Move auth file to layer; add RSA keys
This commit is contained in:
parent
5254fd943b
commit
2a1a8aa379
4 changed files with 61 additions and 25 deletions
4
go.mod
4
go.mod
|
@ -30,6 +30,7 @@ require (
|
|||
github.com/gogo/protobuf v1.3.1
|
||||
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 // indirect
|
||||
github.com/gomodule/redigo v2.0.0+incompatible
|
||||
github.com/google/brotli/go/cbrotli v0.0.0-20200702174557-fc823290a76a
|
||||
github.com/google/uuid v1.1.1
|
||||
github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f // indirect
|
||||
github.com/gorilla/handlers v1.4.2
|
||||
|
@ -41,7 +42,7 @@ require (
|
|||
github.com/hashicorp/vault/api v1.0.4
|
||||
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf
|
||||
github.com/json-iterator/go v1.1.10
|
||||
github.com/klauspost/compress v1.10.4
|
||||
github.com/klauspost/compress v1.10.10
|
||||
github.com/klauspost/cpuid v1.3.0
|
||||
github.com/klauspost/pgzip v1.2.1
|
||||
github.com/klauspost/readahead v1.3.1
|
||||
|
@ -111,5 +112,4 @@ require (
|
|||
gopkg.in/olivere/elastic.v5 v5.0.80
|
||||
gopkg.in/yaml.v2 v2.2.8
|
||||
honnef.co/go/tools v0.0.1-2020.1.3 // indirect
|
||||
github.com/google/brotli/go/cbrotli v0.0.0-20200702174557-fc823290a76a
|
||||
)
|
||||
|
|
2
go.sum
2
go.sum
|
@ -298,6 +298,8 @@ github.com/klauspost/compress v1.9.4/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0
|
|||
github.com/klauspost/compress v1.10.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc=
|
||||
github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.10.10 h1:a/y8CglcM7gLGYmlbP/stPE5sR3hbhFRUjCBfd/0B3I=
|
||||
github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/cpuid v1.2.2 h1:1xAgYebNnsb9LKCdLOvFWtAxGU/33mjJtyOVbmUa0Us=
|
||||
github.com/klauspost/cpuid v1.2.2/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
package neofs
|
||||
|
||||
import (
|
||||
br "github.com/google/brotli/go/cbrotli"
|
||||
"github.com/nspcc-dev/neofs-api-go/service"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) {
|
||||
// secretHash := packedCredentials[:32]
|
||||
_ = packedCredentials[:32]
|
||||
compressedKeyID := packedCredentials[32:]
|
||||
keyID, err := br.Decode(compressedKeyID)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "failed to decompress key ID")
|
||||
}
|
||||
bearerToken := new(service.BearerTokenMsg)
|
||||
if err = bearerToken.Unmarshal(keyID); err != nil {
|
||||
return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token")
|
||||
}
|
||||
// TODO
|
||||
return bearerToken, nil
|
||||
}
|
57
neofs/layer/auth.go
Normal file
57
neofs/layer/auth.go
Normal file
|
@ -0,0 +1,57 @@
|
|||
package layer
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
|
||||
"github.com/klauspost/compress/zstd"
|
||||
"github.com/nspcc-dev/neofs-api-go/service"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type KeyPair struct {
|
||||
PrivateKey *rsa.PrivateKey
|
||||
PublicKey *rsa.PublicKey
|
||||
}
|
||||
|
||||
type AuthCenter struct {
|
||||
gatewayKeys KeyPair
|
||||
}
|
||||
|
||||
func NewAuthCenter() (*AuthCenter, error) {
|
||||
var kp KeyPair
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
kp.PrivateKey = privateKey
|
||||
kp.PublicKey = &privateKey.PublicKey
|
||||
ac := &AuthCenter{
|
||||
gatewayKeys: kp,
|
||||
}
|
||||
return ac, nil
|
||||
}
|
||||
|
||||
func (ac *AuthCenter) PackBearerToken(bt service.BearerToken) ([]byte, error) {
|
||||
// TODO
|
||||
panic("unimplemented method")
|
||||
}
|
||||
|
||||
func (ac *AuthCenter) UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) {
|
||||
zstdDecoder, _ := zstd.NewReader(nil)
|
||||
// secretHash := packedCredentials[:32]
|
||||
_ = packedCredentials[:32]
|
||||
compressedKeyID := packedCredentials[32:]
|
||||
// Get an encrypted key.
|
||||
var encryptedKeyID []byte
|
||||
if _, err := zstdDecoder.DecodeAll(compressedKeyID, encryptedKeyID); err != nil {
|
||||
return nil, errors.Wrap(err, "failed to decompress key ID")
|
||||
}
|
||||
// TODO: Decrypt the key ID.
|
||||
var keyID []byte
|
||||
bearerToken := new(service.BearerTokenMsg)
|
||||
if err := bearerToken.Unmarshal(keyID); err != nil {
|
||||
return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token")
|
||||
}
|
||||
return bearerToken, nil
|
||||
}
|
Loading…
Reference in a new issue