diff --git a/pkg/services/tree/replicator.go b/pkg/services/tree/replicator.go index e841c3baf..818938a63 100644 --- a/pkg/services/tree/replicator.go +++ b/pkg/services/tree/replicator.go @@ -101,7 +101,7 @@ func (s *Service) replicateLoop(ctx context.Context) { func (s *Service) replicate(op movePair) error { req := newApplyRequest(&op) - err := signMessage(req, s.key) + err := SignMessage(req, s.key) if err != nil { return fmt.Errorf("can't sign data: %w", err) } diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go index 5bc710b77..eaeda5961 100644 --- a/pkg/services/tree/signature.go +++ b/pkg/services/tree/signature.go @@ -143,7 +143,10 @@ func verifyMessage(m message) error { return nil } -func signMessage(m message, key *ecdsa.PrivateKey) error { +// SignMessage uses the provided key and signs any protobuf +// message that was generated for the TreeService by the +// protoc-gen-go-neofs generator. Returns any errors directly. +func SignMessage(m message, key *ecdsa.PrivateKey) error { binBody, err := m.ReadSignedData(nil) if err != nil { return err diff --git a/pkg/services/tree/signature_test.go b/pkg/services/tree/signature_test.go index 4cdc2d737..aaab9a00c 100644 --- a/pkg/services/tree/signature_test.go +++ b/pkg/services/tree/signature_test.go @@ -101,7 +101,7 @@ func TestMessageSign(t *testing.T) { require.Error(t, s.verifyClient(req, cid2, nil, op)) }) - require.NoError(t, signMessage(req, &privs[0].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[0].PrivateKey)) require.NoError(t, s.verifyClient(req, cid1, nil, op)) t.Run("invalid CID", func(t *testing.T) { @@ -111,12 +111,12 @@ func TestMessageSign(t *testing.T) { cnr.Value.SetBasicACL(acl.Private) t.Run("extension disabled", func(t *testing.T) { - require.NoError(t, signMessage(req, &privs[0].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[0].PrivateKey)) require.Error(t, s.verifyClient(req, cid2, nil, op)) }) t.Run("invalid key", func(t *testing.T) { - require.NoError(t, signMessage(req, &privs[1].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[1].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, nil, op)) }) @@ -129,7 +129,7 @@ func TestMessageSign(t *testing.T) { t.Run("invalid bearer", func(t *testing.T) { req.Body.BearerToken = []byte{0xFF} - require.NoError(t, signMessage(req, &privs[0].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[0].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) }) @@ -138,7 +138,7 @@ func TestMessageSign(t *testing.T) { require.NoError(t, bt.Sign(privs[0].PrivateKey)) req.Body.BearerToken = bt.Marshal() - require.NoError(t, signMessage(req, &privs[1].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[1].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) }) t.Run("invalid bearer owner", func(t *testing.T) { @@ -146,7 +146,7 @@ func TestMessageSign(t *testing.T) { require.NoError(t, bt.Sign(privs[1].PrivateKey)) req.Body.BearerToken = bt.Marshal() - require.NoError(t, signMessage(req, &privs[1].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[1].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) }) t.Run("invalid bearer signature", func(t *testing.T) { @@ -158,7 +158,7 @@ func TestMessageSign(t *testing.T) { bv2.GetSignature().SetSign([]byte{1, 2, 3}) req.Body.BearerToken = bv2.StableMarshal(nil) - require.NoError(t, signMessage(req, &privs[1].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[1].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) }) @@ -168,17 +168,17 @@ func TestMessageSign(t *testing.T) { cnr.Value.SetBasicACL(acl.PublicRWExtended) t.Run("put and get", func(t *testing.T) { - require.NoError(t, signMessage(req, &privs[1].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[1].PrivateKey)) require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet)) }) t.Run("only get", func(t *testing.T) { - require.NoError(t, signMessage(req, &privs[2].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[2].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet)) }) t.Run("none", func(t *testing.T) { - require.NoError(t, signMessage(req, &privs[3].PrivateKey)) + require.NoError(t, SignMessage(req, &privs[3].PrivateKey)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet)) }) diff --git a/pkg/services/tree/sync.go b/pkg/services/tree/sync.go index f467a3570..7f670795c 100644 --- a/pkg/services/tree/sync.go +++ b/pkg/services/tree/sync.go @@ -69,7 +69,7 @@ func (s *Service) synchronizeSingle(ctx context.Context, cid cid.ID, treeID stri Height: newHeight, }, } - if err := signMessage(req, s.key); err != nil { + if err := SignMessage(req, s.key); err != nil { return newHeight, err }