diff --git a/service/token.go b/service/token.go index a5dd5da3..638539f6 100644 --- a/service/token.go +++ b/service/token.go @@ -6,6 +6,7 @@ import ( "io" "github.com/nspcc-dev/neofs-api-go/refs" + crypto "github.com/nspcc-dev/neofs-crypto" ) type signAccumWithToken struct { @@ -125,10 +126,14 @@ func (x Token_Info_Verb) Bytes() []byte { return data } -// AddSignKey calls a Signature field setter of token with passed signature. -func (s signedSessionToken) AddSignKey(sig []byte, _ *ecdsa.PublicKey) { +// AddSignKey calls a Signature field setter and an OwnerKey field setter with corresponding arguments. +func (s signedSessionToken) AddSignKey(sig []byte, key *ecdsa.PublicKey) { if s.SessionToken != nil { s.SessionToken.SetSignature(sig) + + s.SessionToken.SetOwnerKey( + crypto.MarshalPublicKey(key), + ) } } @@ -174,11 +179,11 @@ func NewVerifiedSessionToken(token SessionToken) DataWithSignature { } } -func tokenInfoSize(v SessionTokenInfo) int { +func tokenInfoSize(v SessionKeySource) int { if v == nil { return 0 } - return fixedTokenDataSize + len(v.GetSessionKey()) + len(v.GetOwnerKey()) + return fixedTokenDataSize + len(v.GetSessionKey()) } // Fills passed buffer with signing token information bytes. @@ -208,9 +213,7 @@ func copyTokenSignedData(buf []byte, token SessionTokenInfo) { tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch()) off += 8 - off += copy(buf[off:], token.GetSessionKey()) - - copy(buf[off:], token.GetOwnerKey()) + copy(buf[off:], token.GetSessionKey()) } // SignedData concatenates signed data with session token information. Returns concatenation result. diff --git a/service/token_test.go b/service/token_test.go index 43e380d7..4fb430a9 100644 --- a/service/token_test.go +++ b/service/token_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/nspcc-dev/neofs-api-go/refs" + crypto "github.com/nspcc-dev/neofs-crypto" "github.com/nspcc-dev/neofs-crypto/test" "github.com/stretchr/testify/require" ) @@ -77,16 +78,6 @@ func TestTokenGettersSetters(t *testing.T) { require.Equal(t, key, tok.GetSessionKey()) } - { - key := make([]byte, 10) - _, err := rand.Read(key) - require.NoError(t, err) - - tok.SetOwnerKey(key) - - require.Equal(t, key, tok.GetOwnerKey()) - } - { // Signature sig := make([]byte, 10) _, err := rand.Read(sig) @@ -136,11 +127,6 @@ func TestSignToken(t *testing.T) { require.NoError(t, err) token.SetSessionKey(sessionKey) - ownerKey := make([]byte, 10) - _, err = rand.Read(ownerKey[:]) - require.NoError(t, err) - token.SetOwnerKey(ownerKey) - signedToken := NewSignedSessionToken(token) verifiedToken := NewVerifiedSessionToken(token) @@ -226,18 +212,6 @@ func TestSignToken(t *testing.T) { token.SetSessionKey(sessionKey) }, }, - { // Owner key - corrupt: func() { - ownerKey := token.GetOwnerKey() - ownerKey[0]++ - token.SetOwnerKey(ownerKey) - }, - restore: func() { - ownerKey := token.GetOwnerKey() - ownerKey[0]-- - token.SetOwnerKey(ownerKey) - }, - }, } for _, v := range items { @@ -247,3 +221,28 @@ func TestSignToken(t *testing.T) { require.NoError(t, VerifySignatureWithKey(pk, verifiedToken)) } } + +func TestSignedSessionToken_AddSignKey(t *testing.T) { + // nil SessionToken + s := new(signedSessionToken) + + require.NotPanics(t, func() { + s.AddSignKey(nil, nil) + }) + + // create test public key and signature + pk := &test.DecodeKey(0).PublicKey + sig := []byte{1, 2, 3} + + s.SessionToken = new(Token) + + // add key-signature pair to SessionToken + s.AddSignKey(sig, pk) + + require.Equal(t, sig, s.GetSignature()) + + require.Equal(t, + crypto.MarshalPublicKey(pk), + s.GetOwnerKey(), + ) +}