From 1a818bac33746e9eb63e0fffd7daa3968aa13a17 Mon Sep 17 00:00:00 2001 From: Angira Kekteeva Date: Wed, 2 Jun 2021 21:53:20 +0300 Subject: [PATCH] [#64] authmate, auth: Fix access key id Replaced forbidden symbol '/' in access key id by '_' SecretKeyAddress and SecretKeyID are different things now Renamed param of authmate from secretAddressFlag to accessKeyIDFlag, that is more correct, imo. Signed-off-by: Angira Kekteeva --- api/auth/center.go | 7 ++++--- authmate/authmate.go | 4 +++- cmd/authmate/main.go | 13 ++++++++----- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/api/auth/center.go b/api/auth/center.go index c33e07d..565f11f 100644 --- a/api/auth/center.go +++ b/api/auth/center.go @@ -21,7 +21,7 @@ import ( "go.uber.org/zap" ) -var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P[^/]+)/(?P[^/]+)/(?P[^/]+)/(?P[^/]*)/(?P[^/]+)/aws4_request,\s*SignedHeaders=(?P.+),\s*Signature=(?P.+)`) +var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P[^/]+)_(?P[^/]+)/(?P[^/]+)/(?P[^/]*)/(?P[^/]+)/aws4_request,\s*SignedHeaders=(?P.+),\s*Signature=(?P.+)`) type ( // Center is a user authentication interface. @@ -88,10 +88,11 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) { return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err) } - accessKeyID := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) + accessKeyID := fmt.Sprintf("%s_%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) + accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) address := object.NewAddress() - if err = address.Parse(accessKeyID); err != nil { + if err = address.Parse(accessKeyAddress); err != nil { return nil, fmt.Errorf("could not parse AccessBox address: %s : %w", accessKeyID, err) } diff --git a/authmate/authmate.go b/authmate/authmate.go index 445f071..52ce854 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -162,8 +162,10 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr return fmt.Errorf("failed to get bearer token secret key: %w", err) } + accessKeyID := address.ContainerID().String() + "_" + address.ObjectID().String() + ir := &issuingResult{ - AccessKeyID: address.String(), + AccessKeyID: accessKeyID, SecretAccessKey: secret, OwnerPrivateKey: options.OwnerPrivateKey.String(), } diff --git a/cmd/authmate/main.go b/cmd/authmate/main.go index 8f2adea..1cef2d9 100644 --- a/cmd/authmate/main.go +++ b/cmd/authmate/main.go @@ -8,6 +8,7 @@ import ( "fmt" "os" "os/signal" + "strings" "syscall" "time" @@ -37,7 +38,7 @@ var ( peerAddressFlag string eaclRulesFlag string gatePrivateKeyFlag string - secretAddressFlag string + accessKeyIDFlag string ownerPrivateKeyFlag string containerIDFlag string containerFriendlyName string @@ -311,10 +312,10 @@ func obtainSecret() *cli.Command { Destination: &gatePrivateKeyFlag, }, &cli.StringFlag{ - Name: "secret-address", - Usage: "address of a secret (i.e. access key id for s3)", + Name: "access-key-id", + Usage: "access key id for s3", Required: true, - Destination: &secretAddressFlag, + Destination: &accessKeyIDFlag, }, }, Action: func(c *cli.Context) error { @@ -342,8 +343,10 @@ func obtainSecret() *cli.Command { return cli.Exit(fmt.Sprintf("failed to create owner's private key: %s", err), 4) } + secretAddress := strings.Replace(accessKeyIDFlag, "_", "/", 1) + obtainSecretOptions := &authmate.ObtainSecretOptions{ - SecretAddress: secretAddressFlag, + SecretAddress: secretAddress, GatePrivateKey: gateCreds.PrivateKey(), }