forked from TrueCloudLab/frostfs-node
[#562] pkg: remove nspcc-dev/neofs-crypto
dependency
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
parent
5cab0026c3
commit
9142c778c7
7 changed files with 51 additions and 38 deletions
1
go.mod
1
go.mod
|
@ -14,7 +14,6 @@ require (
|
||||||
github.com/nspcc-dev/hrw v1.0.9
|
github.com/nspcc-dev/hrw v1.0.9
|
||||||
github.com/nspcc-dev/neo-go v0.95.1
|
github.com/nspcc-dev/neo-go v0.95.1
|
||||||
github.com/nspcc-dev/neofs-api-go v1.27.1
|
github.com/nspcc-dev/neofs-api-go v1.27.1
|
||||||
github.com/nspcc-dev/neofs-crypto v0.3.0
|
|
||||||
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20210520210714-9dee13f0d556
|
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20210520210714-9dee13f0d556
|
||||||
github.com/nspcc-dev/tzhash v1.4.0
|
github.com/nspcc-dev/tzhash v1.4.0
|
||||||
github.com/panjf2000/ants/v2 v2.3.0
|
github.com/panjf2000/ants/v2 v2.3.0
|
||||||
|
|
|
@ -2,15 +2,17 @@ package object
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"crypto/ecdsa"
|
||||||
|
"crypto/elliptic"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
|
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
|
||||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -106,7 +108,12 @@ func (v *FormatValidator) validateSignatureKey(obj *Object) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error {
|
func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error {
|
||||||
wallet, err := owner.NEO3WalletFromPublicKey(crypto.UnmarshalPublicKey(key))
|
pub, err := keys.NewPublicKeyFromBytes(key, elliptic.P256())
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(pub))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// TODO: check via NeoFSID
|
// TODO: check via NeoFSID
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -8,13 +8,13 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test"
|
cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
sessiontest "github.com/nspcc-dev/neofs-api-go/pkg/session/test"
|
sessiontest "github.com/nspcc-dev/neofs-api-go/pkg/session/test"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
|
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
|
||||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/util/test"
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -65,7 +65,8 @@ func TestFormatValidator_Validate(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
)
|
)
|
||||||
|
|
||||||
ownerKey := test.DecodeKey(-1)
|
ownerKey, err := keys.NewPrivateKey()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
t.Run("nil input", func(t *testing.T) {
|
t.Run("nil input", func(t *testing.T) {
|
||||||
require.Error(t, v.Validate(nil))
|
require.Error(t, v.Validate(nil))
|
||||||
|
@ -93,7 +94,7 @@ func TestFormatValidator_Validate(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("correct w/ session token", func(t *testing.T) {
|
t.Run("correct w/ session token", func(t *testing.T) {
|
||||||
w, err := owner.NEO3WalletFromPublicKey(&ownerKey.PublicKey)
|
w, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(ownerKey.PublicKey()))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
tok := sessiontest.Generate()
|
tok := sessiontest.Generate()
|
||||||
|
@ -104,15 +105,15 @@ func TestFormatValidator_Validate(t *testing.T) {
|
||||||
obj.SetSessionToken(sessiontest.Generate())
|
obj.SetSessionToken(sessiontest.Generate())
|
||||||
obj.SetOwnerID(tok.OwnerID())
|
obj.SetOwnerID(tok.OwnerID())
|
||||||
|
|
||||||
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK()))
|
require.NoError(t, object.SetIDWithSignature(&ownerKey.PrivateKey, obj.SDK()))
|
||||||
|
|
||||||
require.NoError(t, v.Validate(obj.Object()))
|
require.NoError(t, v.Validate(obj.Object()))
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("correct w/o session token", func(t *testing.T) {
|
t.Run("correct w/o session token", func(t *testing.T) {
|
||||||
obj := blankValidObject(t, ownerKey)
|
obj := blankValidObject(t, &ownerKey.PrivateKey)
|
||||||
|
|
||||||
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK()))
|
require.NoError(t, object.SetIDWithSignature(&ownerKey.PrivateKey, obj.SDK()))
|
||||||
|
|
||||||
require.NoError(t, v.Validate(obj.Object()))
|
require.NoError(t, v.Validate(obj.Object()))
|
||||||
})
|
})
|
||||||
|
@ -187,7 +188,7 @@ func TestFormatValidator_Validate(t *testing.T) {
|
||||||
|
|
||||||
t.Run("expiration", func(t *testing.T) {
|
t.Run("expiration", func(t *testing.T) {
|
||||||
fn := func(val string) *Object {
|
fn := func(val string) *Object {
|
||||||
obj := blankValidObject(t, ownerKey)
|
obj := blankValidObject(t, &ownerKey.PrivateKey)
|
||||||
|
|
||||||
a := object.NewAttribute()
|
a := object.NewAttribute()
|
||||||
a.SetKey(objectV2.SysAttributeExpEpoch)
|
a.SetKey(objectV2.SysAttributeExpEpoch)
|
||||||
|
@ -195,7 +196,7 @@ func TestFormatValidator_Validate(t *testing.T) {
|
||||||
|
|
||||||
obj.SetAttributes(a)
|
obj.SetAttributes(a)
|
||||||
|
|
||||||
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK()))
|
require.NoError(t, object.SetIDWithSignature(&ownerKey.PrivateKey, obj.SDK()))
|
||||||
|
|
||||||
return obj.Object()
|
return obj.Object()
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
||||||
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||||
|
@ -16,7 +17,6 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
core "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
core "github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
|
||||||
|
@ -589,7 +589,7 @@ func stickyBitCheck(info requestInfo, owner *owner.ID) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
requestSenderKey := crypto.UnmarshalPublicKey(info.senderKey)
|
requestSenderKey := unmarshalPublicKey(info.senderKey)
|
||||||
|
|
||||||
return isOwnerFromKey(owner, requestSenderKey)
|
return isOwnerFromKey(owner, requestSenderKey)
|
||||||
}
|
}
|
||||||
|
@ -726,7 +726,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. Then check if container owner signed this token.
|
// 3. Then check if container owner signed this token.
|
||||||
tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey())
|
tokenIssuerKey := unmarshalPublicKey(token.GetSignature().GetKey())
|
||||||
if !isOwnerFromKey(reqInfo.cnrOwner, tokenIssuerKey) {
|
if !isOwnerFromKey(reqInfo.cnrOwner, tokenIssuerKey) {
|
||||||
// todo: in this case we can issue all owner keys from neofs.id and check once again
|
// todo: in this case we can issue all owner keys from neofs.id and check once again
|
||||||
return false
|
return false
|
||||||
|
@ -735,7 +735,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
|
||||||
// 4. Then check if request sender has rights to use this token.
|
// 4. Then check if request sender has rights to use this token.
|
||||||
tokenOwnerField := owner.NewIDFromV2(token.GetBody().GetOwnerID())
|
tokenOwnerField := owner.NewIDFromV2(token.GetBody().GetOwnerID())
|
||||||
if tokenOwnerField != nil { // see bearer token owner field description
|
if tokenOwnerField != nil { // see bearer token owner field description
|
||||||
requestSenderKey := crypto.UnmarshalPublicKey(reqInfo.senderKey)
|
requestSenderKey := unmarshalPublicKey(reqInfo.senderKey)
|
||||||
if !isOwnerFromKey(tokenOwnerField, requestSenderKey) {
|
if !isOwnerFromKey(tokenOwnerField, requestSenderKey) {
|
||||||
// todo: in this case we can issue all owner keys from neofs.id and check once again
|
// todo: in this case we can issue all owner keys from neofs.id and check once again
|
||||||
return false
|
return false
|
||||||
|
@ -754,12 +754,12 @@ func isValidLifetime(lifetime *bearer.TokenLifetime, epoch uint64) bool {
|
||||||
return epoch >= lifetime.GetNbf() && epoch <= lifetime.GetExp()
|
return epoch >= lifetime.GetNbf() && epoch <= lifetime.GetExp()
|
||||||
}
|
}
|
||||||
|
|
||||||
func isOwnerFromKey(id *owner.ID, key *ecdsa.PublicKey) bool {
|
func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
|
||||||
if id == nil || key == nil {
|
if id == nil || key == nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
wallet, err := owner.NEO3WalletFromPublicKey(key)
|
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(key))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,10 @@ package acl
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/ecdsa"
|
"crypto/ecdsa"
|
||||||
|
"crypto/elliptic"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg"
|
"github.com/nspcc-dev/neofs-api-go/pkg"
|
||||||
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
acl "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
|
@ -15,7 +17,6 @@ import (
|
||||||
bearer "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
bearer "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
core "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
core "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
)
|
)
|
||||||
|
@ -61,7 +62,7 @@ func (c SenderClassifier) Classify(
|
||||||
return 0, false, nil, err
|
return 0, false, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
ownerKeyInBytes := crypto.MarshalPublicKey(ownerKey)
|
ownerKeyInBytes := ownerKey.Bytes()
|
||||||
|
|
||||||
// todo: get owner from neofs.id if present
|
// todo: get owner from neofs.id if present
|
||||||
|
|
||||||
|
@ -94,7 +95,7 @@ func (c SenderClassifier) Classify(
|
||||||
return acl.RoleOthers, false, ownerKeyInBytes, nil
|
return acl.RoleOthers, false, ownerKeyInBytes, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func requestOwner(req metaWithToken) (*owner.ID, *ecdsa.PublicKey, error) {
|
func requestOwner(req metaWithToken) (*owner.ID, *keys.PublicKey, error) {
|
||||||
if req.vheader == nil {
|
if req.vheader == nil {
|
||||||
return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest)
|
return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest)
|
||||||
}
|
}
|
||||||
|
@ -111,8 +112,8 @@ func requestOwner(req metaWithToken) (*owner.ID, *ecdsa.PublicKey, error) {
|
||||||
return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest)
|
return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest)
|
||||||
}
|
}
|
||||||
|
|
||||||
key := crypto.UnmarshalPublicKey(bodySignature.Key())
|
key := unmarshalPublicKey(bodySignature.Key())
|
||||||
neo3wallet, err := owner.NEO3WalletFromPublicKey(key)
|
neo3wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(key))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("can't create neo3 wallet: %w", err)
|
return nil, nil, fmt.Errorf("can't create neo3 wallet: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -196,7 +197,7 @@ func lookupKeyInContainer(
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func ownerFromToken(token *session.SessionToken) (*owner.ID, *ecdsa.PublicKey, error) {
|
func ownerFromToken(token *session.SessionToken) (*owner.ID, *keys.PublicKey, error) {
|
||||||
// 1. First check signature of session token.
|
// 1. First check signature of session token.
|
||||||
signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()}
|
signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()}
|
||||||
if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) {
|
if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) {
|
||||||
|
@ -207,7 +208,7 @@ func ownerFromToken(token *session.SessionToken) (*owner.ID, *ecdsa.PublicKey, e
|
||||||
}
|
}
|
||||||
|
|
||||||
// 2. Then check if session token owner issued the session token
|
// 2. Then check if session token owner issued the session token
|
||||||
tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey())
|
tokenIssuerKey := unmarshalPublicKey(token.GetSignature().GetKey())
|
||||||
tokenOwner := owner.NewIDFromV2(token.GetBody().GetOwnerID())
|
tokenOwner := owner.NewIDFromV2(token.GetBody().GetOwnerID())
|
||||||
|
|
||||||
if !isOwnerFromKey(tokenOwner, tokenIssuerKey) {
|
if !isOwnerFromKey(tokenOwner, tokenIssuerKey) {
|
||||||
|
@ -217,3 +218,11 @@ func ownerFromToken(token *session.SessionToken) (*owner.ID, *ecdsa.PublicKey, e
|
||||||
|
|
||||||
return tokenOwner, tokenIssuerKey, nil
|
return tokenOwner, tokenIssuerKey, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func unmarshalPublicKey(bs []byte) *keys.PublicKey {
|
||||||
|
pub, err := keys.NewPublicKeyFromBytes(bs, elliptic.P256())
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return pub
|
||||||
|
}
|
||||||
|
|
|
@ -1,20 +1,20 @@
|
||||||
package v2
|
package v2
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/ecdsa"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
|
||||||
cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test"
|
cidtest "github.com/nspcc-dev/neofs-api-go/pkg/container/id/test"
|
||||||
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object"
|
||||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/core/object"
|
"github.com/nspcc-dev/neofs-node/pkg/core/object"
|
||||||
eacl2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
eacl2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/util/test"
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -111,14 +111,16 @@ func TestHeadRequest(t *testing.T) {
|
||||||
|
|
||||||
table := new(eacl.Table)
|
table := new(eacl.Table)
|
||||||
|
|
||||||
senderKey := test.DecodeKey(-1).PublicKey
|
priv, err := keys.NewPrivateKey()
|
||||||
|
require.NoError(t, err)
|
||||||
|
senderKey := priv.PublicKey()
|
||||||
|
|
||||||
r := eacl.NewRecord()
|
r := eacl.NewRecord()
|
||||||
r.SetOperation(eacl.OperationHead)
|
r.SetOperation(eacl.OperationHead)
|
||||||
r.SetAction(eacl.ActionDeny)
|
r.SetAction(eacl.ActionDeny)
|
||||||
r.AddFilter(eacl.HeaderFromObject, eacl.MatchStringEqual, attrKey, attrVal)
|
r.AddFilter(eacl.HeaderFromObject, eacl.MatchStringEqual, attrKey, attrVal)
|
||||||
r.AddFilter(eacl.HeaderFromRequest, eacl.MatchStringEqual, xKey, xVal)
|
r.AddFilter(eacl.HeaderFromRequest, eacl.MatchStringEqual, xKey, xVal)
|
||||||
eacl.AddFormedTarget(r, eacl.RoleUnknown, senderKey)
|
eacl.AddFormedTarget(r, eacl.RoleUnknown, (ecdsa.PublicKey)(*senderKey))
|
||||||
|
|
||||||
table.AddRecord(r)
|
table.AddRecord(r)
|
||||||
|
|
||||||
|
@ -132,7 +134,7 @@ func TestHeadRequest(t *testing.T) {
|
||||||
unit := new(eacl2.ValidationUnit).
|
unit := new(eacl2.ValidationUnit).
|
||||||
WithContainerID(cid).
|
WithContainerID(cid).
|
||||||
WithOperation(eacl.OperationHead).
|
WithOperation(eacl.OperationHead).
|
||||||
WithSenderKey(crypto.MarshalPublicKey(&senderKey)).
|
WithSenderKey(senderKey.Bytes()).
|
||||||
WithHeaderSource(
|
WithHeaderSource(
|
||||||
NewMessageHeaderSource(
|
NewMessageHeaderSource(
|
||||||
WithObjectStorage(lStorage),
|
WithObjectStorage(lStorage),
|
||||||
|
|
|
@ -2,16 +2,13 @@ package storage
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/ecdsa"
|
|
||||||
"crypto/elliptic"
|
|
||||||
"crypto/rand"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/mr-tron/base58"
|
"github.com/mr-tron/base58"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
|
func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
|
||||||
|
@ -30,7 +27,7 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
|
||||||
return nil, fmt.Errorf("could not marshal token ID: %w", err)
|
return nil, fmt.Errorf("could not marshal token ID: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
sk, err := keys.NewPrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -40,16 +37,14 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
|
||||||
tokenID: base58.Encode(uidBytes),
|
tokenID: base58.Encode(uidBytes),
|
||||||
ownerID: base58.Encode(ownerBytes),
|
ownerID: base58.Encode(ownerBytes),
|
||||||
}] = &PrivateToken{
|
}] = &PrivateToken{
|
||||||
sessionKey: sk,
|
sessionKey: &sk.PrivateKey,
|
||||||
exp: body.GetExpiration(),
|
exp: body.GetExpiration(),
|
||||||
}
|
}
|
||||||
s.mtx.Unlock()
|
s.mtx.Unlock()
|
||||||
|
|
||||||
res := new(session.CreateResponseBody)
|
res := new(session.CreateResponseBody)
|
||||||
res.SetID(uidBytes)
|
res.SetID(uidBytes)
|
||||||
res.SetSessionKey(
|
res.SetSessionKey(sk.PublicKey().Bytes())
|
||||||
crypto.MarshalPublicKey(&sk.PublicKey),
|
|
||||||
)
|
|
||||||
|
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue