forked from TrueCloudLab/frostfs-api-go
session: replace PToken structure with PrivateToken interface
In previous implementation PToken contained the full Token structure. Since private token is used for data signature only, storing unused fields of a user token is impractical. To emphasize the purpose of the private part of the session, it makes sense to provide the user of the session package with its interface. The interface will only provide the functionality of data signing with private session key. This commit: * removes PToken structure from session package; * defines PrivateToken interface of private session part; * adds the implementation of PrivateToken on unexported struct; * provides the constructor that generates session key internally.
This commit is contained in:
Leonard Lyubich
parent
1e86e1112a
commit
dfc2dd8a78
5 changed files with 90 additions and 28 deletions
|
|
@ -1,13 +1,9 @@
|
|||
package session
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"sync"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/internal"
|
||||
"github.com/nspcc-dev/neofs-api-go/refs"
|
||||
"github.com/nspcc-dev/neofs-api-go/service"
|
||||
crypto "github.com/nspcc-dev/neofs-crypto"
|
||||
)
|
||||
|
||||
type (
|
||||
|
|
@ -23,17 +19,20 @@ type (
|
|||
Address = refs.Address
|
||||
// Verb is Token_Info_Verb type alias
|
||||
Verb = service.Token_Info_Verb
|
||||
|
||||
// PToken is a wrapper around Token that allows to sign data
|
||||
// and to do thread-safe manipulations.
|
||||
PToken struct {
|
||||
Token
|
||||
|
||||
mtx *sync.Mutex
|
||||
PrivateKey *ecdsa.PrivateKey
|
||||
}
|
||||
)
|
||||
|
||||
// PrivateToken is an interface of session private part.
|
||||
type PrivateToken interface {
|
||||
// PublicKey must return a binary representation of session public key.
|
||||
PublicKey() []byte
|
||||
|
||||
// Sign must return the signature of passed data.
|
||||
//
|
||||
// Resulting signature must be verified by crypto.Verify function
|
||||
// with the session public key.
|
||||
Sign([]byte) ([]byte, error)
|
||||
}
|
||||
|
||||
const (
|
||||
// ErrWrongFirstEpoch is raised when passed Token contains wrong first epoch.
|
||||
// First epoch is an epoch since token is valid
|
||||
|
|
@ -58,8 +57,3 @@ const (
|
|||
// ErrInvalidSignature is raised when wrong signature is passed to VerificationHeader.VerifyData().
|
||||
ErrInvalidSignature = internal.Error("invalid signature")
|
||||
)
|
||||
|
||||
// SignData signs data with session private key.
|
||||
func (t *PToken) SignData(data []byte) ([]byte, error) {
|
||||
return crypto.Sign(t.PrivateKey, data)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue