2022-09-12 16:18:08 +00:00
|
|
|
package query
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"database/sql"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
2023-02-27 21:36:43 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/call"
|
2022-09-12 16:18:08 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
2022-12-01 08:18:53 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
2022-09-12 16:18:08 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Certificate interface {
|
|
|
|
|
Key
|
|
|
|
|
Expiry() time.Time
|
|
|
|
|
Key() *crypto.CryptoValue
|
|
|
|
|
Certificate() []byte
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Certificates struct {
|
|
|
|
|
SearchResponse
|
|
|
|
|
Certificates []Certificate
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type rsaCertificate struct {
|
|
|
|
|
key
|
|
|
|
|
expiry time.Time
|
|
|
|
|
privateKey *crypto.CryptoValue
|
|
|
|
|
certificate []byte
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *rsaCertificate) Expiry() time.Time {
|
|
|
|
|
return c.expiry
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *rsaCertificate) Key() *crypto.CryptoValue {
|
|
|
|
|
return c.privateKey
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *rsaCertificate) Certificate() []byte {
|
|
|
|
|
return c.certificate
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
certificateTable = table{
|
2022-10-27 06:08:36 +00:00
|
|
|
name: projection.CertificateTable,
|
|
|
|
|
instanceIDCol: projection.CertificateColumnInstanceID,
|
2022-09-12 16:18:08 +00:00
|
|
|
}
|
|
|
|
|
CertificateColID = Column{
|
|
|
|
|
name: projection.CertificateColumnID,
|
|
|
|
|
table: certificateTable,
|
|
|
|
|
}
|
|
|
|
|
CertificateColExpiry = Column{
|
|
|
|
|
name: projection.CertificateColumnExpiry,
|
|
|
|
|
table: certificateTable,
|
|
|
|
|
}
|
|
|
|
|
CertificateColCertificate = Column{
|
|
|
|
|
name: projection.CertificateColumnCertificate,
|
|
|
|
|
table: certificateTable,
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
2022-12-01 08:18:53 +00:00
|
|
|
func (q *Queries) ActiveCertificates(ctx context.Context, t time.Time, usage domain.KeyUsage) (_ *Certificates, err error) {
|
|
|
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
|
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
|
|
2023-02-27 21:36:43 +00:00
|
|
|
query, scan := prepareCertificateQuery(ctx, q.client)
|
2022-09-12 16:18:08 +00:00
|
|
|
if t.IsZero() {
|
|
|
|
|
t = time.Now()
|
|
|
|
|
}
|
|
|
|
|
stmt, args, err := query.Where(
|
|
|
|
|
sq.And{
|
|
|
|
|
sq.Eq{
|
|
|
|
|
KeyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
|
|
|
KeyColUse.identifier(): usage,
|
|
|
|
|
},
|
2022-11-30 16:01:17 +00:00
|
|
|
sq.Gt{CertificateColExpiry.identifier(): t},
|
|
|
|
|
sq.Gt{KeyPrivateColExpiry.identifier(): t},
|
|
|
|
|
},
|
|
|
|
|
).OrderBy(KeyPrivateColExpiry.identifier()).ToSql()
|
2022-09-12 16:18:08 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "QUERY-SDfkg", "Errors.Query.SQLStatement")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rows, err := q.client.QueryContext(ctx, stmt, args...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "QUERY-Sgan4", "Errors.Internal")
|
|
|
|
|
}
|
|
|
|
|
keys, err := scan(rows)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
keys.LatestSequence, err = q.latestSequence(ctx, keyTable)
|
|
|
|
|
if !errors.IsNotFound(err) {
|
|
|
|
|
return keys, err
|
|
|
|
|
}
|
|
|
|
|
return keys, nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-27 21:36:43 +00:00
|
|
|
func prepareCertificateQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Rows) (*Certificates, error)) {
|
2022-09-12 16:18:08 +00:00
|
|
|
return sq.Select(
|
|
|
|
|
KeyColID.identifier(),
|
|
|
|
|
KeyColCreationDate.identifier(),
|
|
|
|
|
KeyColChangeDate.identifier(),
|
|
|
|
|
KeyColSequence.identifier(),
|
|
|
|
|
KeyColResourceOwner.identifier(),
|
|
|
|
|
KeyColAlgorithm.identifier(),
|
|
|
|
|
KeyColUse.identifier(),
|
|
|
|
|
CertificateColExpiry.identifier(),
|
|
|
|
|
CertificateColCertificate.identifier(),
|
|
|
|
|
KeyPrivateColKey.identifier(),
|
|
|
|
|
countColumn.identifier(),
|
|
|
|
|
).From(keyTable.identifier()).
|
|
|
|
|
LeftJoin(join(CertificateColID, KeyColID)).
|
2023-02-27 21:36:43 +00:00
|
|
|
LeftJoin(join(KeyPrivateColID, KeyColID) + db.Timetravel(call.Took(ctx))).
|
2022-09-12 16:18:08 +00:00
|
|
|
PlaceholderFormat(sq.Dollar),
|
|
|
|
|
func(rows *sql.Rows) (*Certificates, error) {
|
|
|
|
|
certificates := make([]Certificate, 0)
|
|
|
|
|
var count uint64
|
|
|
|
|
for rows.Next() {
|
|
|
|
|
k := new(rsaCertificate)
|
|
|
|
|
err := rows.Scan(
|
|
|
|
|
&k.id,
|
|
|
|
|
&k.creationDate,
|
|
|
|
|
&k.changeDate,
|
|
|
|
|
&k.sequence,
|
|
|
|
|
&k.resourceOwner,
|
|
|
|
|
&k.algorithm,
|
|
|
|
|
&k.use,
|
|
|
|
|
&k.expiry,
|
|
|
|
|
&k.certificate,
|
|
|
|
|
&k.privateKey,
|
|
|
|
|
&count,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
certificates = append(certificates, k)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := rows.Close(); err != nil {
|
|
|
|
|
return nil, errors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &Certificates{
|
|
|
|
|
Certificates: certificates,
|
|
|
|
|
SearchResponse: SearchResponse{
|
|
|
|
|
Count: count,
|
|
|
|
|
},
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
