forked from TrueCloudLab/frostfs-api-go
Merge pull request #80 from nspcc-dev/signed-session-token
service: implement SessionToken wrapper for Sign/Verify support
This commit is contained in:
commit
2a926b6f1f
2 changed files with 43 additions and 16 deletions
|
@ -26,6 +26,10 @@ type signDataReaderWithToken struct {
|
||||||
token SessionToken
|
token SessionToken
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type signedSessionToken struct {
|
||||||
|
SessionToken
|
||||||
|
}
|
||||||
|
|
||||||
const verbSize = 4
|
const verbSize = 4
|
||||||
|
|
||||||
const fixedTokenDataSize = 0 +
|
const fixedTokenDataSize = 0 +
|
||||||
|
@ -116,33 +120,53 @@ func (x Token_Info_Verb) Bytes() []byte {
|
||||||
return data
|
return data
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddSignKey calls a Signature field setter with passed signature.
|
// AddSignKey calls a Signature field setter of token with passed signature.
|
||||||
func (m *Token) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
|
func (s signedSessionToken) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
|
||||||
m.SetSignature(sig)
|
if s.SessionToken != nil {
|
||||||
|
s.SessionToken.SetSignature(sig)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedData returns token information in a binary representation.
|
// SignedData returns token information in a binary representation.
|
||||||
func (m *Token) SignedData() ([]byte, error) {
|
func (s signedSessionToken) SignedData() ([]byte, error) {
|
||||||
return SignedDataFromReader(m)
|
return SignedDataFromReader(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SignedDataSize returns the length of signed token information slice.
|
||||||
|
func (s signedSessionToken) SignedDataSize() int {
|
||||||
|
return tokenInfoSize(s.SessionToken)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReadSignedData copies a binary representation of the token information to passed buffer.
|
// ReadSignedData copies a binary representation of the token information to passed buffer.
|
||||||
//
|
//
|
||||||
// If buffer length is less than required, io.ErrUnexpectedEOF returns.
|
// If buffer length is less than required, io.ErrUnexpectedEOF returns.
|
||||||
func (m *Token_Info) ReadSignedData(p []byte) (int, error) {
|
func (s signedSessionToken) ReadSignedData(p []byte) (int, error) {
|
||||||
sz := m.SignedDataSize()
|
sz := s.SignedDataSize()
|
||||||
if len(p) < sz {
|
if len(p) < sz {
|
||||||
return 0, io.ErrUnexpectedEOF
|
return 0, io.ErrUnexpectedEOF
|
||||||
}
|
}
|
||||||
|
|
||||||
copyTokenSignedData(p, m)
|
copyTokenSignedData(p, s.SessionToken)
|
||||||
|
|
||||||
return sz, nil
|
return sz, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedDataSize returns the length of signed token information slice.
|
// NewSignedSessionToken wraps passed SessionToken in a component suitable for signing.
|
||||||
func (m *Token_Info) SignedDataSize() int {
|
//
|
||||||
return tokenInfoSize(m)
|
// Result can be used in AddSignatureWithKey function.
|
||||||
|
func NewSignedSessionToken(token SessionToken) DataWithSignKeyAccumulator {
|
||||||
|
return &signedSessionToken{
|
||||||
|
SessionToken: token,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewVerifiedSessionToken wraps passed SessionToken in a component suitable for signature verification.
|
||||||
|
//
|
||||||
|
// Result can be used in VerifySignatureWithKey function.
|
||||||
|
func NewVerifiedSessionToken(token SessionToken) DataWithSignature {
|
||||||
|
return &signedSessionToken{
|
||||||
|
SessionToken: token,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func tokenInfoSize(v SessionKeySource) int {
|
func tokenInfoSize(v SessionKeySource) int {
|
||||||
|
|
|
@ -89,7 +89,7 @@ func TestTokenGettersSetters(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSignToken(t *testing.T) {
|
func TestSignToken(t *testing.T) {
|
||||||
token := new(Token)
|
var token SessionToken = new(Token)
|
||||||
|
|
||||||
// create private key for signing
|
// create private key for signing
|
||||||
sk := test.DecodeKey(0)
|
sk := test.DecodeKey(0)
|
||||||
|
@ -126,9 +126,12 @@ func TestSignToken(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
token.SetSessionKey(sessionKey)
|
token.SetSessionKey(sessionKey)
|
||||||
|
|
||||||
|
signedToken := NewSignedSessionToken(token)
|
||||||
|
verifiedToken := NewVerifiedSessionToken(token)
|
||||||
|
|
||||||
// sign and verify token
|
// sign and verify token
|
||||||
require.NoError(t, AddSignatureWithKey(sk, token))
|
require.NoError(t, AddSignatureWithKey(sk, signedToken))
|
||||||
require.NoError(t, VerifySignatureWithKey(pk, token))
|
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
|
||||||
|
|
||||||
items := []struct {
|
items := []struct {
|
||||||
corrupt func()
|
corrupt func()
|
||||||
|
@ -212,8 +215,8 @@ func TestSignToken(t *testing.T) {
|
||||||
|
|
||||||
for _, v := range items {
|
for _, v := range items {
|
||||||
v.corrupt()
|
v.corrupt()
|
||||||
require.Error(t, VerifySignatureWithKey(pk, token))
|
require.Error(t, VerifySignatureWithKey(pk, verifiedToken))
|
||||||
v.restore()
|
v.restore()
|
||||||
require.NoError(t, VerifySignatureWithKey(pk, token))
|
require.NoError(t, VerifySignatureWithKey(pk, verifiedToken))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue