forked from TrueCloudLab/frostfs-api-go
Merge pull request #84 from nspcc-dev/session-refactor-private-token
session: refactor PrivateToken interface
This commit is contained in:
commit
ab796b81d2
4 changed files with 50 additions and 34 deletions
|
@ -13,3 +13,7 @@ const ErrNilGPRCClientConn = internal.Error("gRPC client connection is nil")
|
||||||
// ErrPrivateTokenNotFound is returned when addressed private token was
|
// ErrPrivateTokenNotFound is returned when addressed private token was
|
||||||
// not found in storage.
|
// not found in storage.
|
||||||
const ErrPrivateTokenNotFound = internal.Error("private token not found")
|
const ErrPrivateTokenNotFound = internal.Error("private token not found")
|
||||||
|
|
||||||
|
// ErrNilPrivateToken is returned by functions that expect a non-nil
|
||||||
|
// PrivateToken, but received nil.
|
||||||
|
const ErrNilPrivateToken = internal.Error("private token is nil")
|
||||||
|
|
|
@ -30,14 +30,26 @@ func NewPrivateToken(validUntil uint64) (PrivateToken, error) {
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Sign signs data with session private key.
|
// PublicSessionToken returns a binary representation of session public key.
|
||||||
func (t *pToken) Sign(data []byte) ([]byte, error) {
|
//
|
||||||
return crypto.Sign(t.sessionKey, data)
|
// If passed PrivateToken is nil, ErrNilPrivateToken returns.
|
||||||
|
// If passed PrivateToken carries nil private key, crypto.ErrEmptyPrivateKey returns.
|
||||||
|
func PublicSessionToken(pToken PrivateToken) ([]byte, error) {
|
||||||
|
if pToken == nil {
|
||||||
|
return nil, ErrNilPrivateToken
|
||||||
}
|
}
|
||||||
|
|
||||||
// PublicKey returns a binary representation of the session public key.
|
sk := pToken.PrivateKey()
|
||||||
func (t *pToken) PublicKey() []byte {
|
if sk == nil {
|
||||||
return crypto.MarshalPublicKey(&t.sessionKey.PublicKey)
|
return nil, crypto.ErrEmptyPrivateKey
|
||||||
|
}
|
||||||
|
|
||||||
|
return crypto.MarshalPublicKey(&sk.PublicKey), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// PrivateKey is a session private key getter.
|
||||||
|
func (t *pToken) PrivateKey() *ecdsa.PrivateKey {
|
||||||
|
return t.sessionKey
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *pToken) Expired(epoch uint64) bool {
|
func (t *pToken) Expired(epoch uint64) bool {
|
||||||
|
|
|
@ -1,35 +1,17 @@
|
||||||
package session
|
package session
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestPrivateToken(t *testing.T) {
|
func TestPToken_PrivateKey(t *testing.T) {
|
||||||
// create new private token
|
// create new private token
|
||||||
pToken, err := NewPrivateToken(0)
|
pToken, err := NewPrivateToken(0)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
require.NotNil(t, pToken.PrivateKey())
|
||||||
// generate data to sign
|
|
||||||
data := make([]byte, 10)
|
|
||||||
_, err = rand.Read(data)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// sign data via private token
|
|
||||||
sig, err := pToken.Sign(data)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// check signature
|
|
||||||
require.NoError(t,
|
|
||||||
crypto.Verify(
|
|
||||||
crypto.UnmarshalPublicKey(pToken.PublicKey()),
|
|
||||||
data,
|
|
||||||
sig,
|
|
||||||
),
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPToken_Expired(t *testing.T) {
|
func TestPToken_Expired(t *testing.T) {
|
||||||
|
@ -68,3 +50,27 @@ func TestPrivateTokenKey_SetTokenID(t *testing.T) {
|
||||||
|
|
||||||
require.Equal(t, tokenID, s.token)
|
require.Equal(t, tokenID, s.token)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPublicSessionToken(t *testing.T) {
|
||||||
|
var err error
|
||||||
|
|
||||||
|
// nil PrivateToken
|
||||||
|
_, err = PublicSessionToken(nil)
|
||||||
|
require.EqualError(t, err, ErrNilPrivateToken.Error())
|
||||||
|
|
||||||
|
// empty private key
|
||||||
|
var pToken PrivateToken = new(pToken)
|
||||||
|
_, err = PublicSessionToken(pToken)
|
||||||
|
require.EqualError(t, err, crypto.ErrEmptyPrivateKey.Error())
|
||||||
|
|
||||||
|
// correct PrivateToken
|
||||||
|
pToken, err = NewPrivateToken(0)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
key := pToken.PrivateKey()
|
||||||
|
require.NotNil(t, key)
|
||||||
|
|
||||||
|
res, err := PublicSessionToken(pToken)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equal(t, res, crypto.MarshalPublicKey(&key.PublicKey))
|
||||||
|
}
|
||||||
|
|
|
@ -10,14 +10,8 @@ import (
|
||||||
|
|
||||||
// PrivateToken is an interface of session private part.
|
// PrivateToken is an interface of session private part.
|
||||||
type PrivateToken interface {
|
type PrivateToken interface {
|
||||||
// PublicKey must return a binary representation of session public key.
|
// PrivateKey must return session private key.
|
||||||
PublicKey() []byte
|
PrivateKey() *ecdsa.PrivateKey
|
||||||
|
|
||||||
// Sign must return the signature of passed data.
|
|
||||||
//
|
|
||||||
// Resulting signature must be verified by crypto.Verify function
|
|
||||||
// with the session public key.
|
|
||||||
Sign([]byte) ([]byte, error)
|
|
||||||
|
|
||||||
// Expired must return true if and only if private token is expired in the given epoch number.
|
// Expired must return true if and only if private token is expired in the given epoch number.
|
||||||
Expired(uint64) bool
|
Expired(uint64) bool
|
||||||
|
|
Loading…
Reference in a new issue