Merge pull request #18 from nspcc-dev/feature/remove-sign-and-verify-request-from-service

Remove Sign and Verify request from service - removed sign/verify request - added method to validate owner fix #16
2019-11-26 13:50:28 +03:00 · 2019-11-26 13:50:28 +03:00 · b6de95b740
commit b6de95b740
parent 1f399beb12 40038cc860
3 changed files with 23 additions and 47 deletions
--- a/service/sign.go
+++ b/service/sign.go
@ -1,47 +0,0 @@
-package service
-
-import (
-	"crypto/ecdsa"
-
-	crypto "github.com/nspcc-dev/neofs-crypto"
-	"github.com/nspcc-dev/neofs-proto/internal"
-	"github.com/pkg/errors"
-)
-
-// ErrWrongSignature should be raised when wrong signature is passed into VerifyRequest.
-const ErrWrongSignature = internal.Error("wrong signature")
-
-// SignedRequest interface allows sign and verify requests.
-type SignedRequest interface {
-	PrepareData() ([]byte, error)
-	GetSignature() []byte
-	SetSignature([]byte)
-}
-
-// SignRequest with passed private key.
-func SignRequest(r SignedRequest, key *ecdsa.PrivateKey) error {
-	var signature []byte
-	if data, err := r.PrepareData(); err != nil {
-		return err
-	} else if signature, err = crypto.Sign(key, data); err != nil {
-		return errors.Wrap(err, "could not sign data")
-	}
-
-	r.SetSignature(signature)
-
-	return nil
-}
-
-// VerifyRequest by passed public keys.
-func VerifyRequest(r SignedRequest, keys ...*ecdsa.PublicKey) bool {
-	data, err := r.PrepareData()
-	if err != nil {
-		return false
-	}
-	for i := range keys {
-		if err := crypto.Verify(keys[i], data, r.GetSignature()); err == nil {
-			return true
-		}
-	}
-	return false
-}
--- a/service/verify.go
+++ b/service/verify.go
@ -6,6 +6,7 @@ import (
 	"github.com/gogo/protobuf/proto"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-proto/internal"
+	"github.com/nspcc-dev/neofs-proto/refs"
 	"github.com/pkg/errors"
 )

@ -35,6 +36,9 @@ const (

 	// ErrCannotFindOwner is raised when signatures empty in GetOwner.
 	ErrCannotFindOwner = internal.Error("cannot find owner public key")
+
+	// ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
+	ErrWrongOwner = internal.Error("wrong owner")
 )

 // SetSignatures replaces signatures stored in RequestVerificationHeader.
@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte)
 	}
 }

+// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
+func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
+	if key, err := m.GetOwner(); err != nil {
+		return err
+	} else if user, err := refs.NewOwnerID(key); err != nil {
+		return err
+	} else if !user.Equal(owner) {
+		return ErrWrongOwner
+	}
+	return nil
+}
+
 // GetOwner tries to get owner (client) public key from signatures.
 // If signatures contains not empty Origin, we should try to validate,
 // that session key was signed by owner (client), otherwise return error.
--- a/service/verify_test.go
+++ b/service/verify_test.go
@ -9,6 +9,7 @@ import (
 	"github.com/gogo/protobuf/proto"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-crypto/test"
+	"github.com/nspcc-dev/neofs-proto/refs"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/require"
 )
@ -78,6 +79,12 @@ func TestMaintainableRequest(t *testing.T) {
 		}
 	}

+	{ // Validate owner
+		user, err := refs.NewOwnerID(&owner.PublicKey)
+		require.NoError(t, err)
+		require.NoError(t, req.CheckOwner(user))
+	}
+
 	{ // Good case:
 		require.NoError(t, VerifyRequestHeader(req))