class KeyRotation(db.Model):
__tablename__ = "keyrotation"
id = db.Column(db.Integer, primary_key=True)
# key rotation interval (in hours)
interval = db.Column(db.Integer)
# timestamp when last rotation occured
rotated_at = db.Column(db.DateTime(True))
# rotation type based on available backends (oxeleven or jks)
type = db.Column(db.String(16))
# inum appliance, useful for searching oxAuth config in LDAP
inum_appliance = db.Column(db.String(255))
# whether rotation is enabled or not
enabled = db.Column(db.Boolean, default=False)
def should_rotate(self):
# determine whether we need to rotate the key
if not self.rotated_at:
return True
return datetime.utcnow() > self.next_rotation_at
@property
def next_rotation_at(self):
# when will the keys supposed to be rotated
return self.rotated_at + timedelta(hours=self.interval)
class KeyRotation(db.Model):
__tablename__ = "keyrotation"
id = db.Column(db.Integer, primary_key=True)
# key rotation interval (in days)
interval = db.Column(db.Integer)
# timestamp when last rotation occured
rotated_at = db.Column(db.DateTime(True))
# rotation type based on available backends (oxeleven or jks)
type = db.Column(db.String(16))
oxeleven_url = db.Column(db.String(255))
# token used for accessing oxEleven
# note, token is encrypted when we save into database;
# to get the actual token, we need to decrypt it
oxeleven_token = db.Column(db.LargeBinary)
# random key for token encryption
oxeleven_token_key = db.Column(db.LargeBinary)
# random iv for token encryption
oxeleven_token_iv = db.Column(db.LargeBinary)
# inum appliance, useful for searching oxAuth config in LDAP
inum_appliance = db.Column(db.String(255))
def should_rotate(self):
# determine whether we need to rotate the key
if not self.rotated_at:
return True
return datetime.utcnow() > self.next_rotation_at
@property
def next_rotation_at(self):
# when will the keys supposed to be rotated
return self.rotated_at + timedelta(days=self.interval)