app: add support for ephemeral keys

2021-04-14 22:57:58 +03:00 · 2021-04-14 22:57:58 +03:00 · c06a3137e5
commit c06a3137e5
parent 1156223231
4 changed files with 36 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -33,7 +33,7 @@ version      Show current version
      --metrics                    enable prometheus
  -h, --help                       show help
  -v, --version                    show version
-      --key string                 "generated" to generate key, path to private key file, hex string or wif (default "generated")
+      --key string                 path to private key file, hex string or wif (the key will be autogenerated if not specified)
      --verbose                    debug gRPC connections
      --request_timeout duration   gRPC request timeout (default 5s)
      --connect_timeout duration   gRPC connect timeout (default 30s)
--- a/app.go
+++ b/app.go
@ -56,6 +56,11 @@ func WithConfig(c *viper.Viper) Option {
 }

 func newApp(ctx context.Context, opt ...Option) App {
+	var (
+		creds neofs.Credentials
+		err   error
+	)
+
 	a := &app{
 		log:       zap.L(),
 		cfg:       viper.GetViper(),
@ -86,7 +91,13 @@ func newApp(ctx context.Context, opt ...Option) App {
 	a.webServer.DisablePreParseMultipartForm = true
 	a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
 	// -- -- -- -- -- -- -- -- -- -- -- -- -- --
-	creds, err := neofs.NewCredentials(a.cfg.GetString(cmdNeoFSKey))
+	keystring := a.cfg.GetString(cmdNeoFSKey)
+	if len(keystring) == 0 {
+		a.log.Info("no key specified, creating one automatically for this run")
+		creds, err = neofs.NewEphemeralCredentials()
+	} else {
+		creds, err = neofs.NewCredentials(keystring)
+	}
 	if err != nil {
 		a.log.Fatal("failed to get neofs credentials", zap.Error(err))
 	}
--- a/neofs/credentials.go
+++ b/neofs/credentials.go
@ -2,6 +2,9 @@ package neofs

 import (
 	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"math/big"

 	"github.com/nspcc-dev/neofs-api-go/pkg/owner"
 	crypto "github.com/nspcc-dev/neofs-crypto"
@ -33,6 +36,25 @@ func NewCredentials(secret string) (Credentials, error) {
 	return setFromPrivateKey(key)
 }

+// NewEphemeralCredentials creates new private key and Credentials based on that
+// key.
+func NewEphemeralCredentials() (Credentials, error) {
+	c := elliptic.P256()
+	priv, x, y, err := elliptic.GenerateKey(c, rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	key := &ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: c,
+			X:     x,
+			Y:     y,
+		},
+		D: new(big.Int).SetBytes(priv),
+	}
+	return setFromPrivateKey(key)
+}
+
 // PrivateKey returns ecdsa.PrivateKey.
 func (c *credentials) PrivateKey() *ecdsa.PrivateKey {
 	return c.key
--- a/settings.go
+++ b/settings.go
@ -104,7 +104,7 @@ func settings() *viper.Viper {
 	help := flags.BoolP(cmdHelp, "h", false, "show help")
 	version := flags.BoolP(cmdVersion, "v", false, "show version")

-	flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif`)
+	flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif (autogenerated key will be used if not specified)`)

 	flags.Bool(cmdVerbose, false, "debug gRPC connections")
 	flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")