frostfs-node/pkg/services/util/sign.go

package util

import (
	"context"
	"crypto/ecdsa"

	"github.com/nspcc-dev/neofs-api-go/v2/signature"
	"github.com/pkg/errors"
)

type UnaryHandler func(context.Context, interface{}) (interface{}, error)

type SignService struct {
	key *ecdsa.PrivateKey
}

type ServerStreamHandler func(context.Context, interface{}) (ResponseMessageReader, error)

type ResponseMessageReader func() (interface{}, error)

type ResponseMessageStreamer struct {
	key *ecdsa.PrivateKey

	recv ResponseMessageReader
}

type RequestMessageWriter func(interface{}) error

type ClientStreamCloser func() (interface{}, error)

type RequestMessageStreamer struct {
	key *ecdsa.PrivateKey

	send RequestMessageWriter

	close ClientStreamCloser
}

func NewUnarySignService(key *ecdsa.PrivateKey) *SignService {
	return &SignService{
		key: key,
	}
}

func (s *RequestMessageStreamer) Send(req interface{}) error {
	// verify request signatures
	if err := signature.VerifyServiceMessage(req); err != nil {
		return errors.Wrap(err, "could not verify request")
	}

	return s.send(req)
}

func (s *RequestMessageStreamer) CloseAndRecv() (interface{}, error) {
	resp, err := s.close()
	if err != nil {
		return nil, errors.Wrap(err, "could not close stream and receive response")
	}

	if err := signature.SignServiceMessage(s.key, resp); err != nil {
		return nil, errors.Wrap(err, "could not sign response")
	}

	return resp, nil
}

func (s *SignService) CreateRequestStreamer(sender RequestMessageWriter, closer ClientStreamCloser) *RequestMessageStreamer {
	return &RequestMessageStreamer{
		key:   s.key,
		send:  sender,
		close: closer,
	}
}

func (s *ResponseMessageStreamer) Recv() (interface{}, error) {
	m, err := s.recv()
	if err != nil {
		return nil, errors.Wrap(err, "could not receive response message for signing")
	}

	if err := signature.SignServiceMessage(s.key, m); err != nil {
		return nil, errors.Wrap(err, "could not sign response message")
	}

	return m, nil
}

func (s *SignService) HandleServerStreamRequest(ctx context.Context, req interface{}, handler ServerStreamHandler) (*ResponseMessageStreamer, error) {
	// verify request signatures
	if err := signature.VerifyServiceMessage(req); err != nil {
		return nil, errors.Wrap(err, "could not verify request")
	}

	msgRdr, err := handler(ctx, req)
	if err != nil {
		return nil, errors.Wrap(err, "could not create message reader")
	}

	return &ResponseMessageStreamer{
		key:  s.key,
		recv: msgRdr,
	}, nil
}

func (s *SignService) HandleUnaryRequest(ctx context.Context, req interface{}, handler UnaryHandler) (interface{}, error) {
	// verify request signatures
	if err := signature.VerifyServiceMessage(req); err != nil {
		return nil, errors.Wrap(err, "could not verify request")
	}

	// process request
	resp, err := handler(ctx, req)
	if err != nil {
		return nil, errors.Wrap(err, "could not handle request")
	}

	// sign the response
	if err := signature.SignServiceMessage(s.key, resp); err != nil {
		return nil, errors.Wrap(err, "could not sign response")
	}

	return resp, nil
}
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`package util`

			`import (`
			`"context"`
			`"crypto/ecdsa"`

			`"github.com/nspcc-dev/neofs-api-go/v2/signature"`
			`"github.com/pkg/errors"`
			`)`

			`type UnaryHandler func(context.Context, interface{}) (interface{}, error)`

[#13] services/util: Rename UnarySignService to SingService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:43:39 +00:00			`type SignService struct {`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`key *ecdsa.PrivateKey`
			`}`

[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`type ServerStreamHandler func(context.Context, interface{}) (ResponseMessageReader, error)`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00
[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`type ResponseMessageReader func() (interface{}, error)`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00
[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`type ResponseMessageStreamer struct {`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`key *ecdsa.PrivateKey`

[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`recv ResponseMessageReader`
			`}`

			`type RequestMessageWriter func(interface{}) error`

			`type ClientStreamCloser func() (interface{}, error)`

			`type RequestMessageStreamer struct {`
			`key *ecdsa.PrivateKey`

			`send RequestMessageWriter`

			`close ClientStreamCloser`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`}`

[#13] services/util: Rename UnarySignService to SingService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:43:39 +00:00			`func NewUnarySignService(key ecdsa.PrivateKey) SignService {`
			`return &SignService{`
[#13] services: Refactor UnarySignService Replace UnaryHandler from structure to method arguments in order to reuse single instance for different service methods. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:20:26 +00:00			`key: key,`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`}`
			`}`

[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`func (s *RequestMessageStreamer) Send(req interface{}) error {`
			`// verify request signatures`
			`if err := signature.VerifyServiceMessage(req); err != nil {`
			`return errors.Wrap(err, "could not verify request")`
			`}`

			`return s.send(req)`
			`}`

			`func (s *RequestMessageStreamer) CloseAndRecv() (interface{}, error) {`
			`resp, err := s.close()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "could not close stream and receive response")`
			`}`

			`if err := signature.SignServiceMessage(s.key, resp); err != nil {`
			`return nil, errors.Wrap(err, "could not sign response")`
			`}`

			`return resp, nil`
			`}`

			`func (s SignService) CreateRequestStreamer(sender RequestMessageWriter, closer ClientStreamCloser) RequestMessageStreamer {`
			`return &RequestMessageStreamer{`
			`key: s.key,`
			`send: sender,`
			`close: closer,`
			`}`
			`}`

			`func (s *ResponseMessageStreamer) Recv() (interface{}, error) {`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`m, err := s.recv()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "could not receive response message for signing")`
			`}`

			`if err := signature.SignServiceMessage(s.key, m); err != nil {`
			`return nil, errors.Wrap(err, "could not sign response message")`
			`}`

			`return m, nil`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`func (s SignService) HandleServerStreamRequest(ctx context.Context, req interface{}, handler ServerStreamHandler) (ResponseMessageStreamer, error) {`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`// verify request signatures`
			`if err := signature.VerifyServiceMessage(req); err != nil {`
			`return nil, errors.Wrap(err, "could not verify request")`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`msgRdr, err := handler(ctx, req)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "could not create message reader")`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support client-side stream in SignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 10:00:41 +00:00			`return &ResponseMessageStreamer{`
[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`key: s.key,`
			`recv: msgRdr,`
			`}, nil`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Rename UnarySignService to SingService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:43:39 +00:00			`func (s *SignService) HandleUnaryRequest(ctx context.Context, req interface{}, handler UnaryHandler) (interface{}, error) {`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`// verify request signatures`
			`if err := signature.VerifyServiceMessage(req); err != nil {`
			`return nil, errors.Wrap(err, "could not verify request")`
			`}`

			`// process request`
[#13] services: Refactor UnarySignService Replace UnaryHandler from structure to method arguments in order to reuse single instance for different service methods. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:20:26 +00:00			`resp, err := handler(ctx, req)`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`if err != nil {`
			`return nil, errors.Wrap(err, "could not handle request")`
			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`// sign the response`
			`if err := signature.SignServiceMessage(s.key, resp); err != nil {`
			`return nil, errors.Wrap(err, "could not sign response")`
			`}`

[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`return resp, nil`
			`}`