forked from TrueCloudLab/frostfs-api-go
service: add ExtendedHeader list to signed payload of the requests
This commit is contained in:
parent
db53e2ea39
commit
c360b7d19c
2 changed files with 24 additions and 1 deletions
|
@ -212,6 +212,7 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error {
|
|||
NewSignedBearerToken(
|
||||
src.GetBearerToken(),
|
||||
),
|
||||
ExtendedHeadersSignedData(src),
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -237,6 +238,7 @@ func VerifyRequestData(src RequestVerifyData) error {
|
|||
NewVerifiedBearerToken(
|
||||
src.GetBearerToken(),
|
||||
),
|
||||
ExtendedHeadersSignedData(src),
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -268,7 +268,7 @@ func TestVerifySignatureWithKey(t *testing.T) {
|
|||
require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src))
|
||||
}
|
||||
|
||||
func TestSignVerifyDataWithSessionToken(t *testing.T) {
|
||||
func TestSignVerifyRequestData(t *testing.T) {
|
||||
// sign with empty RequestSignedData
|
||||
require.EqualError(t,
|
||||
SignRequestData(nil, nil),
|
||||
|
@ -288,18 +288,27 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
|
|||
|
||||
bearer = wrapBearerTokenMsg(new(BearerTokenMsg))
|
||||
bearerEpoch = uint64(8)
|
||||
|
||||
extHdrKey = "key"
|
||||
extHdr = new(RequestExtendedHeader_KV)
|
||||
)
|
||||
|
||||
token.SetVerb(initVerb)
|
||||
|
||||
bearer.SetExpirationEpoch(bearerEpoch)
|
||||
|
||||
extHdr.SetK(extHdrKey)
|
||||
|
||||
// create test data with token
|
||||
src := &testSignedDataSrc{
|
||||
data: testData(t, 10),
|
||||
token: token,
|
||||
|
||||
bearer: bearer,
|
||||
|
||||
extHdrs: []ExtendedHeader{
|
||||
wrapExtendedHeaderKV(extHdr),
|
||||
},
|
||||
}
|
||||
|
||||
// create test private key
|
||||
|
@ -344,6 +353,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
|
|||
// ascertain that verification is passed
|
||||
require.NoError(t, VerifyRequestData(src))
|
||||
|
||||
// break the extended header
|
||||
extHdr.SetK(extHdrKey + "1")
|
||||
|
||||
// ascertain that verification is failed
|
||||
require.Error(t, VerifyRequestData(src))
|
||||
|
||||
// restore the extended header
|
||||
extHdr.SetK(extHdrKey)
|
||||
|
||||
// ascertain that verification is passed
|
||||
require.NoError(t, VerifyRequestData(src))
|
||||
|
||||
// wrap to data reader
|
||||
rdr := &testSignedDataReader{
|
||||
testSignedDataSrc: src,
|
||||
|
|
Loading…
Reference in a new issue