[#1] Add additional security

Signed-off-by: Ori Bruk <o.bruk@yadro.com>
2024-07-24 14:41:42 +03:00 · 2024-07-24 14:41:42 +03:00 · 1be65c63ae
commit 1be65c63ae
parent bf2f19f08d
62 changed files with 670 additions and 281 deletions
--- a/client/src/main/java/info/frostfs/sdk/tools/Verifier.java
+++ b/client/src/main/java/info/frostfs/sdk/tools/Verifier.java
@ -2,8 +2,8 @@ package info.frostfs.sdk.tools;

 import com.google.protobuf.Message;
 import frostfs.session.Types;
-import info.frostfs.sdk.mappers.StatusMapper;
 import info.frostfs.sdk.constants.CryptoConst;
+import info.frostfs.sdk.mappers.StatusMapper;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
 import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
@ -28,12 +28,17 @@ public class Verifier {
    public static final String ERROR_INVALID_RESPONSE = "Invalid response";
    public static final int RFC6979_SIG_SIZE = 64;

+    private Verifier() {
+    }
+
    public static boolean verifyRFC6979(frostfs.refs.Types.SignatureRFC6979 signature, Message data) {
        return verifyRFC6979(signature.getKey().toByteArray(), data.toByteArray(), signature.getSign().toByteArray());
    }

    public static boolean verifyRFC6979(byte[] publicKey, byte[] data, byte[] sig) {
-        if (isNull(publicKey) || isNull(data) || isNull(sig)) return false;
+        if (isNull(publicKey) || isNull(data) || isNull(sig)) {
+            return false;
+        }

        var rs = decodeSignature(sig);
        var digest = createSHA256();
@ -85,9 +90,15 @@ public class Verifier {
    public static boolean verifyMatryoshkaLevel(Message data,
                                                frostfs.session.Types.ResponseMetaHeader meta,
                                                frostfs.session.Types.ResponseVerificationHeader verification) {
-        if (!verifyMessagePart(verification.getMetaSignature(), meta)) return false;
+        if (!verifyMessagePart(verification.getMetaSignature(), meta)) {
+            return false;
+        }
+
        var origin = verification.getOrigin();
-        if (!verifyMessagePart(verification.getOriginSignature(), origin)) return false;
+        if (!verifyMessagePart(verification.getOriginSignature(), origin)) {
+            return false;
+        }
+
        if (origin.getSerializedSize() == 0) {
            return verifyMessagePart(verification.getBodySignature(), data);
        }
@ -96,7 +107,9 @@ public class Verifier {
    }

    public static boolean verifyMessagePart(frostfs.refs.Types.Signature sig, Message data) {
-        if (sig.getSerializedSize() == 0 || sig.getKey().isEmpty() || sig.getSign().isEmpty()) return false;
+        if (sig.getSerializedSize() == 0 || sig.getKey().isEmpty() || sig.getSign().isEmpty()) {
+            return false;
+        }

        var publicKey = getPublicKeyFromBytes(sig.getKey().toByteArray());