From a3569ad99e7f016cc59e20d9f41ef08bdd98c72c Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 18 Jun 2020 15:26:56 +0300 Subject: [PATCH] service: ad BearerToken to signed payload of the requests --- service/sign.go | 6 ++++++ service/sign_test.go | 19 +++++++++++++++++++ service/verify.go | 2 +- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/service/sign.go b/service/sign.go index eb1c16d9..a0bb7e55 100644 --- a/service/sign.go +++ b/service/sign.go @@ -209,6 +209,9 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error { NewSignedSessionToken( src.GetSessionToken(), ), + NewSignedBearerToken( + src.GetBearerToken(), + ), ) if err != nil { return err @@ -231,6 +234,9 @@ func VerifyRequestData(src RequestVerifyData) error { NewVerifiedSessionToken( src.GetSessionToken(), ), + NewVerifiedBearerToken( + src.GetBearerToken(), + ), ) if err != nil { return err diff --git a/service/sign_test.go b/service/sign_test.go index 8b67e5b8..80c0d196 100644 --- a/service/sign_test.go +++ b/service/sign_test.go @@ -279,14 +279,21 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) { var ( token = new(Token) initVerb = Token_Info_Verb(1) + + bearer = wrapBearerTokenMsg(new(BearerTokenMsg)) + bearerEpoch = uint64(8) ) token.SetVerb(initVerb) + bearer.SetExpirationEpoch(bearerEpoch) + // create test data with token src := &testSignedDataSrc{ data: testData(t, 10), token: token, + + bearer: bearer, } // create test private key @@ -319,6 +326,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) { // ascertain that verification is passed require.NoError(t, VerifyRequestData(src)) + // break the Bearer token + bearer.SetExpirationEpoch(bearerEpoch + 1) + + // ascertain that verification is failed + require.Error(t, VerifyRequestData(src)) + + // restore the Bearer token + bearer.SetExpirationEpoch(bearerEpoch) + + // ascertain that verification is passed + require.NoError(t, VerifyRequestData(src)) + // wrap to data reader rdr := &testSignedDataReader{ testSignedDataSrc: src, diff --git a/service/verify.go b/service/verify.go index 9fbdfdf0..ee2eecc5 100644 --- a/service/verify.go +++ b/service/verify.go @@ -104,7 +104,7 @@ func (t testCustomField) MarshalTo(data []byte) (int, error) { return 0, nil } // Marshal skip, it's for test usage only. func (t testCustomField) Marshal() ([]byte, error) { return nil, nil } -// GetBearerToken returns wraps Bearer field and return BearerToken interface. +// GetBearerToken wraps Bearer field and return BearerToken interface. // // If Bearer field value is nil, nil returns. func (m RequestVerificationHeader) GetBearerToken() BearerToken {