carpawell/frostfs-sdk-go
1
0
Fork 0
forked from TrueCloudLab/frostfs-sdk-go
Code Issues Pull requests Projects Releases Packages Wiki Activity

:* Replace ecdsa.PrivateKey with neofscrypto.Signer

Browse source 
Signed-off-by: Evgenii Baidakov <evgenii@nspcc.io>
This commit is contained in:
Evgenii Baidakov 2023-04-25 12:31:27 +04:00
parent 570a628462
commit 64c0612bdc
No known key found for this signature in database
GPG key ID: 8733EE3D72CDB4DE
37 changed files with 392 additions and 374 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
bearer/bearer.go
View file

@ -1,7 +1,6 @@
package bearer package bearer
import ( import (
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
@ -9,7 +8,6 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
) )
@ -245,7 +243,7 @@ func (b Token) AssertUser(id user.ID) bool {
return !b.targetUserSet || b.targetUser.Equals(id) return !b.targetUserSet || b.targetUser.Equals(id)
} }
// Sign calculates and writes signature of the Token data using issuer's secret. // Sign calculates and writes signature of the Token data using issuer's signer.
// Returns signature calculation errors. // Returns signature calculation errors.
// //
// Sign MUST be called if Token is going to be transmitted over // Sign MUST be called if Token is going to be transmitted over
@ -255,10 +253,10 @@ func (b Token) AssertUser(id user.ID) bool {
// expected to be calculated as a final stage of Token formation. // expected to be calculated as a final stage of Token formation.
// //
// See also VerifySignature, Issuer. // See also VerifySignature, Issuer.
func (b *Token) Sign(key ecdsa.PrivateKey) error { func (b *Token) Sign(signer neofscrypto.Signer) error {
var sig neofscrypto.Signature var sig neofscrypto.Signature
err := sig.Calculate(neofsecdsa.Signer(key), b.signedData()) err := sig.Calculate(signer, b.signedData())
if err != nil { if err != nil {
return err return err
} }
@ -360,9 +358,8 @@ func ResolveIssuer(b Token) (usr user.ID) {
binKey := b.SigningKeyBytes() binKey := b.SigningKeyBytes()
if len(binKey) != 0 { if len(binKey) != 0 {
var key neofsecdsa.PublicKey if err := user.IDFromKey(&usr, binKey); err != nil {
if key.Decode(binKey) == nil { usr = user.ID{}
user.IDFromKey(&usr, ecdsa.PublicKey(key))
} }
} }

9
bearer/bearer_test.go
View file

@ -261,11 +261,11 @@ func TestToken_Sign(t *testing.T) {
k, err := keys.NewPrivateKey() k, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
signer := neofsecdsa.Signer(k.PrivateKey)
key := k.PrivateKey
val = bearertest.Token() val = bearertest.Token()
require.NoError(t, val.Sign(key)) require.NoError(t, val.Sign(signer))
require.True(t, val.VerifySignature()) require.True(t, val.VerifySignature())
@ -365,6 +365,7 @@ func TestToken_ReadFromV2(t *testing.T) {
func TestResolveIssuer(t *testing.T) { func TestResolveIssuer(t *testing.T) {
k, err := keys.NewPrivateKey() k, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
signer := neofsecdsa.Signer(k.PrivateKey)
var val bearer.Token var val bearer.Token
@ -381,10 +382,10 @@ func TestResolveIssuer(t *testing.T) {
require.Zero(t, bearer.ResolveIssuer(val)) require.Zero(t, bearer.ResolveIssuer(val))
require.NoError(t, val.Sign(k.PrivateKey)) require.NoError(t, val.Sign(signer))
var usr user.ID var usr user.ID
user.IDFromKey(&usr, k.PrivateKey.PublicKey) require.NoError(t, user.IDFromSigner(&usr, signer))
require.Equal(t, usr, bearer.ResolveIssuer(val)) require.Equal(t, usr, bearer.ResolveIssuer(val))
} }

12
client/client.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"crypto/tls" "crypto/tls"
"errors" "errors"
"time" "time"
@ -10,6 +9,7 @@ import (
v2accounting "github.com/nspcc-dev/neofs-api-go/v2/accounting" v2accounting "github.com/nspcc-dev/neofs-api-go/v2/accounting"
"github.com/nspcc-dev/neofs-api-go/v2/rpc" "github.com/nspcc-dev/neofs-api-go/v2/rpc"
"github.com/nspcc-dev/neofs-api-go/v2/rpc/client" "github.com/nspcc-dev/neofs-api-go/v2/rpc/client"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
) )
// Client represents virtual connection to the NeoFS network to communicate // Client represents virtual connection to the NeoFS network to communicate
@ -148,19 +148,19 @@ func (c *Client) Close() error {
type PrmInit struct { type PrmInit struct {
resolveNeoFSErrors bool resolveNeoFSErrors bool
key ecdsa.PrivateKey signer neofscrypto.Signer
cbRespInfo func(ResponseMetaInfo) error cbRespInfo func(ResponseMetaInfo) error
netMagic uint64 netMagic uint64
} }
// SetDefaultPrivateKey sets Client private key to be used for the protocol // SetDefaultSigner sets Client private signer to be used for the protocol
// communication by default. // communication by default.
// //
// Required for operations without custom key parametrization (see corresponding Prm* docs). // Required for operations without custom signer parametrization (see corresponding Prm* docs).
func (x *PrmInit) SetDefaultPrivateKey(key ecdsa.PrivateKey) { func (x *PrmInit) SetDefaultSigner(signer neofscrypto.Signer) {
x.key = key x.signer = signer
} }
// ResolveNeoFSFailures makes the Client to resolve failure statuses of the // ResolveNeoFSFailures makes the Client to resolve failure statuses of the

7
client/client_test.go
View file

@ -8,6 +8,8 @@ import (
"testing" "testing"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -16,11 +18,14 @@ File contains common functionality used for client package testing.
*/ */
var key, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) var key, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
var signer neofscrypto.Signer
var statusErr apistatus.ServerInternal var statusErr apistatus.ServerInternal
func init() { func init() {
statusErr.SetMessage("test status error") statusErr.SetMessage("test status error")
signer = neofsecdsa.SignerRFC6979(*key)
} }
func assertStatusErr(tb testing.TB, res interface{ Status() apistatus.Status }) { func assertStatusErr(tb testing.TB, res interface{ Status() apistatus.Status }) {
@ -30,7 +35,7 @@ func assertStatusErr(tb testing.TB, res interface{ Status() apistatus.Status })
func newClient(server neoFSAPIServer) *Client { func newClient(server neoFSAPIServer) *Client {
var prm PrmInit var prm PrmInit
prm.SetDefaultPrivateKey(*key) prm.SetDefaultSigner(signer)
var c Client var c Client
c.Init(prm) c.Init(prm)

18
client/common.go
View file

@ -1,14 +1,13 @@
package client package client
import ( import (
"crypto/ecdsa"
"fmt" "fmt"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-api-go/v2/rpc/client" "github.com/nspcc-dev/neofs-api-go/v2/rpc/client"
v2session "github.com/nspcc-dev/neofs-api-go/v2/session" v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-api-go/v2/signature"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/version" "github.com/nspcc-dev/neofs-sdk-go/version"
) )
@ -75,6 +74,7 @@ const (
panicMsgMissingContext = "missing context" panicMsgMissingContext = "missing context"
panicMsgMissingContainer = "missing container" panicMsgMissingContainer = "missing container"
panicMsgMissingObject = "missing object" panicMsgMissingObject = "missing object"
panicMsgOwnerExtract = "extract owner failed"
) )
// groups all the details required to send a single request and process a response to it. // groups all the details required to send a single request and process a response to it.
@ -91,8 +91,8 @@ type contextCall struct {
// ================================================== // ==================================================
// shared parameters which are set uniformly on all calls // shared parameters which are set uniformly on all calls
// request signing key // request signer
key ecdsa.PrivateKey signer neofscrypto.Signer
// callback prior to processing the response by the client // callback prior to processing the response by the client
callbackResp func(ResponseMetaInfo) error callbackResp func(ResponseMetaInfo) error
@ -112,7 +112,7 @@ type contextCall struct {
// structure of the call result // structure of the call result
statusRes resCommon statusRes resCommon
// request to be signed with a key and sent // request to be signed with a signer and sent
req request req request
// function to send a request (unary) and receive a response // function to send a request (unary) and receive a response
@ -187,7 +187,7 @@ func (x *contextCall) writeRequest() bool {
x.req.SetVerificationHeader(nil) x.req.SetVerificationHeader(nil)
// sign the request // sign the request
x.err = signServiceMessage(&x.key, x.req) x.err = signServiceMessage(x.signer, x.req)
if x.err != nil { if x.err != nil {
x.err = fmt.Errorf("sign request: %w", x.err) x.err = fmt.Errorf("sign request: %w", x.err)
return false return false
@ -226,7 +226,7 @@ func (x *contextCall) processResponse() bool {
// while verification needs marshaling // while verification needs marshaling
// verify response signature // verify response signature
x.err = signature.VerifyServiceMessage(x.resp) x.err = verifyServiceMessage(x.resp)
if x.err != nil { if x.err != nil {
x.err = fmt.Errorf("invalid response signature: %w", x.err) x.err = fmt.Errorf("invalid response signature: %w", x.err)
return false return false
@ -250,7 +250,7 @@ func (x *contextCall) processResponse() bool {
// processResponse verifies response signature and converts status to an error if needed. // processResponse verifies response signature and converts status to an error if needed.
func (c *Client) processResponse(resp responseV2) (apistatus.Status, error) { func (c *Client) processResponse(resp responseV2) (apistatus.Status, error) {
err := signature.VerifyServiceMessage(resp) err := verifyServiceMessage(resp)
if err != nil { if err != nil {
return nil, fmt.Errorf("invalid response signature: %w", err) return nil, fmt.Errorf("invalid response signature: %w", err)
} }
@ -328,7 +328,7 @@ func (x *contextCall) processCall() bool {
// initializes static cross-call parameters inherited from client. // initializes static cross-call parameters inherited from client.
func (c *Client) initCallContext(ctx *contextCall) { func (c *Client) initCallContext(ctx *contextCall) {
ctx.key = c.prm.key ctx.signer = c.prm.signer
ctx.resolveAPIFailures = c.prm.resolveNeoFSErrors ctx.resolveAPIFailures = c.prm.resolveNeoFSErrors
ctx.callbackResp = c.prm.cbRespInfo ctx.callbackResp = c.prm.cbRespInfo
ctx.netMagic = c.prm.netMagic ctx.netMagic = c.prm.netMagic

9
client/container.go
View file

@ -13,7 +13,6 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
@ -53,7 +52,7 @@ func (x *PrmContainerPut) SetSigner(signer neofscrypto.Signer) {
// //
// Session is optional, if set the following requirements apply: // Session is optional, if set the following requirements apply:
// - session operation MUST be session.VerbContainerPut (ForVerb) // - session operation MUST be session.VerbContainerPut (ForVerb)
// - token MUST be signed using private key of the owner of the container to be saved // - token MUST be signed using private signer of the owner of the container to be saved
func (x *PrmContainerPut) WithinSession(s session.Container) { func (x *PrmContainerPut) WithinSession(s session.Container) {
x.session = s x.session = s
x.sessionSet = true x.sessionSet = true
@ -74,7 +73,7 @@ func (x ResContainerPut) ID() cid.ID {
} }
func (c *Client) defaultSigner() neofscrypto.Signer { func (c *Client) defaultSigner() neofscrypto.Signer {
return neofsecdsa.SignerRFC6979(c.prm.key) return c.prm.signer
} }
// ContainerPut sends request to save container in NeoFS. // ContainerPut sends request to save container in NeoFS.
@ -104,7 +103,7 @@ func (c *Client) ContainerPut(ctx context.Context, prm PrmContainerPut) (*ResCon
panic(panicMsgMissingContainer) panic(panicMsgMissingContainer)
} }
// TODO: check private key is set before forming the request // TODO: check private signer is set before forming the request
// sign container // sign container
var cnr v2container.Container var cnr v2container.Container
prm.cnr.WriteToV2(&cnr) prm.cnr.WriteToV2(&cnr)
@ -657,7 +656,7 @@ func (x *PrmContainerSetEACL) SetSigner(signer neofscrypto.Signer) {
// - if particular container is specified (ApplyOnlyTo), it MUST equal the container // - if particular container is specified (ApplyOnlyTo), it MUST equal the container
// for which extended ACL is going to be set // for which extended ACL is going to be set
// - session operation MUST be session.VerbContainerSetEACL (ForVerb) // - session operation MUST be session.VerbContainerSetEACL (ForVerb)
// - token MUST be signed using private key of the owner of the container to be saved // - token MUST be signed using private signer of the owner of the container to be saved
func (x *PrmContainerSetEACL) WithinSession(s session.Container) { func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
x.session = s x.session = s
x.sessionSet = true x.sessionSet = true

4
client/doc.go
View file

@ -11,7 +11,7 @@ Create client instance:
Initialize client state: Initialize client state:
var prm client.PrmInit var prm client.PrmInit
prm.SetDefaultPrivateKey(key) prm.SetDefaultSigner(signer)
// ... // ...
c.Init(prm) c.Init(prm)
@ -20,7 +20,7 @@ Connect to the NeoFS server:
var prm client.PrmDial var prm client.PrmDial
prm.SetServerURI("localhost:8080") prm.SetServerURI("localhost:8080")
prm.SetDefaultPrivateKey(key) prm.SetDefaultSigner(signer)
// ... // ...
err := c.Dial(prm) err := c.Dial(prm)

13
client/example_container_put_test.go
View file

@ -11,6 +11,7 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
"github.com/nspcc-dev/neofs-sdk-go/container/acl" "github.com/nspcc-dev/neofs-sdk-go/container/acl"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
) )
@ -25,13 +26,17 @@ func ExampleClient_ContainerPut() {
panic(err) panic(err)
} }
// decode account from user's key signer := neofsecdsa.SignerRFC6979(key.PrivateKey)
user.IDFromKey(&accountID, key.PrivateKey.PublicKey)
// decode account from user's signer
if err = user.IDFromSigner(&accountID, signer); err != nil {
panic(err)
}
// prepare client // prepare client
var prmInit client.PrmInit var prmInit client.PrmInit
prmInit.SetDefaultPrivateKey(key.PrivateKey) // private key for request signing prmInit.SetDefaultSigner(signer) // private signer for request signing
prmInit.ResolveNeoFSFailures() // enable erroneous status parsing prmInit.ResolveNeoFSFailures() // enable erroneous status parsing
var c client.Client var c client.Client
c.Init(prmInit) c.Init(prmInit)

2
client/netmap.go
View file

@ -247,7 +247,7 @@ func (c *Client) NetMapSnapshot(ctx context.Context, _ PrmNetMapSnapshot) (*ResN
req.SetBody(&body) req.SetBody(&body)
c.prepareRequest(&req, &meta) c.prepareRequest(&req, &meta)
err := signServiceMessage(&c.prm.key, &req) err := signServiceMessage(c.prm.signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }

5
client/netmap_test.go
View file

@ -8,7 +8,6 @@ import (
v2netmap "github.com/nspcc-dev/neofs-api-go/v2/netmap" v2netmap "github.com/nspcc-dev/neofs-api-go/v2/netmap"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-api-go/v2/signature"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
"github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -26,7 +25,7 @@ type serverNetMap struct {
} }
func (x *serverNetMap) netMapSnapshot(ctx context.Context, req v2netmap.SnapshotRequest) (*v2netmap.SnapshotResponse, error) { func (x *serverNetMap) netMapSnapshot(ctx context.Context, req v2netmap.SnapshotRequest) (*v2netmap.SnapshotResponse, error) {
err := signature.VerifyServiceMessage(&req) err := verifyServiceMessage(&req)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -52,7 +51,7 @@ func (x *serverNetMap) netMapSnapshot(ctx context.Context, req v2netmap.Snapshot
resp.SetMetaHeader(&meta) resp.SetMetaHeader(&meta)
if x.signResponse { if x.signResponse {
err = signServiceMessage(key, &resp) err = signServiceMessage(signer, &resp)
if err != nil { if err != nil {
panic(fmt.Sprintf("sign response: %v", err)) panic(fmt.Sprintf("sign response: %v", err))
} }

20
client/object_delete.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"fmt" "fmt"
"github.com/nspcc-dev/neofs-api-go/v2/acl" "github.com/nspcc-dev/neofs-api-go/v2/acl"
@ -14,6 +13,7 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
) )
@ -27,7 +27,7 @@ type PrmObjectDelete struct {
addr v2refs.Address addr v2refs.Address
keySet bool keySet bool
key ecdsa.PrivateKey signer neofscrypto.Signer
} }
// WithinSession specifies session within which object should be read. // WithinSession specifies session within which object should be read.
@ -72,11 +72,11 @@ func (x *PrmObjectDelete) ByID(id oid.ID) {
x.addr.SetObjectID(&idV2) x.addr.SetObjectID(&idV2)
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectDelete) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectDelete) UseSigner(signer neofscrypto.Signer) {
x.keySet = true x.keySet = true
x.key = key x.signer = signer
} }
// WithXHeaders specifies list of extended headers (string key-value pairs) // WithXHeaders specifies list of extended headers (string key-value pairs)
@ -140,12 +140,12 @@ func (c *Client) ObjectDelete(ctx context.Context, prm PrmObjectDelete) (*ResObj
req.SetBody(&prm.body) req.SetBody(&prm.body)
c.prepareRequest(&req, &prm.meta) c.prepareRequest(&req, &prm.meta)
key := c.prm.key signer := prm.signer
if prm.keySet { if signer == nil {
key = prm.key signer = c.prm.signer
} }
err := signServiceMessage(&key, &req) err := signServiceMessage(signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }

58
client/object_get.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -16,6 +15,7 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/object"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
@ -91,7 +91,7 @@ func (x *prmObjectRead) ByID(id oid.ID) {
type PrmObjectGet struct { type PrmObjectGet struct {
prmObjectRead prmObjectRead
key *ecdsa.PrivateKey signer neofscrypto.Signer
} }
// ResObjectGet groups the final result values of ObjectGetInit operation. // ResObjectGet groups the final result values of ObjectGetInit operation.
@ -119,10 +119,10 @@ type ObjectReader struct {
remainingPayloadLen int remainingPayloadLen int
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectGet) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectGet) UseSigner(signer neofscrypto.Signer) {
x.key = &key x.signer = signer
} }
// ReadHeader reads header of the object. Result means success. // ReadHeader reads header of the object. Result means success.
@ -320,12 +320,12 @@ func (c *Client) ObjectGetInit(ctx context.Context, prm PrmObjectGet) (*ObjectRe
req.SetBody(&body) req.SetBody(&body)
c.prepareRequest(&req, &prm.meta) c.prepareRequest(&req, &prm.meta)
key := prm.key signer := prm.signer
if key == nil { if signer == nil {
key = &c.prm.key signer = c.prm.signer
} }
err := signServiceMessage(key, &req) err := signServiceMessage(signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }
@ -350,15 +350,13 @@ func (c *Client) ObjectGetInit(ctx context.Context, prm PrmObjectGet) (*ObjectRe
type PrmObjectHead struct { type PrmObjectHead struct {
prmObjectRead prmObjectRead
keySet bool signer neofscrypto.Signer
key ecdsa.PrivateKey
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectHead) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectHead) UseSigner(signer neofscrypto.Signer) {
x.keySet = true x.signer = signer
x.key = key
} }
// ResObjectHead groups resulting values of ObjectHead operation. // ResObjectHead groups resulting values of ObjectHead operation.
@ -431,13 +429,13 @@ func (c *Client) ObjectHead(ctx context.Context, prm PrmObjectHead) (*ResObjectH
req.SetBody(&body) req.SetBody(&body)
c.prepareRequest(&req, &prm.meta) c.prepareRequest(&req, &prm.meta)
key := c.prm.key signer := prm.signer
if prm.keySet { if signer == nil {
key = prm.key signer = c.prm.signer
} }
// sign the request // sign the request
err := signServiceMessage(&key, &req) err := signServiceMessage(signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }
@ -475,7 +473,7 @@ func (c *Client) ObjectHead(ctx context.Context, prm PrmObjectHead) (*ResObjectH
type PrmObjectRange struct { type PrmObjectRange struct {
prmObjectRead prmObjectRead
key *ecdsa.PrivateKey signer neofscrypto.Signer
rng v2object.Range rng v2object.Range
} }
@ -492,10 +490,10 @@ func (x *PrmObjectRange) SetLength(ln uint64) {
x.rng.SetLength(ln) x.rng.SetLength(ln)
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectRange) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectRange) UseSigner(signer neofscrypto.Signer) {
x.key = &key x.signer = signer
} }
// ResObjectRange groups the final result values of ObjectRange operation. // ResObjectRange groups the final result values of ObjectRange operation.
@ -690,12 +688,12 @@ func (c *Client) ObjectRangeInit(ctx context.Context, prm PrmObjectRange) (*Obje
req.SetBody(&body) req.SetBody(&body)
c.prepareRequest(&req, &prm.meta) c.prepareRequest(&req, &prm.meta)
key := prm.key signer := prm.signer
if key == nil { if signer == nil {
key = &c.prm.key signer = c.prm.signer
} }
err := signServiceMessage(key, &req) err := signServiceMessage(signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }

22
client/object_hash.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"fmt" "fmt"
"github.com/nspcc-dev/neofs-api-go/v2/acl" "github.com/nspcc-dev/neofs-api-go/v2/acl"
@ -14,6 +13,7 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
) )
@ -28,15 +28,13 @@ type PrmObjectHash struct {
addr v2refs.Address addr v2refs.Address
keySet bool signer neofscrypto.Signer
key ecdsa.PrivateKey
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectHash) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectHash) UseSigner(signer neofscrypto.Signer) {
x.keySet = true x.signer = signer
x.key = key
} }
// MarkLocal tells the server to execute the operation locally. // MarkLocal tells the server to execute the operation locally.
@ -186,12 +184,12 @@ func (c *Client) ObjectHash(ctx context.Context, prm PrmObjectHash) (*ResObjectH
c.prepareRequest(&req, &prm.meta) c.prepareRequest(&req, &prm.meta)
req.SetBody(&prm.body) req.SetBody(&prm.body)
key := c.prm.key signer := prm.signer
if prm.keySet { if signer == nil {
key = prm.key signer = c.prm.signer
} }
err := signServiceMessage(&key, &req) err := signServiceMessage(signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }

28
client/object_put.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -14,6 +13,7 @@ import (
v2session "github.com/nspcc-dev/neofs-api-go/v2/session" v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/object"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
@ -22,7 +22,7 @@ import (
// PrmObjectPutInit groups parameters of ObjectPutInit operation. // PrmObjectPutInit groups parameters of ObjectPutInit operation.
type PrmObjectPutInit struct { type PrmObjectPutInit struct {
copyNum uint32 copyNum uint32
key *ecdsa.PrivateKey signer neofscrypto.Signer
meta v2session.RequestMetaHeader meta v2session.RequestMetaHeader
} }
@ -56,9 +56,9 @@ type ObjectWriter struct {
Close() error Close() error
} }
key *ecdsa.PrivateKey signer neofscrypto.Signer
res ResObjectPut res ResObjectPut
err error err error
chunkCalled bool chunkCalled bool
@ -68,10 +68,10 @@ type ObjectWriter struct {
partChunk v2object.PutObjectPartChunk partChunk v2object.PutObjectPartChunk
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectPutInit) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectPutInit) UseSigner(signer neofscrypto.Signer) {
x.key = &key x.signer = signer
} }
// WithBearerToken attaches bearer token to be used for the operation. // WithBearerToken attaches bearer token to be used for the operation.
@ -116,7 +116,7 @@ func (x *ObjectWriter) WriteHeader(hdr object.Object) bool {
x.req.GetBody().SetObjectPart(&x.partInit) x.req.GetBody().SetObjectPart(&x.partInit)
x.req.SetVerificationHeader(nil) x.req.SetVerificationHeader(nil)
x.err = signServiceMessage(x.key, &x.req) x.err = signServiceMessage(x.signer, &x.req)
if x.err != nil { if x.err != nil {
x.err = fmt.Errorf("sign message: %w", x.err) x.err = fmt.Errorf("sign message: %w", x.err)
return false return false
@ -158,7 +158,7 @@ func (x *ObjectWriter) WritePayloadChunk(chunk []byte) bool {
x.partChunk.SetChunk(chunk[:ln]) x.partChunk.SetChunk(chunk[:ln])
x.req.SetVerificationHeader(nil) x.req.SetVerificationHeader(nil)
x.err = signServiceMessage(x.key, &x.req) x.err = signServiceMessage(x.signer, &x.req)
if x.err != nil { if x.err != nil {
x.err = fmt.Errorf("sign message: %w", x.err) x.err = fmt.Errorf("sign message: %w", x.err)
return false return false
@ -250,9 +250,9 @@ func (c *Client) ObjectPutInit(ctx context.Context, prm PrmObjectPutInit) (*Obje
return nil, fmt.Errorf("open stream: %w", err) return nil, fmt.Errorf("open stream: %w", err)
} }
w.key = &c.prm.key w.signer = prm.signer
if prm.key != nil { if w.signer == nil {
w.key = prm.key w.signer = c.prm.signer
} }
w.cancelCtxStream = cancel w.cancelCtxStream = cancel
w.client = c w.client = c

20
client/object_search.go
View file

@ -2,7 +2,6 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -16,6 +15,7 @@ import (
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/object"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
@ -25,7 +25,7 @@ import (
type PrmObjectSearch struct { type PrmObjectSearch struct {
meta v2session.RequestMetaHeader meta v2session.RequestMetaHeader
key *ecdsa.PrivateKey signer neofscrypto.Signer
cnrSet bool cnrSet bool
cnrID cid.ID cnrID cid.ID
@ -69,10 +69,10 @@ func (x *PrmObjectSearch) WithXHeaders(hs ...string) {
writeXHeadersToMeta(hs, &x.meta) writeXHeadersToMeta(hs, &x.meta)
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmObjectSearch) UseKey(key ecdsa.PrivateKey) { func (x *PrmObjectSearch) UseSigner(signer neofscrypto.Signer) {
x.key = &key x.signer = signer
} }
// InContainer specifies the container in which to look for objects. // InContainer specifies the container in which to look for objects.
@ -241,12 +241,12 @@ func (c *Client) ObjectSearchInit(ctx context.Context, prm PrmObjectSearch) (*Ob
req.SetBody(&body) req.SetBody(&body)
c.prepareRequest(&req, &prm.meta) c.prepareRequest(&req, &prm.meta)
key := prm.key signer := prm.signer
if key == nil { if signer == nil {
key = &c.prm.key signer = c.prm.signer
} }
err := signServiceMessage(key, &req) err := signServiceMessage(signer, &req)
if err != nil { if err != nil {
return nil, fmt.Errorf("sign request: %w", err) return nil, fmt.Errorf("sign request: %w", err)
} }

17
client/object_search_test.go
View file

@ -1,7 +1,6 @@
package client package client
import ( import (
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -10,6 +9,8 @@ import (
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
v2object "github.com/nspcc-dev/neofs-api-go/v2/object" v2object "github.com/nspcc-dev/neofs-api-go/v2/object"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test" oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -85,7 +86,7 @@ func TestObjectIterate(t *testing.T) {
p, resp := testListReaderResponse(t) p, resp := testListReaderResponse(t)
var actual []oid.ID var actual []oid.ID
resp.stream = &singleStreamResponder{key: p, idList: [][]oid.ID{ids}} resp.stream = &singleStreamResponder{signer: p, idList: [][]oid.ID{ids}}
require.NoError(t, resp.Iterate(func(id oid.ID) bool { require.NoError(t, resp.Iterate(func(id oid.ID) bool {
actual = append(actual, id) actual = append(actual, id)
return len(actual) == 2 return len(actual) == 2
@ -108,27 +109,27 @@ func TestObjectIterate(t *testing.T) {
}) })
} }
func testListReaderResponse(t *testing.T) (*ecdsa.PrivateKey, *ObjectListReader) { func testListReaderResponse(t *testing.T) (neofscrypto.Signer, *ObjectListReader) {
p, err := keys.NewPrivateKey() p, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
return &p.PrivateKey, &ObjectListReader{ return neofsecdsa.Signer(p.PrivateKey), &ObjectListReader{
cancelCtxStream: func() {}, cancelCtxStream: func() {},
client: &Client{}, client: &Client{},
tail: nil, tail: nil,
} }
} }
func newSearchStream(key *ecdsa.PrivateKey, endError error, idList ...[]oid.ID) *singleStreamResponder { func newSearchStream(signer neofscrypto.Signer, endError error, idList ...[]oid.ID) *singleStreamResponder {
return &singleStreamResponder{ return &singleStreamResponder{
key: key, signer: signer,
endError: endError, endError: endError,
idList: idList, idList: idList,
} }
} }
type singleStreamResponder struct { type singleStreamResponder struct {
key *ecdsa.PrivateKey signer neofscrypto.Signer
n int n int
endError error endError error
idList [][]oid.ID idList [][]oid.ID
@ -153,7 +154,7 @@ func (s *singleStreamResponder) Read(resp *v2object.SearchResponse) error {
} }
resp.SetBody(&body) resp.SetBody(&body)
err := signServiceMessage(s.key, resp) err := signServiceMessage(s.signer, resp)
if err != nil { if err != nil {
panic(fmt.Errorf("error: %w", err)) panic(fmt.Errorf("error: %w", err))
} }

27
client/session.go
View file

@ -2,12 +2,12 @@ package client
import ( import (
"context" "context"
"crypto/ecdsa"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
rpcapi "github.com/nspcc-dev/neofs-api-go/v2/rpc" rpcapi "github.com/nspcc-dev/neofs-api-go/v2/rpc"
"github.com/nspcc-dev/neofs-api-go/v2/rpc/client" "github.com/nspcc-dev/neofs-api-go/v2/rpc/client"
v2session "github.com/nspcc-dev/neofs-api-go/v2/session" v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
) )
@ -17,8 +17,7 @@ type PrmSessionCreate struct {
exp uint64 exp uint64
keySet bool signer neofscrypto.Signer
key ecdsa.PrivateKey
} }
// SetExp sets number of the last NepFS epoch in the lifetime of the session after which it will be expired. // SetExp sets number of the last NepFS epoch in the lifetime of the session after which it will be expired.
@ -26,11 +25,10 @@ func (x *PrmSessionCreate) SetExp(exp uint64) {
x.exp = exp x.exp = exp
} }
// UseKey specifies private key to sign the requests and compute token owner. // UseSigner specifies private signer to sign the requests and compute token owner.
// If key is not provided, then Client default key is used. // If signer is not provided, then Client default signer is used.
func (x *PrmSessionCreate) UseKey(key ecdsa.PrivateKey) { func (x *PrmSessionCreate) UseSigner(signer neofscrypto.Signer) {
x.keySet = true x.signer = signer
x.key = key
} }
// ResSessionCreate groups resulting values of SessionCreate operation. // ResSessionCreate groups resulting values of SessionCreate operation.
@ -83,12 +81,10 @@ func (c *Client) SessionCreate(ctx context.Context, prm PrmSessionCreate) (*ResS
panic(panicMsgMissingContext) panic(panicMsgMissingContext)
} }
ownerKey := c.prm.key.PublicKey
if prm.keySet {
ownerKey = prm.key.PublicKey
}
var ownerID user.ID var ownerID user.ID
user.IDFromKey(&ownerID, ownerKey) if err := user.IDFromSigner(&ownerID, prm.signer); err != nil {
panic(panicMsgOwnerExtract)
}
var ownerIDV2 refs.OwnerID var ownerIDV2 refs.OwnerID
ownerID.WriteToV2(&ownerIDV2) ownerID.WriteToV2(&ownerIDV2)
@ -111,8 +107,9 @@ func (c *Client) SessionCreate(ctx context.Context, prm PrmSessionCreate) (*ResS
) )
c.initCallContext(&cc) c.initCallContext(&cc)
if prm.keySet { cc.signer = prm.signer
cc.key = prm.key if cc.signer == nil {
cc.signer = c.prm.signer
} }
cc.meta = prm.prmCommonMeta cc.meta = prm.prmCommonMeta

47
client/sign.go
View file

@ -1,7 +1,6 @@
package client package client
import ( import (
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
@ -13,6 +12,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/reputation" "github.com/nspcc-dev/neofs-api-go/v2/reputation"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-api-go/v2/util/signature" "github.com/nspcc-dev/neofs-api-go/v2/util/signature"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
) )
type serviceRequest interface { type serviceRequest interface {
@ -32,7 +32,7 @@ type stableMarshaler interface {
StableSize() int StableSize() int
} }
type StableMarshalerWrapper struct { type stableMarshalerWrapper struct {
SM stableMarshaler SM stableMarshaler
} }
@ -115,7 +115,7 @@ func (r *responseVerificationHeader) setOrigin(m stableMarshaler) {
} }
} }
func (s StableMarshalerWrapper) ReadSignedData(buf []byte) ([]byte, error) { func (s stableMarshalerWrapper) ReadSignedData(buf []byte) ([]byte, error) {
if s.SM != nil { if s.SM != nil {
return s.SM.StableMarshal(buf), nil return s.SM.StableMarshal(buf), nil
} }
@ -123,7 +123,7 @@ func (s StableMarshalerWrapper) ReadSignedData(buf []byte) ([]byte, error) {
return nil, nil return nil, nil
} }
func (s StableMarshalerWrapper) SignedDataSize() int { func (s stableMarshalerWrapper) SignedDataSize() int {
if s.SM != nil { if s.SM != nil {
return s.SM.StableSize() return s.SM.StableSize()
} }
@ -131,7 +131,8 @@ func (s StableMarshalerWrapper) SignedDataSize() int {
return 0 return 0
} }
func signServiceMessage(key *ecdsa.PrivateKey, msg interface{}) error { // signServiceMessage signing request or response messages which can be sent or received from neofs endpoint.
func signServiceMessage(signer neofscrypto.Signer, msg interface{}) error {
var ( var (
body, meta, verifyOrigin stableMarshaler body, meta, verifyOrigin stableMarshaler
verifyHdr verificationHeader verifyHdr verificationHeader
@ -169,18 +170,18 @@ func signServiceMessage(key *ecdsa.PrivateKey, msg interface{}) error {
if verifyOrigin == nil { if verifyOrigin == nil {
// sign session message body // sign session message body
if err := signServiceMessagePart(key, body, verifyHdr.SetBodySignature); err != nil { if err := signServiceMessagePart(signer, body, verifyHdr.SetBodySignature); err != nil {
return fmt.Errorf("could not sign body: %w", err) return fmt.Errorf("could not sign body: %w", err)
} }
} }
// sign meta header // sign meta header
if err := signServiceMessagePart(key, meta, verifyHdr.SetMetaSignature); err != nil { if err := signServiceMessagePart(signer, meta, verifyHdr.SetMetaSignature); err != nil {
return fmt.Errorf("could not sign meta header: %w", err) return fmt.Errorf("could not sign meta header: %w", err)
} }
// sign verification header origin // sign verification header origin
if err := signServiceMessagePart(key, verifyOrigin, verifyHdr.SetOriginSignature); err != nil { if err := signServiceMessagePart(signer, verifyOrigin, verifyHdr.SetOriginSignature); err != nil {
return fmt.Errorf("could not sign origin of verification header: %w", err) return fmt.Errorf("could not sign origin of verification header: %w", err)
} }
@ -193,22 +194,22 @@ func signServiceMessage(key *ecdsa.PrivateKey, msg interface{}) error {
return nil return nil
} }
func signServiceMessagePart(key *ecdsa.PrivateKey, part stableMarshaler, sigWrite func(*refs.Signature)) error { func signServiceMessagePart(signer neofscrypto.Signer, part stableMarshaler, sigWrite func(*refs.Signature)) error {
var sig *refs.Signature var sig neofscrypto.Signature
var sigv2 refs.Signature
// sign part m := &stableMarshalerWrapper{part}
if err := signature.SignDataWithHandler( data, err := m.ReadSignedData(nil)
key, if err != nil {
&StableMarshalerWrapper{part}, return fmt.Errorf("ReadSignedData %w", err)
func(s *refs.Signature) {
sig = s
},
); err != nil {
return err
} }
// write part signature if err = sig.Calculate(signer, data); err != nil {
sigWrite(sig) return fmt.Errorf("calculate %w", err)
}
sig.WriteToV2(&sigv2)
sigWrite(&sigv2)
return nil return nil
} }
@ -283,13 +284,13 @@ func verifyMatryoshkaLevel(body stableMarshaler, meta metaHeader, verify verific
func verifyServiceMessagePart(part stableMarshaler, sigRdr func() *refs.Signature, buf []byte) error { func verifyServiceMessagePart(part stableMarshaler, sigRdr func() *refs.Signature, buf []byte) error {
return signature.VerifyDataWithSource( return signature.VerifyDataWithSource(
&StableMarshalerWrapper{part}, &stableMarshalerWrapper{part},
sigRdr, sigRdr,
signature.WithBuffer(buf), signature.WithBuffer(buf),
) )
} }
func serviceMessageBody(req interface{}) stableMarshaler { func serviceMessageBody(req any) stableMarshaler {
switch v := req.(type) { switch v := req.(type) {
default: default:
panic(fmt.Sprintf("unsupported session message %T", req)) panic(fmt.Sprintf("unsupported session message %T", req))

5
client/sign_test.go
View file

@ -6,6 +6,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/accounting" "github.com/nspcc-dev/neofs-api-go/v2/accounting"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
crypto "github.com/nspcc-dev/neofs-crypto" crypto "github.com/nspcc-dev/neofs-crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -30,7 +31,7 @@ func TestBalanceResponse(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
// sign request // sign request
require.NoError(t, signServiceMessage(key, req)) require.NoError(t, signServiceMessage(neofsecdsa.Signer(*key), req))
// verification must pass // verification must pass
require.NoError(t, verifyServiceMessage(req)) require.NoError(t, verifyServiceMessage(req))
@ -41,7 +42,7 @@ func TestBalanceResponse(t *testing.T) {
req.SetMetaHeader(meta) req.SetMetaHeader(meta)
// sign request // sign request
require.NoError(t, signServiceMessage(key, req)) require.NoError(t, signServiceMessage(neofsecdsa.Signer(*key), req))
// verification must pass // verification must pass
require.NoError(t, verifyServiceMessage(req)) require.NoError(t, verifyServiceMessage(req))

13
object/fmt.go
View file

@ -2,7 +2,6 @@ package object
import ( import (
"bytes" "bytes"
"crypto/ecdsa"
"crypto/sha256" "crypto/sha256"
"errors" "errors"
"fmt" "fmt"
@ -96,13 +95,13 @@ func VerifyID(obj *Object) error {
// CalculateAndSetSignature signs id with provided key and sets that signature to // CalculateAndSetSignature signs id with provided key and sets that signature to
// the object. // the object.
func CalculateAndSetSignature(key ecdsa.PrivateKey, obj *Object) error { func CalculateAndSetSignature(signer neofscrypto.Signer, obj *Object) error {
oID, set := obj.ID() oID, set := obj.ID()
if !set { if !set {
return errOIDNotSet return errOIDNotSet
} }
sig, err := oID.CalculateIDSignature(key) sig, err := oID.CalculateIDSignature(signer)
if err != nil { if err != nil {
return err return err
} }
@ -132,12 +131,12 @@ func (o *Object) VerifyIDSignature() bool {
} }
// SetIDWithSignature sets object identifier and signature. // SetIDWithSignature sets object identifier and signature.
func SetIDWithSignature(key ecdsa.PrivateKey, obj *Object) error { func SetIDWithSignature(signer neofscrypto.Signer, obj *Object) error {
if err := CalculateAndSetID(obj); err != nil { if err := CalculateAndSetID(obj); err != nil {
return fmt.Errorf("could not set identifier: %w", err) return fmt.Errorf("could not set identifier: %w", err)
} }
if err := CalculateAndSetSignature(key, obj); err != nil { if err := CalculateAndSetSignature(signer, obj); err != nil {
return fmt.Errorf("could not set signature: %w", err) return fmt.Errorf("could not set signature: %w", err)
} }
@ -145,10 +144,10 @@ func SetIDWithSignature(key ecdsa.PrivateKey, obj *Object) error {
} }
// SetVerificationFields calculates and sets all verification fields of the object. // SetVerificationFields calculates and sets all verification fields of the object.
func SetVerificationFields(key ecdsa.PrivateKey, obj *Object) error { func SetVerificationFields(signer neofscrypto.Signer, obj *Object) error {
CalculateAndSetPayloadChecksum(obj) CalculateAndSetPayloadChecksum(obj)
return SetIDWithSignature(key, obj) return SetIDWithSignature(signer, obj)
} }
// CheckVerificationFields checks all verification fields of the object. // CheckVerificationFields checks all verification fields of the object.

3
object/fmt_test.go
View file

@ -5,6 +5,7 @@ import (
"testing" "testing"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -19,7 +20,7 @@ func TestVerificationFields(t *testing.T) {
p, err := keys.NewPrivateKey() p, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
require.NoError(t, SetVerificationFields(p.PrivateKey, obj)) require.NoError(t, SetVerificationFields(neofsecdsa.Signer(p.PrivateKey), obj))
require.NoError(t, CheckVerificationFields(obj)) require.NoError(t, CheckVerificationFields(obj))

6
object/id/id.go
View file

@ -1,14 +1,12 @@
package oid package oid
import ( import (
"crypto/ecdsa"
"crypto/sha256" "crypto/sha256"
"fmt" "fmt"
"github.com/mr-tron/base58" "github.com/mr-tron/base58"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
) )
// ID represents NeoFS object identifier in a container. // ID represents NeoFS object identifier in a container.
@ -117,7 +115,7 @@ func (id ID) String() string {
} }
// CalculateIDSignature signs object id with provided key. // CalculateIDSignature signs object id with provided key.
func (id ID) CalculateIDSignature(key ecdsa.PrivateKey) (neofscrypto.Signature, error) { func (id ID) CalculateIDSignature(signer neofscrypto.Signer) (neofscrypto.Signature, error) {
data, err := id.Marshal() data, err := id.Marshal()
if err != nil { if err != nil {
return neofscrypto.Signature{}, fmt.Errorf("marshal ID: %w", err) return neofscrypto.Signature{}, fmt.Errorf("marshal ID: %w", err)
@ -125,7 +123,7 @@ func (id ID) CalculateIDSignature(key ecdsa.PrivateKey) (neofscrypto.Signature,
var sig neofscrypto.Signature var sig neofscrypto.Signature
return sig, sig.Calculate(neofsecdsa.Signer(key), data) return sig, sig.Calculate(signer, data)
} }
// Marshal marshals ID into a protobuf binary form. // Marshal marshals ID into a protobuf binary form.

3
pool/cache_test.go
View file

@ -4,6 +4,7 @@ import (
"testing" "testing"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -28,7 +29,7 @@ func TestSessionCache_GetUnmodifiedToken(t *testing.T) {
require.True(t, ok) require.True(t, ok)
check(t, value, "before sign") check(t, value, "before sign")
err = value.Sign(pk.PrivateKey) err = value.Sign(neofsecdsa.Signer(pk.PrivateKey))
require.NoError(t, err) require.NoError(t, err)
value, ok = cache.Get(key) value, ok = cache.Get(key)

2
pool/doc.go
View file

@ -11,7 +11,7 @@ This InitParameters will make pool use 192.168.130.71 node while it is healthy.
: :
var prm pool.InitParameters var prm pool.InitParameters
prm.SetKey(key) prm.SetSigner(signer)
prm.AddNode(NewNodeParam(1, "192.168.130.71", 1)) prm.AddNode(NewNodeParam(1, "192.168.130.71", 1))
prm.AddNode(NewNodeParam(2, "192.168.130.72", 9)) prm.AddNode(NewNodeParam(2, "192.168.130.72", 9))
prm.AddNode(NewNodeParam(2, "192.168.130.73", 1)) prm.AddNode(NewNodeParam(2, "192.168.130.73", 1))

19
pool/mock_test.go
View file

@ -2,7 +2,6 @@ package pool
import ( import (
"context" "context"
"crypto/ecdsa"
"errors" "errors"
"github.com/google/uuid" "github.com/google/uuid"
@ -12,7 +11,7 @@ import (
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/netmap"
"github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/object"
@ -21,7 +20,7 @@ import (
) )
type mockClient struct { type mockClient struct {
key ecdsa.PrivateKey signer neofscrypto.Signer
clientStatusMonitor clientStatusMonitor
errorOnDial bool errorOnDial bool
@ -31,9 +30,9 @@ type mockClient struct {
stOnGetObject apistatus.Status stOnGetObject apistatus.Status
} }
func newMockClient(addr string, key ecdsa.PrivateKey) *mockClient { func newMockClient(addr string, signer neofscrypto.Signer) *mockClient {
return &mockClient{ return &mockClient{
key: key, signer: signer,
clientStatusMonitor: newClientStatusMonitor(addr, 10), clientStatusMonitor: newClientStatusMonitor(addr, 10),
} }
} }
@ -65,11 +64,13 @@ func (m *mockClient) statusOnGetObject(st apistatus.Status) {
m.stOnGetObject = st m.stOnGetObject = st
} }
func newToken(key ecdsa.PrivateKey) *session.Object { func newToken(signer neofscrypto.Signer) *session.Object {
var tok session.Object var tok session.Object
tok.SetID(uuid.New()) tok.SetID(uuid.New())
pk := neofsecdsa.PublicKey(key.PublicKey)
tok.SetAuthKey(&pk) public := signer.Public()
tok.SetAuthKey(public)
return &tok return &tok
} }
@ -159,7 +160,7 @@ func (m *mockClient) sessionCreate(context.Context, prmCreateSession) (resCreate
return resCreateSession{}, m.handleError(nil, errors.New("error")) return resCreateSession{}, m.handleError(nil, errors.New("error"))
} }
tok := newToken(m.key) tok := newToken(m.signer)
var v2tok sessionv2.Token var v2tok sessionv2.Token
tok.WriteToV2(&v2tok) tok.WriteToV2(&v2tok)

133
pool/pool.go
View file

@ -3,7 +3,6 @@ package pool
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -14,13 +13,13 @@ import (
"time" "time"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-sdk-go/accounting" "github.com/nspcc-dev/neofs-sdk-go/accounting"
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
sdkClient "github.com/nspcc-dev/neofs-sdk-go/client" sdkClient "github.com/nspcc-dev/neofs-sdk-go/client"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
"github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/netmap"
@ -227,7 +226,7 @@ type clientWrapper struct {
// wrapperPrm is params to create clientWrapper. // wrapperPrm is params to create clientWrapper.
type wrapperPrm struct { type wrapperPrm struct {
address string address string
key ecdsa.PrivateKey signer neofscrypto.Signer
dialTimeout time.Duration dialTimeout time.Duration
streamTimeout time.Duration streamTimeout time.Duration
errorThreshold uint32 errorThreshold uint32
@ -240,9 +239,9 @@ func (x *wrapperPrm) setAddress(address string) {
x.address = address x.address = address
} }
// setKey sets sdkClient.Client private key to be used for the protocol communication by default. // setSigner sets sdkClient.Client private signer to be used for the protocol communication by default.
func (x *wrapperPrm) setKey(key ecdsa.PrivateKey) { func (x *wrapperPrm) setSigner(signer neofscrypto.Signer) {
x.key = key x.signer = signer
} }
// setDialTimeout sets the timeout for connection to be established. // setDialTimeout sets the timeout for connection to be established.
@ -275,7 +274,7 @@ func (x *wrapperPrm) setResponseInfoCallback(f func(sdkClient.ResponseMetaInfo)
func newWrapper(prm wrapperPrm) *clientWrapper { func newWrapper(prm wrapperPrm) *clientWrapper {
var cl sdkClient.Client var cl sdkClient.Client
var prmInit sdkClient.PrmInit var prmInit sdkClient.PrmInit
prmInit.SetDefaultPrivateKey(prm.key) prmInit.SetDefaultSigner(prm.signer)
prmInit.SetResponseInfoCallback(prm.responseInfoCallback) prmInit.SetResponseInfoCallback(prm.responseInfoCallback)
cl.Init(prmInit) cl.Init(prmInit)
@ -324,7 +323,7 @@ func (c *clientWrapper) restartIfUnhealthy(ctx context.Context) (healthy, change
var cl sdkClient.Client var cl sdkClient.Client
var prmInit sdkClient.PrmInit var prmInit sdkClient.PrmInit
prmInit.SetDefaultPrivateKey(c.prm.key) prmInit.SetDefaultSigner(c.prm.signer)
prmInit.SetResponseInfoCallback(c.prm.responseInfoCallback) prmInit.SetResponseInfoCallback(c.prm.responseInfoCallback)
cl.Init(prmInit) cl.Init(prmInit)
@ -619,8 +618,8 @@ func (c *clientWrapper) objectPut(ctx context.Context, prm PrmObjectPut) (oid.ID
if prm.stoken != nil { if prm.stoken != nil {
cliPrm.WithinSession(*prm.stoken) cliPrm.WithinSession(*prm.stoken)
} }
if prm.key != nil { if prm.signer != nil {
cliPrm.UseKey(*prm.key) cliPrm.UseSigner(prm.signer)
} }
if prm.btoken != nil { if prm.btoken != nil {
cliPrm.WithBearerToken(*prm.btoken) cliPrm.WithBearerToken(*prm.btoken)
@ -709,8 +708,8 @@ func (c *clientWrapper) objectDelete(ctx context.Context, prm PrmObjectDelete) e
cliPrm.WithBearerToken(*prm.btoken) cliPrm.WithBearerToken(*prm.btoken)
} }
if prm.key != nil { if prm.signer != nil {
cliPrm.UseKey(*prm.key) cliPrm.UseSigner(prm.signer)
} }
start := time.Now() start := time.Now()
@ -745,8 +744,8 @@ func (c *clientWrapper) objectGet(ctx context.Context, prm PrmObjectGet) (ResGet
cliPrm.WithBearerToken(*prm.btoken) cliPrm.WithBearerToken(*prm.btoken)
} }
if prm.key != nil { if prm.signer != nil {
cliPrm.UseKey(*prm.key) cliPrm.UseSigner(prm.signer)
} }
var res ResGetObject var res ResGetObject
@ -801,8 +800,8 @@ func (c *clientWrapper) objectHead(ctx context.Context, prm PrmObjectHead) (obje
cliPrm.WithBearerToken(*prm.btoken) cliPrm.WithBearerToken(*prm.btoken)
} }
if prm.key != nil { if prm.signer != nil {
cliPrm.UseKey(*prm.key) cliPrm.UseSigner(prm.signer)
} }
var obj object.Object var obj object.Object
@ -845,8 +844,8 @@ func (c *clientWrapper) objectRange(ctx context.Context, prm PrmObjectRange) (Re
cliPrm.WithBearerToken(*prm.btoken) cliPrm.WithBearerToken(*prm.btoken)
} }
if prm.key != nil { if prm.signer != nil {
cliPrm.UseKey(*prm.key) cliPrm.UseSigner(prm.signer)
} }
start := time.Now() start := time.Now()
@ -884,8 +883,8 @@ func (c *clientWrapper) objectSearch(ctx context.Context, prm PrmObjectSearch) (
cliPrm.WithBearerToken(*prm.btoken) cliPrm.WithBearerToken(*prm.btoken)
} }
if prm.key != nil { if prm.signer != nil {
cliPrm.UseKey(*prm.key) cliPrm.UseSigner(prm.signer)
} }
res, err := cl.ObjectSearchInit(ctx, cliPrm) res, err := cl.ObjectSearchInit(ctx, cliPrm)
@ -905,7 +904,7 @@ func (c *clientWrapper) sessionCreate(ctx context.Context, prm prmCreateSession)
var cliPrm sdkClient.PrmSessionCreate var cliPrm sdkClient.PrmSessionCreate
cliPrm.SetExp(prm.exp) cliPrm.SetExp(prm.exp)
cliPrm.UseKey(prm.key) cliPrm.UseSigner(prm.signer)
start := time.Now() start := time.Now()
res, err := cl.SessionCreate(ctx, cliPrm) res, err := cl.SessionCreate(ctx, cliPrm)
@ -1022,7 +1021,7 @@ type RequestInfo struct {
// InitParameters contains values used to initialize connection Pool. // InitParameters contains values used to initialize connection Pool.
type InitParameters struct { type InitParameters struct {
key *ecdsa.PrivateKey signer neofscrypto.Signer
logger *zap.Logger logger *zap.Logger
nodeDialTimeout time.Duration nodeDialTimeout time.Duration
nodeStreamTimeout time.Duration nodeStreamTimeout time.Duration
@ -1036,9 +1035,9 @@ type InitParameters struct {
clientBuilder clientBuilder clientBuilder clientBuilder
} }
// SetKey specifies default key to be used for the protocol communication by default. // SetSigner specifies default signer to be used for the protocol communication by default.
func (x *InitParameters) SetKey(key *ecdsa.PrivateKey) { func (x *InitParameters) SetSigner(signer neofscrypto.Signer) {
x.key = key x.signer = signer
} }
// SetLogger specifies logger. // SetLogger specifies logger.
@ -1209,15 +1208,15 @@ func (x *prmContext) useVerb(verb session.ObjectVerb) {
} }
type prmCommon struct { type prmCommon struct {
key *ecdsa.PrivateKey signer neofscrypto.Signer
btoken *bearer.Token btoken *bearer.Token
stoken *session.Object stoken *session.Object
} }
// UseKey specifies private key to sign the requests. // UseSigner specifies private signer to sign the requests.
// If key is not provided, then Pool default key is used. // If signer is not provided, then Pool default signer is used.
func (x *prmCommon) UseKey(key *ecdsa.PrivateKey) { func (x *prmCommon) UseSigner(signer neofscrypto.Signer) {
x.key = key x.signer = signer
} }
// UseBearer attaches bearer token to be used for the operation. // UseBearer attaches bearer token to be used for the operation.
@ -1483,8 +1482,8 @@ func (x *PrmBalanceGet) SetAccount(id user.ID) {
// prmEndpointInfo groups parameters of sessionCreate operation. // prmEndpointInfo groups parameters of sessionCreate operation.
type prmCreateSession struct { type prmCreateSession struct {
exp uint64 exp uint64
key ecdsa.PrivateKey signer neofscrypto.Signer
} }
// setExp sets number of the last NeoFS epoch in the lifetime of the session after which it will be expired. // setExp sets number of the last NeoFS epoch in the lifetime of the session after which it will be expired.
@ -1492,10 +1491,10 @@ func (x *prmCreateSession) setExp(exp uint64) {
x.exp = exp x.exp = exp
} }
// useKey specifies owner private key for session token. // useSigner specifies owner private signer for session token.
// If key is not provided, then Pool default key is used. // If signer is not provided, then Pool default signer is used.
func (x *prmCreateSession) useKey(key ecdsa.PrivateKey) { func (x *prmCreateSession) useSigner(signer neofscrypto.Signer) {
x.key = key x.signer = signer
} }
// prmEndpointInfo groups parameters of endpointInfo operation. // prmEndpointInfo groups parameters of endpointInfo operation.
@ -1534,7 +1533,7 @@ type resCreateSession struct {
// See pool package overview to get some examples. // See pool package overview to get some examples.
type Pool struct { type Pool struct {
innerPools []*innerPool innerPools []*innerPool
key *ecdsa.PrivateKey signer neofscrypto.Signer
cancel context.CancelFunc cancel context.CancelFunc
closedCh chan struct{} closedCh chan struct{}
cache *sessionCache cache *sessionCache
@ -1562,8 +1561,8 @@ const (
// NewPool creates connection pool using parameters. // NewPool creates connection pool using parameters.
func NewPool(options InitParameters) (*Pool, error) { func NewPool(options InitParameters) (*Pool, error) {
if options.key == nil { if options.signer == nil {
return nil, fmt.Errorf("missed required parameter 'Key'") return nil, fmt.Errorf("missed required parameter 'Signer'")
} }
nodesParams, err := adjustNodeParams(options.nodeParams) nodesParams, err := adjustNodeParams(options.nodeParams)
@ -1579,7 +1578,7 @@ func NewPool(options InitParameters) (*Pool, error) {
fillDefaultInitParams(&options, cache) fillDefaultInitParams(&options, cache)
pool := &Pool{ pool := &Pool{
key: options.key, signer: options.signer,
cache: cache, cache: cache,
logger: options.logger, logger: options.logger,
stokenDuration: options.sessionExpirationDuration, stokenDuration: options.sessionExpirationDuration,
@ -1619,7 +1618,7 @@ func (p *Pool) Dial(ctx context.Context) error {
} }
var st session.Object var st session.Object
err := initSessionForDuration(ctx, &st, clients[j], p.rebalanceParams.sessionExpirationDuration, *p.key) err := initSessionForDuration(ctx, &st, clients[j], p.rebalanceParams.sessionExpirationDuration, p.signer)
if err != nil { if err != nil {
clients[j].setUnhealthy() clients[j].setUnhealthy()
if p.logger != nil { if p.logger != nil {
@ -1629,7 +1628,7 @@ func (p *Pool) Dial(ctx context.Context) error {
continue continue
} }
_ = p.cache.Put(formCacheKey(addr, p.key), st) _ = p.cache.Put(formCacheKey(addr, p.signer), st)
atLeastOneHealthy = true atLeastOneHealthy = true
} }
source := rand.NewSource(time.Now().UnixNano()) source := rand.NewSource(time.Now().UnixNano())
@ -1683,7 +1682,7 @@ func fillDefaultInitParams(params *InitParameters, cache *sessionCache) {
params.setClientBuilder(func(addr string) client { params.setClientBuilder(func(addr string) client {
var prm wrapperPrm var prm wrapperPrm
prm.setAddress(addr) prm.setAddress(addr)
prm.setKey(*params.key) prm.setSigner(params.signer)
prm.setDialTimeout(params.nodeDialTimeout) prm.setDialTimeout(params.nodeDialTimeout)
prm.setStreamTimeout(params.nodeStreamTimeout) prm.setStreamTimeout(params.nodeStreamTimeout)
prm.setErrorThreshold(params.errorThreshold) prm.setErrorThreshold(params.errorThreshold)
@ -1849,11 +1848,11 @@ func (p *innerPool) connection() (client, error) {
return nil, errors.New("no healthy client") return nil, errors.New("no healthy client")
} }
func formCacheKey(address string, key *ecdsa.PrivateKey) string { func formCacheKey(address string, signer neofscrypto.Signer) string {
buf := make([]byte, 33) b := make([]byte, signer.Public().MaxEncodedSize())
copy(buf, (*keys.PublicKey)(&key.PublicKey).Bytes()) signer.Public().Encode(b)
return address + string(buf) return address + string(b)
} }
func (p *Pool) checkSessionTokenErr(err error, address string) bool { func (p *Pool) checkSessionTokenErr(err error, address string) bool {
@ -1869,7 +1868,7 @@ func (p *Pool) checkSessionTokenErr(err error, address string) bool {
return false return false
} }
func initSessionForDuration(ctx context.Context, dst *session.Object, c client, dur uint64, ownerKey ecdsa.PrivateKey) error { func initSessionForDuration(ctx context.Context, dst *session.Object, c client, dur uint64, signer neofscrypto.Signer) error {
ni, err := c.networkInfo(ctx, prmNetworkInfo{}) ni, err := c.networkInfo(ctx, prmNetworkInfo{})
if err != nil { if err != nil {
return err return err
@ -1885,7 +1884,7 @@ func initSessionForDuration(ctx context.Context, dst *session.Object, c client,
} }
var prm prmCreateSession var prm prmCreateSession
prm.setExp(exp) prm.setExp(exp)
prm.useKey(ownerKey) prm.useSigner(signer)
res, err := c.sessionCreate(ctx, prm) res, err := c.sessionCreate(ctx, prm)
if err != nil { if err != nil {
@ -1923,7 +1922,7 @@ type callContext struct {
endpoint string endpoint string
// request signer // request signer
key *ecdsa.PrivateKey signer neofscrypto.Signer
// flag to open default session if session token is missing // flag to open default session if session token is missing
sessionDefault bool sessionDefault bool
@ -1940,10 +1939,10 @@ func (p *Pool) initCallContext(ctx *callContext, cfg prmCommon, prmCtx prmContex
return err return err
} }
ctx.key = cfg.key ctx.signer = cfg.signer
if ctx.key == nil { if ctx.signer == nil {
// use pool key if caller didn't specify its own // use pool signer if caller didn't specify its own
ctx.key = p.key ctx.signer = p.signer
} }
ctx.endpoint = cp.address() ctx.endpoint = cp.address()
@ -1968,12 +1967,12 @@ func (p *Pool) initCallContext(ctx *callContext, cfg prmCommon, prmCtx prmContex
// opens new session or uses cached one. // opens new session or uses cached one.
// Must be called only on initialized callContext with set sessionTarget. // Must be called only on initialized callContext with set sessionTarget.
func (p *Pool) openDefaultSession(ctx *callContext) error { func (p *Pool) openDefaultSession(ctx *callContext) error {
cacheKey := formCacheKey(ctx.endpoint, ctx.key) cacheKey := formCacheKey(ctx.endpoint, ctx.signer)
tok, ok := p.cache.Get(cacheKey) tok, ok := p.cache.Get(cacheKey)
if !ok { if !ok {
// init new session // init new session
err := initSessionForDuration(ctx, &tok, ctx.client, p.stokenDuration, *ctx.key) err := initSessionForDuration(ctx, &tok, ctx.client, p.stokenDuration, ctx.signer)
if err != nil { if err != nil {
return fmt.Errorf("session API client: %w", err) return fmt.Errorf("session API client: %w", err)
} }
@ -1990,7 +1989,7 @@ func (p *Pool) openDefaultSession(ctx *callContext) error {
} }
// sign the token // sign the token
if err := tok.Sign(*ctx.key); err != nil { if err := tok.Sign(ctx.signer); err != nil {
return fmt.Errorf("sign token of the opened session: %w", err) return fmt.Errorf("sign token of the opened session: %w", err)
} }
@ -2017,10 +2016,10 @@ func (p *Pool) call(ctx *callContext, f func() error) error {
return err return err
} }
// fillAppropriateKey use pool key if caller didn't specify its own. // fillAppropriateSigner use pool signer if caller didn't specify its own.
func (p *Pool) fillAppropriateKey(prm *prmCommon) { func (p *Pool) fillAppropriateSigner(prm *prmCommon) {
if prm.key == nil { if prm.signer == nil {
prm.key = p.key prm.signer = p.signer
} }
} }
@ -2035,7 +2034,7 @@ func (p *Pool) PutObject(ctx context.Context, prm PrmObjectPut) (oid.ID, error)
prmCtx.useVerb(session.VerbObjectPut) prmCtx.useVerb(session.VerbObjectPut)
prmCtx.useContainer(cnr) prmCtx.useContainer(cnr)
p.fillAppropriateKey(&prm.prmCommon) p.fillAppropriateSigner(&prm.prmCommon)
var ctxCall callContext var ctxCall callContext
@ -2087,7 +2086,7 @@ func (p *Pool) DeleteObject(ctx context.Context, prm PrmObjectDelete) error {
} }
} }
p.fillAppropriateKey(&prm.prmCommon) p.fillAppropriateSigner(&prm.prmCommon)
var cc callContext var cc callContext
@ -2148,7 +2147,7 @@ type ResGetObject struct {
// //
// Main return value MUST NOT be processed on an erroneous return. // Main return value MUST NOT be processed on an erroneous return.
func (p *Pool) GetObject(ctx context.Context, prm PrmObjectGet) (ResGetObject, error) { func (p *Pool) GetObject(ctx context.Context, prm PrmObjectGet) (ResGetObject, error) {
p.fillAppropriateKey(&prm.prmCommon) p.fillAppropriateSigner(&prm.prmCommon)
var cc callContext var cc callContext
cc.Context = ctx cc.Context = ctx
@ -2171,7 +2170,7 @@ func (p *Pool) GetObject(ctx context.Context, prm PrmObjectGet) (ResGetObject, e
// //
// Main return value MUST NOT be processed on an erroneous return. // Main return value MUST NOT be processed on an erroneous return.
func (p *Pool) HeadObject(ctx context.Context, prm PrmObjectHead) (object.Object, error) { func (p *Pool) HeadObject(ctx context.Context, prm PrmObjectHead) (object.Object, error) {
p.fillAppropriateKey(&prm.prmCommon) p.fillAppropriateSigner(&prm.prmCommon)
var cc callContext var cc callContext
@ -2221,7 +2220,7 @@ func (x *ResObjectRange) Close() error {
// //
// Main return value MUST NOT be processed on an erroneous return. // Main return value MUST NOT be processed on an erroneous return.
func (p *Pool) ObjectRange(ctx context.Context, prm PrmObjectRange) (ResObjectRange, error) { func (p *Pool) ObjectRange(ctx context.Context, prm PrmObjectRange) (ResObjectRange, error) {
p.fillAppropriateKey(&prm.prmCommon) p.fillAppropriateSigner(&prm.prmCommon)
var cc callContext var cc callContext
cc.Context = ctx cc.Context = ctx
@ -2283,7 +2282,7 @@ func (x *ResObjectSearch) Close() {
// //
// Main return value MUST NOT be processed on an erroneous return. // Main return value MUST NOT be processed on an erroneous return.
func (p *Pool) SearchObjects(ctx context.Context, prm PrmObjectSearch) (ResObjectSearch, error) { func (p *Pool) SearchObjects(ctx context.Context, prm PrmObjectSearch) (ResObjectSearch, error) {
p.fillAppropriateKey(&prm.prmCommon) p.fillAppropriateSigner(&prm.prmCommon)
var cc callContext var cc callContext

146
pool/pool_test.go
View file

@ -2,7 +2,6 @@ package pool
import ( import (
"context" "context"
"crypto/ecdsa"
"errors" "errors"
"strconv" "strconv"
"testing" "testing"
@ -11,6 +10,7 @@ import (
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/object"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
@ -22,13 +22,13 @@ import (
func TestBuildPoolClientFailed(t *testing.T) { func TestBuildPoolClientFailed(t *testing.T) {
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
mockCli := newMockClient(addr, *newPrivateKey(t)) mockCli := newMockClient(addr, newSigner(t))
mockCli.errOnDial() mockCli.errOnDial()
return mockCli return mockCli
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{{1, "peer0", 1}}, nodeParams: []NodeParam{{1, "peer0", 1}},
} }
opts.setClientBuilder(mockClientBuilder) opts.setClientBuilder(mockClientBuilder)
@ -41,13 +41,13 @@ func TestBuildPoolClientFailed(t *testing.T) {
func TestBuildPoolCreateSessionFailed(t *testing.T) { func TestBuildPoolCreateSessionFailed(t *testing.T) {
clientMockBuilder := func(addr string) client { clientMockBuilder := func(addr string) client {
mockCli := newMockClient(addr, *newPrivateKey(t)) mockCli := newMockClient(addr, newSigner(t))
mockCli.errOnCreateSession() mockCli.errOnCreateSession()
return mockCli return mockCli
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{{1, "peer0", 1}}, nodeParams: []NodeParam{{1, "peer0", 1}},
} }
opts.setClientBuilder(clientMockBuilder) opts.setClientBuilder(clientMockBuilder)
@ -58,10 +58,10 @@ func TestBuildPoolCreateSessionFailed(t *testing.T) {
require.Error(t, err) require.Error(t, err)
} }
func newPrivateKey(t *testing.T) *ecdsa.PrivateKey { func newSigner(t *testing.T) neofsecdsa.Signer {
p, err := keys.NewPrivateKey() p, err := keys.NewPrivateKey()
require.NoError(t, err) require.NoError(t, err)
return &p.PrivateKey return neofsecdsa.Signer(p.PrivateKey)
} }
func TestBuildPoolOneNodeFailed(t *testing.T) { func TestBuildPoolOneNodeFailed(t *testing.T) {
@ -70,24 +70,24 @@ func TestBuildPoolOneNodeFailed(t *testing.T) {
{2, "peer1", 1}, {2, "peer1", 1},
} }
var clientKeys []*ecdsa.PrivateKey var clientKeys []neofscrypto.Signer
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
clientKeys = append(clientKeys, key) clientKeys = append(clientKeys, key)
if addr == nodes[0].address { if addr == nodes[0].address {
mockCli := newMockClient(addr, *key) mockCli := newMockClient(addr, key)
mockCli.errOnEndpointInfo() mockCli.errOnEndpointInfo()
return mockCli return mockCli
} }
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
log, err := zap.NewProduction() log, err := zap.NewProduction()
require.NoError(t, err) require.NoError(t, err)
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
clientRebalanceInterval: 1000 * time.Millisecond, clientRebalanceInterval: 1000 * time.Millisecond,
logger: log, logger: log,
nodeParams: nodes, nodeParams: nodes,
@ -100,14 +100,14 @@ func TestBuildPoolOneNodeFailed(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
t.Cleanup(clientPool.Close) t.Cleanup(clientPool.Close)
expectedAuthKey := neofsecdsa.PublicKey(clientKeys[1].PublicKey) expectedAuthKey := clientKeys[1].Public()
condition := func() bool { condition := func() bool {
cp, err := clientPool.connection() cp, err := clientPool.connection()
if err != nil { if err != nil {
return false return false
} }
st, _ := clientPool.cache.Get(formCacheKey(cp.address(), clientPool.key)) st, _ := clientPool.cache.Get(formCacheKey(cp.address(), clientPool.signer))
return st.AssertAuthKey(&expectedAuthKey) return st.AssertAuthKey(expectedAuthKey)
} }
require.Never(t, condition, 900*time.Millisecond, 100*time.Millisecond) require.Never(t, condition, 900*time.Millisecond, 100*time.Millisecond)
require.Eventually(t, condition, 3*time.Second, 300*time.Millisecond) require.Eventually(t, condition, 3*time.Second, 300*time.Millisecond)
@ -115,20 +115,20 @@ func TestBuildPoolOneNodeFailed(t *testing.T) {
func TestBuildPoolZeroNodes(t *testing.T) { func TestBuildPoolZeroNodes(t *testing.T) {
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
} }
_, err := NewPool(opts) _, err := NewPool(opts)
require.Error(t, err) require.Error(t, err)
} }
func TestOneNode(t *testing.T) { func TestOneNode(t *testing.T) {
key1 := newPrivateKey(t) key1 := newSigner(t)
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
return newMockClient(addr, *key1) return newMockClient(addr, key1)
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{{1, "peer0", 1}}, nodeParams: []NodeParam{{1, "peer0", 1}},
} }
opts.setClientBuilder(mockClientBuilder) opts.setClientBuilder(mockClientBuilder)
@ -141,21 +141,21 @@ func TestOneNode(t *testing.T) {
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
expectedAuthKey := neofsecdsa.PublicKey(key1.PublicKey) expectedAuthKey := neofsecdsa.PublicKey(key1.PublicKey)
require.True(t, st.AssertAuthKey(&expectedAuthKey)) require.True(t, st.AssertAuthKey(&expectedAuthKey))
} }
func TestTwoNodes(t *testing.T) { func TestTwoNodes(t *testing.T) {
var clientKeys []*ecdsa.PrivateKey var clientKeys []neofscrypto.Signer
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
clientKeys = append(clientKeys, key) clientKeys = append(clientKeys, key)
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{ nodeParams: []NodeParam{
{1, "peer0", 1}, {1, "peer0", 1},
{1, "peer1", 1}, {1, "peer1", 1},
@ -171,14 +171,14 @@ func TestTwoNodes(t *testing.T) {
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
require.True(t, assertAuthKeyForAny(st, clientKeys)) require.True(t, assertAuthKeyForAny(st, clientKeys))
} }
func assertAuthKeyForAny(st session.Object, clientKeys []*ecdsa.PrivateKey) bool { func assertAuthKeyForAny(st session.Object, clientKeys []neofscrypto.Signer) bool {
for _, key := range clientKeys { for _, key := range clientKeys {
expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey) expectedAuthKey := key.Public()
if st.AssertAuthKey(&expectedAuthKey) { if st.AssertAuthKey(expectedAuthKey) {
return true return true
} }
} }
@ -191,23 +191,23 @@ func TestOneOfTwoFailed(t *testing.T) {
{9, "peer1", 1}, {9, "peer1", 1},
} }
var clientKeys []*ecdsa.PrivateKey var clientKeys []neofscrypto.Signer
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
clientKeys = append(clientKeys, key) clientKeys = append(clientKeys, key)
if addr == nodes[0].address { if addr == nodes[0].address {
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
mockCli := newMockClient(addr, *key) mockCli := newMockClient(addr, key)
mockCli.errOnEndpointInfo() mockCli.errOnEndpointInfo()
mockCli.errOnNetworkInfo() mockCli.errOnNetworkInfo()
return mockCli return mockCli
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: nodes, nodeParams: nodes,
clientRebalanceInterval: 200 * time.Millisecond, clientRebalanceInterval: 200 * time.Millisecond,
} }
@ -226,23 +226,23 @@ func TestOneOfTwoFailed(t *testing.T) {
for i := 0; i < 5; i++ { for i := 0; i < 5; i++ {
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
require.True(t, assertAuthKeyForAny(st, clientKeys)) require.True(t, assertAuthKeyForAny(st, clientKeys))
} }
} }
func TestTwoFailed(t *testing.T) { func TestTwoFailed(t *testing.T) {
var clientKeys []*ecdsa.PrivateKey var clientKeys []neofscrypto.Signer
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
clientKeys = append(clientKeys, key) clientKeys = append(clientKeys, key)
mockCli := newMockClient(addr, *key) mockCli := newMockClient(addr, key)
mockCli.errOnEndpointInfo() mockCli.errOnEndpointInfo()
return mockCli return mockCli
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{ nodeParams: []NodeParam{
{1, "peer0", 1}, {1, "peer0", 1},
{1, "peer1", 1}, {1, "peer1", 1},
@ -266,17 +266,17 @@ func TestTwoFailed(t *testing.T) {
} }
func TestSessionCache(t *testing.T) { func TestSessionCache(t *testing.T) {
key := newPrivateKey(t) key := newSigner(t)
expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey) expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey)
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
mockCli := newMockClient(addr, *key) mockCli := newMockClient(addr, key)
mockCli.statusOnGetObject(apistatus.SessionTokenNotFound{}) mockCli.statusOnGetObject(apistatus.SessionTokenNotFound{})
return mockCli return mockCli
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{ nodeParams: []NodeParam{
{1, "peer0", 1}, {1, "peer0", 1},
}, },
@ -296,7 +296,7 @@ func TestSessionCache(t *testing.T) {
// cache must contain session token // cache must contain session token
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
require.True(t, st.AssertAuthKey(&expectedAuthKey)) require.True(t, st.AssertAuthKey(&expectedAuthKey))
var prm PrmObjectGet var prm PrmObjectGet
@ -309,7 +309,7 @@ func TestSessionCache(t *testing.T) {
// cache must not contain session token // cache must not contain session token
cp, err = pool.connection() cp, err = pool.connection()
require.NoError(t, err) require.NoError(t, err)
_, ok := pool.cache.Get(formCacheKey(cp.address(), pool.key)) _, ok := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
require.False(t, ok) require.False(t, ok)
var prm2 PrmObjectPut var prm2 PrmObjectPut
@ -321,7 +321,7 @@ func TestSessionCache(t *testing.T) {
// cache must contain session token // cache must contain session token
cp, err = pool.connection() cp, err = pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ = pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ = pool.cache.Get(formCacheKey(cp.address(), pool.signer))
require.True(t, st.AssertAuthKey(&expectedAuthKey)) require.True(t, st.AssertAuthKey(&expectedAuthKey))
} }
@ -331,22 +331,22 @@ func TestPriority(t *testing.T) {
{2, "peer1", 100}, {2, "peer1", 100},
} }
var clientKeys []*ecdsa.PrivateKey var clientKeys []neofscrypto.Signer
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
clientKeys = append(clientKeys, key) clientKeys = append(clientKeys, key)
if addr == nodes[0].address { if addr == nodes[0].address {
mockCli := newMockClient(addr, *key) mockCli := newMockClient(addr, key)
mockCli.errOnEndpointInfo() mockCli.errOnEndpointInfo()
return mockCli return mockCli
} }
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: nodes, nodeParams: nodes,
clientRebalanceInterval: 1500 * time.Millisecond, clientRebalanceInterval: 1500 * time.Millisecond,
} }
@ -361,20 +361,20 @@ func TestPriority(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
t.Cleanup(pool.Close) t.Cleanup(pool.Close)
expectedAuthKey1 := neofsecdsa.PublicKey(clientKeys[0].PublicKey) expectedAuthKey1 := clientKeys[0].Public()
firstNode := func() bool { firstNode := func() bool {
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
return st.AssertAuthKey(&expectedAuthKey1) return st.AssertAuthKey(expectedAuthKey1)
} }
expectedAuthKey2 := neofsecdsa.PublicKey(clientKeys[1].PublicKey) expectedAuthKey2 := clientKeys[1].Public()
secondNode := func() bool { secondNode := func() bool {
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
return st.AssertAuthKey(&expectedAuthKey2) return st.AssertAuthKey(expectedAuthKey2)
} }
require.Never(t, secondNode, time.Second, 200*time.Millisecond) require.Never(t, secondNode, time.Second, 200*time.Millisecond)
@ -383,15 +383,15 @@ func TestPriority(t *testing.T) {
} }
func TestSessionCacheWithKey(t *testing.T) { func TestSessionCacheWithKey(t *testing.T) {
key := newPrivateKey(t) key := newSigner(t)
expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey) expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey)
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{ nodeParams: []NodeParam{
{1, "peer0", 1}, {1, "peer0", 1},
}, },
@ -410,13 +410,13 @@ func TestSessionCacheWithKey(t *testing.T) {
// cache must contain session token // cache must contain session token
cp, err := pool.connection() cp, err := pool.connection()
require.NoError(t, err) require.NoError(t, err)
st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.key)) st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
require.True(t, st.AssertAuthKey(&expectedAuthKey)) require.True(t, st.AssertAuthKey(&expectedAuthKey))
var prm PrmObjectDelete var prm PrmObjectDelete
prm.SetAddress(oid.Address{}) prm.SetAddress(oid.Address{})
anonKey := newPrivateKey(t) anonKey := newSigner(t)
prm.UseKey(anonKey) prm.UseSigner(anonKey)
err = pool.DeleteObject(ctx, prm) err = pool.DeleteObject(ctx, prm)
require.NoError(t, err) require.NoError(t, err)
@ -426,12 +426,12 @@ func TestSessionCacheWithKey(t *testing.T) {
func TestSessionTokenOwner(t *testing.T) { func TestSessionTokenOwner(t *testing.T) {
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: []NodeParam{ nodeParams: []NodeParam{
{1, "peer0", 1}, {1, "peer0", 1},
}, },
@ -447,12 +447,12 @@ func TestSessionTokenOwner(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
t.Cleanup(p.Close) t.Cleanup(p.Close)
anonKey := newPrivateKey(t) anonKey := newSigner(t)
var anonOwner user.ID var anonOwner user.ID
user.IDFromKey(&anonOwner, anonKey.PublicKey) require.NoError(t, user.IDFromSigner(&anonOwner, anonKey))
var prm prmCommon var prm prmCommon
prm.UseKey(anonKey) prm.UseSigner(anonKey)
var prmCtx prmContext var prmCtx prmContext
prmCtx.useDefaultSession() prmCtx.useDefaultSession()
@ -472,7 +472,7 @@ func TestSessionTokenOwner(t *testing.T) {
} }
func TestWaitPresence(t *testing.T) { func TestWaitPresence(t *testing.T) {
mockCli := newMockClient("", *newPrivateKey(t)) mockCli := newMockClient("", newSigner(t))
t.Run("context canceled", func(t *testing.T) { t.Run("context canceled", func(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
@ -620,23 +620,23 @@ func TestSwitchAfterErrorThreshold(t *testing.T) {
errorThreshold := 5 errorThreshold := 5
var clientKeys []*ecdsa.PrivateKey var clientKeys []neofscrypto.Signer
mockClientBuilder := func(addr string) client { mockClientBuilder := func(addr string) client {
key := newPrivateKey(t) key := newSigner(t)
clientKeys = append(clientKeys, key) clientKeys = append(clientKeys, key)
if addr == nodes[0].address { if addr == nodes[0].address {
mockCli := newMockClient(addr, *key) mockCli := newMockClient(addr, key)
mockCli.setThreshold(uint32(errorThreshold)) mockCli.setThreshold(uint32(errorThreshold))
mockCli.statusOnGetObject(apistatus.ServerInternal{}) mockCli.statusOnGetObject(apistatus.ServerInternal{})
return mockCli return mockCli
} }
return newMockClient(addr, *key) return newMockClient(addr, key)
} }
opts := InitParameters{ opts := InitParameters{
key: newPrivateKey(t), signer: newSigner(t),
nodeParams: nodes, nodeParams: nodes,
clientRebalanceInterval: 30 * time.Second, clientRebalanceInterval: 30 * time.Second,
} }

12
pool/sampler_test.go
View file

@ -50,10 +50,10 @@ func TestHealthyReweight(t *testing.T) {
cache, err := newCache() cache, err := newCache()
require.NoError(t, err) require.NoError(t, err)
client1 := newMockClient(names[0], *newPrivateKey(t)) client1 := newMockClient(names[0], newSigner(t))
client1.errOnDial() client1.errOnDial()
client2 := newMockClient(names[1], *newPrivateKey(t)) client2 := newMockClient(names[1], newSigner(t))
inner := &innerPool{ inner := &innerPool{
sampler: newSampler(weights, rand.NewSource(0)), sampler: newSampler(weights, rand.NewSource(0)),
@ -62,7 +62,7 @@ func TestHealthyReweight(t *testing.T) {
p := &Pool{ p := &Pool{
innerPools: []*innerPool{inner}, innerPools: []*innerPool{inner},
cache: cache, cache: cache,
key: newPrivateKey(t), signer: newSigner(t),
rebalanceParams: rebalanceParameters{nodesParams: []*nodesParam{{weights: weights}}}, rebalanceParams: rebalanceParameters{nodesParams: []*nodesParam{{weights: weights}}},
} }
@ -81,7 +81,7 @@ func TestHealthyReweight(t *testing.T) {
// enabled first node again // enabled first node again
inner.lock.Lock() inner.lock.Lock()
inner.clients[0] = newMockClient(names[0], *newPrivateKey(t)) inner.clients[0] = newMockClient(names[0], newSigner(t))
inner.lock.Unlock() inner.lock.Unlock()
p.updateInnerNodesHealth(context.TODO(), 0, buffer) p.updateInnerNodesHealth(context.TODO(), 0, buffer)
@ -104,8 +104,8 @@ func TestHealthyNoReweight(t *testing.T) {
inner := &innerPool{ inner := &innerPool{
sampler: sampl, sampler: sampl,
clients: []client{ clients: []client{
newMockClient(names[0], *newPrivateKey(t)), newMockClient(names[0], newSigner(t)),
newMockClient(names[1], *newPrivateKey(t)), newMockClient(names[1], newSigner(t)),
}, },
} }
p := &Pool{ p := &Pool{

11
session/common.go
View file

@ -2,7 +2,6 @@ package session
import ( import (
"bytes" "bytes"
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
@ -10,7 +9,6 @@ import (
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
) )
@ -155,13 +153,16 @@ func (x commonData) signedData(w contextWriter) []byte {
return x.fillBody(w).StableMarshal(nil) return x.fillBody(w).StableMarshal(nil)
} }
func (x *commonData) sign(key ecdsa.PrivateKey, w contextWriter) error { func (x *commonData) sign(signer neofscrypto.Signer, w contextWriter) error {
user.IDFromKey(&x.issuer, key.PublicKey) if err := user.IDFromSigner(&x.issuer, signer); err != nil {
return err
}
x.issuerSet = true x.issuerSet = true
var sig neofscrypto.Signature var sig neofscrypto.Signature
err := sig.Calculate(neofsecdsa.Signer(key), x.signedData(w)) err := sig.Calculate(signer, x.signedData(w))
if err != nil { if err != nil {
return err return err
} }

5
session/container.go
View file

@ -1,7 +1,6 @@
package session package session
import ( import (
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
@ -136,8 +135,8 @@ func (x *Container) UnmarshalJSON(data []byte) error {
// expected to be calculated as a final stage of Container formation. // expected to be calculated as a final stage of Container formation.
// //
// See also VerifySignature. // See also VerifySignature.
func (x *Container) Sign(key ecdsa.PrivateKey) error { func (x *Container) Sign(signer neofscrypto.Signer) error {
return x.sign(key, x.writeContext) return x.sign(signer, x.writeContext)
} }
// VerifySignature checks if Container signature is presented and valid. // VerifySignature checks if Container signature is presented and valid.

15
session/container_test.go
View file

@ -12,7 +12,6 @@ import (
v2session "github.com/nspcc-dev/neofs-api-go/v2/session" v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
@ -56,7 +55,7 @@ func TestContainerProtocolV2(t *testing.T) {
// Session key // Session key
signer := randSigner() signer := randSigner()
authKey := neofsecdsa.PublicKey(signer.PublicKey) authKey := signer.Public()
binAuthKey := make([]byte, authKey.MaxEncodedSize()) binAuthKey := make([]byte, authKey.MaxEncodedSize())
binAuthKey = binAuthKey[:authKey.Encode(binAuthKey)] binAuthKey = binAuthKey[:authKey.Encode(binAuthKey)]
restoreAuthKey := func() { restoreAuthKey := func() {
@ -173,7 +172,7 @@ func TestContainerProtocolV2(t *testing.T) {
}, },
restore: restoreAuthKey, restore: restoreAuthKey,
assert: func(val session.Container) { assert: func(val session.Container) {
require.True(t, val.AssertAuthKey(&authKey)) require.True(t, val.AssertAuthKey(authKey))
}, },
breakSign: func(m *v2session.Token) { breakSign: func(m *v2session.Token) {
body := m.GetBody() body := m.GetBody()
@ -271,7 +270,7 @@ func TestContainer_WriteToV2(t *testing.T) {
require.NoError(t, val.Sign(signer)) require.NoError(t, val.Sign(signer))
var usr user.ID var usr user.ID
user.IDFromKey(&usr, signer.PublicKey) require.NoError(t, user.IDFromSigner(&usr, signer))
var usrV2 refs.OwnerID var usrV2 refs.OwnerID
usr.WriteToV2(&usrV2) usr.WriteToV2(&usrV2)
@ -516,7 +515,7 @@ func TestIssuedBy(t *testing.T) {
signer = randSigner() signer = randSigner()
) )
user.IDFromKey(&issuer, signer.PublicKey) require.NoError(t, user.IDFromSigner(&issuer, signer))
require.False(t, session.IssuedBy(token, issuer)) require.False(t, session.IssuedBy(token, issuer))
@ -534,7 +533,7 @@ func TestContainer_Issuer(t *testing.T) {
var issuer user.ID var issuer user.ID
user.IDFromKey(&issuer, signer.PublicKey) require.NoError(t, user.IDFromSigner(&issuer, signer))
require.True(t, token.Issuer().Equals(issuer)) require.True(t, token.Issuer().Equals(issuer))
} }
@ -556,14 +555,14 @@ func TestContainer_VerifyDataSignature(t *testing.T) {
rand.Read(data) rand.Read(data)
var sig neofscrypto.Signature var sig neofscrypto.Signature
require.NoError(t, sig.Calculate(neofsecdsa.SignerRFC6979(signer), data)) require.NoError(t, sig.Calculate(signer, data))
var sigV2 refs.Signature var sigV2 refs.Signature
sig.WriteToV2(&sigV2) sig.WriteToV2(&sigV2)
require.False(t, tok.VerifySessionDataSignature(data, sigV2.GetSign())) require.False(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
tok.SetAuthKey((*neofsecdsa.PublicKeyRFC6979)(&signer.PublicKey)) tok.SetAuthKey(signer.Public())
require.True(t, tok.VerifySessionDataSignature(data, sigV2.GetSign())) require.True(t, tok.VerifySessionDataSignature(data, sigV2.GetSign()))
require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign())) require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign()))
require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1))) require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1)))

6
session/object.go
View file

@ -1,13 +1,13 @@
package session package session
import ( import (
"crypto/ecdsa"
"errors" "errors"
"fmt" "fmt"
"github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-api-go/v2/refs"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id" cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
) )
@ -162,8 +162,8 @@ func (x *Object) UnmarshalJSON(data []byte) error {
// expected to be calculated as a final stage of Object formation. // expected to be calculated as a final stage of Object formation.
// //
// See also VerifySignature. // See also VerifySignature.
func (x *Object) Sign(key ecdsa.PrivateKey) error { func (x *Object) Sign(signer neofscrypto.Signer) error {
return x.sign(key, x.writeContext) return x.sign(signer, x.writeContext)
} }
// VerifySignature checks if Object signature is presented and valid. // VerifySignature checks if Object signature is presented and valid.

16
session/object_test.go
View file

@ -1,7 +1,6 @@
package session_test package session_test
import ( import (
"crypto/ecdsa"
"fmt" "fmt"
"math" "math"
"math/rand" "math/rand"
@ -23,18 +22,17 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
func randSigner() ecdsa.PrivateKey { func randSigner() neofscrypto.Signer {
k, err := keys.NewPrivateKey() k, err := keys.NewPrivateKey()
if err != nil { if err != nil {
panic(fmt.Sprintf("generate private key: %v", err)) panic(fmt.Sprintf("generate private key: %v", err))
} }
return k.PrivateKey return neofsecdsa.SignerRFC6979(k.PrivateKey)
} }
func randPublicKey() neofscrypto.PublicKey { func randPublicKey() neofscrypto.PublicKey {
k := randSigner().PublicKey return randSigner().Public()
return (*neofsecdsa.PublicKey)(&k)
} }
func TestObjectProtocolV2(t *testing.T) { func TestObjectProtocolV2(t *testing.T) {
@ -73,7 +71,7 @@ func TestObjectProtocolV2(t *testing.T) {
// Session key // Session key
signer := randSigner() signer := randSigner()
authKey := neofsecdsa.PublicKey(signer.PublicKey) authKey := signer.Public()
binAuthKey := make([]byte, authKey.MaxEncodedSize()) binAuthKey := make([]byte, authKey.MaxEncodedSize())
binAuthKey = binAuthKey[:authKey.Encode(binAuthKey)] binAuthKey = binAuthKey[:authKey.Encode(binAuthKey)]
restoreAuthKey := func() { restoreAuthKey := func() {
@ -195,7 +193,7 @@ func TestObjectProtocolV2(t *testing.T) {
}, },
restore: restoreAuthKey, restore: restoreAuthKey,
assert: func(val session.Object) { assert: func(val session.Object) {
require.True(t, val.AssertAuthKey(&authKey)) require.True(t, val.AssertAuthKey(authKey))
}, },
breakSign: func(m *v2session.Token) { breakSign: func(m *v2session.Token) {
body := m.GetBody() body := m.GetBody()
@ -298,7 +296,7 @@ func TestObject_WriteToV2(t *testing.T) {
require.NoError(t, val.Sign(signer)) require.NoError(t, val.Sign(signer))
var usr user.ID var usr user.ID
user.IDFromKey(&usr, signer.PublicKey) require.NoError(t, user.IDFromSigner(&usr, signer))
var usrV2 refs.OwnerID var usrV2 refs.OwnerID
usr.WriteToV2(&usrV2) usr.WriteToV2(&usrV2)
@ -634,7 +632,7 @@ func TestObject_Issuer(t *testing.T) {
var issuer user.ID var issuer user.ID
user.IDFromKey(&issuer, signer.PublicKey) require.NoError(t, user.IDFromSigner(&issuer, signer))
require.True(t, token.Issuer().Equals(issuer)) require.True(t, token.Issuer().Equals(issuer))
} }

9
session/test/session.go
View file

@ -8,12 +8,13 @@ import (
"github.com/google/uuid" "github.com/google/uuid"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test" oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
"github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/session"
) )
var p ecdsa.PrivateKey var signer neofscrypto.Signer
func init() { func init() {
k, err := keys.NewPrivateKey() k, err := keys.NewPrivateKey()
@ -21,7 +22,7 @@ func init() {
panic(err) panic(err)
} }
p = k.PrivateKey signer = neofsecdsa.SignerRFC6979(k.PrivateKey)
} }
// Container returns random session.Container. // Container returns random session.Container.
@ -52,7 +53,7 @@ func Container() *session.Container {
func ContainerSigned() *session.Container { func ContainerSigned() *session.Container {
tok := Container() tok := Container()
err := tok.Sign(p) err := tok.Sign(signer)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -89,7 +90,7 @@ func Object() *session.Object {
func ObjectSigned() *session.Object { func ObjectSigned() *session.Object {
tok := Object() tok := Object()
err := tok.Sign(p) err := tok.Sign(signer)
if err != nil { if err != nil {
panic(err) panic(err)
} }

5
user/test/id.go
View file

@ -2,6 +2,7 @@ package usertest
import ( import (
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/user" "github.com/nspcc-dev/neofs-sdk-go/user"
) )
@ -13,7 +14,9 @@ func ID() *user.ID {
} }
var x user.ID var x user.ID
user.IDFromKey(&x, key.PrivateKey.PublicKey) if err = user.IDFromSigner(&x, neofsecdsa.Signer(key.PrivateKey)); err != nil {
return nil
}
return &x return &x
} }

23
user/util.go
View file

@ -1,12 +1,29 @@
package user package user
import ( import (
"crypto/ecdsa" "fmt"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/crypto/keys"
neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
) )
// IDFromKey forms the ID using script hash calculated for the given key. // IDFromKey forms the ID using script hash calculated for the given key.
func IDFromKey(id *ID, key ecdsa.PublicKey) { func IDFromKey(id *ID, key []byte) error {
id.SetScriptHash((*keys.PublicKey)(&key).GetScriptHash()) var pk keys.PublicKey
if err := pk.DecodeBytes(key); err != nil {
return fmt.Errorf("IDFromKey %v", err)
}
id.SetScriptHash(pk.GetScriptHash())
return nil
}
// IDFromSigner forms the ID using script hash calculated for the given key.
func IDFromSigner(id *ID, signer neofscrypto.Signer) error {
public := signer.Public()
key := make([]byte, public.MaxEncodedSize())
key = key[:public.Encode(key)]
return IDFromKey(id, key)
} }

3
user/util_test.go
View file

@ -1,7 +1,6 @@
package user_test package user_test
import ( import (
"crypto/ecdsa"
"crypto/elliptic" "crypto/elliptic"
"encoding/hex" "encoding/hex"
"testing" "testing"
@ -18,7 +17,7 @@ func TestIDFromKey(t *testing.T) {
var id user.ID var id user.ID
user.IDFromKey(&id, ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}) user.IDFromKey(&id, rawPub)
require.Equal(t, "NNLi44dJNXtDNSBkofB48aTVYtb1zZrNEs", id.EncodeToString()) require.Equal(t, "NNLi44dJNXtDNSBkofB48aTVYtb1zZrNEs", id.EncodeToString())
} }