aarifullin/frostfs-api-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-api-go
Code Pull requests Activity

service: add method to RequestVerificationHeader to validate owner

Browse source
This commit is contained in:
Evgeniy Kulikov 2019-11-26 13:34:16 +03:00
parent 8967a0d1f5
commit eda9ea3829
No known key found for this signature in database
GPG key ID: BF6AEE0A2A699BF2
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
service/verify.go
View file

@ -6,6 +6,7 @@ import (
"github.com/gogo/protobuf/proto" "github.com/gogo/protobuf/proto"
crypto "github.com/nspcc-dev/neofs-crypto" crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-proto/internal" "github.com/nspcc-dev/neofs-proto/internal"
"github.com/nspcc-dev/neofs-proto/refs"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -35,6 +36,9 @@ const (
// ErrCannotFindOwner is raised when signatures empty in GetOwner. // ErrCannotFindOwner is raised when signatures empty in GetOwner.
ErrCannotFindOwner = internal.Error("cannot find owner public key") ErrCannotFindOwner = internal.Error("cannot find owner public key")
// ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
ErrWrongOwner = internal.Error("wrong owner")
) )
// SetSignatures replaces signatures stored in RequestVerificationHeader. // SetSignatures replaces signatures stored in RequestVerificationHeader.
@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte)
} }
} }
// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
if key, err := m.GetOwner(); err != nil {
return err
} else if user, err := refs.NewOwnerID(key); err != nil {
return err
} else if !user.Equal(owner) {
return ErrWrongOwner
}
return nil
}
// GetOwner tries to get owner (client) public key from signatures. // GetOwner tries to get owner (client) public key from signatures.
// If signatures contains not empty Origin, we should try to validate, // If signatures contains not empty Origin, we should try to validate,
// that session key was signed by owner (client), otherwise return error. // that session key was signed by owner (client), otherwise return error.