mkadilov/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#1332] tree: Make SignMessage public

Browse source 
It will allow reusing signing routine in other components
(e.g. `neofs-cli`).

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
This commit is contained in:
Pavel Karpy 2022-10-10 18:32:04 +03:00 committed by Pavel Karpy
parent 80d3c7f9d6
commit 13c4a9f4b8
4 changed files with 16 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/services/tree/replicator.go
View file

@ -101,7 +101,7 @@ func (s *Service) replicateLoop(ctx context.Context) {
func (s *Service) replicate(op movePair) error { func (s *Service) replicate(op movePair) error {
req := newApplyRequest(&op) req := newApplyRequest(&op)
err := signMessage(req, s.key) err := SignMessage(req, s.key)
if err != nil { if err != nil {
return fmt.Errorf("can't sign data: %w", err) return fmt.Errorf("can't sign data: %w", err)
} }

5
pkg/services/tree/signature.go
View file

@ -143,7 +143,10 @@ func verifyMessage(m message) error {
return nil return nil
} }
func signMessage(m message, key *ecdsa.PrivateKey) error { // SignMessage uses the provided key and signs any protobuf
// message that was generated for the TreeService by the
// protoc-gen-go-neofs generator. Returns any errors directly.
func SignMessage(m message, key *ecdsa.PrivateKey) error {
binBody, err := m.ReadSignedData(nil) binBody, err := m.ReadSignedData(nil)
if err != nil { if err != nil {
return err return err

20
pkg/services/tree/signature_test.go
View file

@ -101,7 +101,7 @@ func TestMessageSign(t *testing.T) {
require.Error(t, s.verifyClient(req, cid2, nil, op)) require.Error(t, s.verifyClient(req, cid2, nil, op))
}) })
require.NoError(t, signMessage(req, &privs[0].PrivateKey)) require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
require.NoError(t, s.verifyClient(req, cid1, nil, op)) require.NoError(t, s.verifyClient(req, cid1, nil, op))
t.Run("invalid CID", func(t *testing.T) { t.Run("invalid CID", func(t *testing.T) {
@ -111,12 +111,12 @@ func TestMessageSign(t *testing.T) {
cnr.Value.SetBasicACL(acl.Private) cnr.Value.SetBasicACL(acl.Private)
t.Run("extension disabled", func(t *testing.T) { t.Run("extension disabled", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[0].PrivateKey)) require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
require.Error(t, s.verifyClient(req, cid2, nil, op)) require.Error(t, s.verifyClient(req, cid2, nil, op))
}) })
t.Run("invalid key", func(t *testing.T) { t.Run("invalid key", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[1].PrivateKey)) require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, nil, op)) require.Error(t, s.verifyClient(req, cid1, nil, op))
}) })
@ -129,7 +129,7 @@ func TestMessageSign(t *testing.T) {
t.Run("invalid bearer", func(t *testing.T) { t.Run("invalid bearer", func(t *testing.T) {
req.Body.BearerToken = []byte{0xFF} req.Body.BearerToken = []byte{0xFF}
require.NoError(t, signMessage(req, &privs[0].PrivateKey)) require.NoError(t, SignMessage(req, &privs[0].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
}) })
@ -138,7 +138,7 @@ func TestMessageSign(t *testing.T) {
require.NoError(t, bt.Sign(privs[0].PrivateKey)) require.NoError(t, bt.Sign(privs[0].PrivateKey))
req.Body.BearerToken = bt.Marshal() req.Body.BearerToken = bt.Marshal()
require.NoError(t, signMessage(req, &privs[1].PrivateKey)) require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
}) })
t.Run("invalid bearer owner", func(t *testing.T) { t.Run("invalid bearer owner", func(t *testing.T) {
@ -146,7 +146,7 @@ func TestMessageSign(t *testing.T) {
require.NoError(t, bt.Sign(privs[1].PrivateKey)) require.NoError(t, bt.Sign(privs[1].PrivateKey))
req.Body.BearerToken = bt.Marshal() req.Body.BearerToken = bt.Marshal()
require.NoError(t, signMessage(req, &privs[1].PrivateKey)) require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
}) })
t.Run("invalid bearer signature", func(t *testing.T) { t.Run("invalid bearer signature", func(t *testing.T) {
@ -158,7 +158,7 @@ func TestMessageSign(t *testing.T) {
bv2.GetSignature().SetSign([]byte{1, 2, 3}) bv2.GetSignature().SetSign([]byte{1, 2, 3})
req.Body.BearerToken = bv2.StableMarshal(nil) req.Body.BearerToken = bv2.StableMarshal(nil)
require.NoError(t, signMessage(req, &privs[1].PrivateKey)) require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
}) })
@ -168,17 +168,17 @@ func TestMessageSign(t *testing.T) {
cnr.Value.SetBasicACL(acl.PublicRWExtended) cnr.Value.SetBasicACL(acl.PublicRWExtended)
t.Run("put and get", func(t *testing.T) { t.Run("put and get", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[1].PrivateKey)) require.NoError(t, SignMessage(req, &privs[1].PrivateKey))
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet)) require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
}) })
t.Run("only get", func(t *testing.T) { t.Run("only get", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[2].PrivateKey)) require.NoError(t, SignMessage(req, &privs[2].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet)) require.NoError(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
}) })
t.Run("none", func(t *testing.T) { t.Run("none", func(t *testing.T) {
require.NoError(t, signMessage(req, &privs[3].PrivateKey)) require.NoError(t, SignMessage(req, &privs[3].PrivateKey))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectPut))
require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet)) require.Error(t, s.verifyClient(req, cid1, req.GetBody().GetBearerToken(), acl.OpObjectGet))
}) })

2
pkg/services/tree/sync.go
View file

@ -69,7 +69,7 @@ func (s *Service) synchronizeSingle(ctx context.Context, cid cid.ID, treeID stri
Height: newHeight, Height: newHeight,
}, },
} }
if err := signMessage(req, s.key); err != nil { if err := SignMessage(req, s.key); err != nil {
return newHeight, err return newHeight, err
} }