[#154] Rename access key to secret key #229
8 changed files with 23 additions and 23 deletions
|
@ -261,7 +261,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) {
|
||||||
return nil, fmt.Errorf("get box: %w", err)
|
return nil, fmt.Errorf("get box: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secret := box.Gate.AccessKey
|
secret := box.Gate.SecretKey
|
||||||
service, region := submatches["service"], submatches["region"]
|
service, region := submatches["service"], submatches["region"]
|
||||||
|
|
||||||
signature := signStr(secret, service, region, signatureDateTime, policy)
|
signature := signStr(secret, service, region, signatureDateTime, policy)
|
||||||
|
@ -294,7 +294,7 @@ func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
|
func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
|
||||||
awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.AccessKey, "")
|
awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.SecretKey, "")
|
||||||
signer := v4.NewSigner(awsCreds)
|
signer := v4.NewSigner(awsCreds)
|
||||||
signer.DisableURIPathEscaping = true
|
signer.DisableURIPathEscaping = true
|
||||||
|
|
||||||
|
|
|
@ -77,7 +77,7 @@ func TestCheckSign(t *testing.T) {
|
||||||
|
|
||||||
expBox := &accessbox.Box{
|
expBox := &accessbox.Box{
|
||||||
Gate: &accessbox.GateData{
|
Gate: &accessbox.GateData{
|
||||||
AccessKey: secretKey,
|
SecretKey: secretKey,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -292,7 +292,7 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
|
||||||
}))
|
}))
|
||||||
req = req.WithContext(middleware.SetBoxData(req.Context(), &accessbox.Box{
|
req = req.WithContext(middleware.SetBoxData(req.Context(), &accessbox.Box{
|
||||||
Gate: &accessbox.GateData{
|
Gate: &accessbox.GateData{
|
||||||
AccessKey: AWSSecretAccessKey,
|
SecretKey: AWSSecretAccessKey,
|
||||||
},
|
},
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
|
|
@ -199,7 +199,7 @@ func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, error) {
|
||||||
return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
|
return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
|
||||||
}
|
}
|
||||||
|
|
||||||
currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.AccessKey, "")
|
currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.SecretKey, "")
|
||||||
seed, err := hex.DecodeString(authHeaders.SignatureV4)
|
seed, err := hex.DecodeString(authHeaders.SignatureV4)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)
|
return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)
|
||||||
|
|
|
@ -282,7 +282,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
||||||
ir := &issuingResult{
|
ir := &issuingResult{
|
||||||
InitialAccessKeyID: accessKeyID,
|
InitialAccessKeyID: accessKeyID,
|
||||||
AccessKeyID: accessKeyID,
|
AccessKeyID: accessKeyID,
|
||||||
SecretAccessKey: secrets.AccessKey,
|
SecretAccessKey: secrets.SecretKey,
|
||||||
OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()),
|
OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()),
|
||||||
WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
|
WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
|
||||||
ContainerID: id.EncodeToString(),
|
ContainerID: id.EncodeToString(),
|
||||||
|
@ -305,7 +305,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
||||||
}
|
}
|
||||||
defer file.Close()
|
defer file.Close()
|
||||||
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
|
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
|
||||||
profileName, accessKeyID, secrets.AccessKey)); err != nil {
|
profileName, accessKeyID, secrets.SecretKey)); err != nil {
|
||||||
return fmt.Errorf("fails to write to file: %w", err)
|
return fmt.Errorf("fails to write to file: %w", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -321,7 +321,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
|
||||||
return fmt.Errorf("get accessbox: %w", err)
|
return fmt.Errorf("get accessbox: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := hex.DecodeString(box.Gate.AccessKey)
|
secret, err := hex.DecodeString(box.Gate.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to decode secret key access box: %w", err)
|
return fmt.Errorf("failed to decode secret key access box: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -358,7 +358,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
|
||||||
ir := &issuingResult{
|
ir := &issuingResult{
|
||||||
AccessKeyID: accessKeyIDFromAddr(addr),
|
AccessKeyID: accessKeyIDFromAddr(addr),
|
||||||
InitialAccessKeyID: accessKeyIDFromAddr(oldAddr),
|
InitialAccessKeyID: accessKeyIDFromAddr(oldAddr),
|
||||||
SecretAccessKey: secrets.AccessKey,
|
SecretAccessKey: secrets.SecretKey,
|
||||||
OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()),
|
OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()),
|
||||||
WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
|
WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
|
||||||
ContainerID: addr.Container().EncodeToString(),
|
ContainerID: addr.Container().EncodeToString(),
|
||||||
|
@ -396,7 +396,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
|
||||||
|
|
||||||
or := &obtainingResult{
|
or := &obtainingResult{
|
||||||
BearerToken: box.Gate.BearerToken,
|
BearerToken: box.Gate.BearerToken,
|
||||||
SecretAccessKey: box.Gate.AccessKey,
|
SecretAccessKey: box.Gate.SecretKey,
|
||||||
}
|
}
|
||||||
|
|
||||||
enc := json.NewEncoder(w)
|
enc := json.NewEncoder(w)
|
||||||
|
|
|
@ -33,7 +33,7 @@ type ContainerPolicy struct {
|
||||||
|
|
||||||
// GateData represents gate tokens in AccessBox.
|
// GateData represents gate tokens in AccessBox.
|
||||||
type GateData struct {
|
type GateData struct {
|
||||||
AccessKey string
|
SecretKey string
|
||||||
BearerToken *bearer.Token
|
BearerToken *bearer.Token
|
||||||
SessionTokens []*session.Container
|
SessionTokens []*session.Container
|
||||||
GateKey *keys.PublicKey
|
GateKey *keys.PublicKey
|
||||||
|
@ -77,9 +77,9 @@ func isAppropriateContainerContext(tok *session.Container, verb session.Containe
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Secrets represents AccessKey and the key to encrypt gate tokens.
|
// Secrets represents SecretKey and the key to encrypt gate tokens.
|
||||||
type Secrets struct {
|
type Secrets struct {
|
||||||
AccessKey string
|
SecretKey string
|
||||||
EphemeralKey *keys.PrivateKey
|
EphemeralKey *keys.PrivateKey
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -184,7 +184,7 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK
|
||||||
}
|
}
|
||||||
|
|
||||||
tokens := new(Tokens)
|
tokens := new(Tokens)
|
||||||
tokens.AccessKey = secret
|
tokens.SecretKey = secret
|
||||||
tokens.BearerToken = encBearer
|
tokens.BearerToken = encBearer
|
||||||
tokens.SessionTokens = encSessions
|
tokens.SessionTokens = encSessions
|
||||||
|
|
||||||
|
@ -240,7 +240,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi
|
||||||
|
|
||||||
gateData := NewGateData(owner.PublicKey(), &bearerTkn)
|
gateData := NewGateData(owner.PublicKey(), &bearerTkn)
|
||||||
gateData.SessionTokens = sessionTkns
|
gateData.SessionTokens = sessionTkns
|
||||||
gateData.AccessKey = hex.EncodeToString(tokens.AccessKey)
|
gateData.SecretKey = hex.EncodeToString(tokens.SecretKey)
|
||||||
return gateData, nil
|
return gateData, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||||
// versions:
|
// versions:
|
||||||
// protoc-gen-go v1.28.1
|
// protoc-gen-go v1.30.0
|
||||||
// protoc v3.21.12
|
// protoc v3.12.4
|
||||||
// source: creds/accessbox/accessbox.proto
|
// source: creds/accessbox/accessbox.proto
|
||||||
|
|
||||||
package accessbox
|
package accessbox
|
||||||
|
@ -88,7 +88,7 @@ type Tokens struct {
|
||||||
sizeCache protoimpl.SizeCache
|
sizeCache protoimpl.SizeCache
|
||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
|
|
||||||
AccessKey []byte `protobuf:"bytes,1,opt,name=accessKey,proto3" json:"accessKey,omitempty"`
|
SecretKey []byte `protobuf:"bytes,1,opt,name=secretKey,proto3" json:"secretKey,omitempty"`
|
||||||
BearerToken []byte `protobuf:"bytes,2,opt,name=bearerToken,proto3" json:"bearerToken,omitempty"`
|
BearerToken []byte `protobuf:"bytes,2,opt,name=bearerToken,proto3" json:"bearerToken,omitempty"`
|
||||||
SessionTokens [][]byte `protobuf:"bytes,3,rep,name=sessionTokens,proto3" json:"sessionTokens,omitempty"`
|
SessionTokens [][]byte `protobuf:"bytes,3,rep,name=sessionTokens,proto3" json:"sessionTokens,omitempty"`
|
||||||
}
|
}
|
||||||
|
@ -125,9 +125,9 @@ func (*Tokens) Descriptor() ([]byte, []int) {
|
||||||
return file_creds_accessbox_accessbox_proto_rawDescGZIP(), []int{1}
|
return file_creds_accessbox_accessbox_proto_rawDescGZIP(), []int{1}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *Tokens) GetAccessKey() []byte {
|
func (x *Tokens) GetSecretKey() []byte {
|
||||||
if x != nil {
|
if x != nil {
|
||||||
return x.AccessKey
|
return x.SecretKey
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -284,8 +284,8 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
|
||||||
0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06,
|
0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06,
|
||||||
0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f,
|
0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f,
|
||||||
0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c,
|
0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c,
|
||||||
0x0a, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
|
0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||||
0x0c, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
|
0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
|
||||||
0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
|
0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
|
||||||
0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24,
|
0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24,
|
||||||
0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18,
|
0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18,
|
||||||
|
|
|
@ -23,7 +23,7 @@ message AccessBox {
|
||||||
}
|
}
|
||||||
|
|
||||||
message Tokens {
|
message Tokens {
|
||||||
bytes accessKey = 1 [json_name = "accessKey"];
|
bytes secretKey = 1 [json_name = "secretKey"];
|
||||||
bytes bearerToken = 2 [json_name = "bearerToken"];
|
bytes bearerToken = 2 [json_name = "bearerToken"];
|
||||||
repeated bytes sessionTokens = 3 [json_name = "sessionTokens"];
|
repeated bytes sessionTokens = 3 [json_name = "sessionTokens"];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue