aarifullin/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Pull requests Activity

[#179] sdk/token: Add function to return token issuer

Browse source 
With new neofs-api changes, token issuer will not be stored
in ownerID field of bearer token. We can identify owner by
public key that has been used in signature.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-10-22 12:18:07 +03:00 committed by Alex Vanin
parent e023b6e51e
commit 7b212431df
2 changed files with 47 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkg/token/bearer.go
View file

@ -10,6 +10,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/acl" "github.com/nspcc-dev/neofs-api-go/v2/acl"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature" v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
crypto "github.com/nspcc-dev/neofs-crypto"
) )
type BearerToken struct { type BearerToken struct {
@ -70,6 +71,20 @@ func (b *BearerToken) SignToken(key *ecdsa.PrivateKey) error {
}) })
} }
// Issuer returns owner.ID associated with the key that signed bearer token.
// To pass node validation it should be owner of requested container. Returns
// nil if token is not signed.
func (b *BearerToken) Issuer() *owner.ID {
pubKey := crypto.UnmarshalPublicKey(b.token.GetSignature().GetKey())
wallet, err := owner.NEO3WalletFromPublicKey(pubKey)
if err != nil {
return nil
}
return owner.NewIDFromNeo3Wallet(wallet)
}
func NewBearerToken() *BearerToken { func NewBearerToken() *BearerToken {
b := new(BearerToken) b := new(BearerToken)
b.token = acl.BearerToken{} b.token = acl.BearerToken{}

32
pkg/token/bearer_test.go Normal file
View file

@ -0,0 +1,32 @@
package token_test
import (
"testing"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/nspcc-dev/neofs-crypto/test"
"github.com/stretchr/testify/require"
)
func TestBearerToken_Issuer(t *testing.T) {
bearerToken := token.NewBearerToken()
t.Run("non signed token", func(t *testing.T) {
require.Nil(t, bearerToken.Issuer())
})
t.Run("signed token", func(t *testing.T) {
key := test.DecodeKey(1)
wallet, err := owner.NEO3WalletFromPublicKey(&key.PublicKey)
require.NoError(t, err)
ownerID := owner.NewIDFromNeo3Wallet(wallet)
bearerToken.SetEACLTable(eacl.NewTable())
require.NoError(t, bearerToken.SignToken(key))
require.Equal(t, bearerToken.Issuer().String(), ownerID.String())
})
}