forked from TrueCloudLab/frostfs-sdk-go
[#170] bearer: Return presence flag in getters of optional fields
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
27cd721422
commit
24d6c2221f
2 changed files with 14 additions and 14 deletions
|
@ -45,12 +45,6 @@ func (b Token) WriteToV2(m *acl.BearerToken) {
|
||||||
*m = (acl.BearerToken)(b)
|
*m = (acl.BearerToken)(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsEmpty returns true if bearer token has no fields set.
|
|
||||||
func (b Token) IsEmpty() bool {
|
|
||||||
v2token := (acl.BearerToken)(b)
|
|
||||||
return v2token.GetBody() == nil && v2token.GetSignature() == nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetExpiration sets "exp" (expiration time) claim which identifies the
|
// SetExpiration sets "exp" (expiration time) claim which identifies the
|
||||||
// expiration time (in NeoFS epochs) on or after which the Token MUST NOT be
|
// expiration time (in NeoFS epochs) on or after which the Token MUST NOT be
|
||||||
// accepted for processing. The processing of the "exp" claim requires that the
|
// accepted for processing. The processing of the "exp" claim requires that the
|
||||||
|
@ -231,7 +225,7 @@ func (b *Token) Sign(key ecdsa.PrivateKey) error {
|
||||||
|
|
||||||
// VerifySignature returns nil if bearer token contains correct signature.
|
// VerifySignature returns nil if bearer token contains correct signature.
|
||||||
func (b Token) VerifySignature() error {
|
func (b Token) VerifySignature() error {
|
||||||
if b.IsEmpty() {
|
if b.isEmpty() {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,18 +239,18 @@ func (b Token) VerifySignature() error {
|
||||||
// Issuer returns owner.ID associated with the key that signed bearer token.
|
// Issuer returns owner.ID associated with the key that signed bearer token.
|
||||||
// To pass node validation it should be owner of requested container.
|
// To pass node validation it should be owner of requested container.
|
||||||
//
|
//
|
||||||
// If token is not signed, issuer returns empty owner ID.
|
// If token is not signed, Issuer returns empty owner ID and false `ok` flag.
|
||||||
//
|
//
|
||||||
// See also Sign.
|
// See also Sign.
|
||||||
func (b Token) Issuer() (id owner.ID) {
|
func (b Token) Issuer() (id owner.ID, ok bool) {
|
||||||
v2 := (acl.BearerToken)(b)
|
v2 := (acl.BearerToken)(b)
|
||||||
|
|
||||||
pub, _ := keys.NewPublicKeyFromBytes(v2.GetSignature().GetKey(), elliptic.P256())
|
pub, _ := keys.NewPublicKeyFromBytes(v2.GetSignature().GetKey(), elliptic.P256())
|
||||||
if pub == nil {
|
if pub == nil {
|
||||||
return id
|
return id, false
|
||||||
}
|
}
|
||||||
|
|
||||||
return *owner.NewIDFromPublicKey((*ecdsa.PublicKey)(pub))
|
return *owner.NewIDFromPublicKey((*ecdsa.PublicKey)(pub)), true
|
||||||
}
|
}
|
||||||
|
|
||||||
// sanityCheck if bearer token is ready to be issued.
|
// sanityCheck if bearer token is ready to be issued.
|
||||||
|
@ -314,3 +308,8 @@ func (b *Token) UnmarshalJSON(data []byte) error {
|
||||||
v2 := (*acl.BearerToken)(b)
|
v2 := (*acl.BearerToken)(b)
|
||||||
return v2.UnmarshalJSON(data)
|
return v2.UnmarshalJSON(data)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (b Token) isEmpty() bool {
|
||||||
|
v2token := (acl.BearerToken)(b)
|
||||||
|
return v2token.GetBody() == nil && v2token.GetSignature() == nil
|
||||||
|
}
|
||||||
|
|
|
@ -16,8 +16,8 @@ func TestBearerToken_Issuer(t *testing.T) {
|
||||||
var bearerToken bearer.Token
|
var bearerToken bearer.Token
|
||||||
|
|
||||||
t.Run("non signed token", func(t *testing.T) {
|
t.Run("non signed token", func(t *testing.T) {
|
||||||
id := bearerToken.Issuer()
|
_, ok := bearerToken.Issuer()
|
||||||
require.Equal(t, owner.ID{}, id)
|
require.False(t, ok)
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("signed token", func(t *testing.T) {
|
t.Run("signed token", func(t *testing.T) {
|
||||||
|
@ -28,7 +28,8 @@ func TestBearerToken_Issuer(t *testing.T) {
|
||||||
|
|
||||||
bearerToken.SetEACLTable(*eacl.NewTable())
|
bearerToken.SetEACLTable(*eacl.NewTable())
|
||||||
require.NoError(t, bearerToken.Sign(p.PrivateKey))
|
require.NoError(t, bearerToken.Sign(p.PrivateKey))
|
||||||
issuer := bearerToken.Issuer()
|
issuer, ok := bearerToken.Issuer()
|
||||||
|
require.True(t, ok)
|
||||||
require.True(t, ownerID.Equal(&issuer))
|
require.True(t, ownerID.Equal(&issuer))
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue