forked from TrueCloudLab/frostfs-api-go
[#179] sdk/token: Add function to return token issuer
With new neofs-api changes, token issuer will not be stored in ownerID field of bearer token. We can identify owner by public key that has been used in signature. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin
Alex Vanin
parent
e023b6e51e
commit
7b212431df
2 changed files with 47 additions and 0 deletions
|
|
@ -10,6 +10,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
)
|
||||
|
||||
type BearerToken struct {
|
||||
|
|
@ -70,6 +71,20 @@ func (b *BearerToken) SignToken(key *ecdsa.PrivateKey) error {
|
|||
})
|
||||
}
|
||||
|
||||
// Issuer returns owner.ID associated with the key that signed bearer token.
|
||||
// To pass node validation it should be owner of requested container. Returns
|
||||
// nil if token is not signed.
|
||||
func (b *BearerToken) Issuer() *owner.ID {
|
||||
pubKey := crypto.UnmarshalPublicKey(b.token.GetSignature().GetKey())
|
||||
|
||||
wallet, err := owner.NEO3WalletFromPublicKey(pubKey)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
return owner.NewIDFromNeo3Wallet(wallet)
|
||||
}
|
||||
|
||||
func NewBearerToken() *BearerToken {
|
||||
b := new(BearerToken)
|
||||
b.token = acl.BearerToken{}
|
||||
|
|
|
|||
32
pkg/token/bearer_test.go
Normal file
32
pkg/token/bearer_test.go
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
package token_test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||||
"github.com/nspcc-dev/neofs-crypto/test"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestBearerToken_Issuer(t *testing.T) {
|
||||
bearerToken := token.NewBearerToken()
|
||||
|
||||
t.Run("non signed token", func(t *testing.T) {
|
||||
require.Nil(t, bearerToken.Issuer())
|
||||
})
|
||||
|
||||
t.Run("signed token", func(t *testing.T) {
|
||||
key := test.DecodeKey(1)
|
||||
|
||||
wallet, err := owner.NEO3WalletFromPublicKey(&key.PublicKey)
|
||||
require.NoError(t, err)
|
||||
|
||||
ownerID := owner.NewIDFromNeo3Wallet(wallet)
|
||||
|
||||
bearerToken.SetEACLTable(eacl.NewTable())
|
||||
require.NoError(t, bearerToken.SignToken(key))
|
||||
require.Equal(t, bearerToken.Issuer().String(), ownerID.String())
|
||||
})
|
||||
}
|
||||
Loading…
Reference in a new issue