node: Move SignMessage
to separate package #1132
17 changed files with 86 additions and 65 deletions
|
@ -9,7 +9,7 @@ import (
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
|
||||||
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
controlSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
|
@ -60,7 +60,7 @@ func synchronizeTree(cmd *cobra.Command, _ []string) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
err := controlSvc.SignMessage(pk, req)
|
err := ctrlmessage.Sign(pk, req)
|
||||||
commonCmd.ExitOnErr(cmd, "could not sign request: %w", err)
|
commonCmd.ExitOnErr(cmd, "could not sign request: %w", err)
|
||||||
|
|
||||||
cli := getClient(cmd, pk)
|
cli := getClient(cmd, pk)
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
|
internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
|
||||||
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
|
||||||
controlSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
|
||||||
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
@ -33,8 +33,8 @@ func initControlIRFlags(cmd *cobra.Command) {
|
||||||
ff.Uint32(irFlagNameVUB, 0, "Valid until block value for notary transaction")
|
ff.Uint32(irFlagNameVUB, 0, "Valid until block value for notary transaction")
|
||||||
}
|
}
|
||||||
|
|
||||||
func signRequest(cmd *cobra.Command, pk *ecdsa.PrivateKey, req controlSvc.SignedMessage) {
|
func signRequest(cmd *cobra.Command, pk *ecdsa.PrivateKey, req ctrlmessage.SignedMessage) {
|
||||||
err := controlSvc.SignMessage(pk, req)
|
err := ctrlmessage.Sign(pk, req)
|
||||||
commonCmd.ExitOnErr(cmd, "could not sign request: %w", err)
|
commonCmd.ExitOnErr(cmd, "could not sign request: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
44
pkg/services/control/server/ctrlmessage/sign.go
Normal file
44
pkg/services/control/server/ctrlmessage/sign.go
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
package ctrlmessage
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/ecdsa"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
||||||
|
frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
|
||||||
|
)
|
||||||
|
|
||||||
|
type SignedMessage interface {
|
||||||
|
ReadSignedData([]byte) ([]byte, error)
|
||||||
|
GetSignature() *control.Signature
|
||||||
|
SetSignature(*control.Signature)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sign signs Control service ctrlmessage with private key.
|
||||||
|
func Sign(key *ecdsa.PrivateKey, msg SignedMessage) error {
|
||||||
|
binBody, err := msg.ReadSignedData(nil)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("marshal request body: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var sig frostfscrypto.Signature
|
||||||
|
|
||||||
|
err = sig.Calculate(frostfsecdsa.Signer(*key), binBody)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("calculate signature: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO(@cthulhu-rider): #468 use Signature ctrlmessage from FrostFS API to avoid conversion
|
||||||
|
var sigV2 refs.Signature
|
||||||
|
sig.WriteToV2(&sigV2)
|
||||||
|
|
||||||
|
var sigControl control.Signature
|
||||||
|
sigControl.SetKey(sigV2.GetKey())
|
||||||
|
sigControl.SetSign(sigV2.GetSign())
|
||||||
|
|
||||||
|
msg.SetSignature(&sigControl)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -6,6 +6,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -29,7 +30,7 @@ func (s *Server) DetachShards(_ context.Context, req *control.DetachShardsReques
|
||||||
Body: &control.DetachShardsResponse_Body{},
|
Body: &control.DetachShardsResponse_Body{},
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = SignMessage(s.key, resp); err != nil {
|
if err = ctrlmessage.Sign(s.key, resp); err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -29,7 +30,7 @@ func (s *Server) Doctor(ctx context.Context, req *control.DoctorRequest) (*contr
|
||||||
|
|
||||||
resp := &control.DoctorResponse{Body: &control.DoctorResponse_Body{}}
|
resp := &control.DoctorResponse{Body: &control.DoctorResponse_Body{}}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/pilorama"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/pilorama"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object_manager/placement"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object_manager/placement"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/replicator"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/replicator"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
|
||||||
|
@ -49,7 +50,7 @@ func (s *Server) EvacuateShard(ctx context.Context, req *control.EvacuateShardRe
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -131,7 +132,7 @@ func (s *Server) replicateTreeToNode(ctx context.Context, forest pilorama.Forest
|
||||||
|
|
||||||
err = tree.SignMessage(req, s.key)
|
err = tree.SignMessage(req, s.key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("can't sign apply request: %w", err)
|
return fmt.Errorf("can't message apply request: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = s.treeService.ReplicateTreeOp(ctx, node, req)
|
err = s.treeService.ReplicateTreeOp(ctx, node, req)
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -43,7 +44,7 @@ func (s *Server) StartShardEvacuation(ctx context.Context, req *control.StartSha
|
||||||
Body: &control.StartShardEvacuationResponse_Body{},
|
Body: &control.StartShardEvacuationResponse_Body{},
|
||||||
}
|
}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -70,7 +71,7 @@ func (s *Server) GetShardEvacuationStatus(ctx context.Context, req *control.GetS
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -96,7 +97,7 @@ func (s *Server) StopShardEvacuation(ctx context.Context, req *control.StopShard
|
||||||
Body: &control.StopShardEvacuationResponse_Body{},
|
Body: &control.StopShardEvacuationResponse_Body{},
|
||||||
}
|
}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -122,7 +123,7 @@ func (s *Server) ResetShardEvacuationStatus(ctx context.Context, req *control.Re
|
||||||
Body: &control.ResetShardEvacuationStatusResponse_Body{},
|
Body: &control.ResetShardEvacuationStatusResponse_Body{},
|
||||||
}
|
}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -28,7 +29,7 @@ func (s *Server) FlushCache(ctx context.Context, req *control.FlushCacheRequest)
|
||||||
|
|
||||||
resp := &control.FlushCacheResponse{Body: &control.FlushCacheResponse_Body{}}
|
resp := &control.FlushCacheResponse{Body: &control.FlushCacheResponse_Body{}}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
|
@ -58,7 +59,7 @@ func (s *Server) DropObjects(ctx context.Context, req *control.DropObjectsReques
|
||||||
resp.SetBody(body)
|
resp.SetBody(body)
|
||||||
|
|
||||||
// sign the response
|
// sign the response
|
||||||
if err := SignMessage(s.key, resp); err != nil {
|
if err := ctrlmessage.Sign(s.key, resp); err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -27,7 +28,7 @@ func (s *Server) HealthCheck(_ context.Context, req *control.HealthCheckRequest)
|
||||||
body.SetHealthStatus(s.healthChecker.HealthStatus())
|
body.SetHealthStatus(s.healthChecker.HealthStatus())
|
||||||
|
|
||||||
// sign the response
|
// sign the response
|
||||||
if err := SignMessage(s.key, resp); err != nil {
|
if err := ctrlmessage.Sign(s.key, resp); err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/blobstor"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/blobstor"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -59,7 +60,7 @@ func (s *Server) ListShards(_ context.Context, req *control.ListShardsRequest) (
|
||||||
body.SetShards(shardInfos)
|
body.SetShards(shardInfos)
|
||||||
|
|
||||||
// sign the response
|
// sign the response
|
||||||
if err := SignMessage(s.key, resp); err != nil {
|
if err := ctrlmessage.Sign(s.key, resp); err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ape"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ape"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||||
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
|
@ -99,7 +100,7 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL
|
||||||
ChainId: []byte(chain.ID),
|
ChainId: []byte(chain.ID),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -125,7 +126,7 @@ func (s *Server) GetChainLocalOverride(_ context.Context, req *control.GetChainL
|
||||||
Chain: chain.Bytes(),
|
Chain: chain.Bytes(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -156,7 +157,7 @@ func (s *Server) ListChainLocalOverrides(_ context.Context, req *control.ListCha
|
||||||
Chains: serializedChains,
|
Chains: serializedChains,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -181,7 +182,7 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove
|
||||||
resp := &control.RemoveChainLocalOverrideResponse{
|
resp := &control.RemoveChainLocalOverrideResponse{
|
||||||
Body: &control.RemoveChainLocalOverrideResponse_Body{},
|
Body: &control.RemoveChainLocalOverrideResponse_Body{},
|
||||||
}
|
}
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -206,7 +207,7 @@ func (s *Server) RemoveChainLocalOverridesByTarget(_ context.Context, req *contr
|
||||||
resp := &control.RemoveChainLocalOverridesByTargetResponse{
|
resp := &control.RemoveChainLocalOverridesByTargetResponse{
|
||||||
Body: &control.RemoveChainLocalOverridesByTargetResponse_Body{},
|
Body: &control.RemoveChainLocalOverridesByTargetResponse_Body{},
|
||||||
}
|
}
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
@ -237,7 +238,7 @@ func (s *Server) ListTargetsLocalOverrides(_ context.Context, req *control.ListT
|
||||||
Targets: targets,
|
Targets: targets,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -40,7 +41,7 @@ func (s *Server) SealWriteCache(ctx context.Context, req *control.SealWriteCache
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -44,7 +45,7 @@ func (s *Server) SetNetmapStatus(_ context.Context, req *control.SetNetmapStatus
|
||||||
resp.SetBody(body)
|
resp.SetBody(body)
|
||||||
|
|
||||||
// sign the response
|
// sign the response
|
||||||
if err := SignMessage(s.key, resp); err != nil {
|
if err := ctrlmessage.Sign(s.key, resp); err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -50,7 +51,7 @@ func (s *Server) SetShardMode(_ context.Context, req *control.SetShardModeReques
|
||||||
resp.SetBody(body)
|
resp.SetBody(body)
|
||||||
|
|
||||||
// sign the response
|
// sign the response
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,26 +2,17 @@ package control
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/ecdsa"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
|
||||||
frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// SignedMessage is an interface of Control service message.
|
|
||||||
type SignedMessage interface {
|
|
||||||
ReadSignedData([]byte) ([]byte, error)
|
|
||||||
GetSignature() *control.Signature
|
|
||||||
SetSignature(*control.Signature)
|
|
||||||
}
|
|
||||||
|
|
||||||
var errDisallowedKey = errors.New("key is not in the allowed list")
|
var errDisallowedKey = errors.New("key is not in the allowed list")
|
||||||
|
|
||||||
func (s *Server) isValidRequest(req SignedMessage) error {
|
func (s *Server) isValidRequest(req ctrlmessage.SignedMessage) error {
|
||||||
sign := req.GetSignature()
|
sign := req.GetSignature()
|
||||||
if sign == nil {
|
if sign == nil {
|
||||||
// TODO(@cthulhu-rider): #468 use "const" error
|
// TODO(@cthulhu-rider): #468 use "const" error
|
||||||
|
@ -68,30 +59,3 @@ func (s *Server) isValidRequest(req SignedMessage) error {
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignMessage signs Control service message with private key.
|
|
||||||
func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {
|
|
||||||
binBody, err := msg.ReadSignedData(nil)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("marshal request body: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var sig frostfscrypto.Signature
|
|
||||||
|
|
||||||
err = sig.Calculate(frostfsecdsa.Signer(*key), binBody)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("calculate signature: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO(@cthulhu-rider): #468 use Signature message from FrostFS API to avoid conversion
|
|
||||||
var sigV2 refs.Signature
|
|
||||||
sig.WriteToV2(&sigV2)
|
|
||||||
|
|
||||||
var sigControl control.Signature
|
|
||||||
sigControl.SetKey(sigV2.GetKey())
|
|
||||||
sigControl.SetSign(sigV2.GetSign())
|
|
||||||
|
|
||||||
msg.SetSignature(&sigControl)
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
|
||||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||||
netmapSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
netmapSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
||||||
|
@ -42,7 +43,7 @@ func (s *Server) SynchronizeTree(ctx context.Context, req *control.SynchronizeTr
|
||||||
resp := new(control.SynchronizeTreeResponse)
|
resp := new(control.SynchronizeTreeResponse)
|
||||||
resp.SetBody(new(control.SynchronizeTreeResponse_Body))
|
resp.SetBody(new(control.SynchronizeTreeResponse_Body))
|
||||||
|
|
||||||
err = SignMessage(s.key, resp)
|
err = ctrlmessage.Sign(s.key, resp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, status.Error(codes.Internal, err.Error())
|
return nil, status.Error(codes.Internal, err.Error())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue