Livio Amstutz 1c59d18fee
fix: improvements for login and oidc (#227)
* add csrf

* caching

* caching

* caching

* caching

* security headers

* csp and security headers

* error handler csp

* select user with display name

* csp

* user selection styling

* username to loginname

* regenerate grpc

* regenerate

* change to login name
2020-06-17 08:06:40 +02:00

73 lines
1.6 KiB
Go

package crypto
import (
"os"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config"
"github.com/caos/zitadel/internal/errors"
)
const (
ZitadelKeyPath = "ZITADEL_KEY_PATH"
)
type KeyConfig struct {
EncryptionKeyID string
DecryptionKeyIDs []string
Path string
}
type Keys map[string]string
func ReadKeys(path string) (Keys, error) {
if path == "" {
path = os.Getenv(ZitadelKeyPath)
if path == "" {
return nil, errors.ThrowInvalidArgument(nil, "CRYPT-56lka", "no path set")
}
}
keys := new(Keys)
err := config.Read(keys, path)
return *keys, err
}
func LoadKey(config *KeyConfig, id string) (string, error) {
keys, _, err := LoadKeys(config)
if err != nil {
return "", err
}
return keys[id], nil
}
func LoadKeys(config *KeyConfig) (map[string]string, []string, error) {
if config == nil {
return nil, nil, errors.ThrowInvalidArgument(nil, "CRYPT-dJK8s", "config must not be nil")
}
readKeys, err := ReadKeys(config.Path)
if err != nil {
return nil, nil, err
}
keys := make(map[string]string)
ids := make([]string, 0, len(config.DecryptionKeyIDs)+1)
if config.EncryptionKeyID != "" {
key, ok := readKeys[config.EncryptionKeyID]
if !ok {
return nil, nil, errors.ThrowInternalf(nil, "CRYPT-v2Kas", "encryption key not found")
}
keys[config.EncryptionKeyID] = key
ids = append(ids, config.EncryptionKeyID)
}
for _, id := range config.DecryptionKeyIDs {
key, ok := readKeys[id]
if !ok {
logging.Log("CRYPT-s23rf").Warnf("description key %s not found", id)
continue
}
keys[id] = key
ids = append(ids, id)
}
return keys, ids, nil
}