[#64] authmate, auth: Fix access key id

Replaced forbidden symbol '/' in access key id by '_'
SecretKeyAddress and SecretKeyID are different things now
Renamed param of authmate from secretAddressFlag to accessKeyIDFlag,
that is more correct, imo.

Signed-off-by: Angira Kekteeva <kira@nspcc.ru>
This commit is contained in:
Angira Kekteeva 2021-06-02 21:53:20 +03:00
parent a118116ac0
commit 1a818bac33
3 changed files with 15 additions and 9 deletions

View file

@ -21,7 +21,7 @@ import (
"go.uber.org/zap" "go.uber.org/zap"
) )
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)/(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`) var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)_(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
type ( type (
// Center is a user authentication interface. // Center is a user authentication interface.
@ -88,10 +88,11 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err) return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err)
} }
accessKeyID := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) accessKeyID := fmt.Sprintf("%s_%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
address := object.NewAddress() address := object.NewAddress()
if err = address.Parse(accessKeyID); err != nil { if err = address.Parse(accessKeyAddress); err != nil {
return nil, fmt.Errorf("could not parse AccessBox address: %s : %w", accessKeyID, err) return nil, fmt.Errorf("could not parse AccessBox address: %s : %w", accessKeyID, err)
} }

View file

@ -162,8 +162,10 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
return fmt.Errorf("failed to get bearer token secret key: %w", err) return fmt.Errorf("failed to get bearer token secret key: %w", err)
} }
accessKeyID := address.ContainerID().String() + "_" + address.ObjectID().String()
ir := &issuingResult{ ir := &issuingResult{
AccessKeyID: address.String(), AccessKeyID: accessKeyID,
SecretAccessKey: secret, SecretAccessKey: secret,
OwnerPrivateKey: options.OwnerPrivateKey.String(), OwnerPrivateKey: options.OwnerPrivateKey.String(),
} }

View file

@ -8,6 +8,7 @@ import (
"fmt" "fmt"
"os" "os"
"os/signal" "os/signal"
"strings"
"syscall" "syscall"
"time" "time"
@ -37,7 +38,7 @@ var (
peerAddressFlag string peerAddressFlag string
eaclRulesFlag string eaclRulesFlag string
gatePrivateKeyFlag string gatePrivateKeyFlag string
secretAddressFlag string accessKeyIDFlag string
ownerPrivateKeyFlag string ownerPrivateKeyFlag string
containerIDFlag string containerIDFlag string
containerFriendlyName string containerFriendlyName string
@ -311,10 +312,10 @@ func obtainSecret() *cli.Command {
Destination: &gatePrivateKeyFlag, Destination: &gatePrivateKeyFlag,
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "secret-address", Name: "access-key-id",
Usage: "address of a secret (i.e. access key id for s3)", Usage: "access key id for s3",
Required: true, Required: true,
Destination: &secretAddressFlag, Destination: &accessKeyIDFlag,
}, },
}, },
Action: func(c *cli.Context) error { Action: func(c *cli.Context) error {
@ -342,8 +343,10 @@ func obtainSecret() *cli.Command {
return cli.Exit(fmt.Sprintf("failed to create owner's private key: %s", err), 4) return cli.Exit(fmt.Sprintf("failed to create owner's private key: %s", err), 4)
} }
secretAddress := strings.Replace(accessKeyIDFlag, "_", "/", 1)
obtainSecretOptions := &authmate.ObtainSecretOptions{ obtainSecretOptions := &authmate.ObtainSecretOptions{
SecretAddress: secretAddressFlag, SecretAddress: secretAddress,
GatePrivateKey: gateCreds.PrivateKey(), GatePrivateKey: gateCreds.PrivateKey(),
} }