mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-15 08:48:37 +00:00
07ce3b6905
This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com>
171 lines
4.6 KiB
Go
171 lines
4.6 KiB
Go
package webkey
|
|
|
|
import (
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
|
|
)
|
|
|
|
func createWebKeyRequestToConfig(req *webkey.CreateWebKeyRequest) crypto.WebKeyConfig {
|
|
switch config := req.GetKey().(type) {
|
|
case *webkey.CreateWebKeyRequest_Rsa:
|
|
return rsaToCrypto(config.Rsa)
|
|
case *webkey.CreateWebKeyRequest_Ecdsa:
|
|
return ecdsaToCrypto(config.Ecdsa)
|
|
case *webkey.CreateWebKeyRequest_Ed25519:
|
|
return new(crypto.WebKeyED25519Config)
|
|
default:
|
|
return rsaToCrypto(nil)
|
|
}
|
|
}
|
|
|
|
func rsaToCrypto(config *webkey.RSA) *crypto.WebKeyRSAConfig {
|
|
out := new(crypto.WebKeyRSAConfig)
|
|
|
|
switch config.GetBits() {
|
|
case webkey.RSABits_RSA_BITS_UNSPECIFIED:
|
|
out.Bits = crypto.RSABits2048
|
|
case webkey.RSABits_RSA_BITS_2048:
|
|
out.Bits = crypto.RSABits2048
|
|
case webkey.RSABits_RSA_BITS_3072:
|
|
out.Bits = crypto.RSABits3072
|
|
case webkey.RSABits_RSA_BITS_4096:
|
|
out.Bits = crypto.RSABits4096
|
|
default:
|
|
out.Bits = crypto.RSABits2048
|
|
}
|
|
|
|
switch config.GetHasher() {
|
|
case webkey.RSAHasher_RSA_HASHER_UNSPECIFIED:
|
|
out.Hasher = crypto.RSAHasherSHA256
|
|
case webkey.RSAHasher_RSA_HASHER_SHA256:
|
|
out.Hasher = crypto.RSAHasherSHA256
|
|
case webkey.RSAHasher_RSA_HASHER_SHA384:
|
|
out.Hasher = crypto.RSAHasherSHA384
|
|
case webkey.RSAHasher_RSA_HASHER_SHA512:
|
|
out.Hasher = crypto.RSAHasherSHA512
|
|
default:
|
|
out.Hasher = crypto.RSAHasherSHA256
|
|
}
|
|
|
|
return out
|
|
}
|
|
|
|
func ecdsaToCrypto(config *webkey.ECDSA) *crypto.WebKeyECDSAConfig {
|
|
out := new(crypto.WebKeyECDSAConfig)
|
|
|
|
switch config.GetCurve() {
|
|
case webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED:
|
|
out.Curve = crypto.EllipticCurveP256
|
|
case webkey.ECDSACurve_ECDSA_CURVE_P256:
|
|
out.Curve = crypto.EllipticCurveP256
|
|
case webkey.ECDSACurve_ECDSA_CURVE_P384:
|
|
out.Curve = crypto.EllipticCurveP384
|
|
case webkey.ECDSACurve_ECDSA_CURVE_P512:
|
|
out.Curve = crypto.EllipticCurveP512
|
|
default:
|
|
out.Curve = crypto.EllipticCurveP256
|
|
}
|
|
|
|
return out
|
|
}
|
|
|
|
func webKeyDetailsListToPb(list []query.WebKeyDetails) []*webkey.WebKey {
|
|
out := make([]*webkey.WebKey, len(list))
|
|
for i := range list {
|
|
out[i] = webKeyDetailsToPb(&list[i])
|
|
}
|
|
return out
|
|
}
|
|
|
|
func webKeyDetailsToPb(details *query.WebKeyDetails) *webkey.WebKey {
|
|
out := &webkey.WebKey{
|
|
Id: details.KeyID,
|
|
CreationDate: timestamppb.New(details.CreationDate),
|
|
ChangeDate: timestamppb.New(details.ChangeDate),
|
|
State: webKeyStateToPb(details.State),
|
|
}
|
|
|
|
switch config := details.Config.(type) {
|
|
case *crypto.WebKeyRSAConfig:
|
|
out.Key = &webkey.WebKey_Rsa{
|
|
Rsa: webKeyRSAConfigToPb(config),
|
|
}
|
|
case *crypto.WebKeyECDSAConfig:
|
|
out.Key = &webkey.WebKey_Ecdsa{
|
|
Ecdsa: webKeyECDSAConfigToPb(config),
|
|
}
|
|
case *crypto.WebKeyED25519Config:
|
|
out.Key = &webkey.WebKey_Ed25519{
|
|
Ed25519: new(webkey.ED25519),
|
|
}
|
|
}
|
|
|
|
return out
|
|
}
|
|
|
|
func webKeyStateToPb(state domain.WebKeyState) webkey.State {
|
|
switch state {
|
|
case domain.WebKeyStateUnspecified:
|
|
return webkey.State_STATE_UNSPECIFIED
|
|
case domain.WebKeyStateInitial:
|
|
return webkey.State_STATE_INITIAL
|
|
case domain.WebKeyStateActive:
|
|
return webkey.State_STATE_ACTIVE
|
|
case domain.WebKeyStateInactive:
|
|
return webkey.State_STATE_INACTIVE
|
|
case domain.WebKeyStateRemoved:
|
|
return webkey.State_STATE_REMOVED
|
|
default:
|
|
return webkey.State_STATE_UNSPECIFIED
|
|
}
|
|
}
|
|
|
|
func webKeyRSAConfigToPb(config *crypto.WebKeyRSAConfig) *webkey.RSA {
|
|
out := new(webkey.RSA)
|
|
|
|
switch config.Bits {
|
|
case crypto.RSABitsUnspecified:
|
|
out.Bits = webkey.RSABits_RSA_BITS_UNSPECIFIED
|
|
case crypto.RSABits2048:
|
|
out.Bits = webkey.RSABits_RSA_BITS_2048
|
|
case crypto.RSABits3072:
|
|
out.Bits = webkey.RSABits_RSA_BITS_3072
|
|
case crypto.RSABits4096:
|
|
out.Bits = webkey.RSABits_RSA_BITS_4096
|
|
}
|
|
|
|
switch config.Hasher {
|
|
case crypto.RSAHasherUnspecified:
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_UNSPECIFIED
|
|
case crypto.RSAHasherSHA256:
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA256
|
|
case crypto.RSAHasherSHA384:
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA384
|
|
case crypto.RSAHasherSHA512:
|
|
out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA512
|
|
}
|
|
|
|
return out
|
|
}
|
|
|
|
func webKeyECDSAConfigToPb(config *crypto.WebKeyECDSAConfig) *webkey.ECDSA {
|
|
out := new(webkey.ECDSA)
|
|
|
|
switch config.Curve {
|
|
case crypto.EllipticCurveUnspecified:
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED
|
|
case crypto.EllipticCurveP256:
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P256
|
|
case crypto.EllipticCurveP384:
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P384
|
|
case crypto.EllipticCurveP512:
|
|
out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P512
|
|
}
|
|
|
|
return out
|
|
}
|