forked from TrueCloudLab/frostfs-node
[#1332] tree: Make SignMessage public
It will allow reusing signing routine in other components (e.g. `neofs-cli`). Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
Pavel Karpy
parent
80d3c7f9d6
commit
13c4a9f4b8
4 changed files with 16 additions and 13 deletions
|
|
@ -101,7 +101,7 @@ func (s *Service) replicateLoop(ctx context.Context) {
|
|||
|
||||
func (s *Service) replicate(op movePair) error {
|
||||
req := newApplyRequest(&op)
|
||||
err := signMessage(req, s.key)
|
||||
err := SignMessage(req, s.key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't sign data: %w", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,7 +143,10 @@ func verifyMessage(m message) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func signMessage(m message, key *ecdsa.PrivateKey) error {
|
||||
// SignMessage uses the provided key and signs any protobuf
|
||||
// message that was generated for the TreeService by the
|
||||
// protoc-gen-go-neofs generator. Returns any errors directly.
|
||||
func SignMessage(m message, key *ecdsa.PrivateKey) error {
|
||||
binBody, err := m.ReadSignedData(nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ func TestMessageSign(t *testing.T) {
|
|||
require.Error(t, s.verifyClient(req, cid2, nil, op))
|
||||
})
|
||||
|
||||
require.NoError(t, signMessage(req, &privs[0].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
|
||||
require.NoError(t, s.verifyClient(req, cid1, nil, op))
|
||||
|
||||
t.Run("invalid CID", func(t *testing.T) {
|
||||
|
|
@ -111,12 +111,12 @@ func TestMessageSign(t *testing.T) {
|
|||
cnr.Value.SetBasicACL(acl.Private)
|
||||
|
||||
t.Run("extension disabled", func(t *testing.T) {
|
||||
require.NoError(t, signMessage(req, &privs[0].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid2, nil, op))
|
||||
})
|
||||
|
||||
t.Run("invalid key", func(t *testing.T) {
|
||||
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, nil, op))
|
||||
})
|
||||
|
||||
|
|
@ -129,7 +129,7 @@ func TestMessageSign(t *testing.T) {
|
|||
|
||||
t.Run("invalid bearer", func(t *testing.T) {
|
||||
req.Body.BearerToken = []byte{0xFF}
|
||||
require.NoError(t, signMessage(req, &privs[0].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
})
|
||||
|
||||
|
|
@ -138,7 +138,7 @@ func TestMessageSign(t *testing.T) {
|
|||
require.NoError(t, bt.Sign(privs[0].PrivateKey))
|
||||
req.Body.BearerToken = bt.Marshal()
|
||||
|
||||
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
})
|
||||
t.Run("invalid bearer owner", func(t *testing.T) {
|
||||
|
|
@ -146,7 +146,7 @@ func TestMessageSign(t *testing.T) {
|
|||
require.NoError(t, bt.Sign(privs[1].PrivateKey))
|
||||
req.Body.BearerToken = bt.Marshal()
|
||||
|
||||
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
})
|
||||
t.Run("invalid bearer signature", func(t *testing.T) {
|
||||
|
|
@ -158,7 +158,7 @@ func TestMessageSign(t *testing.T) {
|
|||
bv2.GetSignature().SetSign([]byte{1, 2, 3})
|
||||
req.Body.BearerToken = bv2.StableMarshal(nil)
|
||||
|
||||
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
})
|
||||
|
||||
|
|
@ -168,17 +168,17 @@ func TestMessageSign(t *testing.T) {
|
|||
cnr.Value.SetBasicACL(acl.PublicRWExtended)
|
||||
|
||||
t.Run("put and get", func(t *testing.T) {
|
||||
require.NoError(t, signMessage(req, &privs[1].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
|
||||
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
|
||||
})
|
||||
t.Run("only get", func(t *testing.T) {
|
||||
require.NoError(t, signMessage(req, &privs[2].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[2].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
|
||||
})
|
||||
t.Run("none", func(t *testing.T) {
|
||||
require.NoError(t, signMessage(req, &privs[3].PrivateKey))
|
||||
require.NoError(t, SignMessage(req, &privs[3].PrivateKey))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
|
||||
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
|
||||
})
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ func (s *Service) synchronizeSingle(ctx context.Context, cid cid.ID, treeID stri
|
|||
Height: newHeight,
|
||||
},
|
||||
}
|
||||
if err := signMessage(req, s.key); err != nil {
|
||||
if err := SignMessage(req, s.key); err != nil {
|
||||
return newHeight, err
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue