forked from TrueCloudLab/frostfs-api-go
service: ad BearerToken to signed payload of the requests
This commit is contained in:
Leonard Lyubich
parent
3f7d3f8a86
commit
a3569ad99e
3 changed files with 26 additions and 1 deletions
|
|
@ -209,6 +209,9 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error {
|
||||||
NewSignedSessionToken(
|
NewSignedSessionToken(
|
||||||
src.GetSessionToken(),
|
src.GetSessionToken(),
|
||||||
),
|
),
|
||||||
|
NewSignedBearerToken(
|
||||||
|
src.GetBearerToken(),
|
||||||
|
),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -231,6 +234,9 @@ func VerifyRequestData(src RequestVerifyData) error {
|
||||||
NewVerifiedSessionToken(
|
NewVerifiedSessionToken(
|
||||||
src.GetSessionToken(),
|
src.GetSessionToken(),
|
||||||
),
|
),
|
||||||
|
NewVerifiedBearerToken(
|
||||||
|
src.GetBearerToken(),
|
||||||
|
),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
||||||
|
|
@ -279,14 +279,21 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
|
||||||
var (
|
var (
|
||||||
token = new(Token)
|
token = new(Token)
|
||||||
initVerb = Token_Info_Verb(1)
|
initVerb = Token_Info_Verb(1)
|
||||||
|
|
||||||
|
bearer = wrapBearerTokenMsg(new(BearerTokenMsg))
|
||||||
|
bearerEpoch = uint64(8)
|
||||||
)
|
)
|
||||||
|
|
||||||
token.SetVerb(initVerb)
|
token.SetVerb(initVerb)
|
||||||
|
|
||||||
|
bearer.SetExpirationEpoch(bearerEpoch)
|
||||||
|
|
||||||
// create test data with token
|
// create test data with token
|
||||||
src := &testSignedDataSrc{
|
src := &testSignedDataSrc{
|
||||||
data: testData(t, 10),
|
data: testData(t, 10),
|
||||||
token: token,
|
token: token,
|
||||||
|
|
||||||
|
bearer: bearer,
|
||||||
}
|
}
|
||||||
|
|
||||||
// create test private key
|
// create test private key
|
||||||
|
|
@ -319,6 +326,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
|
||||||
// ascertain that verification is passed
|
// ascertain that verification is passed
|
||||||
require.NoError(t, VerifyRequestData(src))
|
require.NoError(t, VerifyRequestData(src))
|
||||||
|
|
||||||
|
// break the Bearer token
|
||||||
|
bearer.SetExpirationEpoch(bearerEpoch + 1)
|
||||||
|
|
||||||
|
// ascertain that verification is failed
|
||||||
|
require.Error(t, VerifyRequestData(src))
|
||||||
|
|
||||||
|
// restore the Bearer token
|
||||||
|
bearer.SetExpirationEpoch(bearerEpoch)
|
||||||
|
|
||||||
|
// ascertain that verification is passed
|
||||||
|
require.NoError(t, VerifyRequestData(src))
|
||||||
|
|
||||||
// wrap to data reader
|
// wrap to data reader
|
||||||
rdr := &testSignedDataReader{
|
rdr := &testSignedDataReader{
|
||||||
testSignedDataSrc: src,
|
testSignedDataSrc: src,
|
||||||
|
|
|
||||||
|
|
@ -104,7 +104,7 @@ func (t testCustomField) MarshalTo(data []byte) (int, error) { return 0, nil }
|
||||||
// Marshal skip, it's for test usage only.
|
// Marshal skip, it's for test usage only.
|
||||||
func (t testCustomField) Marshal() ([]byte, error) { return nil, nil }
|
func (t testCustomField) Marshal() ([]byte, error) { return nil, nil }
|
||||||
|
|
||||||
// GetBearerToken returns wraps Bearer field and return BearerToken interface.
|
// GetBearerToken wraps Bearer field and return BearerToken interface.
|
||||||
//
|
//
|
||||||
// If Bearer field value is nil, nil returns.
|
// If Bearer field value is nil, nil returns.
|
||||||
func (m RequestVerificationHeader) GetBearerToken() BearerToken {
|
func (m RequestVerificationHeader) GetBearerToken() BearerToken {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue