From fd0ff4b8036071e490b306f7f93f8d273b1f2fac Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Mon, 11 Jul 2022 16:10:57 +0300 Subject: [PATCH] [#15] Sign base64 token representation Signed-off-by: Denis Kirillov --- cmd/neofs-rest-gw/integration_test.go | 6 ++++-- handlers/container_test.go | 15 +++++++++++++++ handlers/containers.go | 2 +- handlers/objects.go | 2 +- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/cmd/neofs-rest-gw/integration_test.go b/cmd/neofs-rest-gw/integration_test.go index 17369ac..83c971a 100644 --- a/cmd/neofs-rest-gw/integration_test.go +++ b/cmd/neofs-rest-gw/integration_test.go @@ -924,11 +924,13 @@ func signToken(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.Bearer } func signTokenWalletConnect(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.BearerToken { - sm, err := walletconnect.SignMessage(&key.PrivateKey, data[:]) + b64Token := make([]byte, base64.StdEncoding.EncodedLen(len(data))) + base64.StdEncoding.Encode(b64Token, data) + sm, err := walletconnect.SignMessage(&key.PrivateKey, b64Token[:]) require.NoError(t, err) return &handlers.BearerToken{ - Token: base64.StdEncoding.EncodeToString(data), + Token: string(b64Token), Signature: hex.EncodeToString(append(sm.Data, sm.Salt...)), Key: hex.EncodeToString(key.PublicKey().Bytes()), } diff --git a/handlers/container_test.go b/handlers/container_test.go index 5ebe0e7..79e908b 100644 --- a/handlers/container_test.go +++ b/handlers/container_test.go @@ -3,6 +3,7 @@ package handlers import ( "testing" + sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/stretchr/testify/require" ) @@ -35,3 +36,17 @@ func TestCheckContainerName(t *testing.T) { } } } + +func TestPrepareSessionToken(t *testing.T) { + st := &SessionToken{ + BearerToken: BearerToken{ + Token: "ChASxCTiXwREjLAG7nkxjDHVEhsKGTVxfQ56a0uQeFmOO63mqykBS1HNpw1rxSgaBgjIAhjkASIhAnLj82Qmdlcg7JtoyhDjJ1OsRFjtmxdXbzrwVkwxWAdWMgQIAxAB", + Signature: "2ebdc1f2fea2bba397d1be6f982a6fe1b2bc9f46a348b700108fe2eba4e6531a1bb585febf9a40a3fa2e085fca5e2a75ca57f61166117c6d3e04a95ef9a2d2196f52648546784853e17c0b7ba762eae1", + Key: "03bd9108c0b49f657e9eee50d1399022bd1e436118e5b7529a1b7cd606652f578f", + }, + Verb: sessionv2.ContainerVerbSetEACL, + } + + _, err := prepareSessionToken(st, true) + require.NoError(t, err) +} diff --git a/handlers/containers.go b/handlers/containers.go index 69cabe0..8d57a89 100644 --- a/handlers/containers.go +++ b/handlers/containers.go @@ -423,7 +423,7 @@ func prepareSessionToken(st *SessionToken, isWalletConnect bool) (*session.Token stoken.ToV2().SetSignature(v2signature) if isWalletConnect { - if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), data, signature) { + if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), []byte(st.Token), signature) { return nil, fmt.Errorf("invalid signature") } } else if !stoken.VerifySignature() { diff --git a/handlers/objects.go b/handlers/objects.go index 49a7296..ebdae9b 100644 --- a/handlers/objects.go +++ b/handlers/objects.go @@ -370,7 +370,7 @@ func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (*token.BearerTok btoken.ToV2().SetSignature(v2signature) if isWalletConnect { - if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), data, signature) { + if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), []byte(bt.Token), signature) { return nil, fmt.Errorf("invalid signature") } } else if err = btoken.VerifySignature(); err != nil {