Merge branch 'release/0.7.5'
This commit is contained in:
commit
40ef55524a
8 changed files with 114 additions and 21 deletions
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -1,6 +1,20 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
This is the changelog for NeoFS-API-Go
|
This is the changelog for NeoFS-API-Go
|
||||||
|
|
||||||
|
## [0.7.5] - 2020-05-16
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- Owner key to the `SessionToken` signed payload.
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- `OwnerKeyContainer` interface embedded to `SessionTokenInfo` interface.
|
||||||
|
|
||||||
|
### Updated
|
||||||
|
|
||||||
|
- NeoFS API v0.7.5
|
||||||
|
|
||||||
## [0.7.4] - 2020-05-12
|
## [0.7.4] - 2020-05-12
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
@ -290,3 +304,4 @@ Initial public release
|
||||||
[0.7.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.2...v0.7.0
|
[0.7.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.2...v0.7.0
|
||||||
[0.7.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.0...v0.7.1
|
[0.7.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.0...v0.7.1
|
||||||
[0.7.4]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.1...v0.7.4
|
[0.7.4]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.1...v0.7.4
|
||||||
|
[0.7.5]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.4...v0.7.5
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -1,4 +1,4 @@
|
||||||
PROTO_VERSION=v0.7.4
|
PROTO_VERSION=v0.7.5
|
||||||
PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
|
PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
|
||||||
|
|
||||||
B=\033[0;1m
|
B=\033[0;1m
|
||||||
|
|
|
@ -132,6 +132,7 @@ User token granting rights for object manipulation
|
||||||
| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
|
| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
|
||||||
| Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session |
|
| Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session |
|
||||||
| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
|
| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
|
||||||
|
| OwnerKey | [bytes](#bytes) | | OwnerKey is a public key of the token owner |
|
||||||
|
|
||||||
|
|
||||||
<a name="service.TokenLifetime"></a>
|
<a name="service.TokenLifetime"></a>
|
||||||
|
|
|
@ -26,6 +26,10 @@ type signDataReaderWithToken struct {
|
||||||
token SessionToken
|
token SessionToken
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type signedSessionToken struct {
|
||||||
|
SessionToken
|
||||||
|
}
|
||||||
|
|
||||||
const verbSize = 4
|
const verbSize = 4
|
||||||
|
|
||||||
const fixedTokenDataSize = 0 +
|
const fixedTokenDataSize = 0 +
|
||||||
|
@ -99,6 +103,11 @@ func (m *Token_Info) SetSessionKey(key []byte) {
|
||||||
m.SessionKey = key
|
m.SessionKey = key
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetOwnerKey is an OwnerKey field setter.
|
||||||
|
func (m *Token_Info) SetOwnerKey(key []byte) {
|
||||||
|
m.OwnerKey = key
|
||||||
|
}
|
||||||
|
|
||||||
// SetSignature is a Signature field setter.
|
// SetSignature is a Signature field setter.
|
||||||
func (m *Token) SetSignature(sig []byte) {
|
func (m *Token) SetSignature(sig []byte) {
|
||||||
m.Signature = sig
|
m.Signature = sig
|
||||||
|
@ -116,40 +125,60 @@ func (x Token_Info_Verb) Bytes() []byte {
|
||||||
return data
|
return data
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddSignKey calls a Signature field setter with passed signature.
|
// AddSignKey calls a Signature field setter of token with passed signature.
|
||||||
func (m *Token) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
|
func (s signedSessionToken) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
|
||||||
m.SetSignature(sig)
|
if s.SessionToken != nil {
|
||||||
|
s.SessionToken.SetSignature(sig)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedData returns token information in a binary representation.
|
// SignedData returns token information in a binary representation.
|
||||||
func (m *Token) SignedData() ([]byte, error) {
|
func (s signedSessionToken) SignedData() ([]byte, error) {
|
||||||
return SignedDataFromReader(m)
|
return SignedDataFromReader(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SignedDataSize returns the length of signed token information slice.
|
||||||
|
func (s signedSessionToken) SignedDataSize() int {
|
||||||
|
return tokenInfoSize(s.SessionToken)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadSignedData copies a binary representation of the token information to passed buffer.
|
// ReadSignedData copies a binary representation of the token information to passed buffer.
|
||||||
//
|
//
|
||||||
// If buffer length is less than required, io.ErrUnexpectedEOF returns.
|
// If buffer length is less than required, io.ErrUnexpectedEOF returns.
|
||||||
func (m *Token_Info) ReadSignedData(p []byte) (int, error) {
|
func (s signedSessionToken) ReadSignedData(p []byte) (int, error) {
|
||||||
sz := m.SignedDataSize()
|
sz := s.SignedDataSize()
|
||||||
if len(p) < sz {
|
if len(p) < sz {
|
||||||
return 0, io.ErrUnexpectedEOF
|
return 0, io.ErrUnexpectedEOF
|
||||||
}
|
}
|
||||||
|
|
||||||
copyTokenSignedData(p, m)
|
copyTokenSignedData(p, s.SessionToken)
|
||||||
|
|
||||||
return sz, nil
|
return sz, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedDataSize returns the length of signed token information slice.
|
// NewSignedSessionToken wraps passed SessionToken in a component suitable for signing.
|
||||||
func (m *Token_Info) SignedDataSize() int {
|
//
|
||||||
return tokenInfoSize(m)
|
// Result can be used in AddSignatureWithKey function.
|
||||||
|
func NewSignedSessionToken(token SessionToken) DataWithSignKeyAccumulator {
|
||||||
|
return &signedSessionToken{
|
||||||
|
SessionToken: token,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func tokenInfoSize(v SessionKeySource) int {
|
// NewVerifiedSessionToken wraps passed SessionToken in a component suitable for signature verification.
|
||||||
|
//
|
||||||
|
// Result can be used in VerifySignatureWithKey function.
|
||||||
|
func NewVerifiedSessionToken(token SessionToken) DataWithSignature {
|
||||||
|
return &signedSessionToken{
|
||||||
|
SessionToken: token,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func tokenInfoSize(v SessionTokenInfo) int {
|
||||||
if v == nil {
|
if v == nil {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
return fixedTokenDataSize + len(v.GetSessionKey())
|
return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fills passed buffer with signing token information bytes.
|
// Fills passed buffer with signing token information bytes.
|
||||||
|
@ -179,7 +208,9 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) {
|
||||||
tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
|
tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
|
||||||
off += 8
|
off += 8
|
||||||
|
|
||||||
copy(buf[off:], token.GetSessionKey())
|
off += copy(buf[off:], token.GetSessionKey())
|
||||||
|
|
||||||
|
copy(buf[off:], token.GetOwnerKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedData concatenates signed data with session token information. Returns concatenation result.
|
// SignedData concatenates signed data with session token information. Returns concatenation result.
|
||||||
|
|
|
@ -77,6 +77,16 @@ func TestTokenGettersSetters(t *testing.T) {
|
||||||
require.Equal(t, key, tok.GetSessionKey())
|
require.Equal(t, key, tok.GetSessionKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
key := make([]byte, 10)
|
||||||
|
_, err := rand.Read(key)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
tok.SetOwnerKey(key)
|
||||||
|
|
||||||
|
require.Equal(t, key, tok.GetOwnerKey())
|
||||||
|
}
|
||||||
|
|
||||||
{ // Signature
|
{ // Signature
|
||||||
sig := make([]byte, 10)
|
sig := make([]byte, 10)
|
||||||
_, err := rand.Read(sig)
|
_, err := rand.Read(sig)
|
||||||
|
@ -89,7 +99,7 @@ func TestTokenGettersSetters(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSignToken(t *testing.T) {
|
func TestSignToken(t *testing.T) {
|
||||||
token := new(Token)
|
var token SessionToken = new(Token)
|
||||||
|
|
||||||
// create private key for signing
|
// create private key for signing
|
||||||
sk := test.DecodeKey(0)
|
sk := test.DecodeKey(0)
|
||||||
|
@ -126,9 +136,17 @@ func TestSignToken(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
token.SetSessionKey(sessionKey)
|
token.SetSessionKey(sessionKey)
|
||||||
|
|
||||||
|
ownerKey := make([]byte, 10)
|
||||||
|
_, err = rand.Read(ownerKey[:])
|
||||||
|
require.NoError(t, err)
|
||||||
|
token.SetOwnerKey(ownerKey)
|
||||||
|
|
||||||
|
signedToken := NewSignedSessionToken(token)
|
||||||
|
verifiedToken := NewVerifiedSessionToken(token)
|
||||||
|
|
||||||
// sign and verify token
|
// sign and verify token
|
||||||
require.NoError(t, AddSignatureWithKey(sk, token))
|
require.NoError(t, AddSignatureWithKey(sk, signedToken))
|
||||||
require.NoError(t, VerifySignatureWithKey(pk, token))
|
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
|
||||||
|
|
||||||
items := []struct {
|
items := []struct {
|
||||||
corrupt func()
|
corrupt func()
|
||||||
|
@ -208,12 +226,24 @@ func TestSignToken(t *testing.T) {
|
||||||
token.SetSessionKey(sessionKey)
|
token.SetSessionKey(sessionKey)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{ // Owner key
|
||||||
|
corrupt: func() {
|
||||||
|
ownerKey := token.GetOwnerKey()
|
||||||
|
ownerKey[0]++
|
||||||
|
token.SetOwnerKey(ownerKey)
|
||||||
|
},
|
||||||
|
restore: func() {
|
||||||
|
ownerKey := token.GetOwnerKey()
|
||||||
|
ownerKey[0]--
|
||||||
|
token.SetOwnerKey(ownerKey)
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, v := range items {
|
for _, v := range items {
|
||||||
v.corrupt()
|
v.corrupt()
|
||||||
require.Error(t, VerifySignatureWithKey(pk, token))
|
require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
|
||||||
v.restore()
|
v.restore()
|
||||||
require.NoError(t, VerifySignatureWithKey(pk, token))
|
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -158,6 +158,17 @@ type SignatureContainer interface {
|
||||||
SetSignature([]byte)
|
SetSignature([]byte)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OwnerKeySource is an interface of the container of owner key bytes with read access.
|
||||||
|
type OwnerKeySource interface {
|
||||||
|
GetOwnerKey() []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
// OwnerKeyContainer is an interface of the container of owner key bytes.
|
||||||
|
type OwnerKeyContainer interface {
|
||||||
|
OwnerKeySource
|
||||||
|
SetOwnerKey([]byte)
|
||||||
|
}
|
||||||
|
|
||||||
// SessionTokenSource is an interface of the container of a SessionToken with read access.
|
// SessionTokenSource is an interface of the container of a SessionToken with read access.
|
||||||
type SessionTokenSource interface {
|
type SessionTokenSource interface {
|
||||||
GetSessionToken() SessionToken
|
GetSessionToken() SessionToken
|
||||||
|
@ -170,7 +181,8 @@ type SessionTokenSource interface {
|
||||||
// - verb of the session;
|
// - verb of the session;
|
||||||
// - address of the session object;
|
// - address of the session object;
|
||||||
// - token lifetime;
|
// - token lifetime;
|
||||||
// - public session key bytes.
|
// - public session key bytes;
|
||||||
|
// - owner's public key bytes.
|
||||||
type SessionTokenInfo interface {
|
type SessionTokenInfo interface {
|
||||||
TokenIDContainer
|
TokenIDContainer
|
||||||
OwnerIDContainer
|
OwnerIDContainer
|
||||||
|
@ -178,6 +190,7 @@ type SessionTokenInfo interface {
|
||||||
AddressContainer
|
AddressContainer
|
||||||
LifetimeContainer
|
LifetimeContainer
|
||||||
SessionKeyContainer
|
SessionKeyContainer
|
||||||
|
OwnerKeyContainer
|
||||||
}
|
}
|
||||||
|
|
||||||
// SessionToken is an interface of token information and signature pair.
|
// SessionToken is an interface of token information and signature pair.
|
||||||
|
|
Binary file not shown.
|
@ -63,6 +63,9 @@ message Token {
|
||||||
|
|
||||||
// SessionKey is a public key of session key
|
// SessionKey is a public key of session key
|
||||||
bytes SessionKey = 6;
|
bytes SessionKey = 6;
|
||||||
|
|
||||||
|
// OwnerKey is a public key of the token owner
|
||||||
|
bytes OwnerKey = 7;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TokenInfo is a grouped information about token
|
// TokenInfo is a grouped information about token
|
||||||
|
|
Loading…
Reference in a new issue