pkg/services/object/get/v2/errors.go

@@ -63,10 +63,6 @@ func errCouldNotWriteObjChunk(forwarder string, err error) error {
 	return fmt.Errorf("could not write object chunk in %s forwarder: %w", forwarder, err)
 }
 
-func errCouldNotVerifyRangeResponse(resp *objectV2.GetRangeResponse, err error) error {
-	return fmt.Errorf("could not verify %T: %w", resp, err)
-}
-
 func errCouldNotCreateGetRangeStream(err error) error {
 	return fmt.Errorf("could not create Get payload range stream: %w", err)
 }

pkg/services/object/get/v2/get_range_forwarder.go

@@ -14,7 +14,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/internal"
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
@@ -64,20 +63,6 @@ func (f *getRangeRequestForwarder) forwardRequestToNode(ctx context.Context, add
 	return nil, f.readStream(ctx, rangeStream, c, pubkey)
 }
 
-func (f *getRangeRequestForwarder) verifyResponse(resp *objectV2.GetRangeResponse, pubkey []byte) error {
-	// verify response key
-	if err := internal.VerifyResponseKeyV2(pubkey, resp); err != nil {
-		return err
-	}
-
-	// verify response structure
-	if err := signature.VerifyServiceMessage(resp); err != nil {
-		return errCouldNotVerifyRangeResponse(resp, err)
-	}
-
-	return checkStatus(resp.GetMetaHeader().GetStatus())
-}
-
 func (f *getRangeRequestForwarder) openStream(ctx context.Context, addr network.Address, c client.MultiAddressClient) (*rpc.ObjectRangeResponseReader, error) {
 	// open stream
 	var rangeStream *rpc.ObjectRangeResponseReader
@@ -107,7 +92,7 @@ func (f *getRangeRequestForwarder) readStream(ctx context.Context, rangeStream *
 			return errReadingResponseFailed(err)
 		}
 
-		if err := f.verifyResponse(resp, pubkey); err != nil {
+		if err := verifyResponse(resp, pubkey); err != nil {
 			return err
 		}
 

pkg/services/object/get/v2/get_range_hash.go

@@ -142,6 +142,9 @@ func (s *Service) forwardGetRangeHashRequest(ctx context.Context, req *objectV2.
 
 		resp, err := s.performGetRangeHashOnNode(ctx, req, info)
 		if err == nil {
+			if err := verifyResponse(resp, info.PublicKey()); err != nil {
+				return nil, err
+			}
 			return resp, nil
 		}
 		if firstErr == nil {

pkg/services/object/get/v2/head_forwarder.go

@@ -13,7 +13,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/internal"
 	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
@@ -24,7 +23,6 @@ import (
 
 type headRequestForwarder struct {
 	Request    *objectV2.HeadRequest
-	Response   *objectV2.HeadResponse
 	OnceResign sync.Once
 	ObjectAddr oid.Address
 	Key        *ecdsa.PrivateKey
@@ -61,7 +59,7 @@ func (f *headRequestForwarder) forwardRequestToNode(ctx context.Context, addr ne
 		return nil, err
 	}
 
-	if err := f.verifyResponse(headResp, pubkey); err != nil {
+	if err := verifyResponse(headResp, pubkey); err != nil {
 		return nil, err
 	}
 
@@ -160,17 +158,3 @@ func (f *headRequestForwarder) sendHeadRequest(ctx context.Context, addr network
 	}
 	return headResp, nil
 }
-
-func (f *headRequestForwarder) verifyResponse(headResp *objectV2.HeadResponse, pubkey []byte) error {
-	// verify response key
-	if err := internal.VerifyResponseKeyV2(pubkey, headResp); err != nil {
-		return err
-	}
-
-	// verify response structure
-	if err := signature.VerifyServiceMessage(headResp); err != nil {
-		return errResponseVerificationFailed(err)
-	}
-
-	return checkStatus(f.Response.GetMetaHeader().GetStatus())
-}

pkg/services/object/get/v2/util.go

@@ -8,11 +8,13 @@ import (
 	objectV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/status"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
 	objectSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object"
 	getsvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/get"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/internal"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object/util"
 	clientSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
@@ -249,7 +251,6 @@ func (s *Service) toHeadPrm(req *objectV2.HeadRequest, resp *objectV2.HeadRespon
 
 	forwarder := &headRequestForwarder{
 		Request:    req,
-		Response:   resp,
 		ObjectAddr: objAddr,
 		Key:        key,
 	}
@@ -409,3 +410,20 @@ func chunkToSend(global, local int, chunk []byte) []byte {
 
 	return chunk[global-local:]
 }
+
+type apiResponse interface {
+	GetMetaHeader() *session.ResponseMetaHeader
+	GetVerificationHeader() *session.ResponseVerificationHeader
+}
+
+func verifyResponse(resp apiResponse, pubkey []byte) error {
+	if err := internal.VerifyResponseKeyV2(pubkey, resp); err != nil {
+		return err
+	}
+
+	if err := signature.VerifyServiceMessage(resp); err != nil {
+		return errResponseVerificationFailed(err)
+	}
+
+	return checkStatus(resp.GetMetaHeader().GetStatus())
+}