[#1332] tree: Make SignMessage public

It will allow reusing signing routine in other components
(e.g. `neofs-cli`).

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
Pavel Karpy 2022-10-10 18:32:04 +03:00 committed by Pavel Karpy
parent 80d3c7f9d6
commit 13c4a9f4b8
4 changed files with 16 additions and 13 deletions

View file

@ -101,7 +101,7 @@ func (s *Service) replicateLoop(ctx context.Context) {
func (s *Service) replicate(op movePair) error {
req := newApplyRequest(&op)
err := signMessage(req, s.key)
err := SignMessage(req, s.key)
if err != nil {
return fmt.Errorf("can't sign data: %w", err)
}

View file

@ -143,7 +143,10 @@ func verifyMessage(m message) error {
return nil
}
func signMessage(m message, key *ecdsa.PrivateKey) error {
// SignMessage uses the provided key and signs any protobuf
// message that was generated for the TreeService by the
// protoc-gen-go-neofs generator. Returns any errors directly.
func SignMessage(m message, key *ecdsa.PrivateKey) error {
binBody, err := m.ReadSignedData(nil)
if err != nil {
return err

View file

@ -101,7 +101,7 @@ func TestMessageSign(t *testing.T) {
require.Error(t, s.verifyClient(req, cid2, nil, op))
})
require.NoError(t, signMessage(req, &privs[0].PrivateKey))
require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
require.NoError(t, s.verifyClient(req, cid1, nil, op))
t.Run("invalid CID", func(t *testing.T) {
@ -111,12 +111,12 @@ func TestMessageSign(t *testing.T) {
cnr.Value.SetBasicACL(acl.Private)
t.Run("extension disabled", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[0].PrivateKey))
require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
require.Error(t, s.verifyClient(req, cid2, nil, op))
})
t.Run("invalid key", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, nil, op))
})
@ -129,7 +129,7 @@ func TestMessageSign(t *testing.T) {
t.Run("invalid bearer", func(t *testing.T) {
req.Body.BearerToken = []byte{0xFF}
require.NoError(t, signMessage(req, &privs[0].PrivateKey))
require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
})
@ -138,7 +138,7 @@ func TestMessageSign(t *testing.T) {
require.NoError(t, bt.Sign(privs[0].PrivateKey))
req.Body.BearerToken = bt.Marshal()
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
})
t.Run("invalid bearer owner", func(t *testing.T) {
@ -146,7 +146,7 @@ func TestMessageSign(t *testing.T) {
require.NoError(t, bt.Sign(privs[1].PrivateKey))
req.Body.BearerToken = bt.Marshal()
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
})
t.Run("invalid bearer signature", func(t *testing.T) {
@ -158,7 +158,7 @@ func TestMessageSign(t *testing.T) {
bv2.GetSignature().SetSign([]byte{1, 2, 3})
req.Body.BearerToken = bv2.StableMarshal(nil)
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
})
@ -168,17 +168,17 @@ func TestMessageSign(t *testing.T) {
cnr.Value.SetBasicACL(acl.PublicRWExtended)
t.Run("put and get", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
})
t.Run("only get", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[2].PrivateKey))
require.NoError(t, SignMessage(req, &privs[2].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
})
t.Run("none", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[3].PrivateKey))
require.NoError(t, SignMessage(req, &privs[3].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
})

View file

@ -69,7 +69,7 @@ func (s *Service) synchronizeSingle(ctx context.Context, cid cid.ID, treeID stri
Height: newHeight,
},
}
if err := signMessage(req, s.key); err != nil {
if err := SignMessage(req, s.key); err != nil {
return newHeight, err
}