feat(saml): implementation of saml for ZITADEL v2 (#3618)

2025-08-11 21:17:32 +00:00 · 2022-09-12 17:18:08 +01:00
parent 01a92ba5d9
commit 7a5f7f82cf
134 changed files with 5570 additions and 1293 deletions
--- a/internal/query/projection/key_test.go
+++ b/internal/query/projection/key_test.go
@@ -1,6 +1,7 @@
 package projection

 import (
+	"fmt"
 	"testing"
 	"time"

@@ -31,7 +32,7 @@ func TestKeyProjection_reduces(t *testing.T) {
 				event: getEvent(testEvent(
 					repository.EventType(keypair.AddedEventType),
 					keypair.AggregateType,
-					keypairAddedEventData(time.Now().Add(time.Hour)),
+					keypairAddedEventData(domain.KeyUsageSigning, time.Now().Add(time.Hour)),
 				), keypair.AddedEventMapper),
 			},
 			reduce: (&keyProjection{encryptionAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t))}).reduceKeyPairAdded,
@@ -43,7 +44,7 @@ func TestKeyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.keys2 (id, creation_date, change_date, resource_owner, instance_id, sequence, algorithm, use) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
+							expectedStmt: "INSERT INTO projections.keys3 (id, creation_date, change_date, resource_owner, instance_id, sequence, algorithm, use) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
 							expectedArgs: []interface{}{
 								"agg-id",
 								anyArg{},
@@ -56,7 +57,7 @@ func TestKeyProjection_reduces(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.keys2_private (id, instance_id, expiry, key) VALUES ($1, $2, $3, $4)",
+							expectedStmt: "INSERT INTO projections.keys3_private (id, instance_id, expiry, key) VALUES ($1, $2, $3, $4)",
 							expectedArgs: []interface{}{
 								"agg-id",
 								"instance-id",
@@ -70,7 +71,7 @@ func TestKeyProjection_reduces(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.keys2_public (id, instance_id, expiry, key) VALUES ($1, $2, $3, $4)",
+							expectedStmt: "INSERT INTO projections.keys3_public (id, instance_id, expiry, key) VALUES ($1, $2, $3, $4)",
 							expectedArgs: []interface{}{
 								"agg-id",
 								"instance-id",
@@ -88,7 +89,7 @@ func TestKeyProjection_reduces(t *testing.T) {
 				event: getEvent(testEvent(
 					repository.EventType(keypair.AddedEventType),
 					keypair.AggregateType,
-					keypairAddedEventData(time.Now().Add(-time.Hour)),
+					keypairAddedEventData(domain.KeyUsageSigning, time.Now().Add(-time.Hour)),
 				), keypair.AddedEventMapper),
 			},
 			reduce: (&keyProjection{}).reduceKeyPairAdded,
@@ -100,6 +101,36 @@ func TestKeyProjection_reduces(t *testing.T) {
 				executer:         &testExecuter{},
 			},
 		},
+		{
+			name: "reduceCertificateAdded",
+			args: args{
+				event: getEvent(testEvent(
+					repository.EventType(keypair.AddedCertificateEventType),
+					keypair.AggregateType,
+					certificateAddedEventData(domain.KeyUsageSAMLMetadataSigning, time.Now().Add(time.Hour)),
+				), keypair.AddedCertificateEventMapper),
+			},
+			reduce: (&keyProjection{certEncryptionAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t))}).reduceCertificateAdded,
+			want: wantReduce{
+				projection:       KeyProjectionTable,
+				aggregateType:    eventstore.AggregateType("key_pair"),
+				sequence:         15,
+				previousSequence: 10,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "INSERT INTO projections.keys3_certificate (id, instance_id, expiry, certificate) VALUES ($1, $2, $3, $4)",
+							expectedArgs: []interface{}{
+								"agg-id",
+								"instance-id",
+								anyArg{},
+								[]byte("privateKey"),
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -116,6 +147,10 @@ func TestKeyProjection_reduces(t *testing.T) {
 	}
 }

-func keypairAddedEventData(t time.Time) []byte {
-	return []byte(`{"algorithm": "algorithm", "usage": 0, "privateKey": {"key": {"cryptoType": 0, "algorithm": "enc", "keyID": "id", "crypted": "cHJpdmF0ZUtleQ=="}, "expiry": "` + t.Format(time.RFC3339) + `"}, "publicKey": {"key": {"cryptoType": 0, "algorithm": "enc", "keyID": "id", "crypted": "cHVibGljS2V5"}, "expiry": "` + t.Format(time.RFC3339) + `"}}`)
+func keypairAddedEventData(usage domain.KeyUsage, t time.Time) []byte {
+	return []byte(`{"algorithm": "algorithm", "usage": ` + fmt.Sprintf("%d", usage) + `, "privateKey": {"key": {"cryptoType": 0, "algorithm": "enc", "keyID": "id", "crypted": "cHJpdmF0ZUtleQ=="}, "expiry": "` + t.Format(time.RFC3339) + `"}, "publicKey": {"key": {"cryptoType": 0, "algorithm": "enc", "keyID": "id", "crypted": "cHVibGljS2V5"}, "expiry": "` + t.Format(time.RFC3339) + `"}}`)
+}
+
+func certificateAddedEventData(usage domain.KeyUsage, t time.Time) []byte {
+	return []byte(`{"algorithm": "algorithm", "usage": ` + fmt.Sprintf("%d", usage) + `, "certificate": {"key": {"cryptoType": 0, "algorithm": "enc", "keyID": "id", "crypted": "cHJpdmF0ZUtleQ=="}, "expiry": "` + t.Format(time.RFC3339) + `"}}`)
 }