From 41eb900dff9b21a4630c98abd34e6209d2d34121 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Wed, 21 Aug 2024 15:08:30 +0530 Subject: [PATCH 1/4] Add Support for Bring Your Own Key & Customer Key-Lifecycle Management --- go.mod | 1 + go.sum | 8 +- management/encryption_key.go | 115 ++++++++++++ management/encryption_key_test.go | 177 ++++++++++++++++++ management/management.gen.go | 87 +++++++++ management/management.gen_test.go | 114 +++++++++++ management/management.go | 4 + .../TestEncryptionKeyManager_Create.yaml | 74 ++++++++ ...ionKeyManager_CreatePublicWrappingKey.yaml | 109 +++++++++++ .../TestEncryptionKeyManager_Delete.yaml | 144 ++++++++++++++ ...EncryptionKeyManager_ImportWrappedKey.yaml | 145 ++++++++++++++ .../TestEncryptionKeyManager_List.yaml | 109 +++++++++++ .../TestEncryptionKeyManager_Read.yaml | 109 +++++++++++ .../TestEncryptionKeyManager_Rekey.yaml | 108 +++++++++++ 14 files changed, 1302 insertions(+), 2 deletions(-) create mode 100644 management/encryption_key.go create mode 100644 management/encryption_key_test.go create mode 100644 test/data/recordings/TestEncryptionKeyManager_Create.yaml create mode 100644 test/data/recordings/TestEncryptionKeyManager_CreatePublicWrappingKey.yaml create mode 100644 test/data/recordings/TestEncryptionKeyManager_Delete.yaml create mode 100644 test/data/recordings/TestEncryptionKeyManager_ImportWrappedKey.yaml create mode 100644 test/data/recordings/TestEncryptionKeyManager_List.yaml create mode 100644 test/data/recordings/TestEncryptionKeyManager_Read.yaml create mode 100644 test/data/recordings/TestEncryptionKeyManager_Rekey.yaml diff --git a/go.mod b/go.mod index 762111c9..4d42d42c 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/joho/godotenv v1.5.1 github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/stretchr/testify v1.9.0 + github.com/tink-crypto/tink-go/v2 v2.2.0 go.devnw.com/structs v1.0.0 golang.org/x/oauth2 v0.21.0 gopkg.in/dnaeon/go-vcr.v3 v3.2.0 diff --git a/go.sum b/go.sum index 764a5447..0a4399da 100644 --- a/go.sum +++ b/go.sum @@ -12,8 +12,8 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= @@ -40,6 +40,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= +github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= go.devnw.com/structs v1.0.0 h1:FFkBoBOkapCdxFEIkpOZRmMOMr9b9hxjKTD3bJYl9lk= go.devnw.com/structs v1.0.0/go.mod h1:wHBkdQpNeazdQHszJ2sxwVEpd8zGTEsKkeywDLGbrmg= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= @@ -56,6 +58,8 @@ golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/dnaeon/go-vcr.v3 v3.2.0 h1:Rltp0Vf+Aq0u4rQXgmXgtgoRDStTnFN83cWgSGSoRzM= diff --git a/management/encryption_key.go b/management/encryption_key.go new file mode 100644 index 00000000..2e3941d4 --- /dev/null +++ b/management/encryption_key.go @@ -0,0 +1,115 @@ +package management + +import ( + "context" + "time" +) + +type EncryptionKeyList struct { + List + Keys []*EncryptionKey `json:"keys"` +} + +// EncryptionKey is used for encrypting data. +type EncryptionKey struct { + // Key ID + KID *string `json:"kid,omitempty"` + // Key type + Type *string `json:"type,omitempty"` + // Key state + State *string `json:"state,omitempty"` + // Key creation timestamp + CreatedAt *time.Time `json:"created_at,omitempty"` + // Key update timestamp + UpdatedAt *time.Time `json:"updated_at,omitempty"` + // ID of parent wrapping key + ParentKID *string `json:"parent_kid,omitempty"` + // Base64 encoded ciphertext of key material wrapped by public wrapping key + WrappedKey *string `json:"wrapped_key,omitempty"` +} + +// WrappingKey is used for creating the public wrapping key. +type WrappingKey struct { + // The public key of the wrapping key for uploading the customer provided root key. + PublicKey *string `json:"public_key,omitempty"` + // The algorithm to be used for wrapping the key. Normally CKM_RSA_AES_KEY_WRAP + Algorithm *string `json:"algorithm,omitempty"` +} + +// EncryptionKeyManager manages Auth0 EncryptionKey resources. +type EncryptionKeyManager manager + +// Create an encryption key. +// +// See: https://auth0.com/docs/api/management/v2/keys/post-encryption +func (m *EncryptionKeyManager) Create(ctx context.Context, e *EncryptionKey, opts ...RequestOption) error { + cleanUpCreateEncryptionKey(e) + return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption"), e, opts...) +} + +// List all encryption keys. +// +// See: https://auth0.com/docs/api/management/v2/keys/get-encryption-keys +func (m *EncryptionKeyManager) List(ctx context.Context, opts ...RequestOption) (ekl *EncryptionKeyList, err error) { + err = m.management.Request(ctx, "GET", m.management.URI("keys", "encryption"), &ekl, applyListDefaults(opts)) + return +} + +// Read an encryption key by its key id. +// +// See: https://auth0.com/docs/api/management/v2/keys/get-encryption-key +func (m *EncryptionKeyManager) Read(ctx context.Context, kid string, opts ...RequestOption) (k *EncryptionKey, err error) { + err = m.management.Request(ctx, "GET", m.management.URI("keys", "encryption", kid), &k, opts...) + return +} + +// Rekey the key hierarchy, Performs rekeying operation on the key hierarchy. +// +// See: https://auth0.com/docs/api/management/v2/keys/post-encryption-rekey +func (m *EncryptionKeyManager) Rekey(ctx context.Context, opts ...RequestOption) error { + return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption", "rekey"), nil, opts...) +} + +// Delete an encryption key by its key id. +// +// See: https://auth0.com/docs/api/management/v2/keys/delete-encryption-key +func (m *EncryptionKeyManager) Delete(ctx context.Context, kid string, opts ...RequestOption) error { + return m.management.Request(ctx, "DELETE", m.management.URI("keys", "encryption", kid), nil, opts...) +} + +// ImportWrappedKey Imports wrapped key material and activate encryption key +// +// See: https://auth0.com/docs/api/management/v2/keys/post-encryption-key +func (m *EncryptionKeyManager) ImportWrappedKey(ctx context.Context, e *EncryptionKey, opts ...RequestOption) error { + id := *e.KID + cleanUpImportEncryptionKey(e) + return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption", id), e, opts...) +} + +// CreatePublicWrappingKey creates the public wrapping key to wrap your own encryption key material. +// +// See: https://auth0.com/docs/api/management/v2/keys/post-encryption-wrapping-key +func (m *EncryptionKeyManager) CreatePublicWrappingKey(ctx context.Context, kid string, opts ...RequestOption) (w *WrappingKey, err error) { + err = m.management.Request(ctx, "POST", m.management.URI("keys", "encryption", kid, "wrapping-key"), &w, opts...) + return +} + +// cleanUpImportEncryptionKey removes unnecessary fields from the encryption key. +func cleanUpImportEncryptionKey(k *EncryptionKey) { + k.KID = nil + k.CreatedAt = nil + k.UpdatedAt = nil + k.ParentKID = nil + k.State = nil + k.Type = nil +} + +// cleanUpCreateEncryptionKey removes unnecessary fields from the encryption key. +func cleanUpCreateEncryptionKey(k *EncryptionKey) { + k.KID = nil + k.CreatedAt = nil + k.UpdatedAt = nil + k.ParentKID = nil + k.State = nil + k.WrappedKey = nil +} diff --git a/management/encryption_key_test.go b/management/encryption_key_test.go new file mode 100644 index 00000000..67bf80be --- /dev/null +++ b/management/encryption_key_test.go @@ -0,0 +1,177 @@ +package management + +import ( + "context" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/base64" + "encoding/pem" + "fmt" + "github.com/auth0/go-auth0" + "github.com/stretchr/testify/assert" + "github.com/tink-crypto/tink-go/v2/kwp/subtle" + "testing" +) + +func TestEncryptionKeyManager_Create(t *testing.T) { + configureHTTPTestRecordings(t) + givenEncryptionKey := &EncryptionKey{ + Type: auth0.String("customer-provided-root-key"), + } + err := api.EncryptionKey.Create(context.Background(), givenEncryptionKey) + assert.NoError(t, err) + assert.NotEmpty(t, givenEncryptionKey.GetKID()) + cleanUpEncryptionKey(t, givenEncryptionKey.GetKID()) +} + +func TestEncryptionKeyManager_List(t *testing.T) { + configureHTTPTestRecordings(t) + key := givenEncryptionKey(t) + keyList, err := api.EncryptionKey.List(context.Background(), PerPage(50), Page(0)) + assert.NoError(t, err) + assert.Contains(t, keyList.Keys, key) +} + +func TestEncryptionKeyManager_Read(t *testing.T) { + configureHTTPTestRecordings(t) + key := givenEncryptionKey(t) + readKey, err := api.EncryptionKey.Read(context.Background(), key.GetKID()) + assert.NoError(t, err) + assert.Equal(t, key, readKey) +} + +func TestEncryptionKeyManager_Rekey(t *testing.T) { + configureHTTPTestRecordings(t) + oldKeyList, err := api.EncryptionKey.List(context.Background(), PerPage(50), Page(0)) + assert.NoError(t, err) + assert.NotEmpty(t, oldKeyList.Keys) + var oldKey, newKey *EncryptionKey + for _, key := range oldKeyList.Keys { + if key.GetState() == "active" && key.GetType() == "tenant-master-key" { + oldKey = key + } + } + err = api.EncryptionKey.Rekey(context.Background()) + assert.NoError(t, err) + keyList, err := api.EncryptionKey.List(context.Background(), PerPage(50), Page(0)) + assert.NoError(t, err) + assert.NotEmpty(t, keyList.Keys) + for _, key := range keyList.Keys { + if key.GetState() == "active" && key.GetType() == "tenant-master-key" { + newKey = key + } + } + assert.NotEqual(t, oldKey.GetKID(), newKey.GetKID()) + assert.NotEqual(t, keyList.Keys, oldKeyList.Keys) +} + +func TestEncryptionKeyManager_Delete(t *testing.T) { + configureHTTPTestRecordings(t) + key := givenEncryptionKey(t) + err := api.EncryptionKey.Delete(context.Background(), key.GetKID()) + assert.NoError(t, err) + keyRead, err := api.EncryptionKey.Read(context.Background(), key.GetKID()) + assert.NoError(t, err) + assert.Equal(t, keyRead.GetState(), "destroyed") +} + +func TestEncryptionKeyManager_CreatePublicWrappingKey(t *testing.T) { + configureHTTPTestRecordings(t) + key := givenEncryptionKey(t) + wrappingKey, err := api.EncryptionKey.CreatePublicWrappingKey(context.Background(), key.GetKID()) + assert.NoError(t, err) + assert.NotEmpty(t, wrappingKey.GetPublicKey()) +} + +func TestEncryptionKeyManager_ImportWrappedKey(t *testing.T) { + configureHTTPTestRecordings(t) + key := givenEncryptionKey(t) + wrappingKey, err := api.EncryptionKey.CreatePublicWrappingKey(context.Background(), key.GetKID()) + assert.NoError(t, err) + assert.NotEmpty(t, wrappingKey.GetPublicKey()) + wrappedKeyStr, err := createAWSWrappedCiphertext(wrappingKey.GetPublicKey()) + assert.NoError(t, err) + + key.WrappedKey = &wrappedKeyStr + + err = api.EncryptionKey.ImportWrappedKey(context.Background(), key) + assert.NoError(t, err) + assert.Equal(t, key.GetType(), "customer-provided-root-key") + assert.Equal(t, key.GetState(), "active") +} + +func givenEncryptionKey(t *testing.T) *EncryptionKey { + t.Helper() + givenEncryptionKey := &EncryptionKey{ + Type: auth0.String("customer-provided-root-key"), + } + err := api.EncryptionKey.Create(context.Background(), givenEncryptionKey) + assert.NoError(t, err) + assert.NotEmpty(t, givenEncryptionKey.GetKID()) + t.Cleanup(func() { + cleanUpEncryptionKey(t, givenEncryptionKey.GetKID()) + }) + return givenEncryptionKey +} + +func cleanUpEncryptionKey(t *testing.T, kid string) { + t.Helper() + err := api.EncryptionKey.Delete(context.Background(), kid) + assert.NoError(t, err) +} + +func createAWSWrappedCiphertext(publicKeyPEM string) (string, error) { + block, _ := pem.Decode([]byte(publicKeyPEM)) + if block == nil { + return "", fmt.Errorf("failed to decode public key PEM") + } + + // Parse the public key + pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) + if err != nil { + return "", fmt.Errorf("failed to parse public key: %w", err) + } + + // Ensure the public key is of type *rsa.PublicKey + publicRSAKey, ok := pubKey.(*rsa.PublicKey) + if !ok { + return "", fmt.Errorf("public key is not of type *rsa.PublicKey") + } + + // Generate a 256-bit (32-byte) ephemeral key + ephemeralKey := make([]byte, 32) + if _, err := rand.Read(ephemeralKey); err != nil { + return "", fmt.Errorf("failed to generate ephemeral key: %w", err) + } + + // Generate a 256-bit (32-byte) plaintext key + plaintextKey := make([]byte, 32) + if _, err := rand.Read(plaintextKey); err != nil { + return "", fmt.Errorf("failed to generate plaintext key: %w", err) + } + + // Wrap the ephemeral key using RSA-OAEP with SHA-256 + wrappedEphemeralKey, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, publicRSAKey, ephemeralKey, nil) + if err != nil { + return "", fmt.Errorf("failed to wrap ephemeral key: %w", err) + } + + // Create a KWP (Key Wrapping with Padding) instance using the ephemeral key + kwp, err := subtle.NewKWP(ephemeralKey) + if err != nil { + return "", fmt.Errorf("failed to create KWP instance: %w", err) + } + + // Wrap the plaintext key using KWP + wrappedTargetKey, err := kwp.Wrap(plaintextKey) + if err != nil { + return "", fmt.Errorf("failed to wrap target key using KWP: %w", err) + } + + // Return the concatenation of the wrapped ephemeral key and the wrapped plaintext key + cipherBytes := append(wrappedEphemeralKey, wrappedTargetKey...) + + return base64.StdEncoding.EncodeToString(cipherBytes), nil +} diff --git a/management/management.gen.go b/management/management.gen.go index 80710146..6b01dfe5 100644 --- a/management/management.gen.go +++ b/management/management.gen.go @@ -6677,6 +6677,72 @@ func (e *EmailTemplate) String() string { return Stringify(e) } +// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetCreatedAt() time.Time { + if e == nil || e.CreatedAt == nil { + return time.Time{} + } + return *e.CreatedAt +} + +// GetKID returns the KID field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetKID() string { + if e == nil || e.KID == nil { + return "" + } + return *e.KID +} + +// GetParentKID returns the ParentKID field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetParentKID() string { + if e == nil || e.ParentKID == nil { + return "" + } + return *e.ParentKID +} + +// GetState returns the State field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetState() string { + if e == nil || e.State == nil { + return "" + } + return *e.State +} + +// GetType returns the Type field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetType() string { + if e == nil || e.Type == nil { + return "" + } + return *e.Type +} + +// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetUpdatedAt() time.Time { + if e == nil || e.UpdatedAt == nil { + return time.Time{} + } + return *e.UpdatedAt +} + +// GetWrappedKey returns the WrappedKey field if it's non-nil, zero value otherwise. +func (e *EncryptionKey) GetWrappedKey() string { + if e == nil || e.WrappedKey == nil { + return "" + } + return *e.WrappedKey +} + +// String returns a string representation of EncryptionKey. +func (e *EncryptionKey) String() string { + return Stringify(e) +} + +// String returns a string representation of EncryptionKeyList. +func (e *EncryptionKeyList) String() string { + return Stringify(e) +} + // GetEnrolledAt returns the EnrolledAt field if it's non-nil, zero value otherwise. func (e *Enrollment) GetEnrolledAt() time.Time { if e == nil || e.EnrolledAt == nil { @@ -10960,6 +11026,27 @@ func (w *WAMSClientAddon) String() string { return Stringify(w) } +// GetAlgorithm returns the Algorithm field if it's non-nil, zero value otherwise. +func (w *WrappingKey) GetAlgorithm() string { + if w == nil || w.Algorithm == nil { + return "" + } + return *w.Algorithm +} + +// GetPublicKey returns the PublicKey field if it's non-nil, zero value otherwise. +func (w *WrappingKey) GetPublicKey() string { + if w == nil || w.PublicKey == nil { + return "" + } + return *w.PublicKey +} + +// String returns a string representation of WrappingKey. +func (w *WrappingKey) String() string { + return Stringify(w) +} + // String returns a string representation of WSFEDClientAddon. func (w *WSFEDClientAddon) String() string { return Stringify(w) diff --git a/management/management.gen_test.go b/management/management.gen_test.go index d7bfb33c..9c70526e 100644 --- a/management/management.gen_test.go +++ b/management/management.gen_test.go @@ -8286,6 +8286,92 @@ func TestEmailTemplate_String(t *testing.T) { } } +func TestEncryptionKey_GetCreatedAt(tt *testing.T) { + var zeroValue time.Time + e := &EncryptionKey{CreatedAt: &zeroValue} + e.GetCreatedAt() + e = &EncryptionKey{} + e.GetCreatedAt() + e = nil + e.GetCreatedAt() +} + +func TestEncryptionKey_GetKID(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{KID: &zeroValue} + e.GetKID() + e = &EncryptionKey{} + e.GetKID() + e = nil + e.GetKID() +} + +func TestEncryptionKey_GetParentKID(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{ParentKID: &zeroValue} + e.GetParentKID() + e = &EncryptionKey{} + e.GetParentKID() + e = nil + e.GetParentKID() +} + +func TestEncryptionKey_GetState(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{State: &zeroValue} + e.GetState() + e = &EncryptionKey{} + e.GetState() + e = nil + e.GetState() +} + +func TestEncryptionKey_GetType(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{Type: &zeroValue} + e.GetType() + e = &EncryptionKey{} + e.GetType() + e = nil + e.GetType() +} + +func TestEncryptionKey_GetUpdatedAt(tt *testing.T) { + var zeroValue time.Time + e := &EncryptionKey{UpdatedAt: &zeroValue} + e.GetUpdatedAt() + e = &EncryptionKey{} + e.GetUpdatedAt() + e = nil + e.GetUpdatedAt() +} + +func TestEncryptionKey_GetWrappedKey(tt *testing.T) { + var zeroValue string + e := &EncryptionKey{WrappedKey: &zeroValue} + e.GetWrappedKey() + e = &EncryptionKey{} + e.GetWrappedKey() + e = nil + e.GetWrappedKey() +} + +func TestEncryptionKey_String(t *testing.T) { + var rawJSON json.RawMessage + v := &EncryptionKey{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + +func TestEncryptionKeyList_String(t *testing.T) { + var rawJSON json.RawMessage + v := &EncryptionKeyList{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestEnrollment_GetEnrolledAt(tt *testing.T) { var zeroValue time.Time e := &Enrollment{EnrolledAt: &zeroValue} @@ -13773,6 +13859,34 @@ func TestWAMSClientAddon_String(t *testing.T) { } } +func TestWrappingKey_GetAlgorithm(tt *testing.T) { + var zeroValue string + w := &WrappingKey{Algorithm: &zeroValue} + w.GetAlgorithm() + w = &WrappingKey{} + w.GetAlgorithm() + w = nil + w.GetAlgorithm() +} + +func TestWrappingKey_GetPublicKey(tt *testing.T) { + var zeroValue string + w := &WrappingKey{PublicKey: &zeroValue} + w.GetPublicKey() + w = &WrappingKey{} + w.GetPublicKey() + w = nil + w.GetPublicKey() +} + +func TestWrappingKey_String(t *testing.T) { + var rawJSON json.RawMessage + v := &WrappingKey{} + if err := json.Unmarshal([]byte(v.String()), &rawJSON); err != nil { + t.Errorf("failed to produce a valid json") + } +} + func TestWSFEDClientAddon_String(t *testing.T) { var rawJSON json.RawMessage v := &WSFEDClientAddon{} diff --git a/management/management.go b/management/management.go index f4cf979e..c5d8d44d 100644 --- a/management/management.go +++ b/management/management.go @@ -103,6 +103,9 @@ type Management struct { // EmailProvider manages Auth0 Email Providers. EmailProvider *EmailProviderManager + // EncryptionKey manages Auth0 Encryption Keys. + EncryptionKey *EncryptionKeyManager + url *url.URL basePath string userAgent string @@ -197,6 +200,7 @@ func New(domain string, options ...Option) (*Management, error) { m.Rule = (*RuleManager)(&m.common) m.RuleConfig = (*RuleConfigManager)(&m.common) m.SigningKey = (*SigningKeyManager)(&m.common) + m.EncryptionKey = (*EncryptionKeyManager)(&m.common) m.Stat = (*StatManager)(&m.common) m.Tenant = (*TenantManager)(&m.common) m.Ticket = (*TicketManager)(&m.common) diff --git a/test/data/recordings/TestEncryptionKeyManager_Create.yaml b/test/data/recordings/TestEncryptionKeyManager_Create.yaml new file mode 100644 index 00000000..b48c46e1 --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_Create.yaml @@ -0,0 +1,74 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 38 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"type":"customer-provided-root-key"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 205 + uncompressed: false + body: '{"kid":"1b3fbf52-80f0-455f-aaa8-26a97ebf7796","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:34:56.313Z","updated_at":"2024-08-21T09:34:56.313Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 881.877708ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/1b3fbf52-80f0-455f-aaa8-26a97ebf7796 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 738.39125ms diff --git a/test/data/recordings/TestEncryptionKeyManager_CreatePublicWrappingKey.yaml b/test/data/recordings/TestEncryptionKeyManager_CreatePublicWrappingKey.yaml new file mode 100644 index 00000000..fbcb423a --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_CreatePublicWrappingKey.yaml @@ -0,0 +1,109 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 38 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"type":"customer-provided-root-key"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 205 + uncompressed: false + body: '{"kid":"28af4271-1e32-4d69-bb00-6606aa303f65","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:34:57.419Z","updated_at":"2024-08-21T09:34:57.419Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 367.072125ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/28af4271-1e32-4d69-bb00-6606aa303f65/wrapping-key + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 688 + uncompressed: false + body: '{"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsRQVZRZcB/9oXY6l4mPX\nWG8jPfDQtirApFNab4xfhsuyPxTXvD75lr2+P+6xv95E2KF+8JvEianaAdspZEUd\nDAIgvUVeiPUVfkSGr1w1ymzq+WXTnOWSoJsofmYxMiv7xAYBEJ0C4q4/jjlKyump\nNppF1F+X5n7sYSUtlRx9Z6d5myGD8+aWNdsKoXwqJbUDeXeWvY+0hyuOKfMqNOeh\n3dTuKRBC1ghpKnaCaJz80sZLs38OV96ebNdago4QeRQBXQ9s/F/XEY+HgsH9nSss\nTs7F7MhO7c8cAGo4sWxcz5R4sqYlO1kV+oJHUaVa8BzfmNwTHVbGuvnLc6xyZZ9J\n78k+TkLJ3rMkFnWz6D+76LNgIJxeyzMkvgqpmWjDz4qdaaWCf3wDUnGCNjVkbJpL\nvF9N72DSlhDteIv045RZpCPwWR+byH+vs7GeldDzElbTb1Z3ufOC45MvhqG+iNSU\nb5giJYSttjeDsbRcw9WaC3zHK2WAQbF1T/Wtw5Ap3DxjAgMBAAE=\n-----END PUBLIC KEY-----\n","algorithm":"CKM_RSA_AES_KEY_WRAP"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 1.607745459s + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/28af4271-1e32-4d69-bb00-6606aa303f65 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 1.240581583s diff --git a/test/data/recordings/TestEncryptionKeyManager_Delete.yaml b/test/data/recordings/TestEncryptionKeyManager_Delete.yaml new file mode 100644 index 00000000..4e7516b7 --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_Delete.yaml @@ -0,0 +1,144 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 38 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"type":"customer-provided-root-key"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 205 + uncompressed: false + body: '{"kid":"de03ae46-f823-4cba-af2c-91e5022ad0c4","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:35:48.221Z","updated_at":"2024-08-21T09:35:48.221Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 813.873417ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/de03ae46-f823-4cba-af2c-91e5022ad0c4 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 766.065708ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/de03ae46-f823-4cba-af2c-91e5022ad0c4 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"kid":"de03ae46-f823-4cba-af2c-91e5022ad0c4","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-21T09:35:48.221Z","updated_at":"2024-08-21T09:35:48.584Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 340.618ms + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/de03ae46-f823-4cba-af2c-91e5022ad0c4 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 357.261ms diff --git a/test/data/recordings/TestEncryptionKeyManager_ImportWrappedKey.yaml b/test/data/recordings/TestEncryptionKeyManager_ImportWrappedKey.yaml new file mode 100644 index 00000000..b4435925 --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_ImportWrappedKey.yaml @@ -0,0 +1,145 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 38 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"type":"customer-provided-root-key"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 205 + uncompressed: false + body: '{"kid":"3c268fb6-472d-4d17-b67b-6a3b36288e00","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:36:48.100Z","updated_at":"2024-08-21T09:36:48.100Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 907.022084ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/3c268fb6-472d-4d17-b67b-6a3b36288e00/wrapping-key + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 688 + uncompressed: false + body: '{"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuxaY73dnjeIfp7FC27mD\ntT/x2+jGfDvBKLZRVTYSoRPP7FO0M8No0RgXJrzDFEi575zXoQaqkb5soEkuCcus\nCjgdjqXJW45JA8SP/MvlkY0auwQUzInCuHjU2p1WpVXX648+QxiR9vJjE9NmM1qA\nmeNBEFNgOKhcbeVQSnad7WVjxyCuKLEs7+tXtpOGXPVqOgXuJXW5H8VPam/Ls5Rb\nO7PkKFE9aW/jWbjh+RuOasSWTvrRdIANaAzW9hD2jjguylZXSbGWFrnoQdfKxl1r\nlP4aNgoXxws4LiY7W3tuCnm7vFixHW6TosPBXICRSP9z9FY+s+jbB8oyAORxFbxt\n1JwGHRBAZfCJ63zKfOrLT8/F45I5tFDyCXPOySiik678EvycrpXRfaX++ZJOyQPP\nDrF21VQCPLHIamvK2EHw91Nhdm/v+uH7o7khiWIn5xYoXyGQVrVPu9UycQcqoCCs\n3Pa9SSoLE5iAMELAuhVJ5yyXJSdI3oK4HZwWaFdCuCfDAgMBAAE=\n-----END PUBLIC KEY-----\n","algorithm":"CKM_RSA_AES_KEY_WRAP"}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 996.336792ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 587 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"wrapped_key":"E+KjMm773Z8gaXPaGxXLOm8X0kKj8rwAuFnGm7Fzb2CMx5/RPOIFidNIQfnye5sHG7C6vvZKcHjryrroJUtvrPXmLJ14iWQK28u3hiZeCGQEDvWc/q1WNDMG1LzAgLy8AEOLrR8mCKLEg/M/zLiMTEHM3/PlX00nrUavOEHEYwIFlaxP8Skn6afN2o8R9GQde4NWcenUFGjjAW/VyvKW0MyKuei0QltoSwpo3s0cM5XMpCZ5cmopRkAAwXOR+dUKFhKcli1xzKaKeKjvWRDk8Wrh6jtFYReNabhKmSJRZW/6YW/58Sw5e7rZBV3/5MllnOrn7RzZj1BJlwMGWiPvlEk6HsidMxl3czZNreAiE5tj94ozMzyBsx3PVjjkyoBeImE3RxZnNVx/1JTkF6mISGFDEm3t+qprSSusRV/6tDMQgto9jNqIeRYIN5XE1G0Aw224GcxWkd0rKgPQKgBondGtdV4zgzwRAHxc42iHS5SZgS0OGULiy/OebV6kxLjaCAwuxLCNRrrpFtU+WEh3ZHXALwstPODu+bPTEtod6ccTASvgVdVnDQ=="} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/3c268fb6-472d-4d17-b67b-6a3b36288e00 + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 197 + uncompressed: false + body: '{"kid":"3c268fb6-472d-4d17-b67b-6a3b36288e00","type":"customer-provided-root-key","state":"active","created_at":"2024-08-21T09:36:48.100Z","updated_at":"2024-08-21T09:36:53.340Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 4.827223875s + - id: 3 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/3c268fb6-472d-4d17-b67b-6a3b36288e00 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 2.173598708s diff --git a/test/data/recordings/TestEncryptionKeyManager_List.yaml b/test/data/recordings/TestEncryptionKeyManager_List.yaml new file mode 100644 index 00000000..8b2ec26e --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_List.yaml @@ -0,0 +1,109 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 38 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"type":"customer-provided-root-key"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 205 + uncompressed: false + body: '{"kid":"27677a7a-a7b6-41ba-b587-74b3f49ef0e2","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:35:30.791Z","updated_at":"2024-08-21T09:35:30.791Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 842.349792ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption?include_totals=true&page=0&per_page=50 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"keys":[{"kid":"27677a7a-a7b6-41ba-b587-74b3f49ef0e2","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:35:30.791Z","updated_at":"2024-08-21T09:35:30.791Z","parent_kid":null},{"kid":"41b1ae0a-5c99-43f5-b26a-c65c5fa8d249","type":"tenant-master-key","state":"active","created_at":"2024-08-21T09:35:13.679Z","updated_at":"2024-08-21T09:35:13.679Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"9117434c-dd6c-41ec-b940-478be0882f35","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-21T09:35:12.913Z","updated_at":"2024-08-21T09:35:13.641Z","parent_kid":null},{"kid":"9768730d-27c4-474f-bddb-a24664e14c4e","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-21T09:34:59.454Z","updated_at":"2024-08-21T09:35:14.184Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"28af4271-1e32-4d69-bb00-6606aa303f65","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-21T09:34:57.419Z","updated_at":"2024-08-21T09:34:59.420Z","parent_kid":null},{"kid":"4015810c-9bd7-48d4-9cec-dde8902ab1d0","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-21T09:34:56.697Z","updated_at":"2024-08-21T09:35:00.268Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"1b3fbf52-80f0-455f-aaa8-26a97ebf7796","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-21T09:34:56.313Z","updated_at":"2024-08-21T09:34:56.668Z","parent_kid":null},{"kid":"665960e2-28f8-4c4a-a26f-03b9d52c820f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-21T09:34:07.705Z","updated_at":"2024-08-21T09:34:57.052Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"3a26df9f-768a-49ab-857f-361934ba17e6","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-21T09:31:37.806Z","updated_at":"2024-08-21T09:34:08.187Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"17e4c13f-07a2-445b-9c9e-4e8df7d3452a","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T08:30:41.934Z","updated_at":"2024-08-21T09:31:38.151Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"4599a800-498f-4b3d-a5ef-ddf9e891c103","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:16.303Z","updated_at":"2024-08-21T09:34:07.671Z","parent_kid":null},{"kid":"55323fdc-eff3-48d2-8de5-e672c5855f75","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:30:09.225Z","updated_at":"2024-08-20T08:30:42.270Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"f6bb4963-b342-4abe-a174-5be9d5d6dd0b","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:07.984Z","updated_at":"2024-08-20T06:30:09.212Z","parent_kid":null},{"kid":"0786f594-c74b-4c63-bda7-bc5c3a6cca58","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:30:07.335Z","updated_at":"2024-08-20T06:30:09.744Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"55d64bd4-b9a8-4247-b90e-669ae63257b1","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:06.992Z","updated_at":"2024-08-20T06:30:07.305Z","parent_kid":null},{"kid":"3ad8b355-b898-45d9-8290-f0b0a64cb54f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:34.640Z","updated_at":"2024-08-20T06:30:07.668Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b","type":"environment-root-key","state":"active","created_at":"2024-08-20T06:29:34.624Z","updated_at":"2024-08-20T06:29:34.624Z","parent_kid":null},{"kid":"ff868f8a-42a4-4ec8-bf00-fac0556091e0","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:33.799Z","updated_at":"2024-08-20T06:29:36.345Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"327d8646-0662-4bd0-9edb-f0cc37274f1c","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:29.336Z","updated_at":"2024-08-20T06:29:36.345Z","parent_kid":null},{"kid":"bdea1f2b-dfe0-47b0-be79-e17388405b54","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:28.469Z","updated_at":"2024-08-20T06:29:34.312Z","parent_kid":"327d8646-0662-4bd0-9edb-f0cc37274f1c"},{"kid":"3249bc7f-ffda-44e9-ae86-c0a740fc16c6","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:27.417Z","updated_at":"2024-08-20T06:29:28.457Z","parent_kid":null},{"kid":"0281d90e-b74b-4341-9036-f47d47b08547","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:26.059Z","updated_at":"2024-08-20T06:29:28.999Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"6bf2a85f-36db-4b3b-90df-954c55c0d633","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:25.740Z","updated_at":"2024-08-20T06:29:26.045Z","parent_kid":null},{"kid":"44782b0e-a4af-438a-a346-f48b3d3e1200","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:22.767Z","updated_at":"2024-08-20T06:29:26.441Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"7ed36012-ed5d-45a7-86f7-a3a5c43926b9","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:22.146Z","updated_at":"2024-08-20T06:29:22.755Z","parent_kid":null},{"kid":"e5e49aee-06a0-41dc-90b4-dd8a7f226d6d","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:21.446Z","updated_at":"2024-08-20T06:29:23.096Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"53f9c631-3cf7-4ac3-88b8-501f7871eebc","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:20.747Z","updated_at":"2024-08-20T06:29:21.414Z","parent_kid":null},{"kid":"cf5e2fd7-be59-4d54-bbe8-62eb7f5eb9b6","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:20.100Z","updated_at":"2024-08-20T06:29:21.830Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"cc38d9b4-b951-4d03-a606-6b77093c54f8","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:19.754Z","updated_at":"2024-08-20T06:29:20.074Z","parent_kid":null},{"kid":"89362891-6bde-4a82-b13d-dc679bd02f91","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:20.815Z","updated_at":"2024-08-20T06:29:20.412Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"944c59b7-1e8b-4f83-8734-e19e0ab86580","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:28:20.145Z","updated_at":"2024-08-20T06:28:20.786Z","parent_kid":null},{"kid":"ab954b82-19e7-413c-aa53-acc698581a10","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:12.872Z","updated_at":"2024-08-20T06:28:21.133Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"db77d601-d262-45be-a797-77c741bc904a","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:28:12.176Z","updated_at":"2024-08-20T06:28:12.844Z","parent_kid":null},{"kid":"6ff639f1-fca9-4313-8ad6-8e0b424efc44","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:00.504Z","updated_at":"2024-08-20T06:28:13.184Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"a863e610-299a-4e0f-aefe-41cbb41b7e17","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:27:58.958Z","updated_at":"2024-08-20T06:28:00.489Z","parent_kid":null},{"kid":"74ce39cb-fdeb-41c0-a817-ffe662e4a25f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:58.275Z","updated_at":"2024-08-20T06:28:01.000Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"33fd5f56-d10d-42f9-b56d-7b8fb5609220","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:27:57.923Z","updated_at":"2024-08-20T06:27:58.241Z","parent_kid":null},{"kid":"64a550a2-fb1d-40bd-909d-631c9576cb4d","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:04.843Z","updated_at":"2024-08-20T06:27:58.629Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee","type":"environment-root-key","state":"destroyed","created_at":"2024-08-20T06:27:04.828Z","updated_at":"2024-08-20T06:29:34.312Z","parent_kid":null},{"kid":"603547a9-cfe9-4000-b841-6024a46292eb","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:04.027Z","updated_at":"2024-08-20T06:27:05.494Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"6466c1e0-6472-412f-960d-1edbc43cecda","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:58.391Z","updated_at":"2024-08-20T06:27:05.494Z","parent_kid":null},{"kid":"eb0460f2-f5eb-4bad-94fb-1faee6dacb38","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:57.600Z","updated_at":"2024-08-20T06:27:04.509Z","parent_kid":"6466c1e0-6472-412f-960d-1edbc43cecda"},{"kid":"bf34e9e0-1737-44a5-aecd-f4c81ba3d850","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:56.214Z","updated_at":"2024-08-20T06:26:57.587Z","parent_kid":null},{"kid":"3f041e6a-20f5-4d09-8bf2-e08696f0f261","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:54.936Z","updated_at":"2024-08-20T06:26:58.084Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"9d1c7559-294e-409c-9f04-b0bca57c7136","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:54.597Z","updated_at":"2024-08-20T06:26:54.903Z","parent_kid":null},{"kid":"02decb04-54b4-40d9-8c1e-b6d73c086df5","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:51.247Z","updated_at":"2024-08-20T06:26:55.298Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"c1fdc6e8-d21c-4ec6-ac4d-b7119ce20e48","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:50.600Z","updated_at":"2024-08-20T06:26:51.235Z","parent_kid":null},{"kid":"391c1401-dd43-4f19-89ce-ba64658e8291","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:49.992Z","updated_at":"2024-08-20T06:26:51.542Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"4bc03b3a-7627-41af-81bc-f1b8ab144fc7","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:49.283Z","updated_at":"2024-08-20T06:26:49.960Z","parent_kid":null},{"kid":"206e9d3d-1a4d-4ade-95d1-1e322453b202","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:48.559Z","updated_at":"2024-08-20T06:26:50.290Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"}],"start":0,"limit":50,"total":118}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 382.660166ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/27677a7a-a7b6-41ba-b587-74b3f49ef0e2 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 927.432375ms diff --git a/test/data/recordings/TestEncryptionKeyManager_Read.yaml b/test/data/recordings/TestEncryptionKeyManager_Read.yaml new file mode 100644 index 00000000..8550de17 --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_Read.yaml @@ -0,0 +1,109 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 38 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: | + {"type":"customer-provided-root-key"} + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 205 + uncompressed: false + body: '{"kid":"9117434c-dd6c-41ec-b940-478be0882f35","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:35:12.913Z","updated_at":"2024-08-21T09:35:12.913Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 201 Created + code: 201 + duration: 873.028ms + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/9117434c-dd6c-41ec-b940-478be0882f35 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"kid":"9117434c-dd6c-41ec-b940-478be0882f35","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-21T09:35:12.913Z","updated_at":"2024-08-21T09:35:12.913Z","parent_kid":null}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 361.004958ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/9117434c-dd6c-41ec-b940-478be0882f35 + method: DELETE + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 911.97525ms diff --git a/test/data/recordings/TestEncryptionKeyManager_Rekey.yaml b/test/data/recordings/TestEncryptionKeyManager_Rekey.yaml new file mode 100644 index 00000000..b2c90bd8 --- /dev/null +++ b/test/data/recordings/TestEncryptionKeyManager_Rekey.yaml @@ -0,0 +1,108 @@ +--- +version: 2 +interactions: + - id: 0 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption?include_totals=true&page=0&per_page=50 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"keys":[{"kid":"17e4c13f-07a2-445b-9c9e-4e8df7d3452a","type":"tenant-master-key","state":"active","created_at":"2024-08-20T08:30:41.934Z","updated_at":"2024-08-20T08:30:41.934Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"4599a800-498f-4b3d-a5ef-ddf9e891c103","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-20T06:30:16.303Z","updated_at":"2024-08-20T06:30:16.303Z","parent_kid":null},{"kid":"55323fdc-eff3-48d2-8de5-e672c5855f75","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:30:09.225Z","updated_at":"2024-08-20T08:30:42.270Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"f6bb4963-b342-4abe-a174-5be9d5d6dd0b","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:07.984Z","updated_at":"2024-08-20T06:30:09.212Z","parent_kid":null},{"kid":"0786f594-c74b-4c63-bda7-bc5c3a6cca58","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:30:07.335Z","updated_at":"2024-08-20T06:30:09.744Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"55d64bd4-b9a8-4247-b90e-669ae63257b1","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:06.992Z","updated_at":"2024-08-20T06:30:07.305Z","parent_kid":null},{"kid":"3ad8b355-b898-45d9-8290-f0b0a64cb54f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:34.640Z","updated_at":"2024-08-20T06:30:07.668Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b","type":"environment-root-key","state":"active","created_at":"2024-08-20T06:29:34.624Z","updated_at":"2024-08-20T06:29:34.624Z","parent_kid":null},{"kid":"ff868f8a-42a4-4ec8-bf00-fac0556091e0","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:33.799Z","updated_at":"2024-08-20T06:29:36.345Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"327d8646-0662-4bd0-9edb-f0cc37274f1c","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:29.336Z","updated_at":"2024-08-20T06:29:36.345Z","parent_kid":null},{"kid":"bdea1f2b-dfe0-47b0-be79-e17388405b54","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:28.469Z","updated_at":"2024-08-20T06:29:34.312Z","parent_kid":"327d8646-0662-4bd0-9edb-f0cc37274f1c"},{"kid":"3249bc7f-ffda-44e9-ae86-c0a740fc16c6","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:27.417Z","updated_at":"2024-08-20T06:29:28.457Z","parent_kid":null},{"kid":"0281d90e-b74b-4341-9036-f47d47b08547","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:26.059Z","updated_at":"2024-08-20T06:29:28.999Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"6bf2a85f-36db-4b3b-90df-954c55c0d633","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:25.740Z","updated_at":"2024-08-20T06:29:26.045Z","parent_kid":null},{"kid":"44782b0e-a4af-438a-a346-f48b3d3e1200","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:22.767Z","updated_at":"2024-08-20T06:29:26.441Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"7ed36012-ed5d-45a7-86f7-a3a5c43926b9","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:22.146Z","updated_at":"2024-08-20T06:29:22.755Z","parent_kid":null},{"kid":"e5e49aee-06a0-41dc-90b4-dd8a7f226d6d","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:21.446Z","updated_at":"2024-08-20T06:29:23.096Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"53f9c631-3cf7-4ac3-88b8-501f7871eebc","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:20.747Z","updated_at":"2024-08-20T06:29:21.414Z","parent_kid":null},{"kid":"cf5e2fd7-be59-4d54-bbe8-62eb7f5eb9b6","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:20.100Z","updated_at":"2024-08-20T06:29:21.830Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"cc38d9b4-b951-4d03-a606-6b77093c54f8","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:19.754Z","updated_at":"2024-08-20T06:29:20.074Z","parent_kid":null},{"kid":"89362891-6bde-4a82-b13d-dc679bd02f91","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:20.815Z","updated_at":"2024-08-20T06:29:20.412Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"944c59b7-1e8b-4f83-8734-e19e0ab86580","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:28:20.145Z","updated_at":"2024-08-20T06:28:20.786Z","parent_kid":null},{"kid":"ab954b82-19e7-413c-aa53-acc698581a10","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:12.872Z","updated_at":"2024-08-20T06:28:21.133Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"db77d601-d262-45be-a797-77c741bc904a","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:28:12.176Z","updated_at":"2024-08-20T06:28:12.844Z","parent_kid":null},{"kid":"6ff639f1-fca9-4313-8ad6-8e0b424efc44","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:00.504Z","updated_at":"2024-08-20T06:28:13.184Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"a863e610-299a-4e0f-aefe-41cbb41b7e17","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:27:58.958Z","updated_at":"2024-08-20T06:28:00.489Z","parent_kid":null},{"kid":"74ce39cb-fdeb-41c0-a817-ffe662e4a25f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:58.275Z","updated_at":"2024-08-20T06:28:01.000Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"33fd5f56-d10d-42f9-b56d-7b8fb5609220","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:27:57.923Z","updated_at":"2024-08-20T06:27:58.241Z","parent_kid":null},{"kid":"64a550a2-fb1d-40bd-909d-631c9576cb4d","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:04.843Z","updated_at":"2024-08-20T06:27:58.629Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee","type":"environment-root-key","state":"destroyed","created_at":"2024-08-20T06:27:04.828Z","updated_at":"2024-08-20T06:29:34.312Z","parent_kid":null},{"kid":"603547a9-cfe9-4000-b841-6024a46292eb","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:04.027Z","updated_at":"2024-08-20T06:27:05.494Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"6466c1e0-6472-412f-960d-1edbc43cecda","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:58.391Z","updated_at":"2024-08-20T06:27:05.494Z","parent_kid":null},{"kid":"eb0460f2-f5eb-4bad-94fb-1faee6dacb38","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:57.600Z","updated_at":"2024-08-20T06:27:04.509Z","parent_kid":"6466c1e0-6472-412f-960d-1edbc43cecda"},{"kid":"bf34e9e0-1737-44a5-aecd-f4c81ba3d850","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:56.214Z","updated_at":"2024-08-20T06:26:57.587Z","parent_kid":null},{"kid":"3f041e6a-20f5-4d09-8bf2-e08696f0f261","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:54.936Z","updated_at":"2024-08-20T06:26:58.084Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"9d1c7559-294e-409c-9f04-b0bca57c7136","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:54.597Z","updated_at":"2024-08-20T06:26:54.903Z","parent_kid":null},{"kid":"02decb04-54b4-40d9-8c1e-b6d73c086df5","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:51.247Z","updated_at":"2024-08-20T06:26:55.298Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"c1fdc6e8-d21c-4ec6-ac4d-b7119ce20e48","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:50.600Z","updated_at":"2024-08-20T06:26:51.235Z","parent_kid":null},{"kid":"391c1401-dd43-4f19-89ce-ba64658e8291","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:49.992Z","updated_at":"2024-08-20T06:26:51.542Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"4bc03b3a-7627-41af-81bc-f1b8ab144fc7","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:49.283Z","updated_at":"2024-08-20T06:26:49.960Z","parent_kid":null},{"kid":"206e9d3d-1a4d-4ade-95d1-1e322453b202","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:48.559Z","updated_at":"2024-08-20T06:26:50.290Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"8540fe41-f4eb-4484-ad6b-9861517d1760","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:48.195Z","updated_at":"2024-08-20T06:26:48.526Z","parent_kid":null},{"kid":"85b514e1-d6d3-4378-b67f-65b02c273b5e","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:22:59.962Z","updated_at":"2024-08-20T06:26:48.903Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"88c114d0-dec4-43d2-a343-c1727285abfc","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:08:10.806Z","updated_at":"2024-08-20T06:23:00.317Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"ded6e272-3199-4cd4-9abc-a70fd3879cc9","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:05:22.830Z","updated_at":"2024-08-20T06:08:11.134Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"060417ac-6f83-4167-8160-289b68a9a9b7","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:48:49.798Z","updated_at":"2024-08-20T06:05:23.128Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"acd04938-a9fe-4a31-a878-d7e172127aef","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:48:48.636Z","updated_at":"2024-08-19T12:48:50.108Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"342c2c7b-6b8f-4581-98c2-fa7f53c316f1","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-19T12:48:47.724Z","updated_at":"2024-08-19T12:48:49.768Z","parent_kid":null},{"kid":"b68558ea-7a46-4b01-bb3a-18cf240af8f0","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:46:32.515Z","updated_at":"2024-08-19T12:48:48.954Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"bc2939ac-50e5-4475-97ff-c5d52d82f59f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:45:43.295Z","updated_at":"2024-08-19T12:46:32.808Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"}],"start":0,"limit":50,"total":109}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 1.798222333s + - id: 1 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption/rekey + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: 0 + uncompressed: false + body: "" + headers: + Content-Type: + - application/json; charset=utf-8 + status: 204 No Content + code: 204 + duration: 901.461125ms + - id: 2 + request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 0 + transfer_encoding: [] + trailer: {} + host: go-auth0-dev.eu.auth0.com + remote_addr: "" + request_uri: "" + body: "" + form: {} + headers: + Content-Type: + - application/json + User-Agent: + - Go-Auth0/1.8.0 + url: https://go-auth0-dev.eu.auth0.com/api/v2/keys/encryption?include_totals=true&page=0&per_page=50 + method: GET + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + transfer_encoding: [] + trailer: {} + content_length: -1 + uncompressed: true + body: '{"keys":[{"kid":"3a26df9f-768a-49ab-857f-361934ba17e6","type":"tenant-master-key","state":"active","created_at":"2024-08-21T09:31:37.806Z","updated_at":"2024-08-21T09:31:37.806Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"17e4c13f-07a2-445b-9c9e-4e8df7d3452a","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T08:30:41.934Z","updated_at":"2024-08-21T09:31:38.151Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"4599a800-498f-4b3d-a5ef-ddf9e891c103","type":"customer-provided-root-key","state":"pre-activation","created_at":"2024-08-20T06:30:16.303Z","updated_at":"2024-08-20T06:30:16.303Z","parent_kid":null},{"kid":"55323fdc-eff3-48d2-8de5-e672c5855f75","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:30:09.225Z","updated_at":"2024-08-20T08:30:42.270Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"f6bb4963-b342-4abe-a174-5be9d5d6dd0b","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:07.984Z","updated_at":"2024-08-20T06:30:09.212Z","parent_kid":null},{"kid":"0786f594-c74b-4c63-bda7-bc5c3a6cca58","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:30:07.335Z","updated_at":"2024-08-20T06:30:09.744Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"55d64bd4-b9a8-4247-b90e-669ae63257b1","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:30:06.992Z","updated_at":"2024-08-20T06:30:07.305Z","parent_kid":null},{"kid":"3ad8b355-b898-45d9-8290-f0b0a64cb54f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:34.640Z","updated_at":"2024-08-20T06:30:07.668Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b","type":"environment-root-key","state":"active","created_at":"2024-08-20T06:29:34.624Z","updated_at":"2024-08-20T06:29:34.624Z","parent_kid":null},{"kid":"ff868f8a-42a4-4ec8-bf00-fac0556091e0","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:33.799Z","updated_at":"2024-08-20T06:29:36.345Z","parent_kid":"4f90f167-867a-4a31-a8a0-ba2669af2c6b"},{"kid":"327d8646-0662-4bd0-9edb-f0cc37274f1c","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:29.336Z","updated_at":"2024-08-20T06:29:36.345Z","parent_kid":null},{"kid":"bdea1f2b-dfe0-47b0-be79-e17388405b54","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:28.469Z","updated_at":"2024-08-20T06:29:34.312Z","parent_kid":"327d8646-0662-4bd0-9edb-f0cc37274f1c"},{"kid":"3249bc7f-ffda-44e9-ae86-c0a740fc16c6","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:27.417Z","updated_at":"2024-08-20T06:29:28.457Z","parent_kid":null},{"kid":"0281d90e-b74b-4341-9036-f47d47b08547","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:26.059Z","updated_at":"2024-08-20T06:29:28.999Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"6bf2a85f-36db-4b3b-90df-954c55c0d633","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:25.740Z","updated_at":"2024-08-20T06:29:26.045Z","parent_kid":null},{"kid":"44782b0e-a4af-438a-a346-f48b3d3e1200","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:22.767Z","updated_at":"2024-08-20T06:29:26.441Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"7ed36012-ed5d-45a7-86f7-a3a5c43926b9","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:22.146Z","updated_at":"2024-08-20T06:29:22.755Z","parent_kid":null},{"kid":"e5e49aee-06a0-41dc-90b4-dd8a7f226d6d","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:21.446Z","updated_at":"2024-08-20T06:29:23.096Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"53f9c631-3cf7-4ac3-88b8-501f7871eebc","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:20.747Z","updated_at":"2024-08-20T06:29:21.414Z","parent_kid":null},{"kid":"cf5e2fd7-be59-4d54-bbe8-62eb7f5eb9b6","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:29:20.100Z","updated_at":"2024-08-20T06:29:21.830Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"cc38d9b4-b951-4d03-a606-6b77093c54f8","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:29:19.754Z","updated_at":"2024-08-20T06:29:20.074Z","parent_kid":null},{"kid":"89362891-6bde-4a82-b13d-dc679bd02f91","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:20.815Z","updated_at":"2024-08-20T06:29:20.412Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"944c59b7-1e8b-4f83-8734-e19e0ab86580","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:28:20.145Z","updated_at":"2024-08-20T06:28:20.786Z","parent_kid":null},{"kid":"ab954b82-19e7-413c-aa53-acc698581a10","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:12.872Z","updated_at":"2024-08-20T06:28:21.133Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"db77d601-d262-45be-a797-77c741bc904a","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:28:12.176Z","updated_at":"2024-08-20T06:28:12.844Z","parent_kid":null},{"kid":"6ff639f1-fca9-4313-8ad6-8e0b424efc44","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:28:00.504Z","updated_at":"2024-08-20T06:28:13.184Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"a863e610-299a-4e0f-aefe-41cbb41b7e17","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:27:58.958Z","updated_at":"2024-08-20T06:28:00.489Z","parent_kid":null},{"kid":"74ce39cb-fdeb-41c0-a817-ffe662e4a25f","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:58.275Z","updated_at":"2024-08-20T06:28:01.000Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"33fd5f56-d10d-42f9-b56d-7b8fb5609220","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:27:57.923Z","updated_at":"2024-08-20T06:27:58.241Z","parent_kid":null},{"kid":"64a550a2-fb1d-40bd-909d-631c9576cb4d","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:04.843Z","updated_at":"2024-08-20T06:27:58.629Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee","type":"environment-root-key","state":"destroyed","created_at":"2024-08-20T06:27:04.828Z","updated_at":"2024-08-20T06:29:34.312Z","parent_kid":null},{"kid":"603547a9-cfe9-4000-b841-6024a46292eb","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:27:04.027Z","updated_at":"2024-08-20T06:27:05.494Z","parent_kid":"1cfaf90b-e718-4c40-a8ed-4de4568f69ee"},{"kid":"6466c1e0-6472-412f-960d-1edbc43cecda","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:58.391Z","updated_at":"2024-08-20T06:27:05.494Z","parent_kid":null},{"kid":"eb0460f2-f5eb-4bad-94fb-1faee6dacb38","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:57.600Z","updated_at":"2024-08-20T06:27:04.509Z","parent_kid":"6466c1e0-6472-412f-960d-1edbc43cecda"},{"kid":"bf34e9e0-1737-44a5-aecd-f4c81ba3d850","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:56.214Z","updated_at":"2024-08-20T06:26:57.587Z","parent_kid":null},{"kid":"3f041e6a-20f5-4d09-8bf2-e08696f0f261","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:54.936Z","updated_at":"2024-08-20T06:26:58.084Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"9d1c7559-294e-409c-9f04-b0bca57c7136","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:54.597Z","updated_at":"2024-08-20T06:26:54.903Z","parent_kid":null},{"kid":"02decb04-54b4-40d9-8c1e-b6d73c086df5","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:51.247Z","updated_at":"2024-08-20T06:26:55.298Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"c1fdc6e8-d21c-4ec6-ac4d-b7119ce20e48","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:50.600Z","updated_at":"2024-08-20T06:26:51.235Z","parent_kid":null},{"kid":"391c1401-dd43-4f19-89ce-ba64658e8291","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:49.992Z","updated_at":"2024-08-20T06:26:51.542Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"4bc03b3a-7627-41af-81bc-f1b8ab144fc7","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:49.283Z","updated_at":"2024-08-20T06:26:49.960Z","parent_kid":null},{"kid":"206e9d3d-1a4d-4ade-95d1-1e322453b202","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:26:48.559Z","updated_at":"2024-08-20T06:26:50.290Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"8540fe41-f4eb-4484-ad6b-9861517d1760","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-20T06:26:48.195Z","updated_at":"2024-08-20T06:26:48.526Z","parent_kid":null},{"kid":"85b514e1-d6d3-4378-b67f-65b02c273b5e","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:22:59.962Z","updated_at":"2024-08-20T06:26:48.903Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"88c114d0-dec4-43d2-a343-c1727285abfc","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:08:10.806Z","updated_at":"2024-08-20T06:23:00.317Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"ded6e272-3199-4cd4-9abc-a70fd3879cc9","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-20T06:05:22.830Z","updated_at":"2024-08-20T06:08:11.134Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"060417ac-6f83-4167-8160-289b68a9a9b7","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:48:49.798Z","updated_at":"2024-08-20T06:05:23.128Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"acd04938-a9fe-4a31-a878-d7e172127aef","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:48:48.636Z","updated_at":"2024-08-19T12:48:50.108Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"},{"kid":"342c2c7b-6b8f-4581-98c2-fa7f53c316f1","type":"customer-provided-root-key","state":"destroyed","created_at":"2024-08-19T12:48:47.724Z","updated_at":"2024-08-19T12:48:49.768Z","parent_kid":null},{"kid":"b68558ea-7a46-4b01-bb3a-18cf240af8f0","type":"tenant-master-key","state":"destroyed","created_at":"2024-08-19T12:46:32.515Z","updated_at":"2024-08-19T12:48:48.954Z","parent_kid":"8f6bcf3d-3015-4e35-bbf4-116c01fb55df"}],"start":0,"limit":50,"total":110}' + headers: + Content-Type: + - application/json; charset=utf-8 + status: 200 OK + code: 200 + duration: 411.875541ms From 395d12add020be912ae81a0f29966653aaa184e6 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Wed, 21 Aug 2024 15:16:04 +0530 Subject: [PATCH 2/4] Fixed Linting Issues. --- management/encryption_key.go | 1 + management/encryption_key_test.go | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/management/encryption_key.go b/management/encryption_key.go index 2e3941d4..05e20a1d 100644 --- a/management/encryption_key.go +++ b/management/encryption_key.go @@ -5,6 +5,7 @@ import ( "time" ) +// EncryptionKeyList is a list of encryption keys. type EncryptionKeyList struct { List Keys []*EncryptionKey `json:"keys"` diff --git a/management/encryption_key_test.go b/management/encryption_key_test.go index 67bf80be..c70e66b6 100644 --- a/management/encryption_key_test.go +++ b/management/encryption_key_test.go @@ -9,10 +9,12 @@ import ( "encoding/base64" "encoding/pem" "fmt" - "github.com/auth0/go-auth0" + "testing" + "github.com/stretchr/testify/assert" "github.com/tink-crypto/tink-go/v2/kwp/subtle" - "testing" + + "github.com/auth0/go-auth0" ) func TestEncryptionKeyManager_Create(t *testing.T) { @@ -171,7 +173,8 @@ func createAWSWrappedCiphertext(publicKeyPEM string) (string, error) { } // Return the concatenation of the wrapped ephemeral key and the wrapped plaintext key - cipherBytes := append(wrappedEphemeralKey, wrappedTargetKey...) + wrappedEphemeralKey = append(wrappedEphemeralKey, wrappedTargetKey...) + cipherBytes := wrappedEphemeralKey return base64.StdEncoding.EncodeToString(cipherBytes), nil } From dd8e0a95e1a783de4be4b3f2e6a193a745053296 Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Wed, 21 Aug 2024 18:52:17 +0530 Subject: [PATCH 3/4] removed 3rd party library --- go.mod | 2 +- go.sum | 4 -- management/encryption_key.go | 44 ++++++------ management/encryption_key_test.go | 111 ++++++++++++++++++++++++++---- 4 files changed, 119 insertions(+), 42 deletions(-) diff --git a/go.mod b/go.mod index 57e0d43f..c0a12004 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,6 @@ require ( github.com/joho/godotenv v1.5.1 github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/stretchr/testify v1.9.0 - github.com/tink-crypto/tink-go/v2 v2.2.0 go.devnw.com/structs v1.0.0 golang.org/x/oauth2 v0.22.0 gopkg.in/dnaeon/go-vcr.v3 v3.2.0 @@ -18,6 +17,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/goccy/go-json v0.10.3 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect diff --git a/go.sum b/go.sum index 35041c89..3e55e5f0 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= -github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= go.devnw.com/structs v1.0.0 h1:FFkBoBOkapCdxFEIkpOZRmMOMr9b9hxjKTD3bJYl9lk= go.devnw.com/structs v1.0.0/go.mod h1:wHBkdQpNeazdQHszJ2sxwVEpd8zGTEsKkeywDLGbrmg= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= @@ -58,8 +56,6 @@ golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/dnaeon/go-vcr.v3 v3.2.0 h1:Rltp0Vf+Aq0u4rQXgmXgtgoRDStTnFN83cWgSGSoRzM= diff --git a/management/encryption_key.go b/management/encryption_key.go index 05e20a1d..38d57870 100644 --- a/management/encryption_key.go +++ b/management/encryption_key.go @@ -29,6 +29,26 @@ type EncryptionKey struct { WrappedKey *string `json:"wrapped_key,omitempty"` } +// Reset cleans up unnecessary fields based on the operation type. +func (k *EncryptionKey) Reset(op string) { + switch op { + case "import": + k.KID = nil + k.CreatedAt = nil + k.UpdatedAt = nil + k.ParentKID = nil + k.State = nil + k.Type = nil + case "create": + k.KID = nil + k.CreatedAt = nil + k.UpdatedAt = nil + k.ParentKID = nil + k.State = nil + k.WrappedKey = nil + } +} + // WrappingKey is used for creating the public wrapping key. type WrappingKey struct { // The public key of the wrapping key for uploading the customer provided root key. @@ -44,7 +64,7 @@ type EncryptionKeyManager manager // // See: https://auth0.com/docs/api/management/v2/keys/post-encryption func (m *EncryptionKeyManager) Create(ctx context.Context, e *EncryptionKey, opts ...RequestOption) error { - cleanUpCreateEncryptionKey(e) + e.Reset("create") return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption"), e, opts...) } @@ -83,7 +103,7 @@ func (m *EncryptionKeyManager) Delete(ctx context.Context, kid string, opts ...R // See: https://auth0.com/docs/api/management/v2/keys/post-encryption-key func (m *EncryptionKeyManager) ImportWrappedKey(ctx context.Context, e *EncryptionKey, opts ...RequestOption) error { id := *e.KID - cleanUpImportEncryptionKey(e) + e.Reset("import") return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption", id), e, opts...) } @@ -94,23 +114,3 @@ func (m *EncryptionKeyManager) CreatePublicWrappingKey(ctx context.Context, kid err = m.management.Request(ctx, "POST", m.management.URI("keys", "encryption", kid, "wrapping-key"), &w, opts...) return } - -// cleanUpImportEncryptionKey removes unnecessary fields from the encryption key. -func cleanUpImportEncryptionKey(k *EncryptionKey) { - k.KID = nil - k.CreatedAt = nil - k.UpdatedAt = nil - k.ParentKID = nil - k.State = nil - k.Type = nil -} - -// cleanUpCreateEncryptionKey removes unnecessary fields from the encryption key. -func cleanUpCreateEncryptionKey(k *EncryptionKey) { - k.KID = nil - k.CreatedAt = nil - k.UpdatedAt = nil - k.ParentKID = nil - k.State = nil - k.WrappedKey = nil -} diff --git a/management/encryption_key_test.go b/management/encryption_key_test.go index c70e66b6..88333b16 100644 --- a/management/encryption_key_test.go +++ b/management/encryption_key_test.go @@ -2,21 +2,37 @@ package management import ( "context" + "crypto/aes" + "crypto/cipher" "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/x509" "encoding/base64" + "encoding/binary" "encoding/pem" "fmt" + "math" "testing" "github.com/stretchr/testify/assert" - "github.com/tink-crypto/tink-go/v2/kwp/subtle" "github.com/auth0/go-auth0" ) +// Constants for wrapping sizes and parameters. +const ( + minWrapSize = 16 + maxWrapSize = 8192 + roundCount = 6 + ivPrefix = uint32(0xA65959A6) +) + +// kwpImpl is a Key Wrapping with Padding implementation. +type kwpImpl struct { + block cipher.Block +} + func TestEncryptionKeyManager_Create(t *testing.T) { configureHTTPTestRecordings(t) givenEncryptionKey := &EncryptionKey{ @@ -25,7 +41,9 @@ func TestEncryptionKeyManager_Create(t *testing.T) { err := api.EncryptionKey.Create(context.Background(), givenEncryptionKey) assert.NoError(t, err) assert.NotEmpty(t, givenEncryptionKey.GetKID()) - cleanUpEncryptionKey(t, givenEncryptionKey.GetKID()) + t.Cleanup(func() { + cleanUpEncryptionKey(t, givenEncryptionKey.GetKID()) + }) } func TestEncryptionKeyManager_List(t *testing.T) { @@ -49,22 +67,31 @@ func TestEncryptionKeyManager_Rekey(t *testing.T) { oldKeyList, err := api.EncryptionKey.List(context.Background(), PerPage(50), Page(0)) assert.NoError(t, err) assert.NotEmpty(t, oldKeyList.Keys) + var oldKey, newKey *EncryptionKey for _, key := range oldKeyList.Keys { if key.GetState() == "active" && key.GetType() == "tenant-master-key" { oldKey = key + break } } + assert.NotNil(t, oldKey) + err = api.EncryptionKey.Rekey(context.Background()) assert.NoError(t, err) + keyList, err := api.EncryptionKey.List(context.Background(), PerPage(50), Page(0)) assert.NoError(t, err) assert.NotEmpty(t, keyList.Keys) + for _, key := range keyList.Keys { if key.GetState() == "active" && key.GetType() == "tenant-master-key" { newKey = key + break } } + assert.NotNil(t, newKey) + assert.NotEqual(t, oldKey.GetKID(), newKey.GetKID()) assert.NotEqual(t, keyList.Keys, oldKeyList.Keys) } @@ -93,11 +120,11 @@ func TestEncryptionKeyManager_ImportWrappedKey(t *testing.T) { wrappingKey, err := api.EncryptionKey.CreatePublicWrappingKey(context.Background(), key.GetKID()) assert.NoError(t, err) assert.NotEmpty(t, wrappingKey.GetPublicKey()) + wrappedKeyStr, err := createAWSWrappedCiphertext(wrappingKey.GetPublicKey()) assert.NoError(t, err) key.WrappedKey = &wrappedKeyStr - err = api.EncryptionKey.ImportWrappedKey(context.Background(), key) assert.NoError(t, err) assert.Equal(t, key.GetType(), "customer-provided-root-key") @@ -130,51 +157,105 @@ func createAWSWrappedCiphertext(publicKeyPEM string) (string, error) { return "", fmt.Errorf("failed to decode public key PEM") } - // Parse the public key pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { return "", fmt.Errorf("failed to parse public key: %w", err) } - // Ensure the public key is of type *rsa.PublicKey publicRSAKey, ok := pubKey.(*rsa.PublicKey) if !ok { return "", fmt.Errorf("public key is not of type *rsa.PublicKey") } - // Generate a 256-bit (32-byte) ephemeral key ephemeralKey := make([]byte, 32) if _, err := rand.Read(ephemeralKey); err != nil { return "", fmt.Errorf("failed to generate ephemeral key: %w", err) } - // Generate a 256-bit (32-byte) plaintext key plaintextKey := make([]byte, 32) if _, err := rand.Read(plaintextKey); err != nil { return "", fmt.Errorf("failed to generate plaintext key: %w", err) } - // Wrap the ephemeral key using RSA-OAEP with SHA-256 wrappedEphemeralKey, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, publicRSAKey, ephemeralKey, nil) if err != nil { return "", fmt.Errorf("failed to wrap ephemeral key: %w", err) } - // Create a KWP (Key Wrapping with Padding) instance using the ephemeral key - kwp, err := subtle.NewKWP(ephemeralKey) + kwp, err := newKWP(ephemeralKey) if err != nil { return "", fmt.Errorf("failed to create KWP instance: %w", err) } - // Wrap the plaintext key using KWP - wrappedTargetKey, err := kwp.Wrap(plaintextKey) + wrappedTargetKey, err := kwp.wrap(plaintextKey) if err != nil { return "", fmt.Errorf("failed to wrap target key using KWP: %w", err) } - // Return the concatenation of the wrapped ephemeral key and the wrapped plaintext key wrappedEphemeralKey = append(wrappedEphemeralKey, wrappedTargetKey...) - cipherBytes := wrappedEphemeralKey + return base64.StdEncoding.EncodeToString(wrappedEphemeralKey), nil +} + +func newKWP(wrappingKey []byte) (*kwpImpl, error) { + switch len(wrappingKey) { + default: + return nil, fmt.Errorf("kwp: invalid AES key size; want 16 or 32, got %d", len(wrappingKey)) + case 16, 32: + block, err := aes.NewCipher(wrappingKey) + if err != nil { + return nil, fmt.Errorf("kwp: error building AES cipher: %v", err) + } + return &kwpImpl{block: block}, nil + } +} + +func wrappingSize(inputSize int) int { + paddingSize := 7 - (inputSize+7)%8 + return inputSize + paddingSize + 8 +} + +func (kwp *kwpImpl) computeW(iv, key []byte) ([]byte, error) { + if len(key) <= 8 || len(key) > math.MaxInt32-16 || len(iv) != 8 { + return nil, fmt.Errorf("kwp: computeW called with invalid parameters") + } + + data := make([]byte, wrappingSize(len(key))) + copy(data, iv) + copy(data[8:], key) + blockCount := len(data)/8 - 1 + + buf := make([]byte, 16) + copy(buf, data[:8]) + + for i := 0; i < roundCount; i++ { + for j := 0; j < blockCount; j++ { + copy(buf[8:], data[8*(j+1):]) + kwp.block.Encrypt(buf, buf) + + roundConst := uint(i*blockCount + j + 1) + for b := 0; b < 4; b++ { + buf[7-b] ^= byte(roundConst & 0xFF) + roundConst >>= 8 + } + + copy(data[8*(j+1):], buf[8:]) + } + } + copy(data[:8], buf) + return data, nil +} + +func (kwp *kwpImpl) wrap(data []byte) ([]byte, error) { + if len(data) < minWrapSize { + return nil, fmt.Errorf("kwp: key size to wrap too small") + } + if len(data) > maxWrapSize { + return nil, fmt.Errorf("kwp: key size to wrap too large") + } + + iv := make([]byte, 8) + binary.BigEndian.PutUint32(iv, ivPrefix) + binary.BigEndian.PutUint32(iv[4:], uint32(len(data))) - return base64.StdEncoding.EncodeToString(cipherBytes), nil + return kwp.computeW(iv, data) } From fc9c263753d30f1df3a61b3ea7872e588ca01d7b Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Wed, 21 Aug 2024 20:49:47 +0530 Subject: [PATCH 4/4] Updated reset method to private and fixed switch cases --- management/encryption_key.go | 27 +++++++++++++-------------- management/encryption_key_test.go | 4 ++-- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/management/encryption_key.go b/management/encryption_key.go index 38d57870..d7e25612 100644 --- a/management/encryption_key.go +++ b/management/encryption_key.go @@ -29,22 +29,21 @@ type EncryptionKey struct { WrappedKey *string `json:"wrapped_key,omitempty"` } -// Reset cleans up unnecessary fields based on the operation type. -func (k *EncryptionKey) Reset(op string) { +// reset cleans up unnecessary fields based on the operation type. +func (k *EncryptionKey) reset(op string) { + k.KID = nil + k.CreatedAt = nil + k.UpdatedAt = nil + k.ParentKID = nil + k.State = nil + switch op { case "import": - k.KID = nil - k.CreatedAt = nil - k.UpdatedAt = nil - k.ParentKID = nil - k.State = nil k.Type = nil case "create": - k.KID = nil - k.CreatedAt = nil - k.UpdatedAt = nil - k.ParentKID = nil - k.State = nil + k.WrappedKey = nil + default: + k.Type = nil k.WrappedKey = nil } } @@ -64,7 +63,7 @@ type EncryptionKeyManager manager // // See: https://auth0.com/docs/api/management/v2/keys/post-encryption func (m *EncryptionKeyManager) Create(ctx context.Context, e *EncryptionKey, opts ...RequestOption) error { - e.Reset("create") + e.reset("create") return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption"), e, opts...) } @@ -103,7 +102,7 @@ func (m *EncryptionKeyManager) Delete(ctx context.Context, kid string, opts ...R // See: https://auth0.com/docs/api/management/v2/keys/post-encryption-key func (m *EncryptionKeyManager) ImportWrappedKey(ctx context.Context, e *EncryptionKey, opts ...RequestOption) error { id := *e.KID - e.Reset("import") + e.reset("import") return m.management.Request(ctx, "POST", m.management.URI("keys", "encryption", id), e, opts...) } diff --git a/management/encryption_key_test.go b/management/encryption_key_test.go index 88333b16..539b3ef4 100644 --- a/management/encryption_key_test.go +++ b/management/encryption_key_test.go @@ -198,14 +198,14 @@ func createAWSWrappedCiphertext(publicKeyPEM string) (string, error) { func newKWP(wrappingKey []byte) (*kwpImpl, error) { switch len(wrappingKey) { - default: - return nil, fmt.Errorf("kwp: invalid AES key size; want 16 or 32, got %d", len(wrappingKey)) case 16, 32: block, err := aes.NewCipher(wrappingKey) if err != nil { return nil, fmt.Errorf("kwp: error building AES cipher: %v", err) } return &kwpImpl{block: block}, nil + default: + return nil, fmt.Errorf("kwp: invalid AES key size; want 16 or 32, got %d", len(wrappingKey)) } }