frostfs-node/pkg/services/util/sign.go

package util

import (
	"context"
	"crypto/ecdsa"

	"github.com/nspcc-dev/neofs-api-go/v2/signature"
	"github.com/pkg/errors"
)

type UnaryHandler func(context.Context, interface{}) (interface{}, error)

type UnarySignService struct {
	key *ecdsa.PrivateKey
}

type ServerStreamHandler func(context.Context, interface{}) (MessageReader, error)

type MessageReader func() (interface{}, error)

type MessageStreamer struct {
	key *ecdsa.PrivateKey

	recv MessageReader
}

func NewUnarySignService(key *ecdsa.PrivateKey) *UnarySignService {
	return &UnarySignService{
		key: key,
	}
}

func (s *MessageStreamer) Recv() (interface{}, error) {
	m, err := s.recv()
	if err != nil {
		return nil, errors.Wrap(err, "could not receive response message for signing")
	}

	if err := signature.SignServiceMessage(s.key, m); err != nil {
		return nil, errors.Wrap(err, "could not sign response message")
	}

	return m, nil
}

func (s *UnarySignService) HandleServerStreamRequest(ctx context.Context, req interface{}, handler ServerStreamHandler) (*MessageStreamer, error) {
	// verify request signatures
	if err := signature.VerifyServiceMessage(req); err != nil {
		return nil, errors.Wrap(err, "could not verify request")
	}

	msgRdr, err := handler(ctx, req)
	if err != nil {
		return nil, errors.Wrap(err, "could not create message reader")
	}

	return &MessageStreamer{
		key:  s.key,
		recv: msgRdr,
	}, nil
}

func (s *UnarySignService) HandleUnaryRequest(ctx context.Context, req interface{}, handler UnaryHandler) (interface{}, error) {
	// verify request signatures
	if err := signature.VerifyServiceMessage(req); err != nil {
		return nil, errors.Wrap(err, "could not verify request")
	}

	// process request
	resp, err := handler(ctx, req)
	if err != nil {
		return nil, errors.Wrap(err, "could not handle request")
	}

	// sign the response
	if err := signature.SignServiceMessage(s.key, resp); err != nil {
		return nil, errors.Wrap(err, "could not sign response")
	}

	return resp, nil
}
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`package util`

			`import (`
			`"context"`
			`"crypto/ecdsa"`

			`"github.com/nspcc-dev/neofs-api-go/v2/signature"`
			`"github.com/pkg/errors"`
			`)`

			`type UnaryHandler func(context.Context, interface{}) (interface{}, error)`

			`type UnarySignService struct {`
			`key *ecdsa.PrivateKey`
			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`type ServerStreamHandler func(context.Context, interface{}) (MessageReader, error)`

			`type MessageReader func() (interface{}, error)`

			`type MessageStreamer struct {`
			`key *ecdsa.PrivateKey`

			`recv MessageReader`
			`}`

[#13] services: Refactor UnarySignService Replace UnaryHandler from structure to method arguments in order to reuse single instance for different service methods. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:20:26 +00:00			`func NewUnarySignService(key ecdsa.PrivateKey) UnarySignService {`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`return &UnarySignService{`
[#13] services: Refactor UnarySignService Replace UnaryHandler from structure to method arguments in order to reuse single instance for different service methods. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:20:26 +00:00			`key: key,`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`}`
			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`func (s *MessageStreamer) Recv() (interface{}, error) {`
			`m, err := s.recv()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "could not receive response message for signing")`
			`}`

			`if err := signature.SignServiceMessage(s.key, m); err != nil {`
			`return nil, errors.Wrap(err, "could not sign response message")`
			`}`

			`return m, nil`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`func (s UnarySignService) HandleServerStreamRequest(ctx context.Context, req interface{}, handler ServerStreamHandler) (MessageStreamer, error) {`
			`// verify request signatures`
			`if err := signature.VerifyServiceMessage(req); err != nil {`
			`return nil, errors.Wrap(err, "could not verify request")`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`msgRdr, err := handler(ctx, req)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "could not create message reader")`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`return &MessageStreamer{`
			`key: s.key,`
			`recv: msgRdr,`
			`}, nil`
[#13] services/util: Support server-side stream request verify Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-25 13:01:16 +00:00			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`func (s *UnarySignService) HandleUnaryRequest(ctx context.Context, req interface{}, handler UnaryHandler) (interface{}, error) {`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`// verify request signatures`
			`if err := signature.VerifyServiceMessage(req); err != nil {`
			`return nil, errors.Wrap(err, "could not verify request")`
			`}`

			`// process request`
[#13] services: Refactor UnarySignService Replace UnaryHandler from structure to method arguments in order to reuse single instance for different service methods. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:20:26 +00:00			`resp, err := handler(ctx, req)`
[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`if err != nil {`
			`return nil, errors.Wrap(err, "could not handle request")`
			`}`

[#13] services/util: Support server-side stream in UnarySignService Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-26 09:41:43 +00:00			`// sign the response`
			`if err := signature.SignServiceMessage(s.key, resp); err != nil {`
			`return nil, errors.Wrap(err, "could not sign response")`
			`}`

[#11] services: Implement universal Sign/Verify service Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2020-08-24 10:05:10 +00:00			`return resp, nil`
			`}`