Return `error` from all `ReadFromV2` methods in order to support
backward compatibility if message will be extended with some formatted
field.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to verify session data signatures calculated using
private session key. `Container` token encapsulates public session key,
so we need to provide method for signature check.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This reverts commit 458c882ff4.
If `issuerSet` is set after signature calculation then issuer ID isn't
written to signed data, in other words not signed.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Sign` method implementation to not modify `issuerSet` state
variable after signature calculation's failures.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
`Container` and `Object` types are transmitted in single `session.Token`
message. They differ only by session context.
Share common parts of the message in `commonData` struct. Embed struct
into `Container` and `Object`. Make `ReadFromV2` methods to check
protocol compliance. Make `Unmarshal`/`UmarshalJSON` to check field
format in case of presence only.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Merge `address` package into `oid` one. Bring `session.Object`
implementation into conformity with the NeoFS API protocol.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to duplicate session token owner, e.g. in container
created within the session. For such cases we need to have the ability
to receive session issuer.
Add `Container.Issuer` method. Transform `IssuedBy` to helper function.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Remove `signature` and `util/signature` packages. Re-implement their
functionality in new `crypto` package. Generalize the approach of
digital signature computation and verification by adding `Signer` and
`PublicKey` primitives similar to standard `crypto` package. Support
already exising in protocol signature schemes.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Allow `SignOption` to set 2 parameters:
1. Default signature scheme, which is used in case scheme is
unspecified.
2. Restrict scheme option which also checks that scheme is either
unspecified or equal to the restricted scheme. This is only used
for verification and is necessary because some of the signatures
are used in smart-contracts.
Also provide signature struct to sign/verify functions in helpers.
The constant names differ a bit from those in API because of linter
complaints.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>