diff --git a/README.md b/README.md index fbf6d3153..c110e319c 100644 --- a/README.md +++ b/README.md @@ -292,7 +292,7 @@ $ ./neofs-authmate issue-secret --wallet wallet.json \ Enter password for wallet.json > { - "access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM", + "access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM", "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c", "owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a" } @@ -301,6 +301,9 @@ Enter password for wallet.json > Access key ID and secret access key are AWS credentials that you can use with any S3 client. +Access key ID consists of Base58 encoded containerID(cid) and objectID(oid) stored on the NeoFS network and containing +the secret. Format of access_key_id: `%cid0%oid`, where 0(zero) is a delimiter. + #### Obtainment of a secret access key You can get a secret access key associated with access key ID by obtaining a @@ -312,7 +315,7 @@ and other (for `gate-wallet.json`) interactively: ./neofs-authmate obtain-secret --wallet wallet.json \ --peer 192.168.130.71:8080 \ --gate-wallet gate-wallet.json \ - --access-key-id 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM + --access-key-id 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM Enter password for gate-wallet.json > { @@ -336,7 +339,7 @@ $ aws configure after you enter this command, the AWS CLI will prompt you for four pieces of information, like in this example (replace with your own values): ``` -AWS Access Key ID [None]: 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM +AWS Access Key ID [None]: 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM AWS Secret Access Key [None]: 438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c Default region name [None]: ru Default output format [none]: json diff --git a/api/auth/center.go b/api/auth/center.go index f9099517f..3dccb2959 100644 --- a/api/auth/center.go +++ b/api/auth/center.go @@ -20,7 +20,8 @@ import ( "go.uber.org/zap" ) -var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P[^/]+)_(?P[^/]+)/(?P[^/]+)/(?P[^/]*)/(?P[^/]+)/aws4_request,\s*SignedHeaders=(?P.+),\s*Signature=(?P.+)`) +// authorizationFieldRegexp -- is regexp for credentials with Base58 encoded cid and oid and '0' (zero) as delimiter. +var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P[^/]+)0(?P[^/]+)/(?P[^/]+)/(?P[^/]*)/(?P[^/]+)/aws4_request,\s*SignedHeaders=(?P.+),\s*Signature=(?P.+)`) type ( // Center is a user authentication interface. @@ -89,7 +90,7 @@ func (c *center) Authenticate(r *http.Request) (*accessbox.GateData, error) { return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err) } - accessKeyID := fmt.Sprintf("%s_%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) + accessKeyID := fmt.Sprintf("%s0%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) address := object.NewAddress() diff --git a/authmate/authmate.go b/authmate/authmate.go index 58ab058f2..510caacdb 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -179,7 +179,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr return fmt.Errorf("failed to put bearer token: %w", err) } - accessKeyID := address.ContainerID().String() + "_" + address.ObjectID().String() + accessKeyID := address.ContainerID().String() + "0" + address.ObjectID().String() ir := &issuingResult{ AccessKeyID: accessKeyID,