forked from TrueCloudLab/frostfs-http-gw
app: add support for ephemeral keys
This commit is contained in:
parent
1156223231
commit
c06a3137e5
4 changed files with 36 additions and 3 deletions
|
@ -33,7 +33,7 @@ version Show current version
|
|||
--metrics enable prometheus
|
||||
-h, --help show help
|
||||
-v, --version show version
|
||||
--key string "generated" to generate key, path to private key file, hex string or wif (default "generated")
|
||||
--key string path to private key file, hex string or wif (the key will be autogenerated if not specified)
|
||||
--verbose debug gRPC connections
|
||||
--request_timeout duration gRPC request timeout (default 5s)
|
||||
--connect_timeout duration gRPC connect timeout (default 30s)
|
||||
|
|
13
app.go
13
app.go
|
@ -56,6 +56,11 @@ func WithConfig(c *viper.Viper) Option {
|
|||
}
|
||||
|
||||
func newApp(ctx context.Context, opt ...Option) App {
|
||||
var (
|
||||
creds neofs.Credentials
|
||||
err error
|
||||
)
|
||||
|
||||
a := &app{
|
||||
log: zap.L(),
|
||||
cfg: viper.GetViper(),
|
||||
|
@ -86,7 +91,13 @@ func newApp(ctx context.Context, opt ...Option) App {
|
|||
a.webServer.DisablePreParseMultipartForm = true
|
||||
a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
|
||||
// -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||
creds, err := neofs.NewCredentials(a.cfg.GetString(cmdNeoFSKey))
|
||||
keystring := a.cfg.GetString(cmdNeoFSKey)
|
||||
if len(keystring) == 0 {
|
||||
a.log.Info("no key specified, creating one automatically for this run")
|
||||
creds, err = neofs.NewEphemeralCredentials()
|
||||
} else {
|
||||
creds, err = neofs.NewCredentials(keystring)
|
||||
}
|
||||
if err != nil {
|
||||
a.log.Fatal("failed to get neofs credentials", zap.Error(err))
|
||||
}
|
||||
|
|
|
@ -2,6 +2,9 @@ package neofs
|
|||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"math/big"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
|
@ -33,6 +36,25 @@ func NewCredentials(secret string) (Credentials, error) {
|
|||
return setFromPrivateKey(key)
|
||||
}
|
||||
|
||||
// NewEphemeralCredentials creates new private key and Credentials based on that
|
||||
// key.
|
||||
func NewEphemeralCredentials() (Credentials, error) {
|
||||
c := elliptic.P256()
|
||||
priv, x, y, err := elliptic.GenerateKey(c, rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key := &ecdsa.PrivateKey{
|
||||
PublicKey: ecdsa.PublicKey{
|
||||
Curve: c,
|
||||
X: x,
|
||||
Y: y,
|
||||
},
|
||||
D: new(big.Int).SetBytes(priv),
|
||||
}
|
||||
return setFromPrivateKey(key)
|
||||
}
|
||||
|
||||
// PrivateKey returns ecdsa.PrivateKey.
|
||||
func (c *credentials) PrivateKey() *ecdsa.PrivateKey {
|
||||
return c.key
|
||||
|
|
|
@ -104,7 +104,7 @@ func settings() *viper.Viper {
|
|||
help := flags.BoolP(cmdHelp, "h", false, "show help")
|
||||
version := flags.BoolP(cmdVersion, "v", false, "show version")
|
||||
|
||||
flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif`)
|
||||
flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif (autogenerated key will be used if not specified)`)
|
||||
|
||||
flags.Bool(cmdVerbose, false, "debug gRPC connections")
|
||||
flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")
|
||||
|
|
Loading…
Reference in a new issue