From c360b7d19cc253a233dfe2df8c434a6063c3ce29 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 18 Jun 2020 15:50:01 +0300 Subject: [PATCH] service: add ExtendedHeader list to signed payload of the requests --- service/sign.go | 2 ++ service/sign_test.go | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/service/sign.go b/service/sign.go index a0bb7e5..50453b9 100644 --- a/service/sign.go +++ b/service/sign.go @@ -212,6 +212,7 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error { NewSignedBearerToken( src.GetBearerToken(), ), + ExtendedHeadersSignedData(src), ) if err != nil { return err @@ -237,6 +238,7 @@ func VerifyRequestData(src RequestVerifyData) error { NewVerifiedBearerToken( src.GetBearerToken(), ), + ExtendedHeadersSignedData(src), ) if err != nil { return err diff --git a/service/sign_test.go b/service/sign_test.go index 023412f..724c068 100644 --- a/service/sign_test.go +++ b/service/sign_test.go @@ -268,7 +268,7 @@ func TestVerifySignatureWithKey(t *testing.T) { require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src)) } -func TestSignVerifyDataWithSessionToken(t *testing.T) { +func TestSignVerifyRequestData(t *testing.T) { // sign with empty RequestSignedData require.EqualError(t, SignRequestData(nil, nil), @@ -288,18 +288,27 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) { bearer = wrapBearerTokenMsg(new(BearerTokenMsg)) bearerEpoch = uint64(8) + + extHdrKey = "key" + extHdr = new(RequestExtendedHeader_KV) ) token.SetVerb(initVerb) bearer.SetExpirationEpoch(bearerEpoch) + extHdr.SetK(extHdrKey) + // create test data with token src := &testSignedDataSrc{ data: testData(t, 10), token: token, bearer: bearer, + + extHdrs: []ExtendedHeader{ + wrapExtendedHeaderKV(extHdr), + }, } // create test private key @@ -344,6 +353,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) { // ascertain that verification is passed require.NoError(t, VerifyRequestData(src)) + // break the extended header + extHdr.SetK(extHdrKey + "1") + + // ascertain that verification is failed + require.Error(t, VerifyRequestData(src)) + + // restore the extended header + extHdr.SetK(extHdrKey) + + // ascertain that verification is passed + require.NoError(t, VerifyRequestData(src)) + // wrap to data reader rdr := &testSignedDataReader{ testSignedDataSrc: src,