[security] rpc: Do not transfer access/secret key. (#4857)

This is an improvement upon existing implementation by avoiding transfer of access and secret keys over the network. This change only exchanges JWT tokens generated by an rpc client. Even if the JWT can be traced over the network on a non-TLS connection, this change makes sure that we never really expose the secret key over the network.
2025-11-28 13:09:09 -05:00 · 2017-09-19 12:37:56 -07:00
parent f680b8482f
commit f8024cadbb
14 changed files with 184 additions and 141 deletions
--- a/cmd/web-handlers_test.go
+++ b/cmd/web-handlers_test.go
@@ -34,6 +34,7 @@ import (
 	"strings"
 	"testing"

+	jwtgo "github.com/dgrijalva/jwt-go"
 	humanize "github.com/dustin/go-humanize"
 	"github.com/minio/minio-go/pkg/policy"
 	"github.com/minio/minio-go/pkg/set"
@@ -667,6 +668,16 @@ func TestWebCreateURLToken(t *testing.T) {
 	ExecObjectLayerTest(t, testCreateURLToken)
 }

+func getTokenString(accessKey, secretKey string) (string, error) {
+	utcNow := UTCNow()
+	token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.StandardClaims{
+		ExpiresAt: utcNow.Add(defaultJWTExpiry).Unix(),
+		IssuedAt:  utcNow.Unix(),
+		Subject:   accessKey,
+	})
+	return token.SignedString([]byte(secretKey))
+}
+
 func testCreateURLToken(obj ObjectLayer, instanceType string, t TestErrHandler) {
 	apiRouter := initTestWebRPCEndPoint(obj)
 	credentials := serverConfig.GetCredential()
@@ -700,6 +711,21 @@ func testCreateURLToken(obj ObjectLayer, instanceType string, t TestErrHandler)
 	if !isAuthTokenValid(tokenReply.Token) {
 		t.Fatalf("token is not valid")
 	}
+
+	// Token is invalid.
+	if isAuthTokenValid("") {
+		t.Fatalf("token shouldn't be valid, but it is")
+	}
+
+	token, err := getTokenString("invalid-access", credentials.SecretKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Token has invalid access key.
+	if isAuthTokenValid(token) {
+		t.Fatalf("token shouldn't be valid, but it is")
+	}
 }

 // Wrapper for calling Upload Handler