EliChin/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#92] Remove keys generation

Browse source 
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2021-06-22 17:11:44 +03:00
parent b5c8befa25
commit fd8130a42f
4 changed files with 69 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
README.md
View file

@ -127,28 +127,58 @@ token the object needs to be stored in a container available for the gateway
to read and it needs to be encrypted with this gateway's key (among others to read and it needs to be encrypted with this gateway's key (among others
potentially). potentially).
#### Generation of key pairs #### Generation of wallet
To generate neofs key pairs for gateways, run the following command (`--count` is 1 To generate wallets for gateways, run the following command:
by default):
``` ```
$ ./neofs-authmate generate-keys --count=2 $ ./neo-go wallet init -a -w wallet.json
[ Enter the name of the account > AccountTestName
{ Enter passphrase >
"private_key": "b8ba980eb70b959be99915d2e0ad377809984ccd1dac0a6551907f81c2b33d21", Confirm passphrase >
"public_key": "dd34f6dce9a4ce0990869ec6bd33a40e102a5798881cfe61d03a5659ceee1a64"
}, {
{ "version": "3.0",
"private_key": "407c351b17446ca07521faceb8b7d3e738319635f39f892419e2bf94462b4419", "accounts": [
"public_key": "20453af9d7f245ff6fdfb1260eaa411ae3be9c519a2a9bf1c98233522cbd0156" {
} "address": "NhLQpDnerpviUWDF77j5qyjFgavCmasJ4p",
] "key": "6PYUFyYpJ1JGyMrYV8NqeUFLKfpEVHsGGjCYtTDkjnKaSgYizRBZxVerte",
"label": "AccountTestName",
"contract": {
"script": "DCECXCsUZPwUyKHs6nAyyCvJ5s/vLwZkkVtWNC0zWzH8a9dBVuezJw==",
"parameters": [
{
"name": "parameter0",
"type": "Signature"
}
],
"deployed": false
},
"lock": false,
"isDefault": false
}
],
"scrypt": {
"n": 16384,
"r": 8,
"p": 8
},
"extra": {
"Tokens": null
}
}
wallet successfully created, file location is wallet.json
``` ```
Private key is the one to use for `neofs-s3-gw` command, public one can be To get public key from wallet run:
used to create new AWS credentials. ```
$ ./bin/neo-go wallet dump-keys -w wallet.json
NhLQpDnerpviUWDF77j5qyjFgavCmasJ4p (simple signature contract):
025c2b1464fc14c8a1ecea7032c82bc9e6cfef2f0664915b56342d335b31fc6bd7
```
#### Issuance of a secret #### Issuance of a secret

67
cmd/authmate/main.go
View file

@ -3,10 +3,6 @@ package main
import ( import (
"context" "context"
"crypto/ecdsa" "crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"encoding/hex"
"encoding/json"
"fmt" "fmt"
"os" "os"
"os/signal" "os/signal"
@ -24,11 +20,6 @@ import (
"go.uber.org/zap/zapcore" "go.uber.org/zap/zapcore"
) )
type gateKey struct {
PrivateKey string `json:"private_key"`
PublicKey string `json:"public_key"`
}
const ( const (
poolConnectTimeout = 5 * time.Second poolConnectTimeout = 5 * time.Second
poolRequestTimeout = 5 * time.Second poolRequestTimeout = 5 * time.Second
@ -44,7 +35,6 @@ var (
containerIDFlag string containerIDFlag string
containerFriendlyName string containerFriendlyName string
gatesPublicKeysFlag cli.StringSlice gatesPublicKeysFlag cli.StringSlice
gatesKeysCountFlag int
logEnabledFlag bool logEnabledFlag bool
logDebugEnabledFlag bool logDebugEnabledFlag bool
sessionTokenFlag bool sessionTokenFlag bool
@ -120,63 +110,6 @@ func appCommands() []*cli.Command {
return []*cli.Command{ return []*cli.Command{
issueSecret(), issueSecret(),
obtainSecret(), obtainSecret(),
generateKeys(),
}
}
func generateGatesKeys(count int) ([]*ecdsa.PrivateKey, error) {
var (
err error
res = make([]*ecdsa.PrivateKey, count)
)
for i := 0; i < count; i++ {
if res[i], err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader); err != nil {
return nil, err
}
}
return res, nil
}
func generateKeys() *cli.Command {
return &cli.Command{
Name: "generate-keys",
Usage: "Generate key pairs for gates",
Flags: []cli.Flag{
&cli.IntFlag{
Name: "count",
Usage: "number of 256r1 key pairs to generate",
Value: 1,
Destination: &gatesKeysCountFlag,
},
},
Action: func(c *cli.Context) error {
_, log := prepare()
log.Info("start generating P-256 keys")
csl, err := generateGatesKeys(gatesKeysCountFlag)
if err != nil {
return cli.Exit(fmt.Sprintf("failed to create key pairs of gates: %s", err), 1)
}
log.Info("generated P-256 keys")
gatesKeys := make([]gateKey, len(csl))
for i, cs := range csl {
privateKey, publicKey := hex.EncodeToString(cs.D.Bytes()), hex.EncodeToString(crypto.MarshalPublicKey(&cs.PublicKey))
gatesKeys[i] = gateKey{PrivateKey: privateKey, PublicKey: publicKey}
}
keys, err := json.MarshalIndent(gatesKeys, "", " ")
if err != nil {
return cli.Exit(fmt.Sprintf("failed to marshal key pairs of gates: %s", err), 2)
}
fmt.Println(string(keys))
return nil
},
} }
} }

33
cmd/s3-gw/app.go
View file

@ -2,7 +2,6 @@ package main
import ( import (
"context" "context"
"crypto/ecdsa"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"math" "math"
@ -10,10 +9,10 @@ import (
"net/http" "net/http"
"github.com/nspcc-dev/neo-go/cli/flags" "github.com/nspcc-dev/neo-go/cli/flags"
"github.com/nspcc-dev/neo-go/cli/input"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/util"
"github.com/nspcc-dev/neo-go/pkg/wallet" "github.com/nspcc-dev/neo-go/pkg/wallet"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/auth" "github.com/nspcc-dev/neofs-s3-gw/api/auth"
"github.com/nspcc-dev/neofs-s3-gw/api/handler" "github.com/nspcc-dev/neofs-s3-gw/api/handler"
@ -49,7 +48,7 @@ type (
func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App { func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
var ( var (
conns pool.Pool conns pool.Pool
key *ecdsa.PrivateKey key *keys.PrivateKey
err error err error
tls *tlsConfig tls *tlsConfig
caller api.Handler caller api.Handler
@ -86,7 +85,12 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
reBalance = v reBalance = v
} }
if key, err = getKeyFromWallet(v.GetString(cfgWallet), v.GetString(cfgAddress), v.GetString(cfgWalletPassphrase)); err != nil { var password *string
if v.IsSet(cfgWalletPassphrase) {
pwd := v.GetString(cfgWalletPassphrase)
password = &pwd
}
if key, err = getKeyFromWallet(v.GetString(cfgWallet), v.GetString(cfgAddress), password); err != nil {
l.Fatal("could not load NeoFS private key", zap.Error(err)) l.Fatal("could not load NeoFS private key", zap.Error(err))
} }
@ -98,10 +102,10 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
} }
l.Info("using credentials", l.Info("using credentials",
zap.String("NeoFS", hex.EncodeToString(crypto.MarshalPrivateKey(key)))) zap.String("NeoFS", hex.EncodeToString(key.PublicKey().Bytes())))
opts := &pool.BuilderOptions{ opts := &pool.BuilderOptions{
Key: key, Key: &key.PrivateKey,
NodeConnectionTimeout: conTimeout, NodeConnectionTimeout: conTimeout,
NodeRequestTimeout: reqTimeout, NodeRequestTimeout: reqTimeout,
ClientRebalanceInterval: reBalance, ClientRebalanceInterval: reBalance,
@ -116,7 +120,7 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
obj = layer.NewLayer(l, conns) obj = layer.NewLayer(l, conns)
// prepare auth center // prepare auth center
ctr = auth.New(conns, key) ctr = auth.New(conns, &key.PrivateKey)
if caller, err = handler.New(l, obj); err != nil { if caller, err = handler.New(l, obj); err != nil {
l.Fatal("could not initialize API handler", zap.Error(err)) l.Fatal("could not initialize API handler", zap.Error(err))
@ -138,7 +142,7 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
} }
} }
func getKeyFromWallet(walletPath, addrStr, password string) (*ecdsa.PrivateKey, error) { func getKeyFromWallet(walletPath, addrStr string, password *string) (*keys.PrivateKey, error) {
if len(walletPath) == 0 { if len(walletPath) == 0 {
return nil, fmt.Errorf("wallet path must not be empty") return nil, fmt.Errorf("wallet path must not be empty")
} }
@ -162,11 +166,18 @@ func getKeyFromWallet(walletPath, addrStr, password string) (*ecdsa.PrivateKey,
return nil, fmt.Errorf("couldn't find wallet account for %s", addrStr) return nil, fmt.Errorf("couldn't find wallet account for %s", addrStr)
} }
if err := acc.Decrypt(password, w.Scrypt); err != nil { if password == nil {
pwd, err := input.ReadPassword("Enter password > ")
if err != nil {
return nil, fmt.Errorf("couldn't read password")
}
password = &pwd
}
if err := acc.Decrypt(*password, w.Scrypt); err != nil {
return nil, fmt.Errorf("couldn't decrypt account: %w", err) return nil, fmt.Errorf("couldn't decrypt account: %w", err)
} }
return &acc.PrivateKey().PrivateKey, nil return acc.PrivateKey(), nil
} }
// Wait waits for application to finish. // Wait waits for application to finish.

1
go.sum
View file

@ -648,6 +648,7 @@ golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 h1:8qxJSnu+7dRq6upnbntrmriWByIakBuct5OM/MdQC1M= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 h1:8qxJSnu+7dRq6upnbntrmriWByIakBuct5OM/MdQC1M=
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M=
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=