From 7b212431df0bab3e3015653be2199738e039a0a3 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Thu, 22 Oct 2020 12:18:07 +0300 Subject: [PATCH] [#179] sdk/token: Add function to return token issuer With new neofs-api changes, token issuer will not be stored in ownerID field of bearer token. We can identify owner by public key that has been used in signature. Signed-off-by: Alex Vanin --- pkg/token/bearer.go | 15 +++++++++++++++ pkg/token/bearer_test.go | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 pkg/token/bearer_test.go diff --git a/pkg/token/bearer.go b/pkg/token/bearer.go index 579d0552..87ecbc52 100644 --- a/pkg/token/bearer.go +++ b/pkg/token/bearer.go @@ -10,6 +10,7 @@ import ( "github.com/nspcc-dev/neofs-api-go/v2/acl" "github.com/nspcc-dev/neofs-api-go/v2/refs" v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature" + crypto "github.com/nspcc-dev/neofs-crypto" ) type BearerToken struct { @@ -70,6 +71,20 @@ func (b *BearerToken) SignToken(key *ecdsa.PrivateKey) error { }) } +// Issuer returns owner.ID associated with the key that signed bearer token. +// To pass node validation it should be owner of requested container. Returns +// nil if token is not signed. +func (b *BearerToken) Issuer() *owner.ID { + pubKey := crypto.UnmarshalPublicKey(b.token.GetSignature().GetKey()) + + wallet, err := owner.NEO3WalletFromPublicKey(pubKey) + if err != nil { + return nil + } + + return owner.NewIDFromNeo3Wallet(wallet) +} + func NewBearerToken() *BearerToken { b := new(BearerToken) b.token = acl.BearerToken{} diff --git a/pkg/token/bearer_test.go b/pkg/token/bearer_test.go new file mode 100644 index 00000000..a06510bd --- /dev/null +++ b/pkg/token/bearer_test.go @@ -0,0 +1,32 @@ +package token_test + +import ( + "testing" + + "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" + "github.com/nspcc-dev/neofs-api-go/pkg/owner" + "github.com/nspcc-dev/neofs-api-go/pkg/token" + "github.com/nspcc-dev/neofs-crypto/test" + "github.com/stretchr/testify/require" +) + +func TestBearerToken_Issuer(t *testing.T) { + bearerToken := token.NewBearerToken() + + t.Run("non signed token", func(t *testing.T) { + require.Nil(t, bearerToken.Issuer()) + }) + + t.Run("signed token", func(t *testing.T) { + key := test.DecodeKey(1) + + wallet, err := owner.NEO3WalletFromPublicKey(&key.PublicKey) + require.NoError(t, err) + + ownerID := owner.NewIDFromNeo3Wallet(wallet) + + bearerToken.SetEACLTable(eacl.NewTable()) + require.NoError(t, bearerToken.SignToken(key)) + require.Equal(t, bearerToken.Issuer().String(), ownerID.String()) + }) +}