app: add support for ephemeral keys

This commit is contained in:
Roman Khimov 2021-04-14 22:57:58 +03:00 committed by Roman Khimov
parent 1156223231
commit c06a3137e5
4 changed files with 36 additions and 3 deletions

View file

@ -33,7 +33,7 @@ version Show current version
--metrics enable prometheus
-h, --help show help
-v, --version show version
--key string "generated" to generate key, path to private key file, hex string or wif (default "generated")
--key string path to private key file, hex string or wif (the key will be autogenerated if not specified)
--verbose debug gRPC connections
--request_timeout duration gRPC request timeout (default 5s)
--connect_timeout duration gRPC connect timeout (default 30s)

13
app.go
View file

@ -56,6 +56,11 @@ func WithConfig(c *viper.Viper) Option {
}
func newApp(ctx context.Context, opt ...Option) App {
var (
creds neofs.Credentials
err error
)
a := &app{
log: zap.L(),
cfg: viper.GetViper(),
@ -86,7 +91,13 @@ func newApp(ctx context.Context, opt ...Option) App {
a.webServer.DisablePreParseMultipartForm = true
a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
// -- -- -- -- -- -- -- -- -- -- -- -- -- --
creds, err := neofs.NewCredentials(a.cfg.GetString(cmdNeoFSKey))
keystring := a.cfg.GetString(cmdNeoFSKey)
if len(keystring) == 0 {
a.log.Info("no key specified, creating one automatically for this run")
creds, err = neofs.NewEphemeralCredentials()
} else {
creds, err = neofs.NewCredentials(keystring)
}
if err != nil {
a.log.Fatal("failed to get neofs credentials", zap.Error(err))
}

View file

@ -2,6 +2,9 @@ package neofs
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"math/big"
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
crypto "github.com/nspcc-dev/neofs-crypto"
@ -33,6 +36,25 @@ func NewCredentials(secret string) (Credentials, error) {
return setFromPrivateKey(key)
}
// NewEphemeralCredentials creates new private key and Credentials based on that
// key.
func NewEphemeralCredentials() (Credentials, error) {
c := elliptic.P256()
priv, x, y, err := elliptic.GenerateKey(c, rand.Reader)
if err != nil {
return nil, err
}
key := &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: c,
X: x,
Y: y,
},
D: new(big.Int).SetBytes(priv),
}
return setFromPrivateKey(key)
}
// PrivateKey returns ecdsa.PrivateKey.
func (c *credentials) PrivateKey() *ecdsa.PrivateKey {
return c.key

View file

@ -104,7 +104,7 @@ func settings() *viper.Viper {
help := flags.BoolP(cmdHelp, "h", false, "show help")
version := flags.BoolP(cmdVersion, "v", false, "show version")
flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif`)
flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif (autogenerated key will be used if not specified)`)
flags.Bool(cmdVerbose, false, "debug gRPC connections")
flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")