Add `sessiontest.GenerateSigned` function which returns signed random token.
Clarify that `sessiontest.Generate` returns an unsigned token. Use these
functions to assert the correctness of `Sign` / `VerifySignature` methods.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement `Token.Sign` method which calculates signature of the data of the
`Token` and writes the signature into it. Implement `Token.VerifySignature`
which checks if `Token` signature is presented and valid. These methods
allow to abstract the external context from the details of what kind of data
is being signed and how the signature is stored.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Create `ownertest` package with functions which generate random `owner.ID`
instances. These functions is going to be used for testing.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Nil slice of records of the `Table` should be converted to nil slice in
corresponding field of API v2 message structure.
Add nil-check in `Table.ToV2` implementation. The changes fix corresponding
unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Document field values of instance constructed via `NewTable`. Assert the
values in corresponding unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Nil slices of targets and filters of the `Record` should be converted to nil
slices in corresponding fields of API v2 message structure.
Add nil-check in `Record.ToV2` implementation. The changes fix corresponding
unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Document field values of instance constructed via `NewRecord`. Assert the
values in corresponding unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Document field values of instance constructed via `NewTarget`. Assert the
values in corresponding unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Document field values of instance constructed via `NewFilter`. Assert the
values in corresponding unit test.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call `SetSessionToken` and `SetSignature` methods on resulting eACL table
with items from response body. From now eACL signature can be accessed from
the table itself, so `EACLWithSignature.Signature` is marked deprecated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Write session token of `container.Container` to container SetExtendedACL
request body inside `client.SetEACL` call.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Call `SetSessionToken` and `SetSignature` methods on resulting container
with items from response body.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Write session token of `container.Container` to container PUT request body
during `client.PutContainer` call.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Extended ACL table can be set within a session, and should be signed.
Add `SessionToken` / `SetSessionToken` (`Signature` / `SetSignature`)
methods to carry session token (signature) in `Table` structure.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to add session token to `eacl.Table` structure. To do this,
we need to replace `token.SessionToken` type to another package since `eacl`
package imports `token` one (potential cross-import).
Create `pkg/session` package and replace session token implementation to it.
Related API in `container` package is deprecated from now.
Additionally implement test generator of random session tokens.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Container can be created within a session, and should be signed.
Add `SessionToken` / `SetSessionToken` (`Signature` / `SetSignature`)
methods to carry session token (signature) in `Container` structure.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In order to prevent potential cross imports, container ID should be defined
in a separate package as a base type. A similar approach was used in the
NeoFS API design.
Create `pkg/container/id` package and replace container ID implementation to
it. Related API in `container` package is deprecated from now.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Since raw client initialization is
postponed until the first `Raw()` function
call, there is no need to init empty(
without options) raw client in constructor.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Add `WithTLSConfig` option to client.
If it is not nil then client will
try to open secured connection.
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
Allocate capacity instead of length of the slice to write the object payload
range since each chunk is written through `append`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Change accepted/returned value type of `SetTrust` / `Trust` methods of
`SendIntermediateTrustPrm` structure to `reputation.PeerToPeerTrust`.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make `Client` to be the wrapper over raw protobuf client. Provide public
method to get the underlying raw client. Change implementations of all
methods with the new approach of the RPC execution.
Additional changes:
* key replaced from `New` argument to `WithDefaultPrivateKey` option;
* `GetSelfBalance` is removed as non-viable;
* `GetEACLWithSignature` is removed, `GetEACL` returns `EACLWithSignature`;
* `AttachSessionToken` / `AttachBearerToken` are removed as non-viable;
* redundant options are removed.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Make it easier to test API clients and mock specific methods.
Also add comments on exported methods.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
Allow to reuse underlying connection for requests
with different key. If no key is specified the one
provided on client creation is used.
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
Rename `PriceAttr` constant to `AttrPrice`. Rename `CapacityAttr` constant
to `AttrCapacity`. Add documentation to both of them.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
If CBF value is not set, then netmap package uses default CBF
value. However it modifies placement policy structure in
`GetContainerNodes()` because policy passed as a pointer.
Instead package can store CBF value in internal context and use
it without policy modification.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Object payload transferred in chunks. Size of the
chunks may be limited by transport protocols. To
split it we use `io.CopyBuffer` with pre-allocated
buffer size of one chunk. However this function may
ignore buffer if reader or writer implements
`WriteTo` or `ReadFrom` methods. Unfortunately
`bytes.Reader` implements `WriteTo` function.
To fix this we wrap reader so wrapper implements
only `io.Reader` interface.
Related to github.com/nspcc-dev/neofs-node/issues/338
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Make Client.GetContainer method to return an error if received container
structure does not meet NeoFS API specification.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Implement NonceUUID/SetNonceUUID methods on container structure. Change
implementation of Nonce/SetNonce methods and mark them deprecated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
GetContainer method reads container structure by identifier from the
network. In some cases it is required to additionally check the
correspondence of the container structure to the identifier as a hash from
the binary representation. To do this, a new function
GetVerifiedContainerStructure is defined to execute the check after
receiving the container.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
In previous implementation Target provided Keys/SetKeys methods which
allowed working with ECDSA keys. There was also a bug in the NewTargetFromV2
function when the binary key differed in format from the ECDSA key. New
BinaryKeys/SetBinaryKeys methods work with binary keys. To work with ECDSA
keys added functions TargetECDSAKeys/SetTargetECDSAKeys. Old methods are
left and marked deprecated.
Type Record provided an interface for adding a Target by Role and a list of
ECDSA keys. New SetTargets method allows to set the list of Target's,
AddTarget function allows to add a single Target. AddFormedTarget works like
old AddTarget method, which is now deprecated.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
GetEACL method of Client receives eACL table with signature, verifies the
signature and return the table. In some cases we need to receive table and
signature regardless of their correctness. New method GetEACLWithSignature
provides such an opportunity.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
Extended ACL tables should be signed with RFC-6979 standard. Fix Client
.GetEACL implementation to verify eACL signature with SignRFC6979 option.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
There is a need to set dial timeout in SDK client that is used in case of
internal connection opening. Add DialTimeout option constructor to support
this feature.
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
According to API object.Head response contains signature of
object ID rather than signature of object header itself.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
Inverted values for `root` and `phy` filters now are not supported.
Therefore these filters works like flags. It either presented in
search query or not.
Signed-off-by: Alex Vanin <alexey@nspcc.ru>