frostfs-node/pkg/services/object/util/key.go

package util

import (
	"crypto/ecdsa"

	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
	"github.com/nspcc-dev/neofs-sdk-go/owner"
	"github.com/nspcc-dev/neofs-sdk-go/session"
)

// SessionSource is an interface tha provides
// access to node's actual (not expired) session
// tokens.
type SessionSource interface {
	// Get must return non-expired private token that
	// corresponds with passed owner and tokenID. If
	// token has not been created, has been expired
	// of it is impossible to get information about the
	// token Get must return nil.
	Get(owner *owner.ID, tokenID []byte) *storage.PrivateToken
}

// KeyStorage represents private key storage of the local node.
type KeyStorage struct {
	key *ecdsa.PrivateKey

	tokenStore SessionSource

	networkState netmap.State
}

// NewKeyStorage creates, initializes and returns new KeyStorage instance.
func NewKeyStorage(localKey *ecdsa.PrivateKey, tokenStore SessionSource, net netmap.State) *KeyStorage {
	return &KeyStorage{
		key:          localKey,
		tokenStore:   tokenStore,
		networkState: net,
	}
}

// GetKey returns private key of the node.
//
// If token is not nil, session private key is returned.
// Otherwise, node private key is returned.
func (s *KeyStorage) GetKey(token *session.Token) (*ecdsa.PrivateKey, error) {
	if token != nil {
		pToken := s.tokenStore.Get(token.OwnerID(), token.ID())
		if pToken != nil {
			if pToken.ExpiredAt() <= s.networkState.CurrentEpoch() {
				var errExpired apistatus.SessionTokenExpired

				return nil, errExpired
			}
			return pToken.SessionKey(), nil
		}

		var errNotFound apistatus.SessionTokenNotFound

		return nil, errNotFound
	}

	return s.key, nil
}
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`package util`

			`import (`
			`"crypto/ecdsa"`

[#943] service/object: Check session token expiration Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2021-10-25 12:19:50 +00:00			`"github.com/nspcc-dev/neofs-node/pkg/core/netmap"`
[#1255] object: Add persistent storage usage Use persistent storage usage in the node if it was configured so. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-03-21 14:56:56 +00:00			`"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"`
[#1247] object: Return status errors from `util.KeyStorage` Return `SessionTokenExpired`/`SessionTokenNotFound` error from `apistatus` package if private session token is expired/missing. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-17 06:36:09 +00:00			`apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"`
[#1255] object: Add persistent storage usage Use persistent storage usage in the node if it was configured so. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-03-21 14:56:56 +00:00			`"github.com/nspcc-dev/neofs-sdk-go/owner"`
*: replace neofs-api-go with neofs-sdk-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-10 07:08:33 +00:00			`"github.com/nspcc-dev/neofs-sdk-go/session"`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`)`

[#1255] object: Add persistent storage usage Use persistent storage usage in the node if it was configured so. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-03-21 14:56:56 +00:00			`// SessionSource is an interface tha provides`
			`// access to node's actual (not expired) session`
			`// tokens.`
			`type SessionSource interface {`
			`// Get must return non-expired private token that`
			`// corresponds with passed owner and tokenID. If`
			`// token has not been created, has been expired`
			`// of it is impossible to get information about the`
			`// token Get must return nil.`
			`Get(owner owner.ID, tokenID []byte) storage.PrivateToken`
			`}`

[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`// KeyStorage represents private key storage of the local node.`
			`type KeyStorage struct {`
			`key *ecdsa.PrivateKey`

[#1255] object: Add persistent storage usage Use persistent storage usage in the node if it was configured so. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-03-21 14:56:56 +00:00			`tokenStore SessionSource`
[#943] service/object: Check session token expiration Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2021-10-25 12:19:50 +00:00
			`networkState netmap.State`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`}`

			`// NewKeyStorage creates, initializes and returns new KeyStorage instance.`
[#1255] object: Add persistent storage usage Use persistent storage usage in the node if it was configured so. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-03-21 14:56:56 +00:00			`func NewKeyStorage(localKey ecdsa.PrivateKey, tokenStore SessionSource, net netmap.State) KeyStorage {`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`return &KeyStorage{`
[#943] service/object: Check session token expiration Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2021-10-25 12:19:50 +00:00			`key: localKey,`
			`tokenStore: tokenStore,`
			`networkState: net,`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`}`
			`}`

			`// GetKey returns private key of the node.`
			`//`
			`// If token is not nil, session private key is returned.`
			`// Otherwise, node private key is returned.`
[#570] *: Remove usage of deprecated elements from API Go library Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-31 11:03:17 +00:00			`func (s KeyStorage) GetKey(token session.Token) (*ecdsa.PrivateKey, error) {`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`if token != nil {`
			`pToken := s.tokenStore.Get(token.OwnerID(), token.ID())`
[#233] services/object: Implement new Get algorithm Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-12-02 23:45:25 +00:00			`if pToken != nil {`
[#943] service/object: Check session token expiration Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2021-10-25 12:19:50 +00:00			`if pToken.ExpiredAt() <= s.networkState.CurrentEpoch() {`
[#1247] object: Return status errors from `util.KeyStorage` Return `SessionTokenExpired`/`SessionTokenNotFound` error from `apistatus` package if private session token is expired/missing. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-17 06:36:09 +00:00			`var errExpired apistatus.SessionTokenExpired`

			`return nil, errExpired`
[#943] service/object: Check session token expiration Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2021-10-25 12:19:50 +00:00			`}`
[#233] services/object: Implement new Get algorithm Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-12-02 23:45:25 +00:00			`return pToken.SessionKey(), nil`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`}`
[#1247] object: Return status errors from `util.KeyStorage` Return `SessionTokenExpired`/`SessionTokenNotFound` error from `apistatus` package if private session token is expired/missing. These errors are returned by storage node's server as NeoFS API statuses. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-03-17 06:36:09 +00:00
			`var errNotFound apistatus.SessionTokenNotFound`

			`return nil, errNotFound`
[#57] services/object: Implement private key storage Implement storage that provides access to local node key and session keys through session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-09-29 15:11:20 +00:00			`}`

			`return s.key, nil`
			`}`