diff --git a/api/auth/center.go b/api/auth/center.go index 0d0d35f4c..43c238b61 100644 --- a/api/auth/center.go +++ b/api/auth/center.go @@ -15,9 +15,9 @@ import ( sdk "github.com/nspcc-dev/cdn-sdk" "github.com/nspcc-dev/cdn-sdk/creds/bearer" "github.com/nspcc-dev/cdn-sdk/creds/hcs" - "github.com/nspcc-dev/cdn-sdk/creds/s3" "github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/token" + "github.com/nspcc-dev/neofs-s3-gw/authmate" "go.uber.org/zap" ) @@ -100,7 +100,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) { return nil, err } - secret, err := s3.SecretAccessKey(tkn) + secret, err := authmate.BearerToAccessKey(tkn) if err != nil { return nil, err } diff --git a/authmate/authmate.go b/authmate/authmate.go index 0f00cd320..214f7da49 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -3,6 +3,8 @@ package authmate import ( "context" "crypto/ecdsa" + "crypto/sha256" + "encoding/hex" "encoding/json" "fmt" "io" @@ -14,7 +16,6 @@ import ( "github.com/nspcc-dev/cdn-sdk/creds/bearer" "github.com/nspcc-dev/cdn-sdk/creds/hcs" "github.com/nspcc-dev/cdn-sdk/creds/neofs" - "github.com/nspcc-dev/cdn-sdk/creds/s3" "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" "github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-api-go/pkg/netmap" @@ -127,7 +128,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr return fmt.Errorf("failed to put bearer token: %w", err) } - secret, err := s3.SecretAccessKey(tkn) + secret, err := BearerToAccessKey(tkn) if err != nil { return fmt.Errorf("failed to get bearer token secret key: %w", err) } @@ -157,7 +158,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe return fmt.Errorf("failed to get bearer token: %w", err) } - secret, err := s3.SecretAccessKey(tkn) + secret, err := BearerToAccessKey(tkn) if err != nil { return fmt.Errorf("failed to get bearer token secret key: %w", err) } @@ -234,3 +235,14 @@ func buildBearerToken(key *ecdsa.PrivateKey, oid *owner.ID, table *eacl.Table) ( return bearerToken, bearerToken.SignToken(key) } + +// BearerToAccessKey returns secret access key generated from given BearerToken. +func BearerToAccessKey(tkn *token.BearerToken) (string, error) { + data, err := tkn.Marshal() + if err != nil { + return "", err + } + + hash := sha256.Sum256(data) + return hex.EncodeToString(hash[:]), nil +}