[#135] signature: Add tracing
All checks were successful
ci/woodpecker/pr/pre-commit Pipeline was successful

Add tracing to verify request and sign response.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
This commit is contained in:
Dmitrii Stepanov 2023-04-11 18:21:13 +03:00
parent 196885fa75
commit 166ebbb51e
2 changed files with 23 additions and 14 deletions

View file

@ -54,7 +54,7 @@ func (s *getStreamSigner) Send(resp *object.GetResponse) error {
} }
func (s *SignService) Get(req *object.GetRequest, stream GetObjectStream) error { func (s *SignService) Get(req *object.GetRequest, stream GetObjectStream) error {
return s.sigSvc.HandleServerStreamRequest(req, return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
func(resp util.ResponseMessage) error { func(resp util.ResponseMessage) error {
return stream.Send(resp.(*object.GetResponse)) return stream.Send(resp.(*object.GetResponse))
}, },
@ -126,7 +126,7 @@ func (s *searchStreamSigner) Send(resp *object.SearchResponse) error {
} }
func (s *SignService) Search(req *object.SearchRequest, stream SearchStream) error { func (s *SignService) Search(req *object.SearchRequest, stream SearchStream) error {
return s.sigSvc.HandleServerStreamRequest(req, return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
func(resp util.ResponseMessage) error { func(resp util.ResponseMessage) error {
return stream.Send(resp.(*object.SearchResponse)) return stream.Send(resp.(*object.SearchResponse))
}, },
@ -176,7 +176,7 @@ func (s *getRangeStreamSigner) Send(resp *object.GetRangeResponse) error {
} }
func (s *SignService) GetRange(req *object.GetRangeRequest, stream GetObjectRangeStream) error { func (s *SignService) GetRange(req *object.GetRangeRequest, stream GetObjectRangeStream) error {
return s.sigSvc.HandleServerStreamRequest(req, return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
func(resp util.ResponseMessage) error { func(resp util.ResponseMessage) error {
return stream.Send(resp.(*object.GetRangeResponse)) return stream.Send(resp.(*object.GetRangeResponse))
}, },

View file

@ -6,6 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/pkg/tracing"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
@ -67,8 +68,7 @@ func (s *RequestMessageStreamer) Send(ctx context.Context, req any) error {
var err error var err error
// verify request signatures if err = verifyRequestSignature(ctx, req); err != nil {
if err = signature.VerifyServiceMessage(req); err != nil {
err = fmt.Errorf("could not verify request: %w", err) err = fmt.Errorf("could not verify request: %w", err)
} else { } else {
err = s.send(ctx, req) err = s.send(ctx, req)
@ -112,7 +112,7 @@ func (s *RequestMessageStreamer) CloseAndRecv(ctx context.Context) (ResponseMess
setStatusV2(resp, err) setStatusV2(resp, err)
} }
if err = signResponse(s.key, resp, s.statusSupported); err != nil { if err = signResponse(ctx, s.key, resp, s.statusSupported); err != nil {
return nil, err return nil, err
} }
@ -130,6 +130,7 @@ func (s *SignService) CreateRequestStreamer(sender RequestMessageWriter, closer
} }
func (s *SignService) HandleServerStreamRequest( func (s *SignService) HandleServerStreamRequest(
ctx context.Context,
req any, req any,
respWriter ResponseMessageWriter, respWriter ResponseMessageWriter,
blankResp ResponseConstructor, blankResp ResponseConstructor,
@ -142,12 +143,11 @@ func (s *SignService) HandleServerStreamRequest(
var err error var err error
// verify request signatures if err = verifyRequestSignature(ctx, req); err != nil {
if err = signature.VerifyServiceMessage(req); err != nil {
err = fmt.Errorf("could not verify request: %w", err) err = fmt.Errorf("could not verify request: %w", err)
} else { } else {
err = respWriterCaller(func(resp ResponseMessage) error { err = respWriterCaller(func(resp ResponseMessage) error {
if err := signResponse(s.key, resp, statusSupported); err != nil { if err := signResponse(ctx, s.key, resp, statusSupported); err != nil {
return err return err
} }
@ -164,7 +164,7 @@ func (s *SignService) HandleServerStreamRequest(
setStatusV2(resp, err) setStatusV2(resp, err)
_ = signResponse(s.key, resp, false) // panics or returns nil with false arg _ = signResponse(ctx, s.key, resp, false) // panics or returns nil with false arg
return respWriter(resp) return respWriter(resp)
} }
@ -183,8 +183,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U
err error err error
) )
// verify request signatures if err = verifyRequestSignature(ctx, req); err != nil {
if err = signature.VerifyServiceMessage(req); err != nil {
var sigErr apistatus.SignatureVerification var sigErr apistatus.SignatureVerification
sigErr.SetMessage(err.Error()) sigErr.SetMessage(err.Error())
@ -205,7 +204,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U
} }
// sign the response // sign the response
if err = signResponse(s.key, resp, statusSupported); err != nil { if err = signResponse(ctx, s.key, resp, statusSupported); err != nil {
return nil, err return nil, err
} }
@ -233,7 +232,10 @@ func setStatusV2(resp ResponseMessage, err error) {
// The signature error affects the result depending on the protocol version: // The signature error affects the result depending on the protocol version:
// - if status return is supported, panics since we cannot return the failed status, because it will not be signed; // - if status return is supported, panics since we cannot return the failed status, because it will not be signed;
// - otherwise, returns error in order to transport it directly. // - otherwise, returns error in order to transport it directly.
func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error { func signResponse(ctx context.Context, key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
_, span := tracing.StartSpanFromContext(ctx, "signResponse")
defer span.End()
err := signature.SignServiceMessage(key, resp) err := signature.SignServiceMessage(key, resp)
if err != nil { if err != nil {
err = fmt.Errorf("could not sign response: %w", err) err = fmt.Errorf("could not sign response: %w", err)
@ -247,3 +249,10 @@ func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
return err return err
} }
func verifyRequestSignature(ctx context.Context, req any) error {
_, span := tracing.StartSpanFromContext(ctx, "verifyRequestSignature")
defer span.End()
return signature.VerifyServiceMessage(req)
}