diff --git a/service/verify.go b/service/verify.go index a6ac3a5..48e2871 100644 --- a/service/verify.go +++ b/service/verify.go @@ -6,6 +6,7 @@ import ( "github.com/gogo/protobuf/proto" crypto "github.com/nspcc-dev/neofs-crypto" "github.com/nspcc-dev/neofs-proto/internal" + "github.com/nspcc-dev/neofs-proto/refs" "github.com/pkg/errors" ) @@ -35,6 +36,9 @@ const ( // ErrCannotFindOwner is raised when signatures empty in GetOwner. ErrCannotFindOwner = internal.Error("cannot find owner public key") + + // ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey + ErrWrongOwner = internal.Error("wrong owner") ) // SetSignatures replaces signatures stored in RequestVerificationHeader. @@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte) } } +// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner. +func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error { + if key, err := m.GetOwner(); err != nil { + return err + } else if user, err := refs.NewOwnerID(key); err != nil { + return err + } else if !user.Equal(owner) { + return ErrWrongOwner + } + return nil +} + // GetOwner tries to get owner (client) public key from signatures. // If signatures contains not empty Origin, we should try to validate, // that session key was signed by owner (client), otherwise return error.