There is a need to verify session data signatures calculated using
private session key. `Container` token encapsulates public session key,
so we need to provide method for signature check.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This reverts commit 458c882ff4.
If `issuerSet` is set after signature calculation then issuer ID isn't
written to signed data, in other words not signed.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Sign` method implementation to not modify `issuerSet` state
variable after signature calculation's failures.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Container` and `Object` types are transmitted in single `session.Token`
message. They differ only by session context.
Share common parts of the message in `commonData` struct. Embed struct
into `Container` and `Object`. Make `ReadFromV2` methods to check
protocol compliance. Make `Unmarshal`/`UmarshalJSON` to check field
format in case of presence only.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Sync lifetime names with `session` package. Add `AssertContainer` and
`AssertUser` methods which cover specific cases describe in protocol.
Increase test coverage.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation `processResponse` returned `true` if
`resolveAPIFailures` is set and status failure is received. This led to
post-processing of the results, which no longer pays attention to the
status. For example, `ObjectHead` returned `unexpected header type`
error due to empty body.
Make `contextCall.processResponse` to return success flag regardless of
`resolveAPIFailures` setting. Make `contextCall.processCall` to return
`err` field presence flag on `processResponse` false return.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Merge `address` package into `oid` one. Bring `session.Object`
implementation into conformity with the NeoFS API protocol.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to duplicate session token owner, e.g. in container
created within the session. For such cases we need to have the ability
to receive session issuer.
Add `Container.Issuer` method. Transform `IssuedBy` to helper function.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Container contract expects signature of container ID value,
which is SHA256 of container body. Not the signature of stable
marshaled container.ID structure.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Make `createSessionTokenForDuration` to accept a pointer to
`session.Object` and write the response on session creation request
through the pointer. Rename function to `initSessionForDuration`. As a
consequence, problem in `openDefaultSession` with uncached sessions is
fixed.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`owner.ID` parameter of `createSessionTokenForDuration` function is no
longer used since session owner is set automatically during the sign
operation. As a consequence, remove `Pool.sessionOwner` field and its
getter.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Object service of NeoFS API contains one client-side stream method:
object.Put. In client-side streams, server can return an error after
processing stream message. In this case write method returns `io.EOF`
and actual error reason is encoded in response status, which is
obtained after `Close()`. Client library should process such case.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Enumerate signature schemes of `Scheme` type from 0 in order to sync
with NeoFS API protocol by values.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Remove `signature` and `util/signature` packages. Re-implement their
functionality in new `crypto` package. Generalize the approach of
digital signature computation and verification by adding `Signer` and
`PublicKey` primitives similar to standard `crypto` package. Support
already exising in protocol signature schemes.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Do not return pointers from getters. Do not pass pointers to the methods
that does not modify the checksum. Add `Empty` method.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>