forked from TrueCloudLab/certificates
51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package nosql
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"time"
|
|
|
|
"github.com/smallstep/certificates/authority/admin/eak"
|
|
)
|
|
|
|
type dbExternalAccountKey struct {
|
|
ID string `json:"id"`
|
|
Name string `json:"name"`
|
|
AccountID string `json:"accountID,omitempty"`
|
|
KeyBytes []byte `json:"key,omitempty"`
|
|
CreatedAt time.Time `json:"createdAt"`
|
|
BoundAt time.Time `json:"boundAt"`
|
|
}
|
|
|
|
// CreateExternalAccountKey creates a new External Account Binding key
|
|
func (db *DB) CreateExternalAccountKey(ctx context.Context, name string) (*eak.ExternalAccountKey, error) {
|
|
keyID, err := randID()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
random := make([]byte, 32)
|
|
_, err = rand.Read(random)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dbeak := &dbExternalAccountKey{
|
|
ID: keyID,
|
|
Name: name,
|
|
KeyBytes: random,
|
|
CreatedAt: clock.Now(),
|
|
}
|
|
|
|
if err = db.save(ctx, keyID, dbeak, nil, "external_account_key", externalAccountKeyTable); err != nil {
|
|
return nil, err
|
|
}
|
|
return &eak.ExternalAccountKey{
|
|
ID: dbeak.ID,
|
|
Name: dbeak.Name,
|
|
AccountID: dbeak.AccountID,
|
|
KeyBytes: dbeak.KeyBytes,
|
|
CreatedAt: dbeak.CreatedAt,
|
|
BoundAt: dbeak.BoundAt,
|
|
}, nil
|
|
}
|