mirror of https://github.com/ory/hydra
42 lines
842 B
Go
42 lines
842 B
Go
// Copyright © 2023 Ory Corp
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package aead
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
)
|
|
|
|
func encryptionKey(ctx context.Context, d Dependencies, keySize int) ([]byte, error) {
|
|
keys, err := allKeys(ctx, d)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
key := keys[0]
|
|
if len(key) != keySize {
|
|
return nil, fmt.Errorf("key must be exactly %d bytes long, got %d bytes", keySize, len(key))
|
|
}
|
|
|
|
return key, nil
|
|
}
|
|
|
|
func allKeys(ctx context.Context, d Dependencies) ([][]byte, error) {
|
|
global, err := d.GetGlobalSecret(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
rotated, err := d.GetRotatedGlobalSecrets(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
keys := append([][]byte{global}, rotated...)
|
|
if len(keys) == 0 {
|
|
return nil, fmt.Errorf("at least one encryption key must be defined but none were")
|
|
}
|
|
return keys, nil
|
|
}
|