From 13c4a9f4b856a9f6a6561e8e7ab227ee23458da3 Mon Sep 17 00:00:00 2001
From: Pavel Karpy <carpawell@nspcc.ru>
Date: Mon, 10 Oct 2022 18:32:04 +0300
Subject: [PATCH] [#1332] tree: Make `SignMessage` public

It will allow reusing signing routine in other components
(e.g. `neofs-cli`).

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
---
 pkg/services/tree/replicator.go     |  2 +-
 pkg/services/tree/signature.go      |  5 ++++-
 pkg/services/tree/signature_test.go | 20 ++++++++++----------
 pkg/services/tree/sync.go           |  2 +-
 4 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/pkg/services/tree/replicator.go b/pkg/services/tree/replicator.go
index e841c3ba..818938a6 100644
--- a/pkg/services/tree/replicator.go
+++ b/pkg/services/tree/replicator.go
@@ -101,7 +101,7 @@ func (s *Service) replicateLoop(ctx context.Context) {
 
 func (s *Service) replicate(op movePair) error {
 	req := newApplyRequest(&op)
-	err := signMessage(req, s.key)
+	err := SignMessage(req, s.key)
 	if err != nil {
 		return fmt.Errorf("can't sign data: %w", err)
 	}
diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go
index 5bc710b7..eaeda596 100644
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@@ -143,7 +143,10 @@ func verifyMessage(m message) error {
 	return nil
 }
 
-func signMessage(m message, key *ecdsa.PrivateKey) error {
+// SignMessage uses the provided key and signs any protobuf
+// message that was generated for the TreeService by the
+// protoc-gen-go-neofs generator. Returns any errors directly.
+func SignMessage(m message, key *ecdsa.PrivateKey) error {
 	binBody, err := m.ReadSignedData(nil)
 	if err != nil {
 		return err
diff --git a/pkg/services/tree/signature_test.go b/pkg/services/tree/signature_test.go
index 4cdc2d73..aaab9a00 100644
--- a/pkg/services/tree/signature_test.go
+++ b/pkg/services/tree/signature_test.go
@@ -101,7 +101,7 @@ func TestMessageSign(t *testing.T) {
 		require.Error(t, s.verifyClient(req, cid2, nil, op))
 	})
 
-	require.NoError(t, signMessage(req, &privs[0].PrivateKey))
+	require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
 	require.NoError(t, s.verifyClient(req, cid1, nil, op))
 
 	t.Run("invalid CID", func(t *testing.T) {
@@ -111,12 +111,12 @@ func TestMessageSign(t *testing.T) {
 	cnr.Value.SetBasicACL(acl.Private)
 
 	t.Run("extension disabled", func(t *testing.T) {
-		require.NoError(t, signMessage(req, &privs[0].PrivateKey))
+		require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
 		require.Error(t, s.verifyClient(req, cid2, nil, op))
 	})
 
 	t.Run("invalid key", func(t *testing.T) {
-		require.NoError(t, signMessage(req, &privs[1].PrivateKey))
+		require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
 		require.Error(t, s.verifyClient(req, cid1, nil, op))
 	})
 
@@ -129,7 +129,7 @@ func TestMessageSign(t *testing.T) {
 
 		t.Run("invalid bearer", func(t *testing.T) {
 			req.Body.BearerToken = []byte{0xFF}
-			require.NoError(t, signMessage(req, &privs[0].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 		})
 
@@ -138,7 +138,7 @@ func TestMessageSign(t *testing.T) {
 			require.NoError(t, bt.Sign(privs[0].PrivateKey))
 			req.Body.BearerToken = bt.Marshal()
 
-			require.NoError(t, signMessage(req, &privs[1].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 		})
 		t.Run("invalid bearer owner", func(t *testing.T) {
@@ -146,7 +146,7 @@ func TestMessageSign(t *testing.T) {
 			require.NoError(t, bt.Sign(privs[1].PrivateKey))
 			req.Body.BearerToken = bt.Marshal()
 
-			require.NoError(t, signMessage(req, &privs[1].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 		})
 		t.Run("invalid bearer signature", func(t *testing.T) {
@@ -158,7 +158,7 @@ func TestMessageSign(t *testing.T) {
 			bv2.GetSignature().SetSign([]byte{1, 2, 3})
 			req.Body.BearerToken = bv2.StableMarshal(nil)
 
-			require.NoError(t, signMessage(req, &privs[1].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 		})
 
@@ -168,17 +168,17 @@ func TestMessageSign(t *testing.T) {
 		cnr.Value.SetBasicACL(acl.PublicRWExtended)
 
 		t.Run("put and get", func(t *testing.T) {
-			require.NoError(t, signMessage(req, &privs[1].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
 			require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 			require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
 		})
 		t.Run("only get", func(t *testing.T) {
-			require.NoError(t, signMessage(req, &privs[2].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[2].PrivateKey))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 			require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
 		})
 		t.Run("none", func(t *testing.T) {
-			require.NoError(t, signMessage(req, &privs[3].PrivateKey))
+			require.NoError(t, SignMessage(req, &privs[3].PrivateKey))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
 			require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
 		})
diff --git a/pkg/services/tree/sync.go b/pkg/services/tree/sync.go
index f467a357..7f670795 100644
--- a/pkg/services/tree/sync.go
+++ b/pkg/services/tree/sync.go
@@ -69,7 +69,7 @@ func (s *Service) synchronizeSingle(ctx context.Context, cid cid.ID, treeID stri
 				Height:      newHeight,
 			},
 		}
-		if err := signMessage(req, s.key); err != nil {
+		if err := SignMessage(req, s.key); err != nil {
 			return newHeight, err
 		}