frostfs-node/pkg/services/tree/signature.go

45 lines
990 B
Go
Raw Normal View History

package tree
import (
"crypto/ecdsa"
"crypto/elliptic"
"errors"
"fmt"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-api-go/v2/signature"
cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
"github.com/nspcc-dev/neofs-sdk-go/user"
)
func (s *Service) verifyClient(req interface{}, cid cidSDK.ID, rawKey []byte) error {
// TODO(@fyrchik): #1328 access control
return nil
//nolint:govet
err := signature.VerifyServiceMessage(req)
if err != nil {
return err
}
cnr, err := s.cnrSource.Get(cid)
if err != nil {
return fmt.Errorf("can't get container %s: %w", cid, err)
}
ownerID := cnr.Value.Owner()
pub, err := keys.NewPublicKeyFromBytes(rawKey, elliptic.P256())
if err != nil {
return fmt.Errorf("invalid public key: %w", err)
}
var actualID user.ID
user.IDFromKey(&actualID, (ecdsa.PublicKey)(*pub))
if !actualID.Equals(ownerID) {
return errors.New("`Move` request must be signed by a container owner")
}
return nil
}