-
Notifications
You must be signed in to change notification settings - Fork 483
/
key_view.go
129 lines (114 loc) · 2.83 KB
/
key_view.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package model
import (
"time"
"github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
)
type KeyView struct {
ID string
Private bool
Expiry time.Time
Algorithm string
Usage KeyUsage
Key *crypto.CryptoValue
Sequence uint64
}
type SigningKey struct {
ID string
Algorithm string
Key interface{}
Sequence uint64
}
type PublicKey struct {
ID string
Algorithm string
Usage KeyUsage
Key interface{}
}
type KeySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn KeySearchKey
Asc bool
Queries []*KeySearchQuery
}
type KeySearchKey int32
const (
KeySearchKeyUnspecified KeySearchKey = iota
KeySearchKeyID
KeySearchKeyPrivate
KeySearchKeyExpiry
KeySearchKeyUsage
)
type KeySearchQuery struct {
Key KeySearchKey
Method domain.SearchMethod
Value interface{}
}
type KeySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*KeyView
}
func (r *KeySearchRequest) EnsureLimit(limit uint64) error {
if r.Limit > limit {
return errors.ThrowInvalidArgument(nil, "SEARCH-Mf9sd", "Errors.Limit.ExceedsDefault")
}
if r.Limit == 0 {
r.Limit = limit
}
return nil
}
func SigningKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*SigningKey, error) {
if key.Usage != KeyUsageSigning || !key.Private {
return nil, errors.ThrowInvalidArgument(nil, "MODEL-5HBdh", "key must be private signing key")
}
keyData, err := crypto.Decrypt(key.Key, alg)
if err != nil {
return nil, err
}
privateKey, err := crypto.BytesToPrivateKey(keyData)
if err != nil {
return nil, err
}
return &SigningKey{
ID: key.ID,
Algorithm: key.Algorithm,
Key: privateKey,
Sequence: key.Sequence,
}, nil
}
func PublicKeysFromKeyView(keys []*KeyView, alg crypto.EncryptionAlgorithm) ([]*PublicKey, error) {
convertedKeys := make([]*PublicKey, 0, len(keys))
for _, key := range keys {
converted, err := PublicKeyFromKeyView(key, alg)
if err != nil {
logging.Log("MODEL-adB3f").WithError(err).Debug("cannot convert to public key") //TODO: change log level to warning when keys can be revoked
continue
}
convertedKeys = append(convertedKeys, converted)
}
return convertedKeys, nil
}
func PublicKeyFromKeyView(key *KeyView, alg crypto.EncryptionAlgorithm) (*PublicKey, error) {
if key.Private {
return nil, errors.ThrowInvalidArgument(nil, "MODEL-dTZa2", "key must be public")
}
keyData, err := crypto.Decrypt(key.Key, alg)
if err != nil {
return nil, err
}
publicKey, err := crypto.BytesToPublicKey(keyData)
if err != nil {
return nil, err
}
return &PublicKey{
ID: key.ID,
Algorithm: key.Algorithm,
Usage: key.Usage,
Key: publicKey,
}, nil
}