forked from TrueCloudLab/frostfs-s3-gw
58 lines
1.4 KiB
Go
58 lines
1.4 KiB
Go
|
package layer
|
||
|
|
||
|
import (
|
||
|
"crypto/rand"
|
||
|
"crypto/rsa"
|
||
|
|
||
|
"github.com/klauspost/compress/zstd"
|
||
|
"github.com/nspcc-dev/neofs-api-go/service"
|
||
|
"github.com/pkg/errors"
|
||
|
)
|
||
|
|
||
|
type KeyPair struct {
|
||
|
PrivateKey *rsa.PrivateKey
|
||
|
PublicKey *rsa.PublicKey
|
||
|
}
|
||
|
|
||
|
type AuthCenter struct {
|
||
|
gatewayKeys KeyPair
|
||
|
}
|
||
|
|
||
|
func NewAuthCenter() (*AuthCenter, error) {
|
||
|
var kp KeyPair
|
||
|
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
kp.PrivateKey = privateKey
|
||
|
kp.PublicKey = &privateKey.PublicKey
|
||
|
ac := &AuthCenter{
|
||
|
gatewayKeys: kp,
|
||
|
}
|
||
|
return ac, nil
|
||
|
}
|
||
|
|
||
|
func (ac *AuthCenter) PackBearerToken(bt service.BearerToken) ([]byte, error) {
|
||
|
// TODO
|
||
|
panic("unimplemented method")
|
||
|
}
|
||
|
|
||
|
func (ac *AuthCenter) UnpackBearerToken(packedCredentials []byte) (service.BearerToken, error) {
|
||
|
zstdDecoder, _ := zstd.NewReader(nil)
|
||
|
// secretHash := packedCredentials[:32]
|
||
|
_ = packedCredentials[:32]
|
||
|
compressedKeyID := packedCredentials[32:]
|
||
|
// Get an encrypted key.
|
||
|
var encryptedKeyID []byte
|
||
|
if _, err := zstdDecoder.DecodeAll(compressedKeyID, encryptedKeyID); err != nil {
|
||
|
return nil, errors.Wrap(err, "failed to decompress key ID")
|
||
|
}
|
||
|
// TODO: Decrypt the key ID.
|
||
|
var keyID []byte
|
||
|
bearerToken := new(service.BearerTokenMsg)
|
||
|
if err := bearerToken.Unmarshal(keyID); err != nil {
|
||
|
return nil, errors.Wrap(err, "failed to unmarshal embedded bearer token")
|
||
|
}
|
||
|
return bearerToken, nil
|
||
|
}
|