Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use node-specific owner IDs in bearer tokens #83

Closed
roman-khimov opened this issue Jun 15, 2021 · 2 comments · Fixed by #90
Closed

Use node-specific owner IDs in bearer tokens #83

roman-khimov opened this issue Jun 15, 2021 · 2 comments · Fixed by #90
Assignees
@KirillovDenis
Milestone
v0.16.0

Comments

@roman-khimov
Copy link
Member

We do know all S3 gateway nodes so we can use owners in bearer tokens and to properly use them we need to use node-specific key in each encrypted token which means that we can't generate/sign token first and then encrypt the same token for all nodes. So some interfaces need to be changed and adapted for this scheme, but that's what we need to have in the end for proper gateway functioning.

This better be done after #75.
@roman-khimov roman-khimov added this to the v0.16.0 milestone Jun 15, 2021
@roman-khimov roman-khimov mentioned this issue Jun 15, 2021
Closed
@KirillovDenis
Copy link
Contributor

@roman-khimov There is some problem with using different bearer tokens. Since SecretAccessKey (aws credentials) is calculated as hash from token we will get different keys for different gates.

@roman-khimov
Copy link
Member Author

Then we need to fix it also. Access key being a hash means that anyone seeing this token (any NeoFS node) automatically knows the access key which doesn't seem right to me. What we can do instead is choose some random key and add it into the access box, then encrypt it along with tokens (maybe as a separate AccessBox field).

@KirillovDenis KirillovDenis mentioned this issue Jun 18, 2021
Merged
roman-khimov added a commit that referenced this issue Jun 18, 2021
@roman-khimov
Merge pull request #90 from KirillovDenis/feature/83-use_multiple_bea…
cba22aa 
…rer_tokens

[#83] Use multiple bearer tokens
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KirillovDenis KirillovDenis

Labels
None yet
Projects
None yet
Milestone
v0.16.0
Development

Successfully merging a pull request may close this issue.

[#83] Use multiple bearer tokens
2 participants
@KirillovDenis @roman-khimov