuthNKeyType = iota
|
2021-02-22 11:27:47 +00:00
|
|
|
AuthNKeyTypeJSON
|
|
|
|
|
|
|
|
keyCount
|
|
|
|
)
|
|
|
|
|
|
|
|
func (k AuthNKeyType) Valid() bool {
|
|
|
|
return k >= 0 && k < keyCount
|
|
|
|
}
|
|
|
|
|
|
|
|
func (key *MachineKey) GenerateNewMachineKeyPair(keySize int) error {
|
|
|
|
privateKey, publicKey, err := crypto.GenerateKeyPair(keySize)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
key.PublicKey, err = crypto.PublicKeyToBytes(publicKey)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
key.PrivateKey = crypto.PrivateKeyToBytes(privateKey)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetNewAuthNKeyPair(key authNKey, keySize int) error {
|
|
|
|
privateKey, publicKey, err := NewAuthNKeyPair(keySize)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-12-09 13:04:33 +00:00
|
|
|
key.SetPrivateKey(privateKey)
|
|
|
|
key.SetPublicKey(publicKey)
|
2021-02-22 11:27:47 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewAuthNKeyPair(keySize int) (privateKey, publicKey []byte, err error) {
|
|
|
|
private, public, err := crypto.GenerateKeyPair(keySize)
|
|
|
|
if err != nil {
|
|
|
|
logging.Log("AUTHN-Ud51I").WithError(err).Error("unable to create authn key pair")
|
2023-12-08 14:30:55 +00:00
|
|
|
return nil, nil, zerrors.ThrowInternal(err, "AUTHN-gdg2l", "Errors.Project.CouldNotGenerateClientSecret")
|
2021-02-22 11:27:47 +00:00
|
|
|
}
|
|
|
|
publicKey, err = crypto.PublicKeyToBytes(public)
|
|
|
|
if err != nil {
|
|
|
|
logging.Log("AUTHN-Dbb35").WithError(err).Error("unable to convert public key")
|
2023-12-08 14:30:55 +00:00
|
|
|
return nil, nil, zerrors.ThrowInternal(err, "AUTHN-Bne3f", "Errors.Project.CouldNotGenerateClientSecret")
|
2021-02-22 11:27:47 +00:00
|
|
|
}
|
|
|
|
privateKey = crypto.PrivateKeyToBytes(private)
|
|
|
|
return privateKey, publicKey, nil
|
|
|
|
}
|