parent
08769f413f
commit
04727ce1d6
2 changed files with 14 additions and 23 deletions
|
@ -54,7 +54,7 @@ func (s *getStreamSigner) Send(resp *object.GetResponse) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SignService) Get(req *object.GetRequest, stream GetObjectStream) error {
|
func (s *SignService) Get(req *object.GetRequest, stream GetObjectStream) error {
|
||||||
return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
|
return s.sigSvc.HandleServerStreamRequest(req,
|
||||||
func(resp util.ResponseMessage) error {
|
func(resp util.ResponseMessage) error {
|
||||||
return stream.Send(resp.(*object.GetResponse))
|
return stream.Send(resp.(*object.GetResponse))
|
||||||
},
|
},
|
||||||
|
@ -126,7 +126,7 @@ func (s *searchStreamSigner) Send(resp *object.SearchResponse) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SignService) Search(req *object.SearchRequest, stream SearchStream) error {
|
func (s *SignService) Search(req *object.SearchRequest, stream SearchStream) error {
|
||||||
return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
|
return s.sigSvc.HandleServerStreamRequest(req,
|
||||||
func(resp util.ResponseMessage) error {
|
func(resp util.ResponseMessage) error {
|
||||||
return stream.Send(resp.(*object.SearchResponse))
|
return stream.Send(resp.(*object.SearchResponse))
|
||||||
},
|
},
|
||||||
|
@ -176,7 +176,7 @@ func (s *getRangeStreamSigner) Send(resp *object.GetRangeResponse) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SignService) GetRange(req *object.GetRangeRequest, stream GetObjectRangeStream) error {
|
func (s *SignService) GetRange(req *object.GetRangeRequest, stream GetObjectRangeStream) error {
|
||||||
return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
|
return s.sigSvc.HandleServerStreamRequest(req,
|
||||||
func(resp util.ResponseMessage) error {
|
func(resp util.ResponseMessage) error {
|
||||||
return stream.Send(resp.(*object.GetRangeResponse))
|
return stream.Send(resp.(*object.GetRangeResponse))
|
||||||
},
|
},
|
||||||
|
|
|
@ -6,7 +6,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/pkg/tracing"
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
|
||||||
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
||||||
|
@ -68,7 +67,8 @@ func (s *RequestMessageStreamer) Send(ctx context.Context, req any) error {
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
if err = verifyRequestSignature(ctx, req); err != nil {
|
// verify request signatures
|
||||||
|
if err = signature.VerifyServiceMessage(req); err != nil {
|
||||||
err = fmt.Errorf("could not verify request: %w", err)
|
err = fmt.Errorf("could not verify request: %w", err)
|
||||||
} else {
|
} else {
|
||||||
err = s.send(ctx, req)
|
err = s.send(ctx, req)
|
||||||
|
@ -112,7 +112,7 @@ func (s *RequestMessageStreamer) CloseAndRecv(ctx context.Context) (ResponseMess
|
||||||
setStatusV2(resp, err)
|
setStatusV2(resp, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = signResponse(ctx, s.key, resp, s.statusSupported); err != nil {
|
if err = signResponse(s.key, resp, s.statusSupported); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -130,7 +130,6 @@ func (s *SignService) CreateRequestStreamer(sender RequestMessageWriter, closer
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SignService) HandleServerStreamRequest(
|
func (s *SignService) HandleServerStreamRequest(
|
||||||
ctx context.Context,
|
|
||||||
req any,
|
req any,
|
||||||
respWriter ResponseMessageWriter,
|
respWriter ResponseMessageWriter,
|
||||||
blankResp ResponseConstructor,
|
blankResp ResponseConstructor,
|
||||||
|
@ -143,11 +142,12 @@ func (s *SignService) HandleServerStreamRequest(
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
if err = verifyRequestSignature(ctx, req); err != nil {
|
// verify request signatures
|
||||||
|
if err = signature.VerifyServiceMessage(req); err != nil {
|
||||||
err = fmt.Errorf("could not verify request: %w", err)
|
err = fmt.Errorf("could not verify request: %w", err)
|
||||||
} else {
|
} else {
|
||||||
err = respWriterCaller(func(resp ResponseMessage) error {
|
err = respWriterCaller(func(resp ResponseMessage) error {
|
||||||
if err := signResponse(ctx, s.key, resp, statusSupported); err != nil {
|
if err := signResponse(s.key, resp, statusSupported); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -164,7 +164,7 @@ func (s *SignService) HandleServerStreamRequest(
|
||||||
|
|
||||||
setStatusV2(resp, err)
|
setStatusV2(resp, err)
|
||||||
|
|
||||||
_ = signResponse(ctx, s.key, resp, false) // panics or returns nil with false arg
|
_ = signResponse(s.key, resp, false) // panics or returns nil with false arg
|
||||||
|
|
||||||
return respWriter(resp)
|
return respWriter(resp)
|
||||||
}
|
}
|
||||||
|
@ -183,7 +183,8 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U
|
||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
|
|
||||||
if err = verifyRequestSignature(ctx, req); err != nil {
|
// verify request signatures
|
||||||
|
if err = signature.VerifyServiceMessage(req); err != nil {
|
||||||
var sigErr apistatus.SignatureVerification
|
var sigErr apistatus.SignatureVerification
|
||||||
sigErr.SetMessage(err.Error())
|
sigErr.SetMessage(err.Error())
|
||||||
|
|
||||||
|
@ -204,7 +205,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U
|
||||||
}
|
}
|
||||||
|
|
||||||
// sign the response
|
// sign the response
|
||||||
if err = signResponse(ctx, s.key, resp, statusSupported); err != nil {
|
if err = signResponse(s.key, resp, statusSupported); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -232,10 +233,7 @@ func setStatusV2(resp ResponseMessage, err error) {
|
||||||
// The signature error affects the result depending on the protocol version:
|
// The signature error affects the result depending on the protocol version:
|
||||||
// - if status return is supported, panics since we cannot return the failed status, because it will not be signed;
|
// - if status return is supported, panics since we cannot return the failed status, because it will not be signed;
|
||||||
// - otherwise, returns error in order to transport it directly.
|
// - otherwise, returns error in order to transport it directly.
|
||||||
func signResponse(ctx context.Context, key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
|
func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
|
||||||
_, span := tracing.StartSpanFromContext(ctx, "signResponse")
|
|
||||||
defer span.End()
|
|
||||||
|
|
||||||
err := signature.SignServiceMessage(key, resp)
|
err := signature.SignServiceMessage(key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err = fmt.Errorf("could not sign response: %w", err)
|
err = fmt.Errorf("could not sign response: %w", err)
|
||||||
|
@ -249,10 +247,3 @@ func signResponse(ctx context.Context, key *ecdsa.PrivateKey, resp any, statusSu
|
||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func verifyRequestSignature(ctx context.Context, req any) error {
|
|
||||||
_, span := tracing.StartSpanFromContext(ctx, "verifyRequestSignature")
|
|
||||||
defer span.End()
|
|
||||||
|
|
||||||
return signature.VerifyServiceMessage(req)
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue