forked from TrueCloudLab/frostfs-api-go
Merge pull request #18 from nspcc-dev/feature/remove-sign-and-verify-request-from-service
Remove Sign and Verify request from service - removed sign/verify request - added method to validate owner fix #16
This commit is contained in:
commit
b6de95b740
3 changed files with 23 additions and 47 deletions
|
@ -1,47 +0,0 @@
|
||||||
package service
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/ecdsa"
|
|
||||||
|
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
"github.com/nspcc-dev/neofs-proto/internal"
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
)
|
|
||||||
|
|
||||||
// ErrWrongSignature should be raised when wrong signature is passed into VerifyRequest.
|
|
||||||
const ErrWrongSignature = internal.Error("wrong signature")
|
|
||||||
|
|
||||||
// SignedRequest interface allows sign and verify requests.
|
|
||||||
type SignedRequest interface {
|
|
||||||
PrepareData() ([]byte, error)
|
|
||||||
GetSignature() []byte
|
|
||||||
SetSignature([]byte)
|
|
||||||
}
|
|
||||||
|
|
||||||
// SignRequest with passed private key.
|
|
||||||
func SignRequest(r SignedRequest, key *ecdsa.PrivateKey) error {
|
|
||||||
var signature []byte
|
|
||||||
if data, err := r.PrepareData(); err != nil {
|
|
||||||
return err
|
|
||||||
} else if signature, err = crypto.Sign(key, data); err != nil {
|
|
||||||
return errors.Wrap(err, "could not sign data")
|
|
||||||
}
|
|
||||||
|
|
||||||
r.SetSignature(signature)
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// VerifyRequest by passed public keys.
|
|
||||||
func VerifyRequest(r SignedRequest, keys ...*ecdsa.PublicKey) bool {
|
|
||||||
data, err := r.PrepareData()
|
|
||||||
if err != nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
for i := range keys {
|
|
||||||
if err := crypto.Verify(keys[i], data, r.GetSignature()); err == nil {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"github.com/gogo/protobuf/proto"
|
"github.com/gogo/protobuf/proto"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||||
"github.com/nspcc-dev/neofs-proto/internal"
|
"github.com/nspcc-dev/neofs-proto/internal"
|
||||||
|
"github.com/nspcc-dev/neofs-proto/refs"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -35,6 +36,9 @@ const (
|
||||||
|
|
||||||
// ErrCannotFindOwner is raised when signatures empty in GetOwner.
|
// ErrCannotFindOwner is raised when signatures empty in GetOwner.
|
||||||
ErrCannotFindOwner = internal.Error("cannot find owner public key")
|
ErrCannotFindOwner = internal.Error("cannot find owner public key")
|
||||||
|
|
||||||
|
// ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
|
||||||
|
ErrWrongOwner = internal.Error("wrong owner")
|
||||||
)
|
)
|
||||||
|
|
||||||
// SetSignatures replaces signatures stored in RequestVerificationHeader.
|
// SetSignatures replaces signatures stored in RequestVerificationHeader.
|
||||||
|
@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
|
||||||
|
func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
|
||||||
|
if key, err := m.GetOwner(); err != nil {
|
||||||
|
return err
|
||||||
|
} else if user, err := refs.NewOwnerID(key); err != nil {
|
||||||
|
return err
|
||||||
|
} else if !user.Equal(owner) {
|
||||||
|
return ErrWrongOwner
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// GetOwner tries to get owner (client) public key from signatures.
|
// GetOwner tries to get owner (client) public key from signatures.
|
||||||
// If signatures contains not empty Origin, we should try to validate,
|
// If signatures contains not empty Origin, we should try to validate,
|
||||||
// that session key was signed by owner (client), otherwise return error.
|
// that session key was signed by owner (client), otherwise return error.
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"github.com/gogo/protobuf/proto"
|
"github.com/gogo/protobuf/proto"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||||
"github.com/nspcc-dev/neofs-crypto/test"
|
"github.com/nspcc-dev/neofs-crypto/test"
|
||||||
|
"github.com/nspcc-dev/neofs-proto/refs"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
@ -78,6 +79,12 @@ func TestMaintainableRequest(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{ // Validate owner
|
||||||
|
user, err := refs.NewOwnerID(&owner.PublicKey)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NoError(t, req.CheckOwner(user))
|
||||||
|
}
|
||||||
|
|
||||||
{ // Good case:
|
{ // Good case:
|
||||||
require.NoError(t, VerifyRequestHeader(req))
|
require.NoError(t, VerifyRequestHeader(req))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue