Merge pull request #18 from nspcc-dev/feature/remove-sign-and-verify-request-from-service

Remove Sign and Verify request from service
- removed sign/verify request
- added method to validate owner

fix #16
This commit is contained in:
Evgeniy Kulikov 2019-11-26 13:50:28 +03:00 committed by GitHub
commit b6de95b740
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 47 deletions

View file

@ -1,47 +0,0 @@
package service
import (
"crypto/ecdsa"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-proto/internal"
"github.com/pkg/errors"
)
// ErrWrongSignature should be raised when wrong signature is passed into VerifyRequest.
const ErrWrongSignature = internal.Error("wrong signature")
// SignedRequest interface allows sign and verify requests.
type SignedRequest interface {
PrepareData() ([]byte, error)
GetSignature() []byte
SetSignature([]byte)
}
// SignRequest with passed private key.
func SignRequest(r SignedRequest, key *ecdsa.PrivateKey) error {
var signature []byte
if data, err := r.PrepareData(); err != nil {
return err
} else if signature, err = crypto.Sign(key, data); err != nil {
return errors.Wrap(err, "could not sign data")
}
r.SetSignature(signature)
return nil
}
// VerifyRequest by passed public keys.
func VerifyRequest(r SignedRequest, keys ...*ecdsa.PublicKey) bool {
data, err := r.PrepareData()
if err != nil {
return false
}
for i := range keys {
if err := crypto.Verify(keys[i], data, r.GetSignature()); err == nil {
return true
}
}
return false
}

View file

@ -6,6 +6,7 @@ import (
"github.com/gogo/protobuf/proto"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-proto/internal"
"github.com/nspcc-dev/neofs-proto/refs"
"github.com/pkg/errors"
)
@ -35,6 +36,9 @@ const (
// ErrCannotFindOwner is raised when signatures empty in GetOwner.
ErrCannotFindOwner = internal.Error("cannot find owner public key")
// ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
ErrWrongOwner = internal.Error("wrong owner")
)
// SetSignatures replaces signatures stored in RequestVerificationHeader.
@ -62,6 +66,18 @@ func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte)
}
}
// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
if key, err := m.GetOwner(); err != nil {
return err
} else if user, err := refs.NewOwnerID(key); err != nil {
return err
} else if !user.Equal(owner) {
return ErrWrongOwner
}
return nil
}
// GetOwner tries to get owner (client) public key from signatures.
// If signatures contains not empty Origin, we should try to validate,
// that session key was signed by owner (client), otherwise return error.

View file

@ -9,6 +9,7 @@ import (
"github.com/gogo/protobuf/proto"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-crypto/test"
"github.com/nspcc-dev/neofs-proto/refs"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
)
@ -78,6 +79,12 @@ func TestMaintainableRequest(t *testing.T) {
}
}
{ // Validate owner
user, err := refs.NewOwnerID(&owner.PublicKey)
require.NoError(t, err)
require.NoError(t, req.CheckOwner(user))
}
{ // Good case:
require.NoError(t, VerifyRequestHeader(req))