frostfs-node/cmd/neofs-cli/modules/util.go

package cmd

import (
	"bytes"
	"crypto/rand"
	"encoding/json"
	"errors"
	"fmt"
	"io/ioutil"
	"os"
	"strconv"
	"time"

	"github.com/nspcc-dev/neofs-api-go/pkg"
	"github.com/nspcc-dev/neofs-api-go/pkg/token"
	"github.com/nspcc-dev/neofs-node/pkg/util/keyer"
	"github.com/spf13/cobra"
)

var errKeyerSingleArgument = errors.New("pass only one argument at a time")

var (
	utilCmd = &cobra.Command{
		Use:   "util",
		Short: "Utility operations",
	}

	signCmd = &cobra.Command{
		Use:   "sign",
		Short: "sign NeoFS structure",
	}

	signBearerCmd = &cobra.Command{
		Use:   "bearer-token",
		Short: "sign bearer token to use it in requests",
		RunE:  signBearerToken,
	}

	convertCmd = &cobra.Command{
		Use:   "convert",
		Short: "convert representation of NeoFS structures",
	}

	convertEACLCmd = &cobra.Command{
		Use:   "eacl",
		Short: "convert representation of extended ACL table",
		RunE:  convertEACLTable,
	}

	keyerCmd = &cobra.Command{
		Use:   "keyer",
		Short: "generate or print information about keys",
		RunE:  processKeyer,
	}
)

func init() {
	rootCmd.AddCommand(utilCmd)

	utilCmd.AddCommand(signCmd)
	utilCmd.AddCommand(convertCmd)
	utilCmd.AddCommand(keyerCmd)

	signCmd.AddCommand(signBearerCmd)
	signBearerCmd.Flags().String("from", "", "File with JSON or binary encoded bearer token to sign")
	_ = signBearerCmd.MarkFlagFilename("from")
	_ = signBearerCmd.MarkFlagRequired("from")
	signBearerCmd.Flags().String("to", "", "File to dump signed bearer token (default: binary encoded)")
	signBearerCmd.Flags().Bool("json", false, "Dump bearer token in JSON encoding")

	convertCmd.AddCommand(convertEACLCmd)
	convertEACLCmd.Flags().String("from", "", "File with JSON or binary encoded extended ACL table")
	_ = convertEACLCmd.MarkFlagFilename("from")
	_ = convertEACLCmd.MarkFlagRequired("from")
	convertEACLCmd.Flags().String("to", "", "File to dump extended ACL table (default: binary encoded)")
	convertEACLCmd.Flags().Bool("json", false, "Dump extended ACL table in JSON encoding")

	keyerCmd.Flags().BoolP("generate", "g", false, "generate new private key")
	keyerCmd.Flags().Bool("hex", false, "print all values in hex encoding")
	keyerCmd.Flags().BoolP("uncompressed", "u", false, "use uncompressed public key format")
	keyerCmd.Flags().BoolP("multisig", "m", false, "calculate multisig address from public keys")
}

func signBearerToken(cmd *cobra.Command, _ []string) error {
	btok, err := getBearerToken(cmd, "from")
	if err != nil {
		return err
	}

	key, err := getKey()
	if err != nil {
		return err
	}

	err = completeBearerToken(btok)
	if err != nil {
		return err
	}

	err = btok.SignToken(key)
	if err != nil {
		return err
	}

	to := cmd.Flag("to").Value.String()
	jsonFlag, _ := cmd.Flags().GetBool("json")

	var data []byte
	if jsonFlag || len(to) == 0 {
		data, err = btok.MarshalJSON()
		if err != nil {
			return fmt.Errorf("can't JSON encode bearer token: %w", err)
		}
	} else {
		data, err = btok.Marshal()
		if err != nil {
			return fmt.Errorf("can't binary encode bearer token: %w", err)
		}
	}

	if len(to) == 0 {
		prettyPrintJSON(cmd, data)

		return nil
	}

	err = ioutil.WriteFile(to, data, 0644)
	if err != nil {
		return fmt.Errorf("can't write signed bearer token to file: %w", err)
	}

	cmd.Printf("signed bearer token was successfully dumped to %s\n", to)

	return nil
}

func convertEACLTable(cmd *cobra.Command, _ []string) error {
	pathFrom := cmd.Flag("from").Value.String()
	to := cmd.Flag("to").Value.String()
	jsonFlag, _ := cmd.Flags().GetBool("json")

	table, err := parseEACL(pathFrom)
	if err != nil {
		return err
	}

	var data []byte
	if jsonFlag || len(to) == 0 {
		data, err = table.MarshalJSON()
		if err != nil {
			return fmt.Errorf("can't JSON encode extended ACL table: %w", err)
		}
	} else {
		data, err = table.Marshal()
		if err != nil {
			return fmt.Errorf("can't binary encode extended ACL table: %w", err)
		}
	}

	if len(to) == 0 {
		prettyPrintJSON(cmd, data)

		return nil
	}

	err = ioutil.WriteFile(to, data, 0644)
	if err != nil {
		return fmt.Errorf("can't write exteded ACL table to file: %w", err)
	}

	cmd.Printf("extended ACL table was successfully dumped to %s\n", to)

	return nil
}

func processKeyer(cmd *cobra.Command, args []string) error {
	var (
		err error

		result          = new(keyer.Dashboard)
		generate, _     = cmd.Flags().GetBool("generate")
		useHex, _       = cmd.Flags().GetBool("hex")
		uncompressed, _ = cmd.Flags().GetBool("uncompressed")
		multisig, _     = cmd.Flags().GetBool("multisig")
	)

	if multisig {
		err = result.ParseMultiSig(args)
	} else {
		if len(args) > 1 {
			return errKeyerSingleArgument
		}

		var argument string
		if len(args) > 0 {
			argument = args[0]
		}

		switch {
		case generate:
			err = keyerGenerate(argument, result)
		case fileExists(argument):
			err = keyerParseFile(argument, result)
		default:
			err = result.ParseString(argument)
		}
	}

	if err != nil {
		return err
	}

	result.PrettyPrint(uncompressed, useHex)

	return nil
}

func completeBearerToken(btok *token.BearerToken) error {
	if v2 := btok.ToV2(); v2 != nil {
		// set eACL table version, because it usually omitted
		table := v2.GetBody().GetEACL()
		table.SetVersion(pkg.SDKVersion().ToV2())

		// back to SDK token
		btok = token.NewBearerTokenFromV2(v2)
	} else {
		return errors.New("unsupported bearer token version")
	}

	return nil
}

func prettyPrintJSON(cmd *cobra.Command, data []byte) {
	buf := new(bytes.Buffer)
	if err := json.Indent(buf, data, "", "  "); err != nil {
		printVerbose("Can't pretty print json: %w", err)
	}

	cmd.Println(buf)
}

func prettyPrintUnixTime(s string) string {
	unixTime, err := strconv.ParseInt(s, 10, 64)
	if err != nil {
		return "malformed"
	}

	timestamp := time.Unix(unixTime, 0)

	return timestamp.String()
}

func keyerGenerate(filename string, d *keyer.Dashboard) error {
	key := make([]byte, keyer.NeoPrivateKeySize)

	_, err := rand.Read(key)
	if err != nil {
		return fmt.Errorf("can't get random source: %w", err)
	}

	err = d.ParseBinary(key)
	if err != nil {
		return fmt.Errorf("can't parse key: %w", err)
	}

	if filename != "" {
		return ioutil.WriteFile(filename, key, 0600)
	}

	return nil
}

func fileExists(filename string) bool {
	info, err := os.Stat(filename)
	if os.IsNotExist(err) {
		return false
	}

	return !info.IsDir()
}

func keyerParseFile(filename string, d *keyer.Dashboard) error {
	data, err := ioutil.ReadFile(filename)
	if err != nil {
		return fmt.Errorf("can't open %v file: %w", filename, err)
	}

	return d.ParseBinary(data)
}
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`package cmd`

			`import (`
			`"bytes"`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00			`"crypto/rand"`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"io/ioutil"`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00			`"os"`
[#144] Support well-known application attributes for container in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-03 13:44:50 +00:00			`"strconv"`
			`"time"`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00
			`"github.com/nspcc-dev/neofs-api-go/pkg"`
			`"github.com/nspcc-dev/neofs-api-go/pkg/token"`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00			`"github.com/nspcc-dev/neofs-node/pkg/util/keyer"`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`"github.com/spf13/cobra"`
			`)`

[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00			`var errKeyerSingleArgument = errors.New("pass only one argument at a time")`

[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`var (`
			`utilCmd = &cobra.Command{`
			`Use: "util",`
			`Short: "Utility operations",`
			`}`

			`signCmd = &cobra.Command{`
			`Use: "sign",`
			`Short: "sign NeoFS structure",`
			`}`

			`signBearerCmd = &cobra.Command{`
			`Use: "bearer-token",`
			`Short: "sign bearer token to use it in requests",`
			`RunE: signBearerToken,`
			`}`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00
			`convertCmd = &cobra.Command{`
			`Use: "convert",`
			`Short: "convert representation of NeoFS structures",`
			`}`

			`convertEACLCmd = &cobra.Command{`
			`Use: "eacl",`
			`Short: "convert representation of extended ACL table",`
			`RunE: convertEACLTable,`
			`}`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00
			`keyerCmd = &cobra.Command{`
			`Use: "keyer",`
			`Short: "generate or print information about keys",`
			`RunE: processKeyer,`
			`}`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`)`

			`func init() {`
			`rootCmd.AddCommand(utilCmd)`

			`utilCmd.AddCommand(signCmd)`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00			`utilCmd.AddCommand(convertCmd)`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00			`utilCmd.AddCommand(keyerCmd)`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00
			`signCmd.AddCommand(signBearerCmd)`
			`signBearerCmd.Flags().String("from", "", "File with JSON or binary encoded bearer token to sign")`
			`_ = signBearerCmd.MarkFlagFilename("from")`
			`_ = signBearerCmd.MarkFlagRequired("from")`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00			`signBearerCmd.Flags().String("to", "", "File to dump signed bearer token (default: binary encoded)")`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`signBearerCmd.Flags().Bool("json", false, "Dump bearer token in JSON encoding")`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00
			`convertCmd.AddCommand(convertEACLCmd)`
			`convertEACLCmd.Flags().String("from", "", "File with JSON or binary encoded extended ACL table")`
			`_ = convertEACLCmd.MarkFlagFilename("from")`
			`_ = convertEACLCmd.MarkFlagRequired("from")`
			`convertEACLCmd.Flags().String("to", "", "File to dump extended ACL table (default: binary encoded)")`
			`convertEACLCmd.Flags().Bool("json", false, "Dump extended ACL table in JSON encoding")`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00
			`keyerCmd.Flags().BoolP("generate", "g", false, "generate new private key")`
			`keyerCmd.Flags().Bool("hex", false, "print all values in hex encoding")`
			`keyerCmd.Flags().BoolP("uncompressed", "u", false, "use uncompressed public key format")`
			`keyerCmd.Flags().BoolP("multisig", "m", false, "calculate multisig address from public keys")`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`}`

			`func signBearerToken(cmd *cobra.Command, _ []string) error {`
			`btok, err := getBearerToken(cmd, "from")`
			`if err != nil {`
			`return err`
			`}`

			`key, err := getKey()`
			`if err != nil {`
			`return err`
			`}`

			`err = completeBearerToken(btok)`
			`if err != nil {`
			`return err`
			`}`

			`err = btok.SignToken(key)`
			`if err != nil {`
			`return err`
			`}`

			`to := cmd.Flag("to").Value.String()`
			`jsonFlag, _ := cmd.Flags().GetBool("json")`

			`var data []byte`
			`if jsonFlag \|\| len(to) == 0 {`
[#174] Update to latest neofs-api-go changes Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-11-16 09:43:52 +00:00			`data, err = btok.MarshalJSON()`
Update neofs-api-go to latest version Handle errors provided by JSON encoders. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-29 16:36:59 +00:00			`if err != nil {`
			`return fmt.Errorf("can't JSON encode bearer token: %w", err)`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`}`
			`} else {`
[#174] Use Marshal(JSON)/Unmarshal(JSON) methods for encoding/decoding Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-11-16 10:26:35 +00:00			`data, err = btok.Marshal()`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`if err != nil {`
Update neofs-api-go to latest version Handle errors provided by JSON encoders. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-29 16:36:59 +00:00			`return fmt.Errorf("can't binary encode bearer token: %w", err)`
[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`}`
			`}`

			`if len(to) == 0 {`
			`prettyPrintJSON(cmd, data)`

			`return nil`
			`}`

			`err = ioutil.WriteFile(to, data, 0644)`
			`if err != nil {`
			`return fmt.Errorf("can't write signed bearer token to file: %w", err)`
			`}`

			`cmd.Printf("signed bearer token was successfully dumped to %s\n", to)`

			`return nil`
			`}`

[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00			`func convertEACLTable(cmd *cobra.Command, _ []string) error {`
			`pathFrom := cmd.Flag("from").Value.String()`
			`to := cmd.Flag("to").Value.String()`
			`jsonFlag, _ := cmd.Flags().GetBool("json")`

			`table, err := parseEACL(pathFrom)`
			`if err != nil {`
			`return err`
			`}`

			`var data []byte`
			`if jsonFlag \|\| len(to) == 0 {`
[#174] Update to latest neofs-api-go changes Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-11-16 09:43:52 +00:00			`data, err = table.MarshalJSON()`
Update neofs-api-go to latest version Handle errors provided by JSON encoders. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-29 16:36:59 +00:00			`if err != nil {`
			`return fmt.Errorf("can't JSON encode extended ACL table: %w", err)`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00			`}`
			`} else {`
[#174] Use Marshal(JSON)/Unmarshal(JSON) methods for encoding/decoding Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-11-16 10:26:35 +00:00			`data, err = table.Marshal()`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00			`if err != nil {`
Update neofs-api-go to latest version Handle errors provided by JSON encoders. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-29 16:36:59 +00:00			`return fmt.Errorf("can't binary encode extended ACL table: %w", err)`
[#26] Add extnded ACL table converter in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:59:37 +00:00			`}`
			`}`

			`if len(to) == 0 {`
			`prettyPrintJSON(cmd, data)`

			`return nil`
			`}`

			`err = ioutil.WriteFile(to, data, 0644)`
			`if err != nil {`
			`return fmt.Errorf("can't write exteded ACL table to file: %w", err)`
			`}`

			`cmd.Printf("extended ACL table was successfully dumped to %s\n", to)`

			`return nil`
			`}`

[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00			`func processKeyer(cmd *cobra.Command, args []string) error {`
			`var (`
			`err error`

			`result = new(keyer.Dashboard)`
			`generate, _ = cmd.Flags().GetBool("generate")`
			`useHex, _ = cmd.Flags().GetBool("hex")`
			`uncompressed, _ = cmd.Flags().GetBool("uncompressed")`
			`multisig, _ = cmd.Flags().GetBool("multisig")`
			`)`

			`if multisig {`
			`err = result.ParseMultiSig(args)`
			`} else {`
			`if len(args) > 1 {`
			`return errKeyerSingleArgument`
			`}`

			`var argument string`
			`if len(args) > 0 {`
			`argument = args[0]`
			`}`

			`switch {`
			`case generate:`
			`err = keyerGenerate(argument, result)`
			`case fileExists(argument):`
			`err = keyerParseFile(argument, result)`
			`default:`
			`err = result.ParseString(argument)`
			`}`
			`}`

			`if err != nil {`
			`return err`
			`}`

			`result.PrettyPrint(uncompressed, useHex)`

			`return nil`
			`}`

[#120] Add utility command to sign bearer token in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-10-22 15:08:28 +00:00			`func completeBearerToken(btok *token.BearerToken) error {`
			`if v2 := btok.ToV2(); v2 != nil {`
			`// set eACL table version, because it usually omitted`
			`table := v2.GetBody().GetEACL()`
			`table.SetVersion(pkg.SDKVersion().ToV2())`

			`// back to SDK token`
			`btok = token.NewBearerTokenFromV2(v2)`
			`} else {`
			`return errors.New("unsupported bearer token version")`
			`}`

			`return nil`
			`}`

			`func prettyPrintJSON(cmd *cobra.Command, data []byte) {`
			`buf := new(bytes.Buffer)`
			`if err := json.Indent(buf, data, "", " "); err != nil {`
			`printVerbose("Can't pretty print json: %w", err)`
			`}`

			`cmd.Println(buf)`
			`}`
[#144] Support well-known application attributes for container in CLI Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-03 13:44:50 +00:00
			`func prettyPrintUnixTime(s string) string {`
			`unixTime, err := strconv.ParseInt(s, 10, 64)`
			`if err != nil {`
			`return "malformed"`
			`}`

			`timestamp := time.Unix(unixTime, 0)`

			`return timestamp.String()`
			`}`
[#159] Add keyer to neofs-cli Keyer prints information about private key, public key, NEO3 Wallet, scripthash. It can generate new private key or generate multisig address. Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-11-06 12:58:39 +00:00
			`func keyerGenerate(filename string, d *keyer.Dashboard) error {`
			`key := make([]byte, keyer.NeoPrivateKeySize)`

			`_, err := rand.Read(key)`
			`if err != nil {`
			`return fmt.Errorf("can't get random source: %w", err)`
			`}`

			`err = d.ParseBinary(key)`
			`if err != nil {`
			`return fmt.Errorf("can't parse key: %w", err)`
			`}`

			`if filename != "" {`
			`return ioutil.WriteFile(filename, key, 0600)`
			`}`

			`return nil`
			`}`

			`func fileExists(filename string) bool {`
			`info, err := os.Stat(filename)`
			`if os.IsNotExist(err) {`
			`return false`
			`}`

			`return !info.IsDir()`
			`}`

			`func keyerParseFile(filename string, d *keyer.Dashboard) error {`
			`data, err := ioutil.ReadFile(filename)`
			`if err != nil {`
			`return fmt.Errorf("can't open %v file: %w", filename, err)`
			`}`

			`return d.ParseBinary(data)`
			`}`