service: add owner key to a signed payload of SessionToken
This commit is contained in:
parent
bc413f6280
commit
1896264f8c
2 changed files with 32 additions and 3 deletions
service
|
@ -174,11 +174,11 @@ func NewVerifiedSessionToken(token SessionToken) DataWithSignature {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func tokenInfoSize(v SessionKeySource) int {
|
func tokenInfoSize(v SessionTokenInfo) int {
|
||||||
if v == nil {
|
if v == nil {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
return fixedTokenDataSize + len(v.GetSessionKey())
|
return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fills passed buffer with signing token information bytes.
|
// Fills passed buffer with signing token information bytes.
|
||||||
|
@ -208,7 +208,9 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) {
|
||||||
tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
|
tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
|
||||||
off += 8
|
off += 8
|
||||||
|
|
||||||
copy(buf[off:], token.GetSessionKey())
|
off += copy(buf[off:], token.GetSessionKey())
|
||||||
|
|
||||||
|
copy(buf[off:], token.GetOwnerKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedData concatenates signed data with session token information. Returns concatenation result.
|
// SignedData concatenates signed data with session token information. Returns concatenation result.
|
||||||
|
|
|
@ -77,6 +77,16 @@ func TestTokenGettersSetters(t *testing.T) {
|
||||||
require.Equal(t, key, tok.GetSessionKey())
|
require.Equal(t, key, tok.GetSessionKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
key := make([]byte, 10)
|
||||||
|
_, err := rand.Read(key)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
tok.SetOwnerKey(key)
|
||||||
|
|
||||||
|
require.Equal(t, key, tok.GetOwnerKey())
|
||||||
|
}
|
||||||
|
|
||||||
{ // Signature
|
{ // Signature
|
||||||
sig := make([]byte, 10)
|
sig := make([]byte, 10)
|
||||||
_, err := rand.Read(sig)
|
_, err := rand.Read(sig)
|
||||||
|
@ -126,6 +136,11 @@ func TestSignToken(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
token.SetSessionKey(sessionKey)
|
token.SetSessionKey(sessionKey)
|
||||||
|
|
||||||
|
ownerKey := make([]byte, 10)
|
||||||
|
_, err = rand.Read(ownerKey[:])
|
||||||
|
require.NoError(t, err)
|
||||||
|
token.SetOwnerKey(ownerKey)
|
||||||
|
|
||||||
signedToken := NewSignedSessionToken(token)
|
signedToken := NewSignedSessionToken(token)
|
||||||
verifiedToken := NewVerifiedSessionToken(token)
|
verifiedToken := NewVerifiedSessionToken(token)
|
||||||
|
|
||||||
|
@ -211,6 +226,18 @@ func TestSignToken(t *testing.T) {
|
||||||
token.SetSessionKey(sessionKey)
|
token.SetSessionKey(sessionKey)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{ // Owner key
|
||||||
|
corrupt: func() {
|
||||||
|
ownerKey := token.GetOwnerKey()
|
||||||
|
ownerKey[0]++
|
||||||
|
token.SetOwnerKey(ownerKey)
|
||||||
|
},
|
||||||
|
restore: func() {
|
||||||
|
ownerKey := token.GetOwnerKey()
|
||||||
|
ownerKey[0]--
|
||||||
|
token.SetOwnerKey(ownerKey)
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, v := range items {
|
for _, v := range items {
|
||||||
|
|
Loading…
Reference in a new issue