TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-10 23:42:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: v2 human command (#3435)

Browse Source 
* add/register human command done

* validations

* crypto

* move clientid

* keys

* fix: clientID

* remove v2 package

* tests

* tests running

* revert old code

* instance domain from ctx

* chore: rename zitadel app ids

* comments

* fix: test
This commit is contained in:
Silvan
2022-04-12 16:20:17 +02:00
committed by GitHub
parent 4a0d61d75a
commit cea2567e22
97 changed files with 3524 additions and 2832 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
cmd/admin/start/encryption_keys.go
View File

@@ -32,26 +32,20 @@ type encryptionKeys struct {
OIDCKey []byte
}
func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyStorage) (*encryptionKeys, error) {
keys, err := keyStorage.ReadKeys()
func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyStorage) (keys *encryptionKeys, err error) {
if err := verifyDefaultKeys(keyStorage); err != nil {
return nil, err
}
keys = new(encryptionKeys)
keys.DomainVerification, err = crypto.NewAESCrypto(keyConfig.DomainVerification, keyStorage)
if err != nil {
return nil, err
}
if len(keys) == 0 {
if err := createDefaultKeys(keyStorage); err != nil {
return nil, err
}
}
encryptionKeys := new(encryptionKeys)
encryptionKeys.DomainVerification, err = crypto.NewAESCrypto(keyConfig.DomainVerification, keyStorage)
keys.IDPConfig, err = crypto.NewAESCrypto(keyConfig.IDPConfig, keyStorage)
if err != nil {
return nil, err
}
encryptionKeys.IDPConfig, err = crypto.NewAESCrypto(keyConfig.IDPConfig, keyStorage)
if err != nil {
return nil, err
}
encryptionKeys.OIDC, err = crypto.NewAESCrypto(keyConfig.OIDC, keyStorage)
keys.OIDC, err = crypto.NewAESCrypto(keyConfig.OIDC, keyStorage)
if err != nil {
return nil, err
}
@@ -59,20 +53,20 @@ func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyS
if err != nil {
return nil, err
}
encryptionKeys.OIDCKey = []byte(key)
encryptionKeys.OTP, err = crypto.NewAESCrypto(keyConfig.OTP, keyStorage)
keys.OIDCKey = []byte(key)
keys.OTP, err = crypto.NewAESCrypto(keyConfig.OTP, keyStorage)
if err != nil {
return nil, err
}
encryptionKeys.SMS, err = crypto.NewAESCrypto(keyConfig.SMS, keyStorage)
keys.SMS, err = crypto.NewAESCrypto(keyConfig.SMS, keyStorage)
if err != nil {
return nil, err
}
encryptionKeys.SMTP, err = crypto.NewAESCrypto(keyConfig.SMTP, keyStorage)
keys.SMTP, err = crypto.NewAESCrypto(keyConfig.SMTP, keyStorage)
if err != nil {
return nil, err
}
encryptionKeys.User, err = crypto.NewAESCrypto(keyConfig.User, keyStorage)
keys.User, err = crypto.NewAESCrypto(keyConfig.User, keyStorage)
if err != nil {
return nil, err
}
@@ -80,23 +74,30 @@ func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyS
if err != nil {
return nil, err
}
encryptionKeys.CSRFCookieKey = []byte(key)
keys.CSRFCookieKey = []byte(key)
key, err = crypto.LoadKey(keyConfig.UserAgentCookieKeyID, keyStorage)
if err != nil {
return nil, err
}
encryptionKeys.UserAgentCookieKey = []byte(key)
return encryptionKeys, nil
keys.UserAgentCookieKey = []byte(key)
return keys, nil
}
func createDefaultKeys(keyStorage crypto.KeyStorage) error {
keys := make([]*crypto.Key, len(defaultKeyIDs))
for i, keyID := range defaultKeyIDs {
func verifyDefaultKeys(keyStorage crypto.KeyStorage) (err error) {
keys := make([]*crypto.Key, 0, len(defaultKeyIDs))
for _, keyID := range defaultKeyIDs {
_, err := crypto.LoadKey(keyID, keyStorage)
if err == nil {
continue
}
key, err := crypto.NewKey(keyID)
if err != nil {
return err
}
keys[i] = key
keys = append(keys, key)
}
if len(keys) == 0 {
return nil
}
if err := keyStorage.CreateKeys(keys...); err != nil {
return caos_errs.ThrowInternal(err, "START-aGBq2", "cannot create default keys")