authmate: drop creds/s3 dependency

Signed-off-by: Roman Khimov <roman@nspcc.ru>
This commit is contained in:
Roman Khimov 2021-05-25 19:52:29 +03:00
parent 69e3e22dbc
commit ce7c8932d4
2 changed files with 17 additions and 5 deletions

View file

@ -15,9 +15,9 @@ import (
sdk "github.com/nspcc-dev/cdn-sdk" sdk "github.com/nspcc-dev/cdn-sdk"
"github.com/nspcc-dev/cdn-sdk/creds/bearer" "github.com/nspcc-dev/cdn-sdk/creds/bearer"
"github.com/nspcc-dev/cdn-sdk/creds/hcs" "github.com/nspcc-dev/cdn-sdk/creds/hcs"
"github.com/nspcc-dev/cdn-sdk/creds/s3"
"github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/token" "github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/nspcc-dev/neofs-s3-gw/authmate"
"go.uber.org/zap" "go.uber.org/zap"
) )
@ -100,7 +100,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
return nil, err return nil, err
} }
secret, err := s3.SecretAccessKey(tkn) secret, err := authmate.BearerToAccessKey(tkn)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -3,6 +3,8 @@ package authmate
import ( import (
"context" "context"
"crypto/ecdsa" "crypto/ecdsa"
"crypto/sha256"
"encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
@ -14,7 +16,6 @@ import (
"github.com/nspcc-dev/cdn-sdk/creds/bearer" "github.com/nspcc-dev/cdn-sdk/creds/bearer"
"github.com/nspcc-dev/cdn-sdk/creds/hcs" "github.com/nspcc-dev/cdn-sdk/creds/hcs"
"github.com/nspcc-dev/cdn-sdk/creds/neofs" "github.com/nspcc-dev/cdn-sdk/creds/neofs"
"github.com/nspcc-dev/cdn-sdk/creds/s3"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-api-go/pkg/netmap" "github.com/nspcc-dev/neofs-api-go/pkg/netmap"
@ -127,7 +128,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
return fmt.Errorf("failed to put bearer token: %w", err) return fmt.Errorf("failed to put bearer token: %w", err)
} }
secret, err := s3.SecretAccessKey(tkn) secret, err := BearerToAccessKey(tkn)
if err != nil { if err != nil {
return fmt.Errorf("failed to get bearer token secret key: %w", err) return fmt.Errorf("failed to get bearer token secret key: %w", err)
} }
@ -157,7 +158,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
return fmt.Errorf("failed to get bearer token: %w", err) return fmt.Errorf("failed to get bearer token: %w", err)
} }
secret, err := s3.SecretAccessKey(tkn) secret, err := BearerToAccessKey(tkn)
if err != nil { if err != nil {
return fmt.Errorf("failed to get bearer token secret key: %w", err) return fmt.Errorf("failed to get bearer token secret key: %w", err)
} }
@ -234,3 +235,14 @@ func buildBearerToken(key *ecdsa.PrivateKey, oid *owner.ID, table *eacl.Table) (
return bearerToken, bearerToken.SignToken(key) return bearerToken, bearerToken.SignToken(key)
} }
// BearerToAccessKey returns secret access key generated from given BearerToken.
func BearerToAccessKey(tkn *token.BearerToken) (string, error) {
data, err := tkn.Marshal()
if err != nil {
return "", err
}
hash := sha256.Sum256(data)
return hex.EncodeToString(hash[:]), nil
}