[#1092] control: Move SignMessage to separate package

Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>

cmd/frostfs-cli/modules/control/synchronize_tree.go

@@ -9,7 +9,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	controlSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/spf13/cobra"
 )
@@ -60,7 +60,7 @@ func synchronizeTree(cmd *cobra.Command, _ []string) {
 		},
 	}
 
-	err := controlSvc.SignMessage(pk, req)
+	err := ctrlmessage.Sign(pk, req)
 	commonCmd.ExitOnErr(cmd, "could not sign request: %w", err)
 
 	cli := getClient(cmd, pk)

cmd/frostfs-cli/modules/control/util.go

@@ -8,7 +8,7 @@ import (
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	controlSvc "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
 	"github.com/spf13/cobra"
@@ -33,8 +33,8 @@ func initControlIRFlags(cmd *cobra.Command) {
 	ff.Uint32(irFlagNameVUB, 0, "Valid until block value for notary transaction")
 }
 
-func signRequest(cmd *cobra.Command, pk *ecdsa.PrivateKey, req controlSvc.SignedMessage) {
+func signRequest(cmd *cobra.Command, pk *ecdsa.PrivateKey, req ctrlmessage.SignedMessage) {
-	err := controlSvc.SignMessage(pk, req)
+	err := ctrlmessage.Sign(pk, req)
 	commonCmd.ExitOnErr(cmd, "could not sign request: %w", err)
 }
 

pkg/services/control/server/ctrlmessage/sign.go

@@ -0,0 +1,44 @@
+package ctrlmessage
+
+import (
+	"crypto/ecdsa"
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
+	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
+)
+
+type SignedMessage interface {
+	ReadSignedData([]byte) ([]byte, error)
+	GetSignature() *control.Signature
+	SetSignature(*control.Signature)
+}
+
+// Sign signs Control service ctrlmessage with private key.
+func Sign(key *ecdsa.PrivateKey, msg SignedMessage) error {
+	binBody, err := msg.ReadSignedData(nil)
+	if err != nil {
+		return fmt.Errorf("marshal request body: %w", err)
+	}
+
+	var sig frostfscrypto.Signature
+
+	err = sig.Calculate(frostfsecdsa.Signer(*key), binBody)
+	if err != nil {
+		return fmt.Errorf("calculate signature: %w", err)
+	}
+
+	// TODO(@cthulhu-rider): #468 use Signature ctrlmessage from FrostFS API to avoid conversion
+	var sigV2 refs.Signature
+	sig.WriteToV2(&sigV2)
+
+	var sigControl control.Signature
+	sigControl.SetKey(sigV2.GetKey())
+	sigControl.SetSign(sigV2.GetSign())
+
+	msg.SetSignature(&sigControl)
+
+	return nil
+}

pkg/services/control/server/detach_shards.go

@@ -6,6 +6,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -29,7 +30,7 @@ func (s *Server) DetachShards(_ context.Context, req *control.DetachShardsReques
 		Body: &control.DetachShardsResponse_Body{},
 	}
 
-	if err = SignMessage(s.key, resp); err != nil {
+	if err = ctrlmessage.Sign(s.key, resp); err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 

pkg/services/control/server/doctor.go

@@ -5,6 +5,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -29,7 +30,7 @@ func (s *Server) Doctor(ctx context.Context, req *control.DoctorRequest) (*contr
 
 	resp := &control.DoctorResponse{Body: &control.DoctorResponse_Body{}}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}

pkg/services/control/server/evacuate.go

@@ -11,6 +11,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/pilorama"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object_manager/placement"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/replicator"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
@@ -49,7 +50,7 @@ func (s *Server) EvacuateShard(ctx context.Context, req *control.EvacuateShardRe
 		},
 	}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -131,7 +132,7 @@ func (s *Server) replicateTreeToNode(ctx context.Context, forest pilorama.Forest
 
 		err = tree.SignMessage(req, s.key)
 		if err != nil {
-			return fmt.Errorf("can't sign apply request: %w", err)
+			return fmt.Errorf("can't message apply request: %w", err)
 		}
 
 		err = s.treeService.ReplicateTreeOp(ctx, node, req)

pkg/services/control/server/evacuate_async.go

@@ -7,6 +7,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/util/logicerr"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -43,7 +44,7 @@ func (s *Server) StartShardEvacuation(ctx context.Context, req *control.StartSha
 		Body: &control.StartShardEvacuationResponse_Body{},
 	}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -70,7 +71,7 @@ func (s *Server) GetShardEvacuationStatus(ctx context.Context, req *control.GetS
 		return nil, err
 	}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -96,7 +97,7 @@ func (s *Server) StopShardEvacuation(ctx context.Context, req *control.StopShard
 		Body: &control.StopShardEvacuationResponse_Body{},
 	}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -122,7 +123,7 @@ func (s *Server) ResetShardEvacuationStatus(ctx context.Context, req *control.Re
 		Body: &control.ResetShardEvacuationStatusResponse_Body{},
 	}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}

pkg/services/control/server/flush_cache.go

@@ -5,6 +5,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -28,7 +29,7 @@ func (s *Server) FlushCache(ctx context.Context, req *control.FlushCacheRequest)
 
 	resp := &control.FlushCacheResponse{Body: &control.FlushCacheResponse_Body{}}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}

pkg/services/control/server/gc.go

@@ -6,6 +6,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -58,7 +59,7 @@ func (s *Server) DropObjects(ctx context.Context, req *control.DropObjectsReques
 	resp.SetBody(body)
 
 	// sign the response
-	if err := SignMessage(s.key, resp); err != nil {
+	if err := ctrlmessage.Sign(s.key, resp); err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 

pkg/services/control/server/healthcheck.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -27,7 +28,7 @@ func (s *Server) HealthCheck(_ context.Context, req *control.HealthCheckRequest)
 	body.SetHealthStatus(s.healthChecker.HealthStatus())
 
 	// sign the response
-	if err := SignMessage(s.key, resp); err != nil {
+	if err := ctrlmessage.Sign(s.key, resp); err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 

pkg/services/control/server/list_shards.go

@@ -6,6 +6,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/blobstor"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -59,7 +60,7 @@ func (s *Server) ListShards(_ context.Context, req *control.ListShardsRequest) (
 	body.SetShards(shardInfos)
 
 	// sign the response
-	if err := SignMessage(s.key, resp); err != nil {
+	if err := ctrlmessage.Sign(s.key, resp); err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 

pkg/services/control/server/policy_engine.go

@@ -7,6 +7,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ape"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"google.golang.org/grpc/codes"
@@ -99,7 +100,7 @@ func (s *Server) AddChainLocalOverride(_ context.Context, req *control.AddChainL
 			ChainId: []byte(chain.ID),
 		},
 	}
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -125,7 +126,7 @@ func (s *Server) GetChainLocalOverride(_ context.Context, req *control.GetChainL
 			Chain: chain.Bytes(),
 		},
 	}
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -156,7 +157,7 @@ func (s *Server) ListChainLocalOverrides(_ context.Context, req *control.ListCha
 			Chains: serializedChains,
 		},
 	}
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -181,7 +182,7 @@ func (s *Server) RemoveChainLocalOverride(_ context.Context, req *control.Remove
 	resp := &control.RemoveChainLocalOverrideResponse{
 		Body: &control.RemoveChainLocalOverrideResponse_Body{},
 	}
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -206,7 +207,7 @@ func (s *Server) RemoveChainLocalOverridesByTarget(_ context.Context, req *contr
 	resp := &control.RemoveChainLocalOverridesByTargetResponse{
 		Body: &control.RemoveChainLocalOverridesByTargetResponse_Body{},
 	}
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
@@ -237,7 +238,7 @@ func (s *Server) ListTargetsLocalOverrides(_ context.Context, req *control.ListT
 			Targets: targets,
 		},
 	}
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}

pkg/services/control/server/seal_writecache.go

@@ -5,6 +5,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -40,7 +41,7 @@ func (s *Server) SealWriteCache(ctx context.Context, req *control.SealWriteCache
 		}
 	}
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, err
 	}

pkg/services/control/server/set_netmap_status.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -44,7 +45,7 @@ func (s *Server) SetNetmapStatus(_ context.Context, req *control.SetNetmapStatus
 	resp.SetBody(body)
 
 	// sign the response
-	if err := SignMessage(s.key, resp); err != nil {
+	if err := ctrlmessage.Sign(s.key, resp); err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
 

pkg/services/control/server/set_shard_mode.go

@@ -6,6 +6,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard/mode"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -50,7 +51,7 @@ func (s *Server) SetShardMode(_ context.Context, req *control.SetShardModeReques
 	resp.SetBody(body)
 
 	// sign the response
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}

pkg/services/control/server/sign.go

@@ -2,26 +2,17 @@ package control
 
 import (
 	"bytes"
-	"crypto/ecdsa"
 	"errors"
 	"fmt"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
-	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
 )
 
-// SignedMessage is an interface of Control service message.
-type SignedMessage interface {
-	ReadSignedData([]byte) ([]byte, error)
-	GetSignature() *control.Signature
-	SetSignature(*control.Signature)
-}
-
 var errDisallowedKey = errors.New("key is not in the allowed list")
 
-func (s *Server) isValidRequest(req SignedMessage) error {
+func (s *Server) isValidRequest(req ctrlmessage.SignedMessage) error {
 	sign := req.GetSignature()
 	if sign == nil {
 		// TODO(@cthulhu-rider): #468 use "const" error
@@ -68,30 +59,3 @@ func (s *Server) isValidRequest(req SignedMessage) error {
 
 	return nil
 }
-
-// SignMessage signs Control service message with private key.
-func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error {
-	binBody, err := msg.ReadSignedData(nil)
-	if err != nil {
-		return fmt.Errorf("marshal request body: %w", err)
-	}
-
-	var sig frostfscrypto.Signature
-
-	err = sig.Calculate(frostfsecdsa.Signer(*key), binBody)
-	if err != nil {
-		return fmt.Errorf("calculate signature: %w", err)
-	}
-
-	// TODO(@cthulhu-rider): #468 use Signature message from FrostFS API to avoid conversion
-	var sigV2 refs.Signature
-	sig.WriteToV2(&sigV2)
-
-	var sigControl control.Signature
-	sigControl.SetKey(sigV2.GetKey())
-	sigControl.SetSign(sigV2.GetSign())
-
-	msg.SetSignature(&sigControl)
-
-	return nil
-}

pkg/services/control/server/syncronize_tree.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	netmapSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
@@ -42,7 +43,7 @@ func (s *Server) SynchronizeTree(ctx context.Context, req *control.SynchronizeTr
 	resp := new(control.SynchronizeTreeResponse)
 	resp.SetBody(new(control.SynchronizeTreeResponse_Body))
 
-	err = SignMessage(s.key, resp)
+	err = ctrlmessage.Sign(s.key, resp)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}