[#339] Add aws-sdk-go-v2

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-03-27 09:14:58 +03:00 · 2024-03-27 09:14:58 +03:00 · cc9a68401f
commit cc9a68401f
parent 8f7ccb0f62
48 changed files with 5894 additions and 51 deletions
--- a/api/auth/center_test.go
+++ b/api/auth/center_test.go
@ -14,6 +14,7 @@ import (

 	v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
+	v4a "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
@ -25,6 +26,8 @@ import (
 	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	credentialsv2 "github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap/zaptest"
 )
@ -60,7 +63,7 @@ func TestAuthHeaderParse(t *testing.T) {
 				AccessKeyID:  "oid0cid",
 				Service:      "s3",
 				Region:       "us-east-1",
-				SignatureV4:  "2811ccb9e242f41426738fb1f",
+				Signature:    "2811ccb9e242f41426738fb1f",
 				SignedFields: []string{"host", "x-amz-content-sha256", "x-amz-date"},
 				Date:         "20210809",
 			},
@ -71,7 +74,7 @@ func TestAuthHeaderParse(t *testing.T) {
 			expected: nil,
 		},
 	} {
-		authHeader, err := center.parseAuthHeader(tc.header)
+		authHeader, err := center.parseAuthHeader(tc.header, nil)
 		require.ErrorIs(t, err, tc.err, tc.header)
 		require.Equal(t, tc.expected, authHeader, tc.header)
 	}
@ -90,6 +93,41 @@ func TestSignature(t *testing.T) {
 	require.Equal(t, "dfbe886241d9e369cf4b329ca0f15eb27306c97aa1022cc0bb5a914c4ef87634", signature)
 }

+func TestSignatureV4A(t *testing.T) {
+	var accessKeyAddr oid.Address
+	err := accessKeyAddr.DecodeString("8N7CYBY74kxZXoyvA5UNdmovaXqFpwNfvEPsqaN81es2/3tDwq5tR8fByrJcyJwyiuYX7Dae8tyDT7pd8oaL1MBto")
+	require.NoError(t, err)
+
+	accessKeyID := strings.ReplaceAll(accessKeyAddr.String(), "/", "0")
+	secretKey := "713d0a0b9efc7d22923e17b0402a6a89b4273bc711c8bacb2da1b643d0006aeb"
+
+	signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
+		options.DisableURIPathEscaping = true
+	})
+
+	credAdapter := v4a.SymmetricCredentialAdaptor{
+		SymmetricProvider: credentialsv2.NewStaticCredentialsProvider(accessKeyID, secretKey, ""),
+	}
+
+	req, err := http.NewRequest("GET", "http://localhost:8084/bucket/object", nil)
+	require.NoError(t, err)
+
+	creds, err := credAdapter.RetrievePrivateKey(req.Context())
+	require.NoError(t, err)
+
+	signingTime := time.Now()
+	service := "s3"
+	regionSet := []string{"spb"}
+
+	err = signer.SignHTTP(req.Context(), creds, req, "", service, regionSet, signingTime)
+	require.NoError(t, err)
+
+	signature := NewRegexpMatcher(authorizationFieldV4aRegexp).GetSubmatches(req.Header.Get(AuthorizationHdr))["v4_signature"]
+
+	err = signer.VerifySignature(creds, req, "", service, regionSet, signingTime, signature)
+	require.NoError(t, err)
+}
+
 func TestCheckFormatContentSHA256(t *testing.T) {
 	defaultErr := errors.GetAPIError(errors.ErrContentSHA256Mismatch)