[#56] core/object: Implement format validator

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2020-09-29 15:37:19 +03:00 committed by Alex Vanin
parent 12d57af998
commit ede033256d
2 changed files with 181 additions and 0 deletions

80
pkg/core/object/fmt.go Normal file
View file

@ -0,0 +1,80 @@
package object
import (
"bytes"
"github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/pkg/errors"
)
// FormatValidator represents object format validator.
type FormatValidator struct{}
var errNilObject = errors.New("object is nil")
var errNilID = errors.New("missing identifier")
var errNilCID = errors.New("missing container identifier")
// NewFormatValidator creates, initializes and returns FormatValidator instance.
func NewFormatValidator() *FormatValidator {
return new(FormatValidator)
}
// Validate validates object format.
//
// Returns nil error if object has valid structure.
func (v *FormatValidator) Validate(obj *Object) error {
if obj == nil {
return errNilObject
} else if obj.GetID() == nil {
return errNilID
} else if obj.GetContainerID() == nil {
return errNilCID
}
for ; obj.GetID() != nil; obj = NewFromSDK(obj.GetParent()) {
if err := v.validateSignatureKey(obj); err != nil {
return errors.Wrapf(err, "(%T) could not validate signature key", v)
}
if err := object.CheckHeaderVerificationFields(obj.SDK()); err != nil {
return errors.Wrapf(err, "(%T) could not validate header fields", v)
}
}
return nil
}
func (v *FormatValidator) validateSignatureKey(obj *Object) error {
token := obj.GetSessionToken()
key := obj.GetSignature().GetKey()
if token == nil || !bytes.Equal(token.SessionKey(), key) {
return v.checkOwnerKey(obj.GetOwnerID(), obj.GetSignature().GetKey())
}
// FIXME: perform token verification
return nil
}
func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error {
wallet, err := owner.NEO3WalletFromPublicKey(crypto.UnmarshalPublicKey(key))
if err != nil {
// TODO: check via NeoFSID
return err
}
id2 := owner.NewID()
id2.SetNeo3Wallet(wallet)
// FIXME: implement Equal method
if s1, s2 := id.String(), id2.String(); s1 != s2 {
return errors.Errorf("(%T) different owner identifiers %s/%s", v, s1, s2)
}
return nil
}

101
pkg/core/object/fmt_test.go Normal file
View file

@ -0,0 +1,101 @@
package object
import (
"crypto/rand"
"crypto/sha256"
"testing"
"github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/pkg/util/test"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
)
func testSHA(t *testing.T) [sha256.Size]byte {
cs := [sha256.Size]byte{}
_, err := rand.Read(cs[:])
require.NoError(t, err)
return cs
}
func testContainerID(t *testing.T) *container.ID {
id := container.NewID()
id.SetSHA256(testSHA(t))
return id
}
func testObjectID(t *testing.T) *object.ID {
id := object.NewID()
id.SetSHA256(testSHA(t))
return id
}
func TestFormatValidator_Validate(t *testing.T) {
v := NewFormatValidator()
t.Run("nil input", func(t *testing.T) {
require.Error(t, v.Validate(nil))
})
t.Run("nil identifier", func(t *testing.T) {
obj := NewRaw()
require.True(t, errors.Is(v.Validate(obj.Object()), errNilID))
})
t.Run("nil container identifier", func(t *testing.T) {
obj := NewRaw()
obj.SetID(testObjectID(t))
require.True(t, errors.Is(v.Validate(obj.Object()), errNilCID))
})
t.Run("unsigned object", func(t *testing.T) {
obj := NewRaw()
obj.SetContainerID(testContainerID(t))
obj.SetID(testObjectID(t))
require.Error(t, v.Validate(obj.Object()))
})
t.Run("correct w/ session token", func(t *testing.T) {
sessionKey := test.DecodeKey(-1)
tok := token.NewSessionToken()
tok.SetSessionKey(crypto.MarshalPublicKey(&sessionKey.PublicKey))
obj := NewRaw()
obj.SetContainerID(testContainerID(t))
obj.SetSessionToken(tok)
require.NoError(t, object.SetIDWithSignature(sessionKey, obj.SDK()))
require.NoError(t, v.Validate(obj.Object()))
})
t.Run("correct w/o session token", func(t *testing.T) {
ownerKey := test.DecodeKey(-1)
wallet, err := owner.NEO3WalletFromPublicKey(&ownerKey.PublicKey)
require.NoError(t, err)
ownerID := owner.NewID()
ownerID.SetNeo3Wallet(wallet)
obj := NewRaw()
obj.SetContainerID(testContainerID(t))
obj.SetOwnerID(ownerID)
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK()))
require.NoError(t, v.Validate(obj.Object()))
})
}