forked from TrueCloudLab/frostfs-s3-gw
authmate: drop creds/s3 dependency
Signed-off-by: Roman Khimov <roman@nspcc.ru>
This commit is contained in:
parent
69e3e22dbc
commit
ce7c8932d4
2 changed files with 17 additions and 5 deletions
|
@ -15,9 +15,9 @@ import (
|
||||||
sdk "github.com/nspcc-dev/cdn-sdk"
|
sdk "github.com/nspcc-dev/cdn-sdk"
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/bearer"
|
"github.com/nspcc-dev/cdn-sdk/creds/bearer"
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/hcs"
|
"github.com/nspcc-dev/cdn-sdk/creds/hcs"
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/s3"
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||||||
|
"github.com/nspcc-dev/neofs-s3-gw/authmate"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := s3.SecretAccessKey(tkn)
|
secret, err := authmate.BearerToAccessKey(tkn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,8 @@ package authmate
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
@ -14,7 +16,6 @@ import (
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/bearer"
|
"github.com/nspcc-dev/cdn-sdk/creds/bearer"
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/hcs"
|
"github.com/nspcc-dev/cdn-sdk/creds/hcs"
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/neofs"
|
"github.com/nspcc-dev/cdn-sdk/creds/neofs"
|
||||||
"github.com/nspcc-dev/cdn-sdk/creds/s3"
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
|
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
|
||||||
|
@ -127,7 +128,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
||||||
return fmt.Errorf("failed to put bearer token: %w", err)
|
return fmt.Errorf("failed to put bearer token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := s3.SecretAccessKey(tkn)
|
secret, err := BearerToAccessKey(tkn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get bearer token secret key: %w", err)
|
return fmt.Errorf("failed to get bearer token secret key: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -157,7 +158,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
|
||||||
return fmt.Errorf("failed to get bearer token: %w", err)
|
return fmt.Errorf("failed to get bearer token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := s3.SecretAccessKey(tkn)
|
secret, err := BearerToAccessKey(tkn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get bearer token secret key: %w", err)
|
return fmt.Errorf("failed to get bearer token secret key: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -234,3 +235,14 @@ func buildBearerToken(key *ecdsa.PrivateKey, oid *owner.ID, table *eacl.Table) (
|
||||||
|
|
||||||
return bearerToken, bearerToken.SignToken(key)
|
return bearerToken, bearerToken.SignToken(key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BearerToAccessKey returns secret access key generated from given BearerToken.
|
||||||
|
func BearerToAccessKey(tkn *token.BearerToken) (string, error) {
|
||||||
|
data, err := tkn.Marshal()
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
hash := sha256.Sum256(data)
|
||||||
|
return hex.EncodeToString(hash[:]), nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue