service: add ExtendedHeader list to signed payload of the requests

This commit is contained in:
Leonard Lyubich 2020-06-18 15:50:01 +03:00
parent db53e2ea39
commit c360b7d19c
2 changed files with 24 additions and 1 deletions

View file

@ -212,6 +212,7 @@ func SignRequestData(key *ecdsa.PrivateKey, src RequestSignedData) error {
NewSignedBearerToken( NewSignedBearerToken(
src.GetBearerToken(), src.GetBearerToken(),
), ),
ExtendedHeadersSignedData(src),
) )
if err != nil { if err != nil {
return err return err
@ -237,6 +238,7 @@ func VerifyRequestData(src RequestVerifyData) error {
NewVerifiedBearerToken( NewVerifiedBearerToken(
src.GetBearerToken(), src.GetBearerToken(),
), ),
ExtendedHeadersSignedData(src),
) )
if err != nil { if err != nil {
return err return err

View file

@ -268,7 +268,7 @@ func TestVerifySignatureWithKey(t *testing.T) {
require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src)) require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src))
} }
func TestSignVerifyDataWithSessionToken(t *testing.T) { func TestSignVerifyRequestData(t *testing.T) {
// sign with empty RequestSignedData // sign with empty RequestSignedData
require.EqualError(t, require.EqualError(t,
SignRequestData(nil, nil), SignRequestData(nil, nil),
@ -288,18 +288,27 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
bearer = wrapBearerTokenMsg(new(BearerTokenMsg)) bearer = wrapBearerTokenMsg(new(BearerTokenMsg))
bearerEpoch = uint64(8) bearerEpoch = uint64(8)
extHdrKey = "key"
extHdr = new(RequestExtendedHeader_KV)
) )
token.SetVerb(initVerb) token.SetVerb(initVerb)
bearer.SetExpirationEpoch(bearerEpoch) bearer.SetExpirationEpoch(bearerEpoch)
extHdr.SetK(extHdrKey)
// create test data with token // create test data with token
src := &testSignedDataSrc{ src := &testSignedDataSrc{
data: testData(t, 10), data: testData(t, 10),
token: token, token: token,
bearer: bearer, bearer: bearer,
extHdrs: []ExtendedHeader{
wrapExtendedHeaderKV(extHdr),
},
} }
// create test private key // create test private key
@ -344,6 +353,18 @@ func TestSignVerifyDataWithSessionToken(t *testing.T) {
// ascertain that verification is passed // ascertain that verification is passed
require.NoError(t, VerifyRequestData(src)) require.NoError(t, VerifyRequestData(src))
// break the extended header
extHdr.SetK(extHdrKey + "1")
// ascertain that verification is failed
require.Error(t, VerifyRequestData(src))
// restore the extended header
extHdr.SetK(extHdrKey)
// ascertain that verification is passed
require.NoError(t, VerifyRequestData(src))
// wrap to data reader // wrap to data reader
rdr := &testSignedDataReader{ rdr := &testSignedDataReader{
testSignedDataSrc: src, testSignedDataSrc: src,