diff --git a/pkg/services/object/sign.go b/pkg/services/object/sign.go index 9d66c76b..4eb5be36 100644 --- a/pkg/services/object/sign.go +++ b/pkg/services/object/sign.go @@ -54,7 +54,7 @@ func (s *getStreamSigner) Send(resp *object.GetResponse) error { } func (s *SignService) Get(req *object.GetRequest, stream GetObjectStream) error { - return s.sigSvc.HandleServerStreamRequest(req, + return s.sigSvc.HandleServerStreamRequest(stream.Context(), req, func(resp util.ResponseMessage) error { return stream.Send(resp.(*object.GetResponse)) }, @@ -126,7 +126,7 @@ func (s *searchStreamSigner) Send(resp *object.SearchResponse) error { } func (s *SignService) Search(req *object.SearchRequest, stream SearchStream) error { - return s.sigSvc.HandleServerStreamRequest(req, + return s.sigSvc.HandleServerStreamRequest(stream.Context(), req, func(resp util.ResponseMessage) error { return stream.Send(resp.(*object.SearchResponse)) }, @@ -176,7 +176,7 @@ func (s *getRangeStreamSigner) Send(resp *object.GetRangeResponse) error { } func (s *SignService) GetRange(req *object.GetRangeRequest, stream GetObjectRangeStream) error { - return s.sigSvc.HandleServerStreamRequest(req, + return s.sigSvc.HandleServerStreamRequest(stream.Context(), req, func(resp util.ResponseMessage) error { return stream.Send(resp.(*object.GetRangeResponse)) }, diff --git a/pkg/services/util/sign.go b/pkg/services/util/sign.go index cb4be308..dbfde705 100644 --- a/pkg/services/util/sign.go +++ b/pkg/services/util/sign.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" + "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/pkg/tracing" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session" "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature" apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status" @@ -67,8 +68,7 @@ func (s *RequestMessageStreamer) Send(ctx context.Context, req any) error { var err error - // verify request signatures - if err = signature.VerifyServiceMessage(req); err != nil { + if err = verifyRequestSignature(ctx, req); err != nil { err = fmt.Errorf("could not verify request: %w", err) } else { err = s.send(ctx, req) @@ -112,7 +112,7 @@ func (s *RequestMessageStreamer) CloseAndRecv(ctx context.Context) (ResponseMess setStatusV2(resp, err) } - if err = signResponse(s.key, resp, s.statusSupported); err != nil { + if err = signResponse(ctx, s.key, resp, s.statusSupported); err != nil { return nil, err } @@ -130,6 +130,7 @@ func (s *SignService) CreateRequestStreamer(sender RequestMessageWriter, closer } func (s *SignService) HandleServerStreamRequest( + ctx context.Context, req any, respWriter ResponseMessageWriter, blankResp ResponseConstructor, @@ -142,12 +143,11 @@ func (s *SignService) HandleServerStreamRequest( var err error - // verify request signatures - if err = signature.VerifyServiceMessage(req); err != nil { + if err = verifyRequestSignature(ctx, req); err != nil { err = fmt.Errorf("could not verify request: %w", err) } else { err = respWriterCaller(func(resp ResponseMessage) error { - if err := signResponse(s.key, resp, statusSupported); err != nil { + if err := signResponse(ctx, s.key, resp, statusSupported); err != nil { return err } @@ -164,7 +164,7 @@ func (s *SignService) HandleServerStreamRequest( setStatusV2(resp, err) - _ = signResponse(s.key, resp, false) // panics or returns nil with false arg + _ = signResponse(ctx, s.key, resp, false) // panics or returns nil with false arg return respWriter(resp) } @@ -183,8 +183,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U err error ) - // verify request signatures - if err = signature.VerifyServiceMessage(req); err != nil { + if err = verifyRequestSignature(ctx, req); err != nil { var sigErr apistatus.SignatureVerification sigErr.SetMessage(err.Error()) @@ -205,7 +204,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U } // sign the response - if err = signResponse(s.key, resp, statusSupported); err != nil { + if err = signResponse(ctx, s.key, resp, statusSupported); err != nil { return nil, err } @@ -233,7 +232,10 @@ func setStatusV2(resp ResponseMessage, err error) { // The signature error affects the result depending on the protocol version: // - if status return is supported, panics since we cannot return the failed status, because it will not be signed; // - otherwise, returns error in order to transport it directly. -func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error { +func signResponse(ctx context.Context, key *ecdsa.PrivateKey, resp any, statusSupported bool) error { + _, span := tracing.StartSpanFromContext(ctx, "signResponse") + defer span.End() + err := signature.SignServiceMessage(key, resp) if err != nil { err = fmt.Errorf("could not sign response: %w", err) @@ -247,3 +249,10 @@ func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error { return err } + +func verifyRequestSignature(ctx context.Context, req any) error { + _, span := tracing.StartSpanFromContext(ctx, "verifyRequestSignature") + defer span.End() + + return signature.VerifyServiceMessage(req) +}