service: add ExtendedHeader list to signed payload of the requests

service/sign.go

@@ -212,6 +212,7 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error {
 		NewSignedBearerToken(
 			src.GetBearerToken(),
 		),
+		ExtendedHeadersSignedData(src),
 	)
 	if err != nil {
 		return err
@@ -237,6 +238,7 @@ func VerifyRequestData(src RequestVerifyData) error {
 		NewVerifiedBearerToken(
 			src.GetBearerToken(),
 		),
+		ExtendedHeadersSignedData(src),
 	)
 	if err != nil {
 		return err

service/sign_test.go

@@ -268,7 +268,7 @@ func TestVerifySignatureWithKey(t *testing.T) {
 	require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src))
 }
 
-func TestSignVerifyDataWithSessionToken(t *testing.T) {
+func TestSignVerifyRequestData(t *testing.T) {
 	// sign with empty RequestSignedData
 	require.EqualError(t,
 		SignRequestData(nil, nil),
@@ -288,18 +288,27 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
 
 		bearer      = wrapBearerTokenMsg(new(BearerTokenMsg))
 		bearerEpoch = uint64(8)
+
+		extHdrKey = "key"
+		extHdr    = new(RequestExtendedHeader_KV)
 	)
 
 	token.SetVerb(initVerb)
 
 	bearer.SetExpirationEpoch(bearerEpoch)
 
+	extHdr.SetK(extHdrKey)
+
 	// create test data with token
 	src := &testSignedDataSrc{
 		data:  testData(t, 10),
 		token: token,
 
 		bearer: bearer,
+
+		extHdrs: []ExtendedHeader{
+			wrapExtendedHeaderKV(extHdr),
+		},
 	}
 
 	// create test private key
@@ -344,6 +353,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
 	// ascertain that verification is passed
 	require.NoError(t, VerifyRequestData(src))
 
+	// break the extended header
+	extHdr.SetK(extHdrKey + "1")
+
+	// ascertain that verification is failed
+	require.Error(t, VerifyRequestData(src))
+
+	// restore the extended header
+	extHdr.SetK(extHdrKey)
+
+	// ascertain that verification is passed
+	require.NoError(t, VerifyRequestData(src))
+
 	// wrap to data reader
 	rdr := &testSignedDataReader{
 		testSignedDataSrc: src,