In previous implementation service package provided types and functions
that wrapped signing/verification of data with session token.
This allowed us to use these functions for signing / verification of
service requests of other packages. To support the expansion of messages
with additional parts that need to be signed, you must be able to easily
expand the signed data with new parts.
To achieve the described goal, this commit makes the following changes:
* adds GroupSignedPayloads and GroupVerifyPayloads functions;
* renames SignedDataWithToken to RequestData, DataWithTokenSignAccumulator
to RequestSignedData, DataWithTokenSignSource to RequestVerifyData;
* renames SignDataWithSessionToken/VerifyAccumulatedSignaturesWithToken
function to SignRequestData/VerifyRequestData and makes it to use
GroupSignedPayloads/GroupVerifyPayloads internally.
After recent changes PrivateToken cannot directly return public key
bytes. In order to provide this ability, this commit implements
a function over PrivateToken interface.
This commit replaces PublicKey() and SignData() methods of PrivateToken
with PrivateKey() in order to have the ability to sign data with
session key using service package functions.
All sessions in NeoFS has limited in epochs lifetime. There is a need
to limit the lifetime of private session tokens.
This commmit:
* extends PrivateToken interface with Expired method;
* defines EpochLifetimeStore interface with RemoveExpired method
and embeds it to PrivateTokenStore interface;
* adds epoch value parameter to private token constructor.
In previous implementation PToken contained the full Token structure.
Since private token is used for data signature only, storing unused
fields of a user token is impractical. To emphasize the purpose of
the private part of the session, it makes sense to provide the user
of the session package with its interface. The interface will only provide
the functionality of data signing with private session key.
This commit:
* removes PToken structure from session package;
* defines PrivateToken interface of private session part;
* adds the implementation of PrivateToken on unexported struct;
* provides the constructor that generates session key internally.
We want to remove all innner ring queries to authenticate
owner by public keys. Therefore we put public keys into
session token. Later public keys could be gathered with NeoID
or other centre of authority.
Leonard Lyubich
Alex Vanin
Evgeniy Kulikov