forked from TrueCloudLab/frostfs-api-go
service: add method to RequestVerificationHeader to validate owner
This commit is contained in:
parent
8967a0d1f5
commit
eda9ea3829
1 changed files with 16 additions and 0 deletions
|
@ -6,6 +6,7 @@ import (
|
|||
"github.com/gogo/protobuf/proto"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
"github.com/nspcc-dev/neofs-proto/internal"
|
||||
"github.com/nspcc-dev/neofs-proto/refs"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
|
@ -35,6 +36,9 @@ const (
|
|||
|
||||
// ErrCannotFindOwner is raised when signatures empty in GetOwner.
|
||||
ErrCannotFindOwner = internal.Error("cannot find owner public key")
|
||||
|
||||
// ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
|
||||
ErrWrongOwner = internal.Error("wrong owner")
|
||||
)
|
||||
|
||||
// SetSignatures replaces signatures stored in RequestVerificationHeader.
|
||||
|
@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte)
|
|||
}
|
||||
}
|
||||
|
||||
// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
|
||||
func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
|
||||
if key, err := m.GetOwner(); err != nil {
|
||||
return err
|
||||
} else if user, err := refs.NewOwnerID(key); err != nil {
|
||||
return err
|
||||
} else if !user.Equal(owner) {
|
||||
return ErrWrongOwner
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetOwner tries to get owner (client) public key from signatures.
|
||||
// If signatures contains not empty Origin, we should try to validate,
|
||||
// that session key was signed by owner (client), otherwise return error.
|
||||
|
|
Loading…
Reference in a new issue