feat: allow using a local RSA key for machine keys (#7671)

* Allow using a local RSA key for machine keys * Add check for key validity * Fix naming error * docs: provide translations of invalid key --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2024-04-23 11:38:07 +02:00
parent df50c3835b
commit e46dd121cd
19 changed files with 80 additions and 13 deletions
--- a/internal/command/user_machine_key.go
+++ b/internal/command/user_machine_key.go
@@ -5,6 +5,7 @@ import (
 	"time"

 	"github.com/zitadel/zitadel/internal/command/preparation"
+	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -78,6 +79,12 @@ func (key *MachineKey) valid() (err error) {
 	if err := key.content(); err != nil {
 		return err
 	}
+	// If a key is supplied, it should be a valid public key
+	if len(key.PublicKey) > 0 {
+		if _, err := crypto.BytesToPublicKey(key.PublicKey); err != nil {
+			return zerrors.ThrowInvalidArgument(nil, "COMMAND-5F3h1", "Errors.User.Machine.Key.Invalid")
+		}
+	}
 	key.ExpirationDate, err = domain.ValidateExpirationDate(key.ExpirationDate)
 	return err
 }