forked from TrueCloudLab/frostfs-s3-gw
[#92] Remove keys generation
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
b5c8befa25
commit
fd8130a42f
4 changed files with 69 additions and 94 deletions
62
README.md
62
README.md
|
@ -127,28 +127,58 @@ token the object needs to be stored in a container available for the gateway
|
||||||
to read and it needs to be encrypted with this gateway's key (among others
|
to read and it needs to be encrypted with this gateway's key (among others
|
||||||
potentially).
|
potentially).
|
||||||
|
|
||||||
#### Generation of key pairs
|
#### Generation of wallet
|
||||||
|
|
||||||
To generate neofs key pairs for gateways, run the following command (`--count` is 1
|
To generate wallets for gateways, run the following command:
|
||||||
by default):
|
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ./neofs-authmate generate-keys --count=2
|
$ ./neo-go wallet init -a -w wallet.json
|
||||||
|
|
||||||
[
|
Enter the name of the account > AccountTestName
|
||||||
{
|
Enter passphrase >
|
||||||
"private_key": "b8ba980eb70b959be99915d2e0ad377809984ccd1dac0a6551907f81c2b33d21",
|
Confirm passphrase >
|
||||||
"public_key": "dd34f6dce9a4ce0990869ec6bd33a40e102a5798881cfe61d03a5659ceee1a64"
|
|
||||||
},
|
{
|
||||||
{
|
"version": "3.0",
|
||||||
"private_key": "407c351b17446ca07521faceb8b7d3e738319635f39f892419e2bf94462b4419",
|
"accounts": [
|
||||||
"public_key": "20453af9d7f245ff6fdfb1260eaa411ae3be9c519a2a9bf1c98233522cbd0156"
|
{
|
||||||
}
|
"address": "NhLQpDnerpviUWDF77j5qyjFgavCmasJ4p",
|
||||||
]
|
"key": "6PYUFyYpJ1JGyMrYV8NqeUFLKfpEVHsGGjCYtTDkjnKaSgYizRBZxVerte",
|
||||||
|
"label": "AccountTestName",
|
||||||
|
"contract": {
|
||||||
|
"script": "DCECXCsUZPwUyKHs6nAyyCvJ5s/vLwZkkVtWNC0zWzH8a9dBVuezJw==",
|
||||||
|
"parameters": [
|
||||||
|
{
|
||||||
|
"name": "parameter0",
|
||||||
|
"type": "Signature"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deployed": false
|
||||||
|
},
|
||||||
|
"lock": false,
|
||||||
|
"isDefault": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"scrypt": {
|
||||||
|
"n": 16384,
|
||||||
|
"r": 8,
|
||||||
|
"p": 8
|
||||||
|
},
|
||||||
|
"extra": {
|
||||||
|
"Tokens": null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
wallet successfully created, file location is wallet.json
|
||||||
```
|
```
|
||||||
|
|
||||||
Private key is the one to use for `neofs-s3-gw` command, public one can be
|
To get public key from wallet run:
|
||||||
used to create new AWS credentials.
|
```
|
||||||
|
$ ./bin/neo-go wallet dump-keys -w wallet.json
|
||||||
|
|
||||||
|
NhLQpDnerpviUWDF77j5qyjFgavCmasJ4p (simple signature contract):
|
||||||
|
025c2b1464fc14c8a1ecea7032c82bc9e6cfef2f0664915b56342d335b31fc6bd7
|
||||||
|
```
|
||||||
|
|
||||||
#### Issuance of a secret
|
#### Issuance of a secret
|
||||||
|
|
||||||
|
|
|
@ -3,10 +3,6 @@ package main
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
"encoding/hex"
|
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
|
@ -24,11 +20,6 @@ import (
|
||||||
"go.uber.org/zap/zapcore"
|
"go.uber.org/zap/zapcore"
|
||||||
)
|
)
|
||||||
|
|
||||||
type gateKey struct {
|
|
||||||
PrivateKey string `json:"private_key"`
|
|
||||||
PublicKey string `json:"public_key"`
|
|
||||||
}
|
|
||||||
|
|
||||||
const (
|
const (
|
||||||
poolConnectTimeout = 5 * time.Second
|
poolConnectTimeout = 5 * time.Second
|
||||||
poolRequestTimeout = 5 * time.Second
|
poolRequestTimeout = 5 * time.Second
|
||||||
|
@ -44,7 +35,6 @@ var (
|
||||||
containerIDFlag string
|
containerIDFlag string
|
||||||
containerFriendlyName string
|
containerFriendlyName string
|
||||||
gatesPublicKeysFlag cli.StringSlice
|
gatesPublicKeysFlag cli.StringSlice
|
||||||
gatesKeysCountFlag int
|
|
||||||
logEnabledFlag bool
|
logEnabledFlag bool
|
||||||
logDebugEnabledFlag bool
|
logDebugEnabledFlag bool
|
||||||
sessionTokenFlag bool
|
sessionTokenFlag bool
|
||||||
|
@ -120,63 +110,6 @@ func appCommands() []*cli.Command {
|
||||||
return []*cli.Command{
|
return []*cli.Command{
|
||||||
issueSecret(),
|
issueSecret(),
|
||||||
obtainSecret(),
|
obtainSecret(),
|
||||||
generateKeys(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func generateGatesKeys(count int) ([]*ecdsa.PrivateKey, error) {
|
|
||||||
var (
|
|
||||||
err error
|
|
||||||
res = make([]*ecdsa.PrivateKey, count)
|
|
||||||
)
|
|
||||||
|
|
||||||
for i := 0; i < count; i++ {
|
|
||||||
if res[i], err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return res, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func generateKeys() *cli.Command {
|
|
||||||
return &cli.Command{
|
|
||||||
Name: "generate-keys",
|
|
||||||
Usage: "Generate key pairs for gates",
|
|
||||||
Flags: []cli.Flag{
|
|
||||||
&cli.IntFlag{
|
|
||||||
Name: "count",
|
|
||||||
Usage: "number of 256r1 key pairs to generate",
|
|
||||||
Value: 1,
|
|
||||||
Destination: &gatesKeysCountFlag,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
Action: func(c *cli.Context) error {
|
|
||||||
_, log := prepare()
|
|
||||||
|
|
||||||
log.Info("start generating P-256 keys")
|
|
||||||
|
|
||||||
csl, err := generateGatesKeys(gatesKeysCountFlag)
|
|
||||||
if err != nil {
|
|
||||||
return cli.Exit(fmt.Sprintf("failed to create key pairs of gates: %s", err), 1)
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Info("generated P-256 keys")
|
|
||||||
|
|
||||||
gatesKeys := make([]gateKey, len(csl))
|
|
||||||
for i, cs := range csl {
|
|
||||||
privateKey, publicKey := hex.EncodeToString(cs.D.Bytes()), hex.EncodeToString(crypto.MarshalPublicKey(&cs.PublicKey))
|
|
||||||
gatesKeys[i] = gateKey{PrivateKey: privateKey, PublicKey: publicKey}
|
|
||||||
}
|
|
||||||
|
|
||||||
keys, err := json.MarshalIndent(gatesKeys, "", " ")
|
|
||||||
if err != nil {
|
|
||||||
return cli.Exit(fmt.Sprintf("failed to marshal key pairs of gates: %s", err), 2)
|
|
||||||
}
|
|
||||||
|
|
||||||
fmt.Println(string(keys))
|
|
||||||
return nil
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,6 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
"math"
|
||||||
|
@ -10,10 +9,10 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neo-go/cli/flags"
|
"github.com/nspcc-dev/neo-go/cli/flags"
|
||||||
|
"github.com/nspcc-dev/neo-go/cli/input"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/wallet"
|
"github.com/nspcc-dev/neo-go/pkg/wallet"
|
||||||
|
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/auth"
|
"github.com/nspcc-dev/neofs-s3-gw/api/auth"
|
||||||
"github.com/nspcc-dev/neofs-s3-gw/api/handler"
|
"github.com/nspcc-dev/neofs-s3-gw/api/handler"
|
||||||
|
@ -49,7 +48,7 @@ type (
|
||||||
func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
|
func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
|
||||||
var (
|
var (
|
||||||
conns pool.Pool
|
conns pool.Pool
|
||||||
key *ecdsa.PrivateKey
|
key *keys.PrivateKey
|
||||||
err error
|
err error
|
||||||
tls *tlsConfig
|
tls *tlsConfig
|
||||||
caller api.Handler
|
caller api.Handler
|
||||||
|
@ -86,7 +85,12 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
|
||||||
reBalance = v
|
reBalance = v
|
||||||
}
|
}
|
||||||
|
|
||||||
if key, err = getKeyFromWallet(v.GetString(cfgWallet), v.GetString(cfgAddress), v.GetString(cfgWalletPassphrase)); err != nil {
|
var password *string
|
||||||
|
if v.IsSet(cfgWalletPassphrase) {
|
||||||
|
pwd := v.GetString(cfgWalletPassphrase)
|
||||||
|
password = &pwd
|
||||||
|
}
|
||||||
|
if key, err = getKeyFromWallet(v.GetString(cfgWallet), v.GetString(cfgAddress), password); err != nil {
|
||||||
l.Fatal("could not load NeoFS private key", zap.Error(err))
|
l.Fatal("could not load NeoFS private key", zap.Error(err))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -98,10 +102,10 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
|
||||||
}
|
}
|
||||||
|
|
||||||
l.Info("using credentials",
|
l.Info("using credentials",
|
||||||
zap.String("NeoFS", hex.EncodeToString(crypto.MarshalPrivateKey(key))))
|
zap.String("NeoFS", hex.EncodeToString(key.PublicKey().Bytes())))
|
||||||
|
|
||||||
opts := &pool.BuilderOptions{
|
opts := &pool.BuilderOptions{
|
||||||
Key: key,
|
Key: &key.PrivateKey,
|
||||||
NodeConnectionTimeout: conTimeout,
|
NodeConnectionTimeout: conTimeout,
|
||||||
NodeRequestTimeout: reqTimeout,
|
NodeRequestTimeout: reqTimeout,
|
||||||
ClientRebalanceInterval: reBalance,
|
ClientRebalanceInterval: reBalance,
|
||||||
|
@ -116,7 +120,7 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
|
||||||
obj = layer.NewLayer(l, conns)
|
obj = layer.NewLayer(l, conns)
|
||||||
|
|
||||||
// prepare auth center
|
// prepare auth center
|
||||||
ctr = auth.New(conns, key)
|
ctr = auth.New(conns, &key.PrivateKey)
|
||||||
|
|
||||||
if caller, err = handler.New(l, obj); err != nil {
|
if caller, err = handler.New(l, obj); err != nil {
|
||||||
l.Fatal("could not initialize API handler", zap.Error(err))
|
l.Fatal("could not initialize API handler", zap.Error(err))
|
||||||
|
@ -138,7 +142,7 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func getKeyFromWallet(walletPath, addrStr, password string) (*ecdsa.PrivateKey, error) {
|
func getKeyFromWallet(walletPath, addrStr string, password *string) (*keys.PrivateKey, error) {
|
||||||
if len(walletPath) == 0 {
|
if len(walletPath) == 0 {
|
||||||
return nil, fmt.Errorf("wallet path must not be empty")
|
return nil, fmt.Errorf("wallet path must not be empty")
|
||||||
}
|
}
|
||||||
|
@ -162,11 +166,18 @@ func getKeyFromWallet(walletPath, addrStr, password string) (*ecdsa.PrivateKey,
|
||||||
return nil, fmt.Errorf("couldn't find wallet account for %s", addrStr)
|
return nil, fmt.Errorf("couldn't find wallet account for %s", addrStr)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := acc.Decrypt(password, w.Scrypt); err != nil {
|
if password == nil {
|
||||||
|
pwd, err := input.ReadPassword("Enter password > ")
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("couldn't read password")
|
||||||
|
}
|
||||||
|
password = &pwd
|
||||||
|
}
|
||||||
|
if err := acc.Decrypt(*password, w.Scrypt); err != nil {
|
||||||
return nil, fmt.Errorf("couldn't decrypt account: %w", err)
|
return nil, fmt.Errorf("couldn't decrypt account: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return &acc.PrivateKey().PrivateKey, nil
|
return acc.PrivateKey(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Wait waits for application to finish.
|
// Wait waits for application to finish.
|
||||||
|
|
1
go.sum
1
go.sum
|
@ -648,6 +648,7 @@ golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||||
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 h1:8qxJSnu+7dRq6upnbntrmriWByIakBuct5OM/MdQC1M=
|
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073 h1:8qxJSnu+7dRq6upnbntrmriWByIakBuct5OM/MdQC1M=
|
||||||
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
|
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M=
|
||||||
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
|
|
Loading…
Reference in a new issue