forked from TrueCloudLab/frostfs-http-gw
app: add support for ephemeral keys
This commit is contained in:
parent
1156223231
commit
c06a3137e5
4 changed files with 36 additions and 3 deletions
|
@ -33,7 +33,7 @@ version Show current version
|
||||||
--metrics enable prometheus
|
--metrics enable prometheus
|
||||||
-h, --help show help
|
-h, --help show help
|
||||||
-v, --version show version
|
-v, --version show version
|
||||||
--key string "generated" to generate key, path to private key file, hex string or wif (default "generated")
|
--key string path to private key file, hex string or wif (the key will be autogenerated if not specified)
|
||||||
--verbose debug gRPC connections
|
--verbose debug gRPC connections
|
||||||
--request_timeout duration gRPC request timeout (default 5s)
|
--request_timeout duration gRPC request timeout (default 5s)
|
||||||
--connect_timeout duration gRPC connect timeout (default 30s)
|
--connect_timeout duration gRPC connect timeout (default 30s)
|
||||||
|
|
13
app.go
13
app.go
|
@ -56,6 +56,11 @@ func WithConfig(c *viper.Viper) Option {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newApp(ctx context.Context, opt ...Option) App {
|
func newApp(ctx context.Context, opt ...Option) App {
|
||||||
|
var (
|
||||||
|
creds neofs.Credentials
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
|
||||||
a := &app{
|
a := &app{
|
||||||
log: zap.L(),
|
log: zap.L(),
|
||||||
cfg: viper.GetViper(),
|
cfg: viper.GetViper(),
|
||||||
|
@ -86,7 +91,13 @@ func newApp(ctx context.Context, opt ...Option) App {
|
||||||
a.webServer.DisablePreParseMultipartForm = true
|
a.webServer.DisablePreParseMultipartForm = true
|
||||||
a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
|
a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
|
||||||
// -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
// -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
creds, err := neofs.NewCredentials(a.cfg.GetString(cmdNeoFSKey))
|
keystring := a.cfg.GetString(cmdNeoFSKey)
|
||||||
|
if len(keystring) == 0 {
|
||||||
|
a.log.Info("no key specified, creating one automatically for this run")
|
||||||
|
creds, err = neofs.NewEphemeralCredentials()
|
||||||
|
} else {
|
||||||
|
creds, err = neofs.NewCredentials(keystring)
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
a.log.Fatal("failed to get neofs credentials", zap.Error(err))
|
a.log.Fatal("failed to get neofs credentials", zap.Error(err))
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,9 @@ package neofs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
"crypto/elliptic"
|
||||||
|
"crypto/rand"
|
||||||
|
"math/big"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||||
|
@ -33,6 +36,25 @@ func NewCredentials(secret string) (Credentials, error) {
|
||||||
return setFromPrivateKey(key)
|
return setFromPrivateKey(key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NewEphemeralCredentials creates new private key and Credentials based on that
|
||||||
|
// key.
|
||||||
|
func NewEphemeralCredentials() (Credentials, error) {
|
||||||
|
c := elliptic.P256()
|
||||||
|
priv, x, y, err := elliptic.GenerateKey(c, rand.Reader)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
key := &ecdsa.PrivateKey{
|
||||||
|
PublicKey: ecdsa.PublicKey{
|
||||||
|
Curve: c,
|
||||||
|
X: x,
|
||||||
|
Y: y,
|
||||||
|
},
|
||||||
|
D: new(big.Int).SetBytes(priv),
|
||||||
|
}
|
||||||
|
return setFromPrivateKey(key)
|
||||||
|
}
|
||||||
|
|
||||||
// PrivateKey returns ecdsa.PrivateKey.
|
// PrivateKey returns ecdsa.PrivateKey.
|
||||||
func (c *credentials) PrivateKey() *ecdsa.PrivateKey {
|
func (c *credentials) PrivateKey() *ecdsa.PrivateKey {
|
||||||
return c.key
|
return c.key
|
||||||
|
|
|
@ -104,7 +104,7 @@ func settings() *viper.Viper {
|
||||||
help := flags.BoolP(cmdHelp, "h", false, "show help")
|
help := flags.BoolP(cmdHelp, "h", false, "show help")
|
||||||
version := flags.BoolP(cmdVersion, "v", false, "show version")
|
version := flags.BoolP(cmdVersion, "v", false, "show version")
|
||||||
|
|
||||||
flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif`)
|
flags.String(cmdNeoFSKey, "", `path to private key file, hex string or wif (autogenerated key will be used if not specified)`)
|
||||||
|
|
||||||
flags.Bool(cmdVerbose, false, "debug gRPC connections")
|
flags.Bool(cmdVerbose, false, "debug gRPC connections")
|
||||||
flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")
|
flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")
|
||||||
|
|
Loading…
Reference in a new issue