Move auth file to layer; add RSA keys

This commit is contained in:
Pavel Korotkov 2020-07-08 02:37:27 +03:00
parent 5254fd943b
commit 2a1a8aa379
4 changed files with 61 additions and 25 deletions

4
go.mod
View file

@ -30,6 +30,7 @@ require (
github.com/gogo/protobuf v1.3.1 github.com/gogo/protobuf v1.3.1
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 // indirect github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 // indirect
github.com/gomodule/redigo v2.0.0+incompatible github.com/gomodule/redigo v2.0.0+incompatible
github.com/google/brotli/go/cbrotli v0.0.0-20200702174557-fc823290a76a
github.com/google/uuid v1.1.1 github.com/google/uuid v1.1.1
github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f // indirect github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f // indirect
github.com/gorilla/handlers v1.4.2 github.com/gorilla/handlers v1.4.2
@ -41,7 +42,7 @@ require (
github.com/hashicorp/vault/api v1.0.4 github.com/hashicorp/vault/api v1.0.4
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf
github.com/json-iterator/go v1.1.10 github.com/json-iterator/go v1.1.10
github.com/klauspost/compress v1.10.4 github.com/klauspost/compress v1.10.10
github.com/klauspost/cpuid v1.3.0 github.com/klauspost/cpuid v1.3.0
github.com/klauspost/pgzip v1.2.1 github.com/klauspost/pgzip v1.2.1
github.com/klauspost/readahead v1.3.1 github.com/klauspost/readahead v1.3.1
@ -111,5 +112,4 @@ require (
gopkg.in/olivere/elastic.v5 v5.0.80 gopkg.in/olivere/elastic.v5 v5.0.80
gopkg.in/yaml.v2 v2.2.8 gopkg.in/yaml.v2 v2.2.8
honnef.co/go/tools v0.0.1-2020.1.3 // indirect honnef.co/go/tools v0.0.1-2020.1.3 // indirect
github.com/google/brotli/go/cbrotli v0.0.0-20200702174557-fc823290a76a
) )

2
go.sum
View file

@ -298,6 +298,8 @@ github.com/klauspost/compress v1.9.4/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0
github.com/klauspost/compress v1.10.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc= github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc=
github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.10.10 h1:a/y8CglcM7gLGYmlbP/stPE5sR3hbhFRUjCBfd/0B3I=
github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/cpuid v1.2.2 h1:1xAgYebNnsb9LKCdLOvFWtAxGU/33mjJtyOVbmUa0Us= github.com/klauspost/cpuid v1.2.2 h1:1xAgYebNnsb9LKCdLOvFWtAxGU/33mjJtyOVbmUa0Us=
github.com/klauspost/cpuid v1.2.2/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.2/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=

View file

@ -1,23 +0,0 @@
package neofs
import (
br "github.com/google/brotli/go/cbrotli"
"github.com/nspcc-dev/neofs-api-go/service"
"github.com/pkg/errors"
)
func UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) {
// secretHash := packedCredentials[:32]
_ = packedCredentials[:32]
compressedKeyID := packedCredentials[32:]
keyID, err := br.Decode(compressedKeyID)
if err != nil {
return nil, errors.Wrap(err, "failed to decompress key ID")
}
bearerToken := new(service.BearerTokenMsg)
if err = bearerToken.Unmarshal(keyID); err != nil {
return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token")
}
// TODO
return bearerToken, nil
}

57
neofs/layer/auth.go Normal file
View file

@ -0,0 +1,57 @@
package layer
import (
"crypto/rand"
"crypto/rsa"
"github.com/klauspost/compress/zstd"
"github.com/nspcc-dev/neofs-api-go/service"
"github.com/pkg/errors"
)
type KeyPair struct {
PrivateKey *rsa.PrivateKey
PublicKey *rsa.PublicKey
}
type AuthCenter struct {
gatewayKeys KeyPair
}
func NewAuthCenter() (*AuthCenter, error) {
var kp KeyPair
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, err
}
kp.PrivateKey = privateKey
kp.PublicKey = &privateKey.PublicKey
ac := &AuthCenter{
gatewayKeys: kp,
}
return ac, nil
}
func (ac *AuthCenter) PackBearerToken(bt service.BearerToken) ([]byte, error) {
// TODO
panic("unimplemented method")
}
func (ac *AuthCenter) UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) {
zstdDecoder, _ := zstd.NewReader(nil)
// secretHash := packedCredentials[:32]
_ = packedCredentials[:32]
compressedKeyID := packedCredentials[32:]
// Get an encrypted key.
var encryptedKeyID []byte
if _, err := zstdDecoder.DecodeAll(compressedKeyID, encryptedKeyID); err != nil {
return nil, errors.Wrap(err, "failed to decompress key ID")
}
// TODO: Decrypt the key ID.
var keyID []byte
bearerToken := new(service.BearerTokenMsg)
if err := bearerToken.Unmarshal(keyID); err != nil {
return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token")
}
return bearerToken, nil
}