Invalid format when signing session token #1398

New issue

Closed

opened 2024-09-27 12:39:03 +00:00 by abereziny · 2 comments

abereziny commented

2024-09-27 12:39:03 +00:00

Member

Expected Behavior

Signed output file with session token is generated and can be used to make requests

Current Behavior

decode session: invalid format

Steps to Reproduce (for bugs)

Create session token file, like example.token

{'body': {'id': 'l9QcFFQSTWikNqFNMtb+nw==', 'ownerID': {'value': 'NZyM1KbkOg5ZX2WlPXKt+HlD0Qkx4K9r4Q=='}, 'lifetime': {'exp': '100000000', 'nbf': '0', 'iat': '0'}, 'sessionKey': 'Aq4iW/ARcYnhiWu+UkJTiffUL8H4RhNKZzXTby9WQsJW', 'object': {'verb': 'PUT', 'target': {'container': {'value': 'xbiW72u2y6LmwAUuxJHU1B6Ec/2CSG25IoLXLwW2W7g='}, 'objects': [{'value': '8d0F+QgYggfZc9PuXqJ1ulvVZeq4AUK+tnCebrvt4kc='}, {'value': 'lGv5Eb2yoKZiCSzq8vGa4H73kJ/ZvReStko0USeW9HU='}]}}}}

Run frostfs-cli --config wallet-config.yml util sign session-token --from 'example.token' --to 'signed.token'

Context

Automation tests

Regression

Yes

Your Environment

Version used: 0.42.0-157-ga5e1aa22

## Expected Behavior Signed output file with session token is generated and can be used to make requests ## Current Behavior ``` decode session: invalid format ``` ## Steps to Reproduce (for bugs) 1. Create session token file, like example.token ``` {'body': {'id': 'l9QcFFQSTWikNqFNMtb+nw==', 'ownerID': {'value': 'NZyM1KbkOg5ZX2WlPXKt+HlD0Qkx4K9r4Q=='}, 'lifetime': {'exp': '100000000', 'nbf': '0', 'iat': '0'}, 'sessionKey': 'Aq4iW/ARcYnhiWu+UkJTiffUL8H4RhNKZzXTby9WQsJW', 'object': {'verb': 'PUT', 'target': {'container': {'value': 'xbiW72u2y6LmwAUuxJHU1B6Ec/2CSG25IoLXLwW2W7g='}, 'objects': [{'value': '8d0F+QgYggfZc9PuXqJ1ulvVZeq4AUK+tnCebrvt4kc='}, {'value': 'lGv5Eb2yoKZiCSzq8vGa4H73kJ/ZvReStko0USeW9HU='}]}}}} ``` 2. Run `frostfs-cli --config wallet-config.yml util sign session-token --from 'example.token' --to 'signed.token'` ## Context Automation tests ## Regression Yes ## Your Environment * Version used: 0.42.0-157-ga5e1aa22

abereziny added the

bug

triage

labels 2024-09-27 12:39:03 +00:00

abereziny changed title from ~~Invalid signature when signing session token~~ to Invalid format when signing session token

2024-09-27 12:39:26 +00:00

aarifullin self-assigned this 2024-09-30 13:09:17 +00:00

aarifullin commented

2024-09-30 13:26:13 +00:00

Member

The error has been confirmed for input provided by @abereziny. I suppose that the problem has got the same reason as for #1399.

I checked how frostfs-cli generates a session token before requesting the object service:

{
  "body": {
    "id": "ZRYERoK+S1uhn0+txOWbKA==",
    "ownerID": null,
    "lifetime": {
      "exp": 17,
      "nbf": 7,
      "iat": 7
    },
    "sessionKey": "AkgM+6HT7fyHOK0aqAaBF2cvOCZItbI4Gyc2eVUfNW9W",
    "object": {
      "verb": 1,
      "target": {
        "container": {
          "value": "dvkC8mnlfea9V/xjAmJWF+FEPN61U1V1le9pTNCp57Y="
        },
        "objects": []
      }
    }
  },
  "signature": null
}

verb field is numerical although 'verb': 'PUT' was allowed

The error has been confirmed for input provided by @abereziny. I suppose that the problem has got the same reason as for [#1399](https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1399). I checked how `frostfs-cli` generates a session token before requesting the object service: ```json { "body": { "id": "ZRYERoK+S1uhn0+txOWbKA==", "ownerID": null, "lifetime": { "exp": 17, "nbf": 7, "iat": 7 }, "sessionKey": "AkgM+6HT7fyHOK0aqAaBF2cvOCZItbI4Gyc2eVUfNW9W", "object": { "verb": 1, "target": { "container": { "value": "dvkC8mnlfea9V/xjAmJWF+FEPN61U1V1le9pTNCp57Y=" }, "objects": [] } } }, "signature": null } ``` `verb` field is numerical although `'verb': 'PUT'` was allowed

fyrchik commented

2024-09-30 13:58:51 +00:00

Owner

Actually, we support string enums in unmarshal:

case protoreflect.EnumKind:

This problem could be related to exp field being numeric string instead of number.
Anyway, the issue likely belongs to the api-go repo.

Actually, we support string enums in unmarshal: https://git.frostfs.info/TrueCloudLab/frostfs-api-go/src/commit/c3dbbc5eab70dd429e191e081294c13d4b51fa3b/util/protogen/internalgengo/json.go#L81 This problem could be related to `exp` field being numeric string instead of number. Anyway, the issue likely belongs to the api-go repo.