[#106] Put simplest bearer token check first

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2020-10-22 15:45:28 +03:00 committed by Alex Vanin
parent 23ec33e821
commit 7464254680

View file

@ -618,7 +618,12 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
return true return true
} }
// 1. First check if bearer token is signed correctly. // 1. First check token lifetime. Simplest verification.
if !isValidLifetime(token.GetBody().GetLifetime(), st.CurrentEpoch()) {
return false
}
// 2. Then check if bearer token is signed correctly.
signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()} signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()}
if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) { if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) {
tokenSignature := token.GetSignature() tokenSignature := token.GetSignature()
@ -627,7 +632,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
return false // invalid signature return false // invalid signature
} }
// 2. Then check if container owner signed this token. // 3. Then check if container owner signed this token.
tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey()) tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey())
tokenIssuerWallet, err := owner.NEO3WalletFromPublicKey(tokenIssuerKey) tokenIssuerWallet, err := owner.NEO3WalletFromPublicKey(tokenIssuerKey)
if err != nil { if err != nil {
@ -642,7 +647,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
return false return false
} }
// 3. Then check if request sender has rights to use this token. // 4. Then check if request sender has rights to use this token.
tokenOwnerField := token.GetBody().GetOwnerID() tokenOwnerField := token.GetBody().GetOwnerID()
if tokenOwnerField != nil { // see bearer token owner field description if tokenOwnerField != nil { // see bearer token owner field description
requestSenderKey := crypto.UnmarshalPublicKey(reqInfo.senderKey) requestSenderKey := crypto.UnmarshalPublicKey(reqInfo.senderKey)
@ -656,11 +661,6 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
} }
} }
// 4. Then check token lifetime.
if !isValidLifetime(token.GetBody().GetLifetime(), st.CurrentEpoch()) {
return false
}
return true return true
} }