diff --git a/service/sign.go b/service/sign.go index a0bb7e55..50453b9f 100644 --- a/service/sign.go +++ b/service/sign.go @@ -212,6 +212,7 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error { NewSignedBearerToken( src.GetBearerToken(), ), + ExtendedHeadersSignedData(src), ) if err != nil { return err @@ -237,6 +238,7 @@ func VerifyRequestData(src RequestVerifyData) error { NewVerifiedBearerToken( src.GetBearerToken(), ), + ExtendedHeadersSignedData(src), ) if err != nil { return err diff --git a/service/sign_test.go b/service/sign_test.go index 023412fa..724c0686 100644 --- a/service/sign_test.go +++ b/service/sign_test.go @@ -268,7 +268,7 @@ func TestVerifySignatureWithKey(t *testing.T) { require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src)) } -func TestSignVerifyDataWithSessionToken(t *testing.T) { +func TestSignVerifyRequestData(t *testing.T) { // sign with empty RequestSignedData require.EqualError(t, SignRequestData(nil, nil), @@ -288,18 +288,27 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) { bearer = wrapBearerTokenMsg(new(BearerTokenMsg)) bearerEpoch = uint64(8) + + extHdrKey = "key" + extHdr = new(RequestExtendedHeader_KV) ) token.SetVerb(initVerb) bearer.SetExpirationEpoch(bearerEpoch) + extHdr.SetK(extHdrKey) + // create test data with token src := &testSignedDataSrc{ data: testData(t, 10), token: token, bearer: bearer, + + extHdrs: []ExtendedHeader{ + wrapExtendedHeaderKV(extHdr), + }, } // create test private key @@ -344,6 +353,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) { // ascertain that verification is passed require.NoError(t, VerifyRequestData(src)) + // break the extended header + extHdr.SetK(extHdrKey + "1") + + // ascertain that verification is failed + require.Error(t, VerifyRequestData(src)) + + // restore the extended header + extHdr.SetK(extHdrKey) + + // ascertain that verification is passed + require.NoError(t, VerifyRequestData(src)) + // wrap to data reader rdr := &testSignedDataReader{ testSignedDataSrc: src,