[#509] Save isCustom flag into accessbox

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-10-14 12:07:09 +03:00 · 2024-10-14 12:07:09 +03:00 · 57b7e83380
commit 57b7e83380
parent 6a90f4e624
7 changed files with 73 additions and 65 deletions
--- a/creds/accessbox/accessbox.go
+++ b/creds/accessbox/accessbox.go
@ -106,6 +106,7 @@ func PackTokens(gatesData []*GateData, secret []byte, isCustomSecret bool) (*Acc
 		return nil, nil, fmt.Errorf("create ephemeral key: %w", err)
 	}
 	box.SeedKey = ephemeralKey.PublicKey().Bytes()
+	box.IsCustom = isCustomSecret

 	if secret == nil {
 		secret, err = generateSecret()
@ -127,7 +128,7 @@ func PackTokens(gatesData []*GateData, secret []byte, isCustomSecret bool) (*Acc
 }

 // GetTokens returns gate tokens from AccessBox.
-func (x *AccessBox) GetTokens(owner *keys.PrivateKey, isCustomSecret bool) (*GateData, error) {
+func (x *AccessBox) GetTokens(owner *keys.PrivateKey) (*GateData, error) {
 	seedKey, err := keys.NewPublicKeyFromBytes(x.SeedKey, elliptic.P256())
 	if err != nil {
 		return nil, fmt.Errorf("couldn't unmarshal SeedKey: %w", err)
@ -138,7 +139,7 @@ func (x *AccessBox) GetTokens(owner *keys.PrivateKey, isCustomSecret bool) (*Gat
 			continue
 		}

-		gateData, err := decodeGate(gate, owner, seedKey, isCustomSecret)
+		gateData, err := x.decodeGate(gate, owner, seedKey)
 		if err != nil {
 			return nil, fmt.Errorf("failed to decode gate: %w", err)
 		}
@ -166,8 +167,8 @@ func (x *AccessBox) GetPlacementPolicy() ([]*ContainerPolicy, error) {
 }

 // GetBox parses AccessBox to Box.
-func (x *AccessBox) GetBox(owner *keys.PrivateKey, isCustomSecret bool) (*Box, error) {
-	tokens, err := x.GetTokens(owner, isCustomSecret)
+func (x *AccessBox) GetBox(owner *keys.PrivateKey) (*Box, error) {
+	tokens, err := x.GetTokens(owner)
 	if err != nil {
 		return nil, fmt.Errorf("get tokens: %w", err)
 	}
@ -222,7 +223,7 @@ func encodeGate(ephemeralKey *keys.PrivateKey, seedKey *keys.PublicKey, tokens *
 	return gate, nil
 }

-func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, seedKey *keys.PublicKey, isCustomSecret bool) (*GateData, error) {
+func (x *AccessBox) decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, seedKey *keys.PublicKey) (*GateData, error) {
 	data, err := decrypt(owner, seedKey, gate.Tokens)
 	if err != nil {
 		return nil, fmt.Errorf("decrypt tokens: %w", err)
@ -248,7 +249,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, seedKey *keys.Publ

 	gateData := NewGateData(owner.PublicKey(), &bearerTkn)
 	gateData.SessionTokens = sessionTkns
-	if isCustomSecret {
+	if x.IsCustom {
 		gateData.SecretKey = string(tokens.SecretKey)
 	} else {
 		gateData.SecretKey = hex.EncodeToString(tokens.SecretKey)
--- a/creds/accessbox/accessbox.pb.go
+++ b/creds/accessbox/accessbox.pb.go
@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
-// 	protoc        v3.12.4
+// 	protoc-gen-go v1.34.2
+// 	protoc        v3.21.9
 // source: creds/accessbox/accessbox.proto

 package accessbox
@ -28,6 +28,7 @@ type AccessBox struct {
 	SeedKey         []byte                       `protobuf:"bytes,1,opt,name=seedKey,proto3" json:"seedKey,omitempty"`
 	Gates           []*AccessBox_Gate            `protobuf:"bytes,2,rep,name=gates,proto3" json:"gates,omitempty"`
 	ContainerPolicy []*AccessBox_ContainerPolicy `protobuf:"bytes,3,rep,name=containerPolicy,proto3" json:"containerPolicy,omitempty"`
+	IsCustom        bool                         `protobuf:"varint,4,opt,name=isCustom,proto3" json:"isCustom,omitempty"`
 }

 func (x *AccessBox) Reset() {
@ -83,6 +84,13 @@ func (x *AccessBox) GetContainerPolicy() []*AccessBox_ContainerPolicy {
 	return nil
 }

+func (x *AccessBox) GetIsCustom() bool {
+	if x != nil {
+		return x.IsCustom
+	}
+	return false
+}
+
 type Tokens struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@ -261,7 +269,7 @@ var File_creds_accessbox_accessbox_proto protoreflect.FileDescriptor
 var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
 	0x0a, 0x1f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f,
 	0x78, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x12, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x22, 0xc7, 0x02, 0x0a,
+	0x6f, 0x12, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x22, 0xe3, 0x02, 0x0a,
 	0x09, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x6f, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65,
 	0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x73, 0x65, 0x65,
 	0x64, 0x4b, 0x65, 0x79, 0x12, 0x2f, 0x0a, 0x05, 0x67, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20,
@ -272,29 +280,31 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
 	0x2e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73,
 	0x73, 0x42, 0x6f, 0x78, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f,
 	0x6c, 0x69, 0x63, 0x79, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x44, 0x0a, 0x04, 0x47, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a,
-	0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74,
-	0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x67, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62,
-	0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x67, 0x61,
-	0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x1a, 0x59, 0x0a, 0x0f, 0x43,
-	0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e,
-	0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72,
-	0x61, 0x69, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6c, 0x6f, 0x63, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06,
-	0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73,
-	0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20,
-	0x0a, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e,
-	0x12, 0x24, 0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e,
-	0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
-	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x42, 0x46, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72,
-	0x6f, 0x73, 0x74, 0x66, 0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43,
-	0x6c, 0x6f, 0x75, 0x64, 0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d,
-	0x73, 0x33, 0x2d, 0x67, 0x77, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x74, 0x6f, 0x6b, 0x65,
-	0x6e, 0x62, 0x6f, 0x78, 0x3b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x43, 0x75, 0x73, 0x74, 0x6f,
+	0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x75, 0x73, 0x74, 0x6f,
+	0x6d, 0x1a, 0x44, 0x0a, 0x04, 0x47, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x6f, 0x6b,
+	0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
+	0x73, 0x12, 0x24, 0x0a, 0x0d, 0x67, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b,
+	0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x67, 0x61, 0x74, 0x65, 0x50, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x1a, 0x59, 0x0a, 0x0f, 0x43, 0x6f, 0x6e, 0x74, 0x61,
+	0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, 0x0a, 0x12, 0x6c, 0x6f,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09,
+	0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b, 0x62, 0x65,
+	0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d,
+	0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x0c, 0x52, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65,
+	0x6e, 0x73, 0x42, 0x46, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66,
+	0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, 0x6c, 0x6f, 0x75, 0x64,
+	0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, 0x73, 0x33, 0x2d, 0x67,
+	0x77, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x62, 0x6f, 0x78,
+	0x3b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
 }

 var (
@ -310,7 +320,7 @@ func file_creds_accessbox_accessbox_proto_rawDescGZIP() []byte {
 }

 var file_creds_accessbox_accessbox_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
-var file_creds_accessbox_accessbox_proto_goTypes = []interface{}{
+var file_creds_accessbox_accessbox_proto_goTypes = []any{
 	(*AccessBox)(nil),                 // 0: accessbox.AccessBox
 	(*Tokens)(nil),                    // 1: accessbox.Tokens
 	(*AccessBox_Gate)(nil),            // 2: accessbox.AccessBox.Gate
@ -332,7 +342,7 @@ func file_creds_accessbox_accessbox_proto_init() {
 		return
 	}
 	if !protoimpl.UnsafeEnabled {
-		file_creds_accessbox_accessbox_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+		file_creds_accessbox_accessbox_proto_msgTypes[0].Exporter = func(v any, i int) any {
 			switch v := v.(*AccessBox); i {
 			case 0:
 				return &v.state
@ -344,7 +354,7 @@ func file_creds_accessbox_accessbox_proto_init() {
 				return nil
 			}
 		}
-		file_creds_accessbox_accessbox_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+		file_creds_accessbox_accessbox_proto_msgTypes[1].Exporter = func(v any, i int) any {
 			switch v := v.(*Tokens); i {
 			case 0:
 				return &v.state
@ -356,7 +366,7 @@ func file_creds_accessbox_accessbox_proto_init() {
 				return nil
 			}
 		}
-		file_creds_accessbox_accessbox_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+		file_creds_accessbox_accessbox_proto_msgTypes[2].Exporter = func(v any, i int) any {
 			switch v := v.(*AccessBox_Gate); i {
 			case 0:
 				return &v.state
@ -368,7 +378,7 @@ func file_creds_accessbox_accessbox_proto_init() {
 				return nil
 			}
 		}
-		file_creds_accessbox_accessbox_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+		file_creds_accessbox_accessbox_proto_msgTypes[3].Exporter = func(v any, i int) any {
 			switch v := v.(*AccessBox_ContainerPolicy); i {
 			case 0:
 				return &v.state
--- a/creds/accessbox/accessbox.proto
+++ b/creds/accessbox/accessbox.proto
@ -20,6 +20,7 @@ message AccessBox {
    bytes seedKey = 1 [json_name = "seedKey"];
    repeated Gate gates = 2 [json_name = "gates"];
    repeated ContainerPolicy containerPolicy = 3 [json_name = "containerPolicy"];
+    bool isCustom = 4 [json_name = "isCustom"];
 }

 message Tokens {
--- a/creds/accessbox/accessbox_test.go
+++ b/creds/accessbox/accessbox_test.go
@ -70,7 +70,7 @@ func TestBearerTokenInAccessBox(t *testing.T) {
 	err = box2.Unmarshal(data)
 	require.NoError(t, err)

-	tkns, err := box2.GetTokens(cred, false)
+	tkns, err := box2.GetTokens(cred)
 	require.NoError(t, err)

 	assertBearerToken(t, tkn, *tkns.BearerToken)
@ -105,7 +105,7 @@ func TestSessionTokenInAccessBox(t *testing.T) {
 	err = box2.Unmarshal(data)
 	require.NoError(t, err)

-	tkns, err := box2.GetTokens(cred, false)
+	tkns, err := box2.GetTokens(cred)
 	require.NoError(t, err)

 	require.Equal(t, []*session.Container{tkn}, tkns.SessionTokens)
@ -140,7 +140,7 @@ func TestAccessboxMultipleKeys(t *testing.T) {
 	require.NoError(t, err)

 	for i, k := range privateKeys {
-		tkns, err := box.GetTokens(k, false)
+		tkns, err := box.GetTokens(k)
 		require.NoError(t, err, "key #%d: %s failed", i, k)
 		assertBearerToken(t, tkn, *tkns.BearerToken)
 	}
@ -168,7 +168,7 @@ func TestUnknownKey(t *testing.T) {
 	box, _, err = PackTokens([]*GateData{gate}, nil, false)
 	require.NoError(t, err)

-	_, err = box.GetTokens(wrongCred, false)
+	_, err = box.GetTokens(wrongCred)
 	require.Error(t, err)
 }

@ -231,7 +231,7 @@ func TestGetBox(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, hex.EncodeToString(secret), secrets.SecretKey)

-		box, err := accessBox.GetBox(cred, false)
+		box, err := accessBox.GetBox(cred)
 		require.NoError(t, err)
 		require.Equal(t, hex.EncodeToString(secret), box.Gate.SecretKey)
 	})
@ -241,7 +241,7 @@ func TestGetBox(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, string(secret), secrets.SecretKey)

-		box, err := accessBox.GetBox(cred, true)
+		box, err := accessBox.GetBox(cred)
 		require.NoError(t, err)
 		require.Equal(t, string(secret), box.Gate.SecretKey)
 	})
@ -261,10 +261,10 @@ func TestAccessBox(t *testing.T) {
 		randomKey, err := keys.NewPrivateKey()
 		require.NoError(t, err)

-		_, err = accessBox.GetTokens(randomKey, false)
+		_, err = accessBox.GetTokens(randomKey)
 		require.Error(t, err)

-		_, err = accessBox.GetBox(randomKey, false)
+		_, err = accessBox.GetBox(randomKey)
 		require.Error(t, err)
 	})

@ -294,17 +294,17 @@ func TestAccessBox(t *testing.T) {
 		_, err = accessBox.GetPlacementPolicy()
 		require.Error(t, err)

-		_, err = accessBox.GetBox(cred, false)
+		_, err = accessBox.GetBox(cred)
 		require.Error(t, err)
 	})

 	t.Run("empty seed key", func(t *testing.T) {
 		accessBox.SeedKey = nil

-		_, err = accessBox.GetTokens(cred, false)
+		_, err = accessBox.GetTokens(cred)
 		require.Error(t, err)

-		_, err = accessBox.GetBox(cred, false)
+		_, err = accessBox.GetBox(cred)
 		require.Error(t, err)
 	})

--- a/creds/tokens/credentials.go
+++ b/creds/tokens/credentials.go
@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"strings"
 	"time"

 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
@ -132,10 +131,9 @@ func New(cfg Config) Credentials {
 }

 func (c *cred) GetBox(ctx context.Context, cnrID cid.ID, accessKeyID string) (*accessbox.Box, []object.Attribute, error) {
-	isCustomSecret := isCustom(accessKeyID)
 	cachedBoxValue := c.cache.Get(accessKeyID)
 	if cachedBoxValue != nil {
-		return c.checkIfCredentialsAreRemoved(ctx, cnrID, accessKeyID, cachedBoxValue, isCustomSecret)
+		return c.checkIfCredentialsAreRemoved(ctx, cnrID, accessKeyID, cachedBoxValue)
 	}

 	box, attrs, err := c.getAccessBox(ctx, cnrID, accessKeyID)
@ -143,7 +141,7 @@ func (c *cred) GetBox(ctx context.Context, cnrID cid.ID, accessKeyID string) (*a
 		return nil, nil, fmt.Errorf("get access box: %w", err)
 	}

-	cachedBox, err := box.GetBox(c.key, isCustomSecret)
+	cachedBox, err := box.GetBox(c.key)
 	if err != nil {
 		return nil, nil, fmt.Errorf("get gate box: %w", err)
 	}
@ -153,7 +151,7 @@ func (c *cred) GetBox(ctx context.Context, cnrID cid.ID, accessKeyID string) (*a
 	return cachedBox, attrs, nil
 }

-func (c *cred) checkIfCredentialsAreRemoved(ctx context.Context, cnrID cid.ID, accessKeyID string, cachedBoxValue *cache.AccessBoxCacheValue, isCustomSecret bool) (*accessbox.Box, []object.Attribute, error) {
+func (c *cred) checkIfCredentialsAreRemoved(ctx context.Context, cnrID cid.ID, accessKeyID string, cachedBoxValue *cache.AccessBoxCacheValue) (*accessbox.Box, []object.Attribute, error) {
 	if time.Since(cachedBoxValue.PutTime) < c.removingCheckDuration {
 		return cachedBoxValue.Box, cachedBoxValue.Attributes, nil
 	}
@ -167,7 +165,7 @@ func (c *cred) checkIfCredentialsAreRemoved(ctx context.Context, cnrID cid.ID, a
 		return cachedBoxValue.Box, cachedBoxValue.Attributes, nil
 	}

-	cachedBox, err := box.GetBox(c.key, isCustomSecret)
+	cachedBox, err := box.GetBox(c.key)
 	if err != nil {
 		c.cache.Delete(accessKeyID)
 		return nil, nil, fmt.Errorf("get gate box: %w", err)
@ -261,7 +259,3 @@ func (c *cred) createObject(ctx context.Context, prm CredentialsParam, update bo

 	return addr, nil
 }
-
-func isCustom(accessKeyID string) bool {
-	return (&oid.Address{}).DecodeString(strings.ReplaceAll(accessKeyID, "0", "/")) != nil
-}
--- a/docs/images/authentication/accessbox-object.puml
+++ b/docs/images/authentication/accessbox-object.puml
@ -21,6 +21,7 @@ package AccessBox {
    SeedKey => Encoded public seed key
    List of Gates *--> Gate
    List of container policies *--> ContainerPolicy
+    IsCustom => True if SecretKey was imported and must be treated as it is
  }


--- a/docs/images/authentication/accessbox-object.svg
+++ b/docs/images/authentication/accessbox-object.svg