frostfs-api-go/session/private.go
Leonard Lyubich 4fa7360cd1 session: support the expiration of private tokens
All sessions in NeoFS has limited in epochs lifetime. There is a need
to limit the lifetime of private session tokens.

This commmit:

  * extends PrivateToken interface with Expired method;

  * defines EpochLifetimeStore interface with RemoveExpired method
    and embeds it to PrivateTokenStore interface;

  * adds epoch value parameter to private token constructor.
2020-04-29 14:11:19 +03:00

45 lines
1,012 B
Go

package session
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
crypto "github.com/nspcc-dev/neofs-crypto"
)
type pToken struct {
// private session token
sessionKey *ecdsa.PrivateKey
// last epoch of the lifetime
validUntil uint64
}
// NewPrivateToken creates PrivateToken instance that expires after passed epoch.
//
// Returns non-nil error on key generation error.
func NewPrivateToken(validUntil uint64) (PrivateToken, error) {
sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
}
return &pToken{
sessionKey: sk,
validUntil: validUntil,
}, nil
}
// Sign signs data with session private key.
func (t *pToken) Sign(data []byte) ([]byte, error) {
return crypto.Sign(t.sessionKey, data)
}
// PublicKey returns a binary representation of the session public key.
func (t *pToken) PublicKey() []byte {
return crypto.MarshalPublicKey(&t.sessionKey.PublicKey)
}
func (t *pToken) Expired(epoch uint64) bool {
return t.validUntil < epoch
}