forked from TrueCloudLab/frostfs-api-go
Merge pull request #18 from nspcc-dev/feature/remove-sign-and-verify-request-from-service
Remove Sign and Verify request from service - removed sign/verify request - added method to validate owner fix #16
This commit is contained in:
commit
b6de95b740
3 changed files with 23 additions and 47 deletions
|
@ -1,47 +0,0 @@
|
|||
package service
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
"github.com/nspcc-dev/neofs-proto/internal"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// ErrWrongSignature should be raised when wrong signature is passed into VerifyRequest.
|
||||
const ErrWrongSignature = internal.Error("wrong signature")
|
||||
|
||||
// SignedRequest interface allows sign and verify requests.
|
||||
type SignedRequest interface {
|
||||
PrepareData() ([]byte, error)
|
||||
GetSignature() []byte
|
||||
SetSignature([]byte)
|
||||
}
|
||||
|
||||
// SignRequest with passed private key.
|
||||
func SignRequest(r SignedRequest, key *ecdsa.PrivateKey) error {
|
||||
var signature []byte
|
||||
if data, err := r.PrepareData(); err != nil {
|
||||
return err
|
||||
} else if signature, err = crypto.Sign(key, data); err != nil {
|
||||
return errors.Wrap(err, "could not sign data")
|
||||
}
|
||||
|
||||
r.SetSignature(signature)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// VerifyRequest by passed public keys.
|
||||
func VerifyRequest(r SignedRequest, keys ...*ecdsa.PublicKey) bool {
|
||||
data, err := r.PrepareData()
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
for i := range keys {
|
||||
if err := crypto.Verify(keys[i], data, r.GetSignature()); err == nil {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
|
@ -6,6 +6,7 @@ import (
|
|||
"github.com/gogo/protobuf/proto"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
"github.com/nspcc-dev/neofs-proto/internal"
|
||||
"github.com/nspcc-dev/neofs-proto/refs"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
|
@ -35,6 +36,9 @@ const (
|
|||
|
||||
// ErrCannotFindOwner is raised when signatures empty in GetOwner.
|
||||
ErrCannotFindOwner = internal.Error("cannot find owner public key")
|
||||
|
||||
// ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
|
||||
ErrWrongOwner = internal.Error("wrong owner")
|
||||
)
|
||||
|
||||
// SetSignatures replaces signatures stored in RequestVerificationHeader.
|
||||
|
@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte)
|
|||
}
|
||||
}
|
||||
|
||||
// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
|
||||
func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
|
||||
if key, err := m.GetOwner(); err != nil {
|
||||
return err
|
||||
} else if user, err := refs.NewOwnerID(key); err != nil {
|
||||
return err
|
||||
} else if !user.Equal(owner) {
|
||||
return ErrWrongOwner
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetOwner tries to get owner (client) public key from signatures.
|
||||
// If signatures contains not empty Origin, we should try to validate,
|
||||
// that session key was signed by owner (client), otherwise return error.
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
"github.com/gogo/protobuf/proto"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
"github.com/nspcc-dev/neofs-crypto/test"
|
||||
"github.com/nspcc-dev/neofs-proto/refs"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
@ -78,6 +79,12 @@ func TestMaintainableRequest(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
{ // Validate owner
|
||||
user, err := refs.NewOwnerID(&owner.PublicKey)
|
||||
require.NoError(t, err)
|
||||
require.NoError(t, req.CheckOwner(user))
|
||||
}
|
||||
|
||||
{ // Good case:
|
||||
require.NoError(t, VerifyRequestHeader(req))
|
||||
|
||||
|
|
Loading…
Reference in a new issue