forked from TrueCloudLab/frostfs-api-go
dfc2dd8a78
In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally.
81 lines
1.5 KiB
Go
81 lines
1.5 KiB
Go
package session
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"sync"
|
|
|
|
"github.com/nspcc-dev/neofs-api-go/refs"
|
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
)
|
|
|
|
type simpleStore struct {
|
|
*sync.RWMutex
|
|
|
|
tokens map[TokenID]PrivateToken
|
|
}
|
|
|
|
// TODO get curve from neofs-crypto
|
|
func defaultCurve() elliptic.Curve {
|
|
return elliptic.P256()
|
|
}
|
|
|
|
// NewSimpleStore creates simple token storage
|
|
func NewSimpleStore() TokenStore {
|
|
return &simpleStore{
|
|
RWMutex: new(sync.RWMutex),
|
|
tokens: make(map[TokenID]PrivateToken),
|
|
}
|
|
}
|
|
|
|
// New returns new token with specified parameters.
|
|
func (s *simpleStore) New(p TokenParams) PrivateToken {
|
|
tid, err := refs.NewUUID()
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
key, err := ecdsa.GenerateKey(defaultCurve(), rand.Reader)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
if p.FirstEpoch > p.LastEpoch || p.OwnerID.Empty() {
|
|
return nil
|
|
}
|
|
|
|
token := new(Token)
|
|
token.SetID(tid)
|
|
token.SetOwnerID(p.OwnerID)
|
|
token.SetVerb(p.Verb)
|
|
token.SetAddress(p.Address)
|
|
token.SetCreationEpoch(p.FirstEpoch)
|
|
token.SetExpirationEpoch(p.LastEpoch)
|
|
token.SetSessionKey(crypto.MarshalPublicKey(&key.PublicKey))
|
|
|
|
t := &pToken{
|
|
sessionKey: key,
|
|
}
|
|
|
|
s.Lock()
|
|
s.tokens[tid] = t
|
|
s.Unlock()
|
|
|
|
return t
|
|
}
|
|
|
|
// Fetch tries to fetch a token with specified id.
|
|
func (s *simpleStore) Fetch(id TokenID) PrivateToken {
|
|
s.RLock()
|
|
defer s.RUnlock()
|
|
|
|
return s.tokens[id]
|
|
}
|
|
|
|
// Remove removes token with id from store.
|
|
func (s *simpleStore) Remove(id TokenID) {
|
|
s.Lock()
|
|
delete(s.tokens, id)
|
|
s.Unlock()
|
|
}
|