diff --git a/CHANGELOG.md b/CHANGELOG.md
index 14b7a11..8abbc14 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,22 @@
# Changelog
This is the changelog for NeoFS-API-Go
+## [0.7.4] - 2020-05-12
+
+### Added
+
+- Stringify for `object.Object`.
+
+### Changed
+
+- Mechanism for creating and verifying request message signatures.
+- Implementation and interface of private token storage.
+- File structure of packages.
+
+### Updated
+
+- NeoFS API v0.7.4
+
## [0.7.1] - 2020-04-20
### Added
@@ -273,3 +289,4 @@ Initial public release
[0.6.2]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.1...v0.6.2
[0.7.0]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.6.2...v0.7.0
[0.7.1]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.0...v0.7.1
+[0.7.4]: https://github.com/nspcc-dev/neofs-api-go/compare/v0.7.1...v0.7.4
diff --git a/Makefile b/Makefile
index 29f41bc..b99682b 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-PROTO_VERSION=v0.7.1
+PROTO_VERSION=v0.7.4
PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
B=\033[0;1m
diff --git a/accounting/sign.go b/accounting/sign.go
new file mode 100644
index 0000000..1eabed4
--- /dev/null
+++ b/accounting/sign.go
@@ -0,0 +1,167 @@
+package accounting
+
+import (
+ "encoding/binary"
+ "io"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+// SignedData returns payload bytes of the request.
+func (m BalanceRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m BalanceRequest) SignedDataSize() int {
+ return m.GetOwnerID().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m BalanceRequest) ReadSignedData(p []byte) (int, error) {
+ sz := m.SignedDataSize()
+ if len(p) < sz {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ copy(p, m.GetOwnerID().Bytes())
+
+ return sz, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m GetRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m GetRequest) SignedDataSize() int {
+ return m.GetID().Size() + m.GetOwnerID().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m GetRequest) ReadSignedData(p []byte) (int, error) {
+ sz := m.SignedDataSize()
+ if len(p) < sz {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetID().Bytes())
+
+ copy(p[off:], m.GetOwnerID().Bytes())
+
+ return sz, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m PutRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m PutRequest) SignedDataSize() (sz int) {
+ sz += m.GetOwnerID().Size()
+
+ sz += m.GetMessageID().Size()
+
+ sz += 8
+
+ if amount := m.GetAmount(); amount != nil {
+ sz += amount.Size()
+ }
+
+ return
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m PutRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetOwnerID().Bytes())
+
+ off += copy(p[off:], m.GetMessageID().Bytes())
+
+ binary.BigEndian.PutUint64(p[off:], m.GetHeight())
+ off += 8
+
+ if amount := m.GetAmount(); amount != nil {
+ n, err := amount.MarshalTo(p[off:])
+ off += n
+ if err != nil {
+ return off + n, err
+ }
+ }
+
+ return off, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m ListRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m ListRequest) SignedDataSize() int {
+ return m.GetOwnerID().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m ListRequest) ReadSignedData(p []byte) (int, error) {
+ sz := m.SignedDataSize()
+ if len(p) < sz {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ copy(p, m.GetOwnerID().Bytes())
+
+ return sz, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m DeleteRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m DeleteRequest) SignedDataSize() (sz int) {
+ sz += m.GetID().Size()
+
+ sz += m.GetOwnerID().Size()
+
+ sz += m.GetMessageID().Size()
+
+ return
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m DeleteRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetID().Bytes())
+
+ off += copy(p[off:], m.GetOwnerID().Bytes())
+
+ off += copy(p[off:], m.GetMessageID().Bytes())
+
+ return off, nil
+}
diff --git a/accounting/sign_test.go b/accounting/sign_test.go
new file mode 100644
index 0000000..dd7a819
--- /dev/null
+++ b/accounting/sign_test.go
@@ -0,0 +1,185 @@
+package accounting
+
+import (
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/decimal"
+ "github.com/nspcc-dev/neofs-api-go/service"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestSignBalanceRequest(t *testing.T) {
+ sk := test.DecodeKey(0)
+
+ type sigType interface {
+ service.SignedDataWithToken
+ service.SignKeyPairAccumulator
+ service.SignKeyPairSource
+ SetToken(*service.Token)
+ }
+
+ items := []struct {
+ constructor func() sigType
+ payloadCorrupt []func(sigType)
+ }{
+ { // BalanceRequest
+ constructor: func() sigType {
+ return new(BalanceRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*BalanceRequest)
+
+ owner := req.GetOwnerID()
+ owner[0]++
+
+ req.SetOwnerID(owner)
+ },
+ },
+ },
+ { // GetRequest
+ constructor: func() sigType {
+ return new(GetRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*GetRequest)
+
+ id, err := NewChequeID()
+ require.NoError(t, err)
+
+ req.SetID(id)
+ },
+ func(s sigType) {
+ req := s.(*GetRequest)
+
+ id := req.GetOwnerID()
+ id[0]++
+
+ req.SetOwnerID(id)
+ },
+ },
+ },
+ { // PutRequest
+ constructor: func() sigType {
+ req := new(PutRequest)
+
+ amount := decimal.New(1)
+ req.SetAmount(amount)
+
+ return req
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ owner := req.GetOwnerID()
+ owner[0]++
+
+ req.SetOwnerID(owner)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ mid := req.GetMessageID()
+ mid[0]++
+
+ req.SetMessageID(mid)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ req.SetHeight(req.GetHeight() + 1)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ amount := req.GetAmount()
+ if amount == nil {
+ req.SetAmount(decimal.New(0))
+ } else {
+ req.SetAmount(amount.Add(decimal.New(amount.GetValue())))
+ }
+ },
+ },
+ },
+ { // ListRequest
+ constructor: func() sigType {
+ return new(ListRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*ListRequest)
+
+ owner := req.GetOwnerID()
+ owner[0]++
+
+ req.SetOwnerID(owner)
+ },
+ },
+ },
+ {
+ constructor: func() sigType {
+ return new(DeleteRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*DeleteRequest)
+
+ id, err := NewChequeID()
+ require.NoError(t, err)
+
+ req.SetID(id)
+ },
+ func(s sigType) {
+ req := s.(*DeleteRequest)
+
+ owner := req.GetOwnerID()
+ owner[0]++
+
+ req.SetOwnerID(owner)
+ },
+ func(s sigType) {
+ req := s.(*DeleteRequest)
+
+ mid := req.GetMessageID()
+ mid[0]++
+
+ req.SetMessageID(mid)
+ },
+ },
+ },
+ }
+
+ for _, item := range items {
+ { // token corruptions
+ v := item.constructor()
+
+ token := new(service.Token)
+ v.SetToken(token)
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ token.SetSessionKey(append(token.GetSessionKey(), 1))
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+
+ { // payload corruptions
+ for _, corruption := range item.payloadCorrupt {
+ v := item.constructor()
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ corruption(v)
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+ }
+ }
+}
diff --git a/accounting/types.go b/accounting/types.go
index 6a3b2e2..e16fa99 100644
--- a/accounting/types.go
+++ b/accounting/types.go
@@ -351,3 +351,103 @@ func (m *Settlement) Equal(s *Settlement) bool {
}
return len(m.Transactions) == 0 || reflect.DeepEqual(m.Transactions, s.Transactions)
}
+
+// GetOwnerID is an OwnerID field getter.
+func (m BalanceRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *BalanceRequest) SetOwnerID(owner OwnerID) {
+ m.OwnerID = owner
+}
+
+// GetID is an ID field getter.
+func (m GetRequest) GetID() ChequeID {
+ return m.ID
+}
+
+// SetID is an ID field setter.
+func (m *GetRequest) SetID(id ChequeID) {
+ m.ID = id
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m GetRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *GetRequest) SetOwnerID(id OwnerID) {
+ m.OwnerID = id
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m PutRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *PutRequest) SetOwnerID(id OwnerID) {
+ m.OwnerID = id
+}
+
+// GetMessageID is a MessageID field getter.
+func (m PutRequest) GetMessageID() MessageID {
+ return m.MessageID
+}
+
+// SetMessageID is a MessageID field setter.
+func (m *PutRequest) SetMessageID(id MessageID) {
+ m.MessageID = id
+}
+
+// SetAmount is an Amount field setter.
+func (m *PutRequest) SetAmount(amount *decimal.Decimal) {
+ m.Amount = amount
+}
+
+// SetHeight is a Height field setter.
+func (m *PutRequest) SetHeight(h uint64) {
+ m.Height = h
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m ListRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *ListRequest) SetOwnerID(id OwnerID) {
+ m.OwnerID = id
+}
+
+// GetID is an ID field getter.
+func (m DeleteRequest) GetID() ChequeID {
+ return m.ID
+}
+
+// SetID is an ID field setter.
+func (m *DeleteRequest) SetID(id ChequeID) {
+ m.ID = id
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m DeleteRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *DeleteRequest) SetOwnerID(id OwnerID) {
+ m.OwnerID = id
+}
+
+// GetMessageID is a MessageID field getter.
+func (m DeleteRequest) GetMessageID() MessageID {
+ return m.MessageID
+}
+
+// SetMessageID is a MessageID field setter.
+func (m *DeleteRequest) SetMessageID(id MessageID) {
+ m.MessageID = id
+}
diff --git a/accounting/types_test.go b/accounting/types_test.go
index df81b46..a440028 100644
--- a/accounting/types_test.go
+++ b/accounting/types_test.go
@@ -84,3 +84,110 @@ func TestCheque(t *testing.T) {
require.Equal(t, cheque.Amount, decimal.NewGAS(42))
})
}
+
+func TestBalanceRequest_SetOwnerID(t *testing.T) {
+ ownerID := OwnerID{1, 2, 3}
+ m := new(BalanceRequest)
+
+ m.SetOwnerID(ownerID)
+
+ require.Equal(t, ownerID, m.GetOwnerID())
+}
+
+func TestGetRequestGettersSetters(t *testing.T) {
+ t.Run("id", func(t *testing.T) {
+ id := ChequeID("test id")
+ m := new(GetRequest)
+
+ m.SetID(id)
+
+ require.Equal(t, id, m.GetID())
+ })
+
+ t.Run("owner", func(t *testing.T) {
+ id := OwnerID{1, 2, 3}
+ m := new(GetRequest)
+
+ m.SetOwnerID(id)
+
+ require.Equal(t, id, m.GetOwnerID())
+ })
+}
+
+func TestPutRequestGettersSetters(t *testing.T) {
+ t.Run("owner", func(t *testing.T) {
+ id := OwnerID{1, 2, 3}
+ m := new(PutRequest)
+
+ m.SetOwnerID(id)
+
+ require.Equal(t, id, m.GetOwnerID())
+ })
+
+ t.Run("message ID", func(t *testing.T) {
+ id, err := refs.NewUUID()
+ require.NoError(t, err)
+
+ m := new(PutRequest)
+ m.SetMessageID(id)
+
+ require.Equal(t, id, m.GetMessageID())
+ })
+
+ t.Run("amount", func(t *testing.T) {
+ amount := decimal.New(1)
+ m := new(PutRequest)
+
+ m.SetAmount(amount)
+
+ require.Equal(t, amount, m.GetAmount())
+ })
+
+ t.Run("height", func(t *testing.T) {
+ h := uint64(3)
+ m := new(PutRequest)
+
+ m.SetHeight(h)
+
+ require.Equal(t, h, m.GetHeight())
+ })
+}
+
+func TestListRequestGettersSetters(t *testing.T) {
+ ownerID := OwnerID{1, 2, 3}
+ m := new(ListRequest)
+
+ m.SetOwnerID(ownerID)
+
+ require.Equal(t, ownerID, m.GetOwnerID())
+}
+
+func TestDeleteRequestGettersSetters(t *testing.T) {
+ t.Run("id", func(t *testing.T) {
+ id := ChequeID("test id")
+ m := new(DeleteRequest)
+
+ m.SetID(id)
+
+ require.Equal(t, id, m.GetID())
+ })
+
+ t.Run("owner", func(t *testing.T) {
+ id := OwnerID{1, 2, 3}
+ m := new(DeleteRequest)
+
+ m.SetOwnerID(id)
+
+ require.Equal(t, id, m.GetOwnerID())
+ })
+
+ t.Run("message ID", func(t *testing.T) {
+ id, err := refs.NewUUID()
+ require.NoError(t, err)
+
+ m := new(DeleteRequest)
+ m.SetMessageID(id)
+
+ require.Equal(t, id, m.GetMessageID())
+ })
+}
diff --git a/bootstrap/sign.go b/bootstrap/sign.go
new file mode 100644
index 0000000..34f7fc2
--- /dev/null
+++ b/bootstrap/sign.go
@@ -0,0 +1,46 @@
+package bootstrap
+
+import (
+ "io"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+// SignedData returns payload bytes of the request.
+func (m Request) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m Request) SignedDataSize() (sz int) {
+ sz += m.GetType().Size()
+
+ sz += m.GetState().Size()
+
+ info := m.GetInfo()
+ sz += info.Size()
+
+ return
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the Request size is insufficient, io.ErrUnexpectedEOF returns.
+func (m Request) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetType().Bytes())
+
+ off += copy(p[off:], m.GetState().Bytes())
+
+ info := m.GetInfo()
+ // FIXME: implement and use stable functions
+ n, err := info.MarshalTo(p[off:])
+ off += n
+
+ return off, err
+}
diff --git a/bootstrap/sign_test.go b/bootstrap/sign_test.go
new file mode 100644
index 0000000..2c76117
--- /dev/null
+++ b/bootstrap/sign_test.go
@@ -0,0 +1,82 @@
+package bootstrap
+
+import (
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestRequestSign(t *testing.T) {
+ sk := test.DecodeKey(0)
+
+ type sigType interface {
+ service.SignedDataWithToken
+ service.SignKeyPairAccumulator
+ service.SignKeyPairSource
+ SetToken(*service.Token)
+ }
+
+ items := []struct {
+ constructor func() sigType
+ payloadCorrupt []func(sigType)
+ }{
+ { // Request
+ constructor: func() sigType {
+ return new(Request)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*Request)
+
+ req.SetType(req.GetType() + 1)
+ },
+ func(s sigType) {
+ req := s.(*Request)
+
+ req.SetState(req.GetState() + 1)
+ },
+ func(s sigType) {
+ req := s.(*Request)
+
+ info := req.GetInfo()
+ info.Address += "1"
+
+ req.SetInfo(info)
+ },
+ },
+ },
+ }
+
+ for _, item := range items {
+ { // token corruptions
+ v := item.constructor()
+
+ token := new(service.Token)
+ v.SetToken(token)
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ token.SetSessionKey(append(token.GetSessionKey(), 1))
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+
+ { // payload corruptions
+ for _, corruption := range item.payloadCorrupt {
+ v := item.constructor()
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ corruption(v)
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+ }
+ }
+}
diff --git a/bootstrap/types.go b/bootstrap/types.go
index 690d81c..7ad3ec2 100644
--- a/bootstrap/types.go
+++ b/bootstrap/types.go
@@ -2,6 +2,7 @@ package bootstrap
import (
"bytes"
+ "encoding/binary"
"encoding/hex"
"strconv"
"strings"
@@ -27,6 +28,8 @@ var (
_ proto.Message = (*SpreadMap)(nil)
)
+var requestEndianness = binary.BigEndian
+
// Equals checks whether two NodeInfo has same address.
func (m NodeInfo) Equals(n1 NodeInfo) bool {
return m.Address == n1.Address && bytes.Equal(m.PubKey, n1.PubKey)
@@ -98,3 +101,37 @@ func (m SpreadMap) String() string {
", " +
"Netmap: [" + strings.Join(result, ",") + "]>"
}
+
+// GetType is a Type field getter.
+func (m Request) GetType() NodeType {
+ return m.Type
+}
+
+// SetType is a Type field setter.
+func (m *Request) SetType(t NodeType) {
+ m.Type = t
+}
+
+// SetState is a State field setter.
+func (m *Request) SetState(state Request_State) {
+ m.State = state
+}
+
+// SetInfo is an Info field getter.
+func (m *Request) SetInfo(info NodeInfo) {
+ m.Info = info
+}
+
+// Size returns the size necessary for a binary representation of the state.
+func (x Request_State) Size() int {
+ return 4
+}
+
+// Bytes returns a binary representation of the state.
+func (x Request_State) Bytes() []byte {
+ data := make([]byte, x.Size())
+
+ requestEndianness.PutUint32(data, uint32(x))
+
+ return data
+}
diff --git a/bootstrap/types_test.go b/bootstrap/types_test.go
new file mode 100644
index 0000000..20b1b1a
--- /dev/null
+++ b/bootstrap/types_test.go
@@ -0,0 +1,39 @@
+package bootstrap
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestRequestGettersSetters(t *testing.T) {
+ t.Run("type", func(t *testing.T) {
+ rt := NodeType(1)
+ m := new(Request)
+
+ m.SetType(rt)
+
+ require.Equal(t, rt, m.GetType())
+ })
+
+ t.Run("state", func(t *testing.T) {
+ st := Request_State(1)
+ m := new(Request)
+
+ m.SetState(st)
+
+ require.Equal(t, st, m.GetState())
+ })
+
+ t.Run("info", func(t *testing.T) {
+ info := NodeInfo{
+ Address: "some address",
+ }
+
+ m := new(Request)
+
+ m.SetInfo(info)
+
+ require.Equal(t, info, m.GetInfo())
+ })
+}
diff --git a/container/sign.go b/container/sign.go
new file mode 100644
index 0000000..eafd93c
--- /dev/null
+++ b/container/sign.go
@@ -0,0 +1,137 @@
+package container
+
+import (
+ "encoding/binary"
+ "io"
+
+ service "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+var requestEndianness = binary.BigEndian
+
+// SignedData returns payload bytes of the request.
+func (m PutRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m PutRequest) SignedDataSize() (sz int) {
+ sz += m.GetMessageID().Size()
+
+ sz += 8
+
+ sz += m.GetOwnerID().Size()
+
+ rules := m.GetRules()
+ sz += rules.Size()
+
+ sz += 4
+
+ return
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the Request size is insufficient, io.ErrUnexpectedEOF returns.
+func (m PutRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetMessageID().Bytes())
+
+ requestEndianness.PutUint64(p[off:], m.GetCapacity())
+ off += 8
+
+ off += copy(p[off:], m.GetOwnerID().Bytes())
+
+ rules := m.GetRules()
+ // FIXME: implement and use stable functions
+ n, err := rules.MarshalTo(p[off:])
+ off += n
+ if err != nil {
+ return off, err
+ }
+
+ requestEndianness.PutUint32(p[off:], m.GetBasicACL())
+ off += 4
+
+ return off, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m DeleteRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m DeleteRequest) SignedDataSize() int {
+ return m.GetCID().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the Request size is insufficient, io.ErrUnexpectedEOF returns.
+func (m DeleteRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetCID().Bytes())
+
+ return off, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m GetRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m GetRequest) SignedDataSize() int {
+ return m.GetCID().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the Request size is insufficient, io.ErrUnexpectedEOF returns.
+func (m GetRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetCID().Bytes())
+
+ return off, nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m ListRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m ListRequest) SignedDataSize() int {
+ return m.GetOwnerID().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the Request size is insufficient, io.ErrUnexpectedEOF returns.
+func (m ListRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetOwnerID().Bytes())
+
+ return off, nil
+}
diff --git a/container/sign_test.go b/container/sign_test.go
new file mode 100644
index 0000000..e469399
--- /dev/null
+++ b/container/sign_test.go
@@ -0,0 +1,143 @@
+package container
+
+import (
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestRequestSign(t *testing.T) {
+ sk := test.DecodeKey(0)
+
+ type sigType interface {
+ service.SignedDataWithToken
+ service.SignKeyPairAccumulator
+ service.SignKeyPairSource
+ SetToken(*service.Token)
+ }
+
+ items := []struct {
+ constructor func() sigType
+ payloadCorrupt []func(sigType)
+ }{
+ { // PutRequest
+ constructor: func() sigType {
+ return new(PutRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ id := req.GetMessageID()
+ id[0]++
+
+ req.SetMessageID(id)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ req.SetCapacity(req.GetCapacity() + 1)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ owner := req.GetOwnerID()
+ owner[0]++
+
+ req.SetOwnerID(owner)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ rules := req.GetRules()
+ rules.ReplFactor++
+
+ req.SetRules(rules)
+ },
+ func(s sigType) {
+ req := s.(*PutRequest)
+
+ req.SetBasicACL(req.GetBasicACL() + 1)
+ },
+ },
+ },
+ { // DeleteRequest
+ constructor: func() sigType {
+ return new(DeleteRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*DeleteRequest)
+
+ cid := req.GetCID()
+ cid[0]++
+
+ req.SetCID(cid)
+ },
+ },
+ },
+ { // GetRequest
+ constructor: func() sigType {
+ return new(GetRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*GetRequest)
+
+ cid := req.GetCID()
+ cid[0]++
+
+ req.SetCID(cid)
+ },
+ },
+ },
+ { // ListRequest
+ constructor: func() sigType {
+ return new(ListRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*ListRequest)
+
+ owner := req.GetOwnerID()
+ owner[0]++
+
+ req.SetOwnerID(owner)
+ },
+ },
+ },
+ }
+
+ for _, item := range items {
+ { // token corruptions
+ v := item.constructor()
+
+ token := new(service.Token)
+ v.SetToken(token)
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ token.SetSessionKey(append(token.GetSessionKey(), 1))
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+
+ { // payload corruptions
+ for _, corruption := range item.payloadCorrupt {
+ v := item.constructor()
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ corruption(v)
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+ }
+ }
+}
diff --git a/container/types.go b/container/types.go
index e358e6d..f340aa5 100644
--- a/container/types.go
+++ b/container/types.go
@@ -93,3 +93,68 @@ func NewTestContainer() (*Container, error) {
},
})
}
+
+// GetMessageID is a MessageID field getter.
+func (m PutRequest) GetMessageID() MessageID {
+ return m.MessageID
+}
+
+// SetMessageID is a MessageID field getter.
+func (m *PutRequest) SetMessageID(id MessageID) {
+ m.MessageID = id
+}
+
+// SetCapacity is a Capacity field setter.
+func (m *PutRequest) SetCapacity(c uint64) {
+ m.Capacity = c
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m PutRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *PutRequest) SetOwnerID(owner OwnerID) {
+ m.OwnerID = owner
+}
+
+// SetRules is a Rules field setter.
+func (m *PutRequest) SetRules(rules netmap.PlacementRule) {
+ m.Rules = rules
+}
+
+// SetBasicACL is a BasicACL field setter.
+func (m *PutRequest) SetBasicACL(acl uint32) {
+ m.BasicACL = acl
+}
+
+// GetCID is a CID field getter.
+func (m DeleteRequest) GetCID() CID {
+ return m.CID
+}
+
+// SetCID is a CID field setter.
+func (m *DeleteRequest) SetCID(cid CID) {
+ m.CID = cid
+}
+
+// GetCID is a CID field getter.
+func (m GetRequest) GetCID() CID {
+ return m.CID
+}
+
+// SetCID is a CID field setter.
+func (m *GetRequest) SetCID(cid CID) {
+ m.CID = cid
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m ListRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *ListRequest) SetOwnerID(owner OwnerID) {
+ m.OwnerID = owner
+}
diff --git a/container/types_test.go b/container/types_test.go
index fddccb3..cc171cb 100644
--- a/container/types_test.go
+++ b/container/types_test.go
@@ -55,3 +55,88 @@ func TestCID(t *testing.T) {
require.Equal(t, cid1, cid2)
})
}
+
+func TestPutRequestGettersSetters(t *testing.T) {
+ t.Run("owner", func(t *testing.T) {
+ owner := OwnerID{1, 2, 3}
+ m := new(PutRequest)
+
+ m.SetOwnerID(owner)
+
+ require.Equal(t, owner, m.GetOwnerID())
+ })
+
+ t.Run("capacity", func(t *testing.T) {
+ cp := uint64(3)
+ m := new(PutRequest)
+
+ m.SetCapacity(cp)
+
+ require.Equal(t, cp, m.GetCapacity())
+ })
+
+ t.Run("message ID", func(t *testing.T) {
+ id, err := refs.NewUUID()
+ require.NoError(t, err)
+
+ m := new(PutRequest)
+
+ m.SetMessageID(id)
+
+ require.Equal(t, id, m.GetMessageID())
+ })
+
+ t.Run("rules", func(t *testing.T) {
+ rules := netmap.PlacementRule{
+ ReplFactor: 1,
+ }
+
+ m := new(PutRequest)
+
+ m.SetRules(rules)
+
+ require.Equal(t, rules, m.GetRules())
+ })
+
+ t.Run("basic ACL", func(t *testing.T) {
+ bACL := uint32(5)
+ m := new(PutRequest)
+
+ m.SetBasicACL(bACL)
+
+ require.Equal(t, bACL, m.GetBasicACL())
+ })
+}
+
+func TestDeleteRequestGettersSetters(t *testing.T) {
+ t.Run("cid", func(t *testing.T) {
+ cid := CID{1, 2, 3}
+ m := new(DeleteRequest)
+
+ m.SetCID(cid)
+
+ require.Equal(t, cid, m.GetCID())
+ })
+}
+
+func TestGetRequestGettersSetters(t *testing.T) {
+ t.Run("cid", func(t *testing.T) {
+ cid := CID{1, 2, 3}
+ m := new(GetRequest)
+
+ m.SetCID(cid)
+
+ require.Equal(t, cid, m.GetCID())
+ })
+}
+
+func TestListRequestGettersSetters(t *testing.T) {
+ t.Run("owner", func(t *testing.T) {
+ owner := OwnerID{1, 2, 3}
+ m := new(PutRequest)
+
+ m.SetOwnerID(owner)
+
+ require.Equal(t, owner, m.GetOwnerID())
+ })
+}
diff --git a/docs/object.md b/docs/object.md
index 4ec32fc..27e4bcf 100644
--- a/docs/object.md
+++ b/docs/object.md
@@ -149,7 +149,6 @@ calculated for XORed data.
| ----- | ---- | ----- | ----------- |
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
| OwnerID | [bytes](#bytes) | | OwnerID is a wallet address |
-| Token | [session.Token](#session.Token) | | Token with session public key and user's signature |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -228,7 +227,6 @@ in distributed system.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
-| Raw | [bool](#bool) | | Raw is the request flag of a physically stored representation of an object |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -256,7 +254,6 @@ in distributed system.
| ----- | ---- | ----- | ----------- |
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
| FullHeaders | [bool](#bool) | | FullHeaders can be set true for extended headers in the object |
-| Raw | [bool](#bool) | | Raw is the request flag of a physically stored representation of an object |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -296,7 +293,6 @@ in distributed system.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Object | [Object](#object.Object) | | Object with at least container id and owner id fields |
-| Token | [session.Token](#session.Token) | | Token with session public key and user's signature |
| CopiesNumber | [uint32](#uint32) | | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |
@@ -378,7 +374,7 @@ in distributed system.
| UserHeader | [UserHeader](#object.UserHeader) | | UserHeader is a set of KV headers defined by user |
| Transform | [Transform](#object.Transform) | | Transform defines transform operation (e.g. payload split) |
| Tombstone | [Tombstone](#object.Tombstone) | | Tombstone header that set up in deleted objects |
-| Verify | [session.VerificationHeader](#session.VerificationHeader) | | Verify header that contains session public key and user's signature |
+| Token | [service.Token](#service.Token) | | Token header contains token of the session within which the object was created |
| HomoHash | [bytes](#bytes) | | HomoHash is a homomorphic hash of original object payload |
| PayloadChecksum | [bytes](#bytes) | | PayloadChecksum of actual object's payload |
| Integrity | [IntegrityHeader](#object.IntegrityHeader) | | Integrity header with checksum of all above headers in the object |
diff --git a/docs/service.md b/docs/service.md
index 90e1bd2..9ed548e 100644
--- a/docs/service.md
+++ b/docs/service.md
@@ -14,8 +14,10 @@
- Messages
- [RequestVerificationHeader](#service.RequestVerificationHeader)
- - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign)
- [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
+ - [Token](#service.Token)
+ - [Token.Info](#service.Token.Info)
+ - [TokenLifetime](#service.TokenLifetime)
- [service/verify_test.proto](#service/verify_test.proto)
@@ -49,6 +51,7 @@ RequestMetaHeader contains information about request meta headers
| TTL | [uint32](#uint32) | | TTL must be larger than zero, it decreased in every NeoFS Node |
| Epoch | [uint64](#uint64) | | Epoch for user can be empty, because node sets epoch to the actual value |
| Version | [uint32](#uint32) | | Version defines protocol version TODO: not used for now, should be implemented in future |
+| Raw | [bool](#bool) | | Raw determines whether the request is raw or not |
@@ -88,18 +91,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
-
-
-
-
-### Message RequestVerificationHeader.Sign
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. |
-| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. |
+| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent |
@@ -110,11 +102,68 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) | | Sign is a signature and public key of the request. |
-| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) | | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. |
+| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. |
+| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. |
+
+
+
+
+### Message Token
+User token granting rights for object manipulation
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TokenInfo | [Token.Info](#service.Token.Info) | | TokenInfo is a grouped information about token |
+| Signature | [bytes](#bytes) | | Signature is a signature of session token information |
+
+
+
+
+### Message Token.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes |
+| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
+| verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued |
+| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
+| Lifetime | [TokenLifetime](#service.TokenLifetime) | | Lifetime is a lifetime of the session |
+| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
+
+
+
+
+### Message TokenLifetime
+TokenLifetime carries a group of lifetime parameters of the token
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Created | [uint64](#uint64) | | Created carries an initial epoch of token lifetime |
+| ValidUntil | [uint64](#uint64) | | ValidUntil carries a last epoch of token lifetime |
+
+
+
+### Token.Info.Verb
+Verb is an enumeration of session request types
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Put | 0 | Put refers to object.Put RPC call |
+| Get | 1 | Get refers to object.Get RPC call |
+| Head | 2 | Head refers to object.Head RPC call |
+| Search | 3 | Search refers to object.Search RPC call |
+| Delete | 4 | Delete refers to object.Delete RPC call |
+| Range | 5 | Range refers to object.GetRange RPC call |
+| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
+
+
diff --git a/docs/session.md b/docs/session.md
index ba615c3..5ec7402 100644
--- a/docs/session.md
+++ b/docs/session.md
@@ -12,13 +12,6 @@
- [CreateResponse](#session.CreateResponse)
-- [session/types.proto](#session/types.proto)
-
- - Messages
- - [Token](#session.Token)
- - [VerificationHeader](#session.VerificationHeader)
-
-
- [Scalar Value Types](#scalar-value-types)
@@ -37,22 +30,13 @@
```
-rpc Create(stream CreateRequest) returns (stream CreateResponse);
+rpc Create(CreateRequest) returns (CreateResponse);
```
#### Method Create
-Create is a method that used to open a trusted session to manipulate
-an object. In order to put or delete object client have to obtain session
-token with trusted node. Trusted node will modify client's object
-(add missing headers, checksums, homomorphic hash) and sign id with
-session key. Session is established during 4-step handshake in one gRPC stream
-
-- First client stream message SHOULD BE type of `CreateRequest_Init`.
-- First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
-- Second client stream message SHOULD BE type of `CreateRequest_Signed`.
-- Second server stream message SHOULD BE type of `CreateResponse_Result`.
+Create opens new session between the client and the server
| Name | Input | Output |
| ---- | ----- | ------ |
@@ -63,13 +47,13 @@ session key. Session is established during 4-step handshake in one gRPC stream
### Message CreateRequest
-
+CreateRequest carries an information necessary for opening a session
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| Init | [Token](#session.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
-| Signed | [Token](#session.Token) | | Signed Init message response (Unsigned) from server with user private key |
+| OwnerID | [bytes](#bytes) | | OwnerID carries an identifier of a session initiator |
+| Lifetime | [service.TokenLifetime](#service.TokenLifetime) | | Lifetime carries a lifetime of the session |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -77,57 +61,13 @@ session key. Session is established during 4-step handshake in one gRPC stream
### Message CreateResponse
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Unsigned | [Token](#session.Token) | | Unsigned token with token ID and session public key generated on server side |
-| Result | [Token](#session.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary |
-
-
-
-
-
-
-
-
-Top
-
-## session/types.proto
-
-
-
-
-
-
-
-### Message Token
-User token granting rights for object manipulation
+CreateResponse carries an information about the opened session
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| Header | [VerificationHeader](#session.VerificationHeader) | | Header carries verification data of session key |
-| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
-| FirstEpoch | [uint64](#uint64) | | FirstEpoch is an initial epoch of token lifetime |
-| LastEpoch | [uint64](#uint64) | | LastEpoch is a last epoch of token lifetime |
-| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
-| Signature | [bytes](#bytes) | | Signature is a token signature, signed by owner of manipulation object |
-| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes |
-| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
-
-
-
-
-### Message VerificationHeader
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| PublicKey | [bytes](#bytes) | | PublicKey is a session public key |
-| KeySignature | [bytes](#bytes) | | KeySignature is a session public key signature. Signed by trusted side |
+| ID | [bytes](#bytes) | | ID carries an identifier of session token |
+| SessionKey | [bytes](#bytes) | | SessionKey carries a session public key |
diff --git a/object/extensions.go b/object/extensions.go
index 6e577bd..be755c6 100644
--- a/object/extensions.go
+++ b/object/extensions.go
@@ -19,21 +19,6 @@ func (m Object) IsLinking() bool {
return false
}
-// VerificationHeader returns verification header if it is presented in extended headers.
-func (m Object) VerificationHeader() (*VerificationHeader, error) {
- _, vh := m.LastHeader(HeaderType(VerifyHdr))
- if vh == nil {
- return nil, ErrHeaderNotFound
- }
- return vh.Value.(*Header_Verify).Verify, nil
-}
-
-// SetVerificationHeader sets verification header in the object.
-// It will replace existing verification header or add a new one.
-func (m *Object) SetVerificationHeader(header *VerificationHeader) {
- m.SetHeader(&Header{Value: &Header_Verify{Verify: header}})
-}
-
// Links returns slice of ids of specified link type
func (m *Object) Links(t Link_Type) []ID {
var res []ID
diff --git a/object/service.go b/object/service.go
index 45a8d4b..0e38d70 100644
--- a/object/service.go
+++ b/object/service.go
@@ -31,7 +31,7 @@ type (
// All object operations must have TTL, Epoch, Type, Container ID and
// permission of usage previous network map.
Request interface {
- service.MetaHeader
+ service.SeizedRequestMetaContainer
CID() CID
Type() RequestType
diff --git a/object/service.pb.go b/object/service.pb.go
index 4ac61bc..f882f5e 100644
--- a/object/service.pb.go
+++ b/object/service.pb.go
@@ -10,7 +10,6 @@ import (
proto "github.com/golang/protobuf/proto"
refs "github.com/nspcc-dev/neofs-api-go/refs"
service "github.com/nspcc-dev/neofs-api-go/service"
- session "github.com/nspcc-dev/neofs-api-go/session"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
@@ -33,8 +32,6 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type GetRequest struct {
// Address of object (container id + object id)
Address refs.Address `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address"`
- // Raw is the request flag of a physically stored representation of an object
- Raw bool `protobuf:"varint,2,opt,name=Raw,proto3" json:"Raw,omitempty"`
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -80,13 +77,6 @@ func (m *GetRequest) GetAddress() refs.Address {
return refs.Address{}
}
-func (m *GetRequest) GetRaw() bool {
- if m != nil {
- return m.Raw
- }
- return false
-}
-
type GetResponse struct {
// Types that are valid to be assigned to R:
// *GetResponse_Object
@@ -264,10 +254,8 @@ func (*PutRequest) XXX_OneofWrappers() []interface{} {
type PutRequest_PutHeader struct {
// Object with at least container id and owner id fields
Object *Object `protobuf:"bytes,1,opt,name=Object,proto3" json:"Object,omitempty"`
- // Token with session public key and user's signature
- Token *session.Token `protobuf:"bytes,2,opt,name=Token,proto3" json:"Token,omitempty"`
// Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
- CopiesNumber uint32 `protobuf:"varint,3,opt,name=CopiesNumber,proto3" json:"CopiesNumber,omitempty"`
+ CopiesNumber uint32 `protobuf:"varint,2,opt,name=CopiesNumber,proto3" json:"CopiesNumber,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@@ -309,13 +297,6 @@ func (m *PutRequest_PutHeader) GetObject() *Object {
return nil
}
-func (m *PutRequest_PutHeader) GetToken() *session.Token {
- if m != nil {
- return m.Token
- }
- return nil
-}
-
func (m *PutRequest_PutHeader) GetCopiesNumber() uint32 {
if m != nil {
return m.CopiesNumber
@@ -374,8 +355,6 @@ type DeleteRequest struct {
Address refs.Address `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address"`
// OwnerID is a wallet address
OwnerID OwnerID `protobuf:"bytes,2,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
- // Token with session public key and user's signature
- Token *session.Token `protobuf:"bytes,3,opt,name=Token,proto3" json:"Token,omitempty"`
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -421,13 +400,6 @@ func (m *DeleteRequest) GetAddress() refs.Address {
return refs.Address{}
}
-func (m *DeleteRequest) GetToken() *session.Token {
- if m != nil {
- return m.Token
- }
- return nil
-}
-
// DeleteResponse is empty because we cannot guarantee permanent object removal
// in distributed system.
type DeleteResponse struct {
@@ -472,8 +444,6 @@ type HeadRequest struct {
Address Address `protobuf:"bytes,1,opt,name=Address,proto3,customtype=Address" json:"Address"`
// FullHeaders can be set true for extended headers in the object
FullHeaders bool `protobuf:"varint,2,opt,name=FullHeaders,proto3" json:"FullHeaders,omitempty"`
- // Raw is the request flag of a physically stored representation of an object
- Raw bool `protobuf:"varint,3,opt,name=Raw,proto3" json:"Raw,omitempty"`
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -519,13 +489,6 @@ func (m *HeadRequest) GetFullHeaders() bool {
return false
}
-func (m *HeadRequest) GetRaw() bool {
- if m != nil {
- return m.Raw
- }
- return false
-}
-
type HeadResponse struct {
// Object without payload
Object *Object `protobuf:"bytes,1,opt,name=Object,proto3" json:"Object,omitempty"`
@@ -906,65 +869,62 @@ func init() {
func init() { proto.RegisterFile("object/service.proto", fileDescriptor_dfcdf610ade6a9ce) }
var fileDescriptor_dfcdf610ade6a9ce = []byte{
- // 924 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x57, 0xcf, 0x6f, 0x1b, 0x45,
- 0x14, 0xce, 0x78, 0x9d, 0x4d, 0xfa, 0x6c, 0xa7, 0xd1, 0xc4, 0x14, 0x6b, 0x5b, 0x39, 0x91, 0x55,
- 0x21, 0x23, 0xe4, 0x75, 0x28, 0x12, 0x94, 0x13, 0xaa, 0x13, 0xa5, 0x89, 0x10, 0x4d, 0x3a, 0x41,
- 0x3d, 0x70, 0x5b, 0x6f, 0x5e, 0x9c, 0xa5, 0xc9, 0xae, 0xbb, 0xb3, 0x9b, 0x28, 0x07, 0xb8, 0x71,
- 0xee, 0x95, 0x23, 0x67, 0xfe, 0x92, 0x5e, 0x90, 0x7a, 0x44, 0x1c, 0xa2, 0x2a, 0x1c, 0xf9, 0x07,
- 0x90, 0xb8, 0xa0, 0xf9, 0xb5, 0x3f, 0x52, 0x12, 0xc0, 0x3e, 0xb8, 0x27, 0xcf, 0x7c, 0xef, 0x7b,
- 0x6f, 0xe6, 0x7d, 0xf3, 0xe6, 0x8d, 0x17, 0x9a, 0xd1, 0xf0, 0x5b, 0xf4, 0x93, 0x3e, 0xc7, 0xf8,
- 0x34, 0xf0, 0xd1, 0x1d, 0xc7, 0x51, 0x12, 0x51, 0x5b, 0xa1, 0xce, 0x72, 0x8c, 0x87, 0xbc, 0x9f,
- 0x9c, 0x8f, 0x91, 0x2b, 0x8b, 0x43, 0x35, 0xbf, 0x88, 0xad, 0x70, 0xe4, 0x3c, 0x88, 0xc2, 0x32,
- 0x51, 0x47, 0xec, 0x9f, 0x60, 0xe2, 0x69, 0xac, 0x69, 0xb0, 0x53, 0x8c, 0x83, 0xc3, 0x73, 0x8d,
- 0xf6, 0x46, 0x41, 0x72, 0x94, 0x0e, 0x5d, 0x3f, 0x3a, 0xe9, 0x8f, 0xa2, 0x51, 0xd4, 0x97, 0xf0,
- 0x30, 0x3d, 0x94, 0x33, 0x39, 0x91, 0x23, 0x45, 0xef, 0xfc, 0x42, 0x00, 0x1e, 0x63, 0xc2, 0xf0,
- 0x45, 0x8a, 0x3c, 0xa1, 0x3d, 0x58, 0x78, 0x74, 0x70, 0x10, 0x23, 0xe7, 0x2d, 0xb2, 0x46, 0xba,
- 0xb5, 0x07, 0x0d, 0x57, 0x6c, 0xda, 0xd5, 0xe0, 0xa0, 0xfa, 0xea, 0x62, 0x75, 0x8e, 0x19, 0x0e,
- 0x5d, 0x06, 0x8b, 0x79, 0x67, 0xad, 0xca, 0x1a, 0xe9, 0x2e, 0x32, 0x31, 0xa4, 0x0f, 0xa1, 0xfa,
- 0x15, 0x26, 0x5e, 0x6b, 0x28, 0xbd, 0x1d, 0xd7, 0x28, 0xa1, 0x17, 0x10, 0xb6, 0x6d, 0xf4, 0x0e,
- 0x30, 0x1e, 0x2c, 0x8a, 0x50, 0xaf, 0x2f, 0x56, 0x09, 0x93, 0x1e, 0x74, 0x13, 0xec, 0x67, 0x32,
- 0x91, 0x96, 0x2f, 0x7d, 0x3b, 0x57, 0x7d, 0xa5, 0x35, 0xf0, 0xbd, 0x24, 0x88, 0xc2, 0xb7, 0x62,
- 0x68, 0xdf, 0xce, 0x4b, 0x02, 0x35, 0x99, 0x0f, 0x1f, 0x47, 0x21, 0x47, 0xda, 0x05, 0xad, 0xbe,
- 0xce, 0x67, 0xc9, 0x55, 0x53, 0x77, 0x57, 0xfe, 0x6c, 0xcf, 0x31, 0x6d, 0xa7, 0x77, 0x60, 0x7e,
- 0xe3, 0x28, 0x0d, 0x9f, 0xcb, 0x6c, 0xea, 0xdb, 0x73, 0x4c, 0x4d, 0xe9, 0xe7, 0x3a, 0x23, 0xb5,
- 0xab, 0xbb, 0x85, 0x5d, 0xa9, 0x25, 0xae, 0x4f, 0x69, 0x60, 0x01, 0x61, 0x9d, 0x37, 0x15, 0x80,
- 0xbd, 0x34, 0x53, 0xf8, 0x53, 0xb0, 0x15, 0x5b, 0x6f, 0xe8, 0x9e, 0xd9, 0x50, 0xce, 0x11, 0x43,
- 0xc5, 0x11, 0xdb, 0x53, 0xa3, 0x6b, 0xb7, 0x37, 0x63, 0xc1, 0x9d, 0xef, 0xe0, 0x56, 0xb6, 0x5d,
- 0xfa, 0x01, 0xd8, 0xbb, 0x37, 0xa8, 0xcd, 0xb4, 0x95, 0xde, 0x87, 0xf9, 0xaf, 0xa3, 0xe7, 0x18,
- 0xca, 0x64, 0x04, 0x4d, 0xd7, 0xbc, 0x2b, 0x51, 0xa6, 0x8c, 0xb4, 0x03, 0xf5, 0x8d, 0x68, 0x1c,
- 0x20, 0x7f, 0x92, 0x9e, 0x0c, 0x31, 0x6e, 0x59, 0x6b, 0xa4, 0xdb, 0x60, 0x25, 0x4c, 0x49, 0x7c,
- 0x06, 0x35, 0xa9, 0x9e, 0x3e, 0xf3, 0xff, 0x59, 0xc4, 0x93, 0x1f, 0x70, 0xe7, 0x65, 0x05, 0x1a,
- 0x9b, 0x78, 0x8c, 0x09, 0x4e, 0x78, 0x81, 0x3e, 0x84, 0x85, 0xdd, 0xb3, 0x10, 0xe3, 0x9d, 0x4d,
- 0x75, 0xae, 0x83, 0xdb, 0xc2, 0xfe, 0xdb, 0xc5, 0xaa, 0x81, 0x99, 0x19, 0xe4, 0x9a, 0x59, 0x37,
- 0x69, 0x36, 0xeb, 0xfb, 0xf7, 0x25, 0x2c, 0x19, 0x41, 0xf4, 0x69, 0x4c, 0x21, 0xef, 0x5f, 0x04,
- 0x6a, 0xc2, 0x64, 0xc4, 0x7d, 0xf8, 0x2f, 0xe2, 0x66, 0xe2, 0x69, 0x20, 0xd7, 0x79, 0x0d, 0x6a,
- 0x5b, 0xe9, 0xf1, 0xb1, 0x5a, 0x87, 0xeb, 0x86, 0x55, 0x84, 0x4c, 0x2b, 0xb3, 0xde, 0x9d, 0x56,
- 0xf6, 0x02, 0xea, 0x2a, 0x79, 0x2d, 0xe4, 0x7f, 0xbd, 0x5c, 0x53, 0x08, 0xfe, 0x27, 0x81, 0xc6,
- 0x3e, 0x7a, 0xb1, 0x7f, 0x94, 0xd7, 0x73, 0x6d, 0x23, 0x0a, 0x13, 0x2f, 0x50, 0x45, 0x4a, 0x64,
- 0x91, 0xd6, 0xb4, 0xce, 0xd6, 0xc6, 0xce, 0x26, 0x2b, 0xda, 0x69, 0x13, 0xe6, 0x9f, 0xa6, 0x18,
- 0x9f, 0xab, 0x6a, 0x66, 0x6a, 0x22, 0x2e, 0xb2, 0x1c, 0x3c, 0xc3, 0x58, 0x54, 0xac, 0xb9, 0xc8,
- 0x45, 0x6c, 0xe6, 0x6a, 0x7f, 0x0f, 0x4b, 0x26, 0x73, 0xad, 0xf7, 0xc7, 0x70, 0x4b, 0x97, 0x0f,
- 0x8a, 0x7a, 0xb3, 0xae, 0xbb, 0xcc, 0x39, 0x6b, 0x1a, 0xe9, 0xff, 0x20, 0x70, 0x5b, 0x3c, 0x5c,
- 0x5e, 0x38, 0x9a, 0xbc, 0x99, 0xcc, 0x4b, 0x77, 0xdd, 0x55, 0x1b, 0xa6, 0x3e, 0x24, 0xa8, 0xc9,
- 0x8a, 0x31, 0x73, 0xb5, 0x03, 0x58, 0xce, 0x93, 0xd5, 0x7a, 0x3b, 0xb0, 0xb8, 0x15, 0x7b, 0xa3,
- 0x13, 0x0c, 0x55, 0x85, 0xd7, 0x59, 0x36, 0x9f, 0x46, 0xd8, 0x1f, 0x2a, 0xb0, 0x62, 0xd6, 0xda,
- 0xf6, 0xf8, 0xd1, 0x84, 0xe2, 0x7e, 0x04, 0xb6, 0x0c, 0x21, 0x9a, 0x87, 0x75, 0x9d, 0xba, 0x9a,
- 0x42, 0x29, 0x54, 0xf7, 0xbd, 0xe3, 0x44, 0x16, 0x7a, 0x9d, 0xc9, 0xf1, 0xcc, 0x25, 0x3f, 0x83,
- 0x66, 0x59, 0x06, 0x2d, 0xfb, 0x7d, 0xb0, 0xc5, 0x5c, 0xd7, 0x78, 0x7d, 0x50, 0xd7, 0x97, 0xbb,
- 0x2a, 0x59, 0xda, 0x36, 0xc5, 0x01, 0x3c, 0xf8, 0xc9, 0x82, 0x85, 0x7d, 0x45, 0xa7, 0xeb, 0x60,
- 0x3d, 0xc6, 0x84, 0x52, 0x23, 0x5e, 0xfe, 0xd7, 0xd3, 0x59, 0x29, 0x61, 0x2a, 0xea, 0x3a, 0x11,
- 0x1e, 0x7b, 0x69, 0xc1, 0x23, 0xff, 0x9b, 0x94, 0x7b, 0x14, 0x1e, 0xff, 0x2e, 0xa1, 0x9f, 0x81,
- 0xad, 0x9e, 0x20, 0xfa, 0x9e, 0x21, 0x94, 0xde, 0x68, 0xe7, 0xce, 0x55, 0x38, 0xbb, 0xf0, 0x55,
- 0x91, 0x02, 0xcd, 0xe2, 0x16, 0xde, 0x1e, 0xa7, 0x59, 0x06, 0xb3, 0xc7, 0xcd, 0x56, 0x5d, 0x23,
- 0x5f, 0xab, 0xd4, 0x3f, 0xf3, 0xb5, 0xca, 0xcd, 0x65, 0x9d, 0xd0, 0x2f, 0x60, 0xd1, 0x9c, 0x07,
- 0x7d, 0xbf, 0x98, 0x7b, 0xa1, 0x03, 0x38, 0xad, 0xb7, 0x0d, 0x59, 0x80, 0x1d, 0xa8, 0x17, 0x0f,
- 0x94, 0xde, 0xbd, 0xca, 0x2d, 0x54, 0xbb, 0x73, 0xef, 0x9f, 0x8d, 0x2a, 0xd8, 0xe0, 0xe9, 0xab,
- 0xcb, 0x36, 0x79, 0x7d, 0xd9, 0x26, 0xbf, 0x5e, 0xb6, 0xc9, 0x9b, 0xcb, 0x36, 0xf9, 0xf1, 0xf7,
- 0xf6, 0xdc, 0x37, 0xdd, 0xc2, 0xa7, 0x44, 0xc8, 0xc7, 0xbe, 0xdf, 0x3b, 0xc0, 0xd3, 0x7e, 0x88,
- 0xd1, 0x21, 0xef, 0x79, 0xe3, 0xa0, 0x37, 0x8a, 0xfa, 0x2a, 0xe8, 0xcf, 0x95, 0xe5, 0x27, 0x18,
- 0x6d, 0xed, 0xbb, 0x8f, 0xf6, 0x76, 0xf4, 0x6b, 0x34, 0xb4, 0xe5, 0xf7, 0xc5, 0x27, 0x7f, 0x07,
- 0x00, 0x00, 0xff, 0xff, 0xb3, 0xf2, 0x5d, 0xaf, 0x13, 0x0d, 0x00, 0x00,
+ // 876 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0x4b, 0x6f, 0x22, 0x47,
+ 0x10, 0xa6, 0x01, 0x8f, 0x71, 0x31, 0xd8, 0x56, 0x9b, 0x38, 0x68, 0x6c, 0x61, 0x0b, 0x45, 0x11,
+ 0x51, 0xc4, 0xe0, 0x38, 0x52, 0xe2, 0x9c, 0x22, 0x03, 0xb2, 0x41, 0x51, 0xfc, 0x18, 0x24, 0x47,
+ 0xca, 0x6d, 0x18, 0x1a, 0x98, 0x04, 0x66, 0xf0, 0x3c, 0x6c, 0xf9, 0x92, 0x5b, 0xce, 0xb9, 0xe6,
+ 0xb8, 0xe7, 0xfd, 0x09, 0xbb, 0x7f, 0xc0, 0x47, 0x1f, 0x57, 0x7b, 0xb0, 0x56, 0xec, 0x69, 0xb5,
+ 0x7f, 0x60, 0x8f, 0xab, 0xe9, 0xee, 0x79, 0xd9, 0xcb, 0x3e, 0xe0, 0xc0, 0x69, 0xba, 0xbf, 0xfa,
+ 0xaa, 0xba, 0xea, 0xeb, 0xea, 0xee, 0x81, 0xbc, 0xd9, 0xf9, 0x8b, 0x68, 0x4e, 0xd5, 0x26, 0xd6,
+ 0x95, 0xae, 0x11, 0x79, 0x6c, 0x99, 0x8e, 0x89, 0x05, 0x86, 0x4a, 0xeb, 0x16, 0xe9, 0xd9, 0x55,
+ 0xe7, 0x66, 0x4c, 0x6c, 0x66, 0x91, 0x30, 0xe7, 0xc7, 0x30, 0xee, 0x5c, 0x1d, 0x11, 0x47, 0xe5,
+ 0x58, 0xde, 0xc7, 0xae, 0x88, 0xa5, 0xf7, 0x6e, 0x38, 0x5a, 0xe9, 0xeb, 0xce, 0xc0, 0xed, 0xc8,
+ 0x9a, 0x39, 0xaa, 0xf6, 0xcd, 0xbe, 0x59, 0xa5, 0x70, 0xc7, 0xed, 0xd1, 0x19, 0x9d, 0xd0, 0x11,
+ 0xa3, 0x97, 0x9e, 0x23, 0x80, 0x63, 0xe2, 0x28, 0xe4, 0xd2, 0x25, 0xb6, 0x83, 0x2b, 0xb0, 0x7c,
+ 0xd8, 0xed, 0x5a, 0xc4, 0xb6, 0x0b, 0x68, 0x17, 0x95, 0xb3, 0xfb, 0x39, 0xd9, 0xcb, 0x4f, 0xe6,
+ 0x60, 0x2d, 0x7d, 0x7b, 0xbf, 0x93, 0x50, 0x7c, 0x0e, 0x3e, 0x80, 0xf4, 0xef, 0xc4, 0x51, 0x0b,
+ 0x1d, 0xca, 0x95, 0x64, 0xbf, 0x44, 0x1e, 0xce, 0xb3, 0x35, 0x89, 0xda, 0x25, 0x56, 0x2d, 0xe3,
+ 0x39, 0xde, 0xdd, 0xef, 0x20, 0x85, 0x7a, 0xe0, 0x06, 0x08, 0x17, 0x34, 0xed, 0x82, 0x46, 0x7d,
+ 0x4b, 0x0f, 0x7d, 0xa9, 0x55, 0xd7, 0x54, 0x47, 0x37, 0x8d, 0x47, 0x31, 0xb8, 0x6f, 0xe9, 0x3f,
+ 0x04, 0x59, 0x9a, 0xbd, 0x3d, 0x36, 0x0d, 0x9b, 0xe0, 0x32, 0x70, 0x59, 0x79, 0xf6, 0xab, 0x32,
+ 0x9b, 0xca, 0xa7, 0xf4, 0xd3, 0x4c, 0x28, 0xdc, 0x8e, 0x37, 0x61, 0xa9, 0x3e, 0x70, 0x8d, 0xbf,
+ 0x0b, 0xc9, 0x5d, 0x54, 0x16, 0x9b, 0x09, 0x85, 0x4d, 0xf1, 0x2f, 0xbc, 0x22, 0x96, 0xd5, 0x56,
+ 0x24, 0x2b, 0xb6, 0xc4, 0xf4, 0x92, 0x6a, 0x29, 0x40, 0x4a, 0xe9, 0x59, 0x12, 0xe0, 0xcc, 0x0d,
+ 0xf4, 0xfc, 0x09, 0x04, 0xc6, 0xe6, 0x09, 0x6d, 0xfb, 0x09, 0x85, 0x1c, 0x6f, 0xc8, 0x38, 0x5e,
+ 0x7a, 0x6c, 0x34, 0x35, 0xbd, 0x05, 0x0b, 0x2e, 0xfd, 0x01, 0x2b, 0x41, 0xba, 0xf8, 0x5b, 0x10,
+ 0x4e, 0x3f, 0xa2, 0xb6, 0xc2, 0xad, 0xb8, 0x04, 0x62, 0xdd, 0x1c, 0xeb, 0xc4, 0x3e, 0x71, 0x47,
+ 0x1d, 0x62, 0xd1, 0x9a, 0x72, 0x4a, 0x0c, 0x63, 0xe2, 0x5d, 0x43, 0x96, 0xea, 0xc2, 0x77, 0xf3,
+ 0x0b, 0x9b, 0x71, 0xf6, 0xad, 0x2b, 0xbd, 0x41, 0x90, 0x6b, 0x90, 0x21, 0x71, 0xc8, 0x8c, 0x07,
+ 0xe1, 0x3b, 0x58, 0x3e, 0xbd, 0x36, 0x88, 0xd5, 0x6a, 0xb0, 0x1d, 0xab, 0xad, 0x79, 0xf6, 0x97,
+ 0xf7, 0x3b, 0x3e, 0xac, 0xf8, 0x83, 0x85, 0x9f, 0x99, 0xdf, 0x60, 0xd5, 0x2f, 0x95, 0xeb, 0x3c,
+ 0x9f, 0x70, 0x59, 0xcf, 0xe4, 0xcb, 0x76, 0xf0, 0x09, 0xd9, 0x02, 0x59, 0x38, 0x10, 0x2a, 0xb8,
+ 0x0b, 0xd9, 0x23, 0x77, 0x38, 0x64, 0xeb, 0xd8, 0x54, 0xc5, 0x8c, 0x12, 0x85, 0x16, 0x2e, 0xdc,
+ 0x25, 0x88, 0xac, 0x54, 0x2e, 0xdb, 0xe7, 0xb6, 0xff, 0x1c, 0xf2, 0xbe, 0x43, 0x90, 0x6b, 0x13,
+ 0xd5, 0xd2, 0x06, 0x61, 0x5f, 0x66, 0xeb, 0xa6, 0xe1, 0xa8, 0x3a, 0x6b, 0x36, 0x44, 0x9b, 0x2d,
+ 0xcb, 0x55, 0x4d, 0xd5, 0x5b, 0x0d, 0x25, 0x6a, 0xc7, 0x79, 0x58, 0x3a, 0x77, 0x89, 0x75, 0xc3,
+ 0xba, 0x52, 0x61, 0x13, 0xef, 0x40, 0xd2, 0xc1, 0x05, 0xb1, 0x6c, 0xdd, 0x34, 0x0a, 0x29, 0x76,
+ 0x20, 0xa3, 0xd8, 0xc2, 0xd5, 0xfe, 0x07, 0x56, 0xfd, 0xca, 0xb9, 0xde, 0x3f, 0xc0, 0x0a, 0x6f,
+ 0x16, 0xe2, 0x75, 0x57, 0x6a, 0xda, 0xa1, 0x0c, 0x59, 0xf3, 0x48, 0xff, 0x16, 0xc1, 0x9a, 0xf7,
+ 0xb4, 0xa8, 0x46, 0x7f, 0xf6, 0x4b, 0x61, 0x89, 0xba, 0x53, 0xf1, 0x3d, 0x32, 0xef, 0x0f, 0x0a,
+ 0x72, 0x32, 0x63, 0x2c, 0x5c, 0x6d, 0x1d, 0xd6, 0xc3, 0x62, 0xb9, 0xde, 0x12, 0x64, 0x8e, 0x2c,
+ 0xb5, 0x3f, 0x22, 0x06, 0xeb, 0x70, 0x51, 0x09, 0xe6, 0xf3, 0x08, 0xfb, 0x6f, 0x12, 0x36, 0xfc,
+ 0xb5, 0x9a, 0xaa, 0x3d, 0x98, 0x51, 0xdc, 0xef, 0x41, 0xa0, 0x21, 0xbc, 0xab, 0x22, 0x35, 0x4d,
+ 0x5d, 0x4e, 0xc1, 0x18, 0xd2, 0x6d, 0x75, 0xe8, 0xd0, 0x46, 0x17, 0x15, 0x3a, 0x5e, 0xb8, 0xe4,
+ 0xd7, 0x90, 0x8f, 0xcb, 0xc0, 0x65, 0xff, 0x06, 0x04, 0x6f, 0xce, 0x7b, 0x5c, 0xac, 0x89, 0xfc,
+ 0x70, 0xa7, 0x29, 0x8b, 0xdb, 0xe6, 0xd8, 0x80, 0xfd, 0x27, 0x29, 0x58, 0x6e, 0x33, 0x3a, 0xde,
+ 0x83, 0xd4, 0x31, 0x71, 0x30, 0xf6, 0xc5, 0x0b, 0x7f, 0x05, 0xa5, 0x8d, 0x18, 0xc6, 0xa2, 0xee,
+ 0x21, 0xcf, 0xe3, 0xcc, 0x8d, 0x78, 0x84, 0x3f, 0x32, 0xa1, 0x47, 0xe4, 0x11, 0x2f, 0x23, 0xfc,
+ 0x33, 0x08, 0xec, 0xc1, 0xc1, 0x5f, 0xf9, 0x84, 0xd8, 0x5b, 0x2b, 0x6d, 0x3e, 0x84, 0x83, 0x03,
+ 0x9f, 0xf6, 0x4a, 0xc0, 0x41, 0xdc, 0xc8, 0x4b, 0x23, 0xe5, 0xe3, 0x60, 0xf0, 0x94, 0x09, 0xec,
+ 0xd6, 0x08, 0xd7, 0x8a, 0xdd, 0x9f, 0xe1, 0x5a, 0xf1, 0xcb, 0x65, 0x0f, 0xe1, 0x5f, 0x21, 0xe3,
+ 0xef, 0x07, 0xfe, 0x3a, 0x5a, 0x7b, 0xe4, 0x06, 0x90, 0x0a, 0x8f, 0x0d, 0x41, 0x80, 0x16, 0x88,
+ 0xd1, 0x0d, 0xc5, 0x5b, 0x0f, 0xb9, 0x91, 0x6e, 0x97, 0xb6, 0x3f, 0x6c, 0x64, 0xc1, 0x6a, 0xe7,
+ 0xb7, 0x93, 0x22, 0xba, 0x9b, 0x14, 0xd1, 0x8b, 0x49, 0x11, 0xbd, 0x9a, 0x14, 0xd1, 0xff, 0xaf,
+ 0x8b, 0x89, 0x3f, 0xcb, 0x91, 0x5f, 0x7b, 0xc3, 0x1e, 0x6b, 0x5a, 0xa5, 0x4b, 0xae, 0xaa, 0x06,
+ 0x31, 0x7b, 0x76, 0x45, 0x1d, 0xeb, 0x95, 0xbe, 0x59, 0x65, 0x41, 0x9f, 0x26, 0xd7, 0x4f, 0x88,
+ 0x79, 0xd4, 0x96, 0x0f, 0xcf, 0x5a, 0xfc, 0x35, 0xea, 0x08, 0xf4, 0x7f, 0xff, 0xc7, 0xf7, 0x01,
+ 0x00, 0x00, 0xff, 0xff, 0x71, 0xb8, 0x50, 0x3f, 0x8e, 0x0c, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
@@ -1477,16 +1437,6 @@ func (m *GetRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
dAtA[i] = 0x6
i--
dAtA[i] = 0x92
- if m.Raw {
- i--
- if m.Raw {
- dAtA[i] = 1
- } else {
- dAtA[i] = 0
- }
- i--
- dAtA[i] = 0x10
- }
{
size, err := m.Address.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
@@ -1709,19 +1659,7 @@ func (m *PutRequest_PutHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
if m.CopiesNumber != 0 {
i = encodeVarintService(dAtA, i, uint64(m.CopiesNumber))
i--
- dAtA[i] = 0x18
- }
- if m.Token != nil {
- {
- size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintService(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0x12
+ dAtA[i] = 0x10
}
if m.Object != nil {
{
@@ -1835,18 +1773,6 @@ func (m *DeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
dAtA[i] = 0x6
i--
dAtA[i] = 0x92
- if m.Token != nil {
- {
- size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintService(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0x1a
- }
{
size := m.OwnerID.Size()
i -= size
@@ -1957,16 +1883,6 @@ func (m *HeadRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
dAtA[i] = 0x6
i--
dAtA[i] = 0x92
- if m.Raw {
- i--
- if m.Raw {
- dAtA[i] = 1
- } else {
- dAtA[i] = 0
- }
- i--
- dAtA[i] = 0x18
- }
if m.FullHeaders {
i--
if m.FullHeaders {
@@ -2438,9 +2354,6 @@ func (m *GetRequest) Size() (n int) {
_ = l
l = m.Address.Size()
n += 1 + l + sovService(uint64(l))
- if m.Raw {
- n += 2
- }
l = m.RequestMetaHeader.Size()
n += 2 + l + sovService(uint64(l))
l = m.RequestVerificationHeader.Size()
@@ -2545,10 +2458,6 @@ func (m *PutRequest_PutHeader) Size() (n int) {
l = m.Object.Size()
n += 1 + l + sovService(uint64(l))
}
- if m.Token != nil {
- l = m.Token.Size()
- n += 1 + l + sovService(uint64(l))
- }
if m.CopiesNumber != 0 {
n += 1 + sovService(uint64(m.CopiesNumber))
}
@@ -2584,10 +2493,6 @@ func (m *DeleteRequest) Size() (n int) {
n += 1 + l + sovService(uint64(l))
l = m.OwnerID.Size()
n += 1 + l + sovService(uint64(l))
- if m.Token != nil {
- l = m.Token.Size()
- n += 1 + l + sovService(uint64(l))
- }
l = m.RequestMetaHeader.Size()
n += 2 + l + sovService(uint64(l))
l = m.RequestVerificationHeader.Size()
@@ -2623,9 +2528,6 @@ func (m *HeadRequest) Size() (n int) {
if m.FullHeaders {
n += 2
}
- if m.Raw {
- n += 2
- }
l = m.RequestMetaHeader.Size()
n += 2 + l + sovService(uint64(l))
l = m.RequestVerificationHeader.Size()
@@ -2853,26 +2755,6 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
- case 2:
- if wireType != 0 {
- return fmt.Errorf("proto: wrong wireType = %d for field Raw", wireType)
- }
- var v int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowService
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- v |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- m.Raw = bool(v != 0)
case 98:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType)
@@ -3373,42 +3255,6 @@ func (m *PutRequest_PutHeader) Unmarshal(dAtA []byte) error {
}
iNdEx = postIndex
case 2:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
- }
- var msglen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowService
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- msglen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if msglen < 0 {
- return ErrInvalidLengthService
- }
- postIndex := iNdEx + msglen
- if postIndex < 0 {
- return ErrInvalidLengthService
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- if m.Token == nil {
- m.Token = &session.Token{}
- }
- if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
- case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field CopiesNumber", wireType)
}
@@ -3667,42 +3513,6 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
- case 3:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
- }
- var msglen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowService
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- msglen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if msglen < 0 {
- return ErrInvalidLengthService
- }
- postIndex := iNdEx + msglen
- if postIndex < 0 {
- return ErrInvalidLengthService
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- if m.Token == nil {
- m.Token = &session.Token{}
- }
- if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
case 98:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType)
@@ -3963,26 +3773,6 @@ func (m *HeadRequest) Unmarshal(dAtA []byte) error {
}
}
m.FullHeaders = bool(v != 0)
- case 3:
- if wireType != 0 {
- return fmt.Errorf("proto: wrong wireType = %d for field Raw", wireType)
- }
- var v int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowService
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- v |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- m.Raw = bool(v != 0)
case 98:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType)
diff --git a/object/service.proto b/object/service.proto
index b5042e2..91d0b99 100644
--- a/object/service.proto
+++ b/object/service.proto
@@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object";
import "refs/types.proto";
import "object/types.proto";
-import "session/types.proto";
import "service/meta.proto";
import "service/verify.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -58,8 +57,6 @@ service Service {
message GetRequest {
// Address of object (container id + object id)
refs.Address Address = 1 [(gogoproto.nullable) = false];
- // Raw is the request flag of a physically stored representation of an object
- bool Raw = 2;
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -82,10 +79,8 @@ message PutRequest {
message PutHeader {
// Object with at least container id and owner id fields
Object Object = 1;
- // Token with session public key and user's signature
- session.Token Token = 2;
// Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
- uint32 CopiesNumber = 3;
+ uint32 CopiesNumber = 2;
}
oneof R {
@@ -112,8 +107,6 @@ message DeleteRequest {
refs.Address Address = 1 [(gogoproto.nullable) = false];
// OwnerID is a wallet address
bytes OwnerID = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
- // Token with session public key and user's signature
- session.Token Token = 3;
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -132,8 +125,6 @@ message HeadRequest {
refs.Address Address = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
// FullHeaders can be set true for extended headers in the object
bool FullHeaders = 2;
- // Raw is the request flag of a physically stored representation of an object
- bool Raw = 3;
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
diff --git a/object/service_test.go b/object/service_test.go
index 4b02b37..5b7a358 100644
--- a/object/service_test.go
+++ b/object/service_test.go
@@ -16,8 +16,8 @@ func TestRequest(t *testing.T) {
&DeleteRequest{},
&GetRangeRequest{},
&GetRangeHashRequest{},
- MakePutRequestHeader(nil, nil),
- MakePutRequestHeader(&Object{}, nil),
+ MakePutRequestHeader(nil),
+ MakePutRequestHeader(&Object{}),
}
types := []RequestType{
diff --git a/object/sign.go b/object/sign.go
new file mode 100644
index 0000000..1ed3efa
--- /dev/null
+++ b/object/sign.go
@@ -0,0 +1,259 @@
+package object
+
+import (
+ "encoding/binary"
+ "io"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+// SignedData returns payload bytes of the request.
+//
+// If payload is nil, ErrHeaderNotFound returns.
+func (m PutRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m PutRequest) ReadSignedData(p []byte) (int, error) {
+ r := m.GetR()
+ if r == nil {
+ return 0, ErrHeaderNotFound
+ }
+
+ return r.MarshalTo(p)
+}
+
+// SignedDataSize returns the size of payload of the Put request.
+//
+// If payload is nil, -1 returns.
+func (m PutRequest) SignedDataSize() int {
+ r := m.GetR()
+ if r == nil {
+ return -1
+ }
+
+ return r.Size()
+}
+
+// SignedData returns payload bytes of the request.
+func (m GetRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m GetRequest) ReadSignedData(p []byte) (int, error) {
+ addr := m.GetAddress()
+
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], addr.CID.Bytes())
+
+ off += copy(p[off:], addr.ObjectID.Bytes())
+
+ return off, nil
+}
+
+// SignedDataSize returns payload size of the request.
+func (m GetRequest) SignedDataSize() int {
+ return addressSize(m.GetAddress())
+}
+
+// SignedData returns payload bytes of the request.
+func (m HeadRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m HeadRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ if m.GetFullHeaders() {
+ p[0] = 1
+ }
+
+ off := 1
+
+ off += copy(p[off:], m.Address.CID.Bytes())
+
+ off += copy(p[off:], m.Address.ObjectID.Bytes())
+
+ return off, nil
+}
+
+// SignedDataSize returns payload size of the request.
+func (m HeadRequest) SignedDataSize() int {
+ return addressSize(m.Address) + 1
+}
+
+// SignedData returns payload bytes of the request.
+func (m DeleteRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m DeleteRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.OwnerID.Bytes())
+
+ off += copy(p[off:], addressBytes(m.Address))
+
+ return off, nil
+}
+
+// SignedDataSize returns payload size of the request.
+func (m DeleteRequest) SignedDataSize() int {
+ return m.OwnerID.Size() + addressSize(m.Address)
+}
+
+// SignedData returns payload bytes of the request.
+func (m GetRangeRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m GetRangeRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ n, err := (&m.Range).MarshalTo(p)
+ if err != nil {
+ return 0, err
+ }
+
+ n += copy(p[n:], addressBytes(m.GetAddress()))
+
+ return n, nil
+}
+
+// SignedDataSize returns payload size of the request.
+func (m GetRangeRequest) SignedDataSize() int {
+ return (&m.Range).Size() + addressSize(m.GetAddress())
+}
+
+// SignedData returns payload bytes of the request.
+func (m GetRangeHashRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m GetRangeHashRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], addressBytes(m.GetAddress()))
+
+ off += copy(p[off:], rangeSetBytes(m.GetRanges()))
+
+ off += copy(p[off:], m.GetSalt())
+
+ return off, nil
+}
+
+// SignedDataSize returns payload size of the request.
+func (m GetRangeHashRequest) SignedDataSize() int {
+ var sz int
+
+ sz += addressSize(m.GetAddress())
+
+ sz += rangeSetSize(m.GetRanges())
+
+ sz += len(m.GetSalt())
+
+ return sz
+}
+
+// SignedData returns payload bytes of the request.
+func (m SearchRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m SearchRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.CID().Bytes())
+
+ binary.BigEndian.PutUint32(p[off:], m.GetQueryVersion())
+ off += 4
+
+ off += copy(p[off:], m.GetQuery())
+
+ return off, nil
+}
+
+// SignedDataSize returns payload size of the request.
+func (m SearchRequest) SignedDataSize() int {
+ var sz int
+
+ sz += m.CID().Size()
+
+ sz += 4 // uint32 Version
+
+ sz += len(m.GetQuery())
+
+ return sz
+}
+
+func rangeSetSize(rs []Range) int {
+ return 4 + len(rs)*16 // two uint64 fields
+}
+
+func rangeSetBytes(rs []Range) []byte {
+ data := make([]byte, rangeSetSize(rs))
+
+ binary.BigEndian.PutUint32(data, uint32(len(rs)))
+
+ off := 4
+
+ for i := range rs {
+ binary.BigEndian.PutUint64(data[off:], rs[i].Offset)
+ off += 8
+
+ binary.BigEndian.PutUint64(data[off:], rs[i].Length)
+ off += 8
+ }
+
+ return data
+}
+
+func addressSize(addr Address) int {
+ return addr.CID.Size() + addr.ObjectID.Size()
+}
+
+func addressBytes(addr Address) []byte {
+ return append(addr.CID.Bytes(), addr.ObjectID.Bytes()...)
+}
diff --git a/object/sign_test.go b/object/sign_test.go
new file mode 100644
index 0000000..4df1c2b
--- /dev/null
+++ b/object/sign_test.go
@@ -0,0 +1,189 @@
+package object
+
+import (
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestSignVerifyRequests(t *testing.T) {
+ sk := test.DecodeKey(0)
+
+ type sigType interface {
+ service.SignedDataWithToken
+ service.SignKeyPairAccumulator
+ service.SignKeyPairSource
+ SetToken(*Token)
+ }
+
+ items := []struct {
+ constructor func() sigType
+ payloadCorrupt []func(sigType)
+ }{
+ { // PutRequest.PutHeader
+ constructor: func() sigType {
+ return MakePutRequestHeader(new(Object))
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ obj := s.(*PutRequest).GetR().(*PutRequest_Header).Header.GetObject()
+ obj.SystemHeader.PayloadLength++
+ },
+ },
+ },
+ { // PutRequest.Chunk
+ constructor: func() sigType {
+ return MakePutRequestChunk(make([]byte, 10))
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ h := s.(*PutRequest).GetR().(*PutRequest_Chunk)
+ h.Chunk[0]++
+ },
+ },
+ },
+ { // GetRequest
+ constructor: func() sigType {
+ return new(GetRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ s.(*GetRequest).Address.CID[0]++
+ },
+ func(s sigType) {
+ s.(*GetRequest).Address.ObjectID[0]++
+ },
+ },
+ },
+ { // HeadRequest
+ constructor: func() sigType {
+ return new(HeadRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ s.(*HeadRequest).Address.CID[0]++
+ },
+ func(s sigType) {
+ s.(*HeadRequest).Address.ObjectID[0]++
+ },
+ func(s sigType) {
+ s.(*HeadRequest).FullHeaders = true
+ },
+ },
+ },
+ { // DeleteRequest
+ constructor: func() sigType {
+ return new(DeleteRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ s.(*DeleteRequest).OwnerID[0]++
+ },
+ func(s sigType) {
+ s.(*DeleteRequest).Address.CID[0]++
+ },
+ func(s sigType) {
+ s.(*DeleteRequest).Address.ObjectID[0]++
+ },
+ },
+ },
+ { // GetRangeRequest
+ constructor: func() sigType {
+ return new(GetRangeRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ s.(*GetRangeRequest).Range.Length++
+ },
+ func(s sigType) {
+ s.(*GetRangeRequest).Range.Offset++
+ },
+ func(s sigType) {
+ s.(*GetRangeRequest).Address.CID[0]++
+ },
+ func(s sigType) {
+ s.(*GetRangeRequest).Address.ObjectID[0]++
+ },
+ },
+ },
+ { // GetRangeHashRequest
+ constructor: func() sigType {
+ return &GetRangeHashRequest{
+ Ranges: []Range{{}},
+ Salt: []byte{1, 2, 3},
+ }
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ s.(*GetRangeHashRequest).Address.CID[0]++
+ },
+ func(s sigType) {
+ s.(*GetRangeHashRequest).Address.ObjectID[0]++
+ },
+ func(s sigType) {
+ s.(*GetRangeHashRequest).Salt[0]++
+ },
+ func(s sigType) {
+ s.(*GetRangeHashRequest).Ranges[0].Length++
+ },
+ func(s sigType) {
+ s.(*GetRangeHashRequest).Ranges[0].Offset++
+ },
+ func(s sigType) {
+ s.(*GetRangeHashRequest).Ranges = nil
+ },
+ },
+ },
+ { // GetRangeHashRequest
+ constructor: func() sigType {
+ return &SearchRequest{
+ Query: []byte{1, 2, 3},
+ }
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ s.(*SearchRequest).ContainerID[0]++
+ },
+ func(s sigType) {
+ s.(*SearchRequest).Query[0]++
+ },
+ func(s sigType) {
+ s.(*SearchRequest).QueryVersion++
+ },
+ },
+ },
+ }
+
+ for _, item := range items {
+ { // token corruptions
+ v := item.constructor()
+
+ token := new(Token)
+ v.SetToken(token)
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ token.SetSessionKey(append(token.GetSessionKey(), 1))
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+
+ { // payload corruptions
+ for _, corruption := range item.payloadCorrupt {
+ v := item.constructor()
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ corruption(v)
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+ }
+ }
+}
diff --git a/object/types.go b/object/types.go
index aebb2fc..c8d3f25 100644
--- a/object/types.go
+++ b/object/types.go
@@ -3,11 +3,14 @@ package object
import (
"bytes"
"context"
+ "fmt"
+ "io"
+ "reflect"
"github.com/gogo/protobuf/proto"
"github.com/nspcc-dev/neofs-api-go/internal"
"github.com/nspcc-dev/neofs-api-go/refs"
- "github.com/nspcc-dev/neofs-api-go/session"
+ "github.com/pkg/errors"
)
type (
@@ -19,9 +22,6 @@ type (
// Address is a type alias of object Address.
Address = refs.Address
- // VerificationHeader is a type alias of session's verification header.
- VerificationHeader = session.VerificationHeader
-
// PositionReader defines object reader that returns slice of bytes
// for specified object and data range.
PositionReader interface {
@@ -60,8 +60,8 @@ const (
TransformHdr
// TombstoneHdr is a tombstone header type.
TombstoneHdr
- // VerifyHdr is a verification header type.
- VerifyHdr
+ // TokenHdr is a token header type.
+ TokenHdr
// HomoHashHdr is a homomorphic hash header type.
HomoHashHdr
// PayloadChecksumHdr is a payload checksum header type.
@@ -175,8 +175,8 @@ func (m Header) typeOf(t isHeader_Value) (ok bool) {
_, ok = m.Value.(*Header_Transform)
case *Header_Tombstone:
_, ok = m.Value.(*Header_Tombstone)
- case *Header_Verify:
- _, ok = m.Value.(*Header_Verify)
+ case *Header_Token:
+ _, ok = m.Value.(*Header_Token)
case *Header_HomoHash:
_, ok = m.Value.(*Header_HomoHash)
case *Header_PayloadChecksum:
@@ -205,8 +205,8 @@ func HeaderType(t headerType) Pred {
return func(h *Header) bool { _, ok := h.Value.(*Header_Transform); return ok }
case TombstoneHdr:
return func(h *Header) bool { _, ok := h.Value.(*Header_Tombstone); return ok }
- case VerifyHdr:
- return func(h *Header) bool { _, ok := h.Value.(*Header_Verify); return ok }
+ case TokenHdr:
+ return func(h *Header) bool { _, ok := h.Value.(*Header_Token); return ok }
case HomoHashHdr:
return func(h *Header) bool { _, ok := h.Value.(*Header_HomoHash); return ok }
case PayloadChecksumHdr:
@@ -251,6 +251,12 @@ func (m *Object) CopyTo(o *Object) {
HomoHash: v.HomoHash,
},
}
+ case *Header_Token:
+ o.Headers[i] = Header{
+ Value: &Header_Token{
+ Token: v.Token,
+ },
+ }
default:
o.Headers[i] = *proto.Clone(&m.Headers[i]).(*Header)
}
@@ -266,3 +272,117 @@ func (m Object) Address() *refs.Address {
CID: m.SystemHeader.CID,
}
}
+
+func (m CreationPoint) String() string {
+ return fmt.Sprintf(`{UnixTime=%d Epoch=%d}`, m.UnixTime, m.Epoch)
+}
+
+// Stringify converts object into string format.
+func Stringify(dst io.Writer, obj *Object) error {
+ // put empty line
+ if _, err := fmt.Fprintln(dst); err != nil {
+ return err
+ }
+
+ // put object line
+ if _, err := fmt.Fprintln(dst, "Object:"); err != nil {
+ return err
+ }
+
+ // put system headers
+ if _, err := fmt.Fprintln(dst, "\tSystemHeader:"); err != nil {
+ return err
+ }
+
+ sysHeaders := []string{"ID", "CID", "OwnerID", "Version", "PayloadLength", "CreatedAt"}
+ v := reflect.ValueOf(obj.SystemHeader)
+ for _, key := range sysHeaders {
+ if !v.FieldByName(key).IsValid() {
+ return errors.Errorf("invalid system header key: %q", key)
+ }
+
+ val := v.FieldByName(key).Interface()
+ if _, err := fmt.Fprintf(dst, "\t\t- %s=%v\n", key, val); err != nil {
+ return err
+ }
+ }
+
+ // put user headers
+ if _, err := fmt.Fprintln(dst, "\tUserHeaders:"); err != nil {
+ return err
+ }
+
+ for _, header := range obj.Headers {
+ var (
+ typ = reflect.ValueOf(header.Value)
+ key string
+ val interface{}
+ )
+
+ switch t := typ.Interface().(type) {
+ case *Header_Link:
+ key = "Link"
+ val = fmt.Sprintf(`{Type=%s ID=%s}`, t.Link.Type, t.Link.ID)
+ case *Header_Redirect:
+ key = "Redirect"
+ val = fmt.Sprintf(`{CID=%s OID=%s}`, t.Redirect.CID, t.Redirect.ObjectID)
+ case *Header_UserHeader:
+ key = "UserHeader"
+ val = fmt.Sprintf(`{Key=%s Val=%s}`, t.UserHeader.Key, t.UserHeader.Value)
+ case *Header_Transform:
+ key = "Transform"
+ val = t.Transform.Type.String()
+ case *Header_Tombstone:
+ key = "Tombstone"
+ val = "MARKED"
+ case *Header_Token:
+ key = "Token"
+ val = fmt.Sprintf("{"+
+ "ID=%s OwnerID=%s Verb=%s Address=%s Created=%d ValidUntil=%d SessionKey=%02x Signature=%02x"+
+ "}",
+ t.Token.GetID(),
+ t.Token.GetOwnerID(),
+ t.Token.GetVerb(),
+ t.Token.GetAddress(),
+ t.Token.CreationEpoch(),
+ t.Token.ExpirationEpoch(),
+ t.Token.GetSessionKey(),
+ t.Token.GetSignature())
+ case *Header_HomoHash:
+ key = "HomoHash"
+ val = t.HomoHash
+ case *Header_PayloadChecksum:
+ key = "PayloadChecksum"
+ val = t.PayloadChecksum
+ case *Header_Integrity:
+ key = "Integrity"
+ val = fmt.Sprintf(`{Checksum=%02x Signature=%02x}`,
+ t.Integrity.HeadersChecksum,
+ t.Integrity.ChecksumSignature)
+ case *Header_StorageGroup:
+ key = "StorageGroup"
+ val = fmt.Sprintf(`{DataSize=%d Hash=%02x Lifetime={Unit=%s Value=%d}}`,
+ t.StorageGroup.ValidationDataSize,
+ t.StorageGroup.ValidationHash,
+ t.StorageGroup.Lifetime.Unit,
+ t.StorageGroup.Lifetime.Value)
+ case *Header_PublicKey:
+ key = "PublicKey"
+ val = t.PublicKey.Value
+ default:
+ key = "Unknown"
+ val = t
+ }
+
+ if _, err := fmt.Fprintf(dst, "\t\t- Type=%s\n\t\t Value=%v\n", key, val); err != nil {
+ return err
+ }
+ }
+
+ // put payload
+ if _, err := fmt.Fprintf(dst, "\tPayload: %#v\n", obj.Payload); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/object/types.pb.go b/object/types.pb.go
index fe47459..97106c7 100644
--- a/object/types.pb.go
+++ b/object/types.pb.go
@@ -8,7 +8,7 @@ import (
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/golang/protobuf/proto"
refs "github.com/nspcc-dev/neofs-api-go/refs"
- session "github.com/nspcc-dev/neofs-api-go/session"
+ service "github.com/nspcc-dev/neofs-api-go/service"
storagegroup "github.com/nspcc-dev/neofs-api-go/storagegroup"
io "io"
math "math"
@@ -215,7 +215,7 @@ type Header struct {
// *Header_UserHeader
// *Header_Transform
// *Header_Tombstone
- // *Header_Verify
+ // *Header_Token
// *Header_HomoHash
// *Header_PayloadChecksum
// *Header_Integrity
@@ -277,8 +277,8 @@ type Header_Transform struct {
type Header_Tombstone struct {
Tombstone *Tombstone `protobuf:"bytes,5,opt,name=Tombstone,proto3,oneof" json:"Tombstone,omitempty"`
}
-type Header_Verify struct {
- Verify *session.VerificationHeader `protobuf:"bytes,6,opt,name=Verify,proto3,oneof" json:"Verify,omitempty"`
+type Header_Token struct {
+ Token *service.Token `protobuf:"bytes,6,opt,name=Token,proto3,oneof" json:"Token,omitempty"`
}
type Header_HomoHash struct {
HomoHash Hash `protobuf:"bytes,7,opt,name=HomoHash,proto3,oneof,customtype=Hash" json:"HomoHash,omitempty"`
@@ -301,7 +301,7 @@ func (*Header_Redirect) isHeader_Value() {}
func (*Header_UserHeader) isHeader_Value() {}
func (*Header_Transform) isHeader_Value() {}
func (*Header_Tombstone) isHeader_Value() {}
-func (*Header_Verify) isHeader_Value() {}
+func (*Header_Token) isHeader_Value() {}
func (*Header_HomoHash) isHeader_Value() {}
func (*Header_PayloadChecksum) isHeader_Value() {}
func (*Header_Integrity) isHeader_Value() {}
@@ -350,9 +350,9 @@ func (m *Header) GetTombstone() *Tombstone {
return nil
}
-func (m *Header) GetVerify() *session.VerificationHeader {
- if x, ok := m.GetValue().(*Header_Verify); ok {
- return x.Verify
+func (m *Header) GetToken() *service.Token {
+ if x, ok := m.GetValue().(*Header_Token); ok {
+ return x.Token
}
return nil
}
@@ -393,7 +393,7 @@ func (*Header) XXX_OneofWrappers() []interface{} {
(*Header_UserHeader)(nil),
(*Header_Transform)(nil),
(*Header_Tombstone)(nil),
- (*Header_Verify)(nil),
+ (*Header_Token)(nil),
(*Header_HomoHash)(nil),
(*Header_PayloadChecksum)(nil),
(*Header_Integrity)(nil),
@@ -515,9 +515,8 @@ type CreationPoint struct {
XXX_sizecache int32 `json:"-"`
}
-func (m *CreationPoint) Reset() { *m = CreationPoint{} }
-func (m *CreationPoint) String() string { return proto.CompactTextString(m) }
-func (*CreationPoint) ProtoMessage() {}
+func (m *CreationPoint) Reset() { *m = CreationPoint{} }
+func (*CreationPoint) ProtoMessage() {}
func (*CreationPoint) Descriptor() ([]byte, []int) {
return fileDescriptor_02021a1d39b1aee0, []int{5}
}
@@ -826,64 +825,65 @@ func init() {
func init() { proto.RegisterFile("object/types.proto", fileDescriptor_02021a1d39b1aee0) }
var fileDescriptor_02021a1d39b1aee0 = []byte{
- // 911 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x55, 0x4f, 0x73, 0x1b, 0x35,
- 0x14, 0xf7, 0xda, 0xeb, 0x7f, 0xcf, 0x9b, 0x66, 0x2b, 0x4a, 0xd9, 0x31, 0x83, 0x13, 0x76, 0x80,
- 0x31, 0x85, 0xac, 0x87, 0x14, 0xa6, 0xc3, 0x85, 0x21, 0x8e, 0x01, 0x7b, 0x28, 0x8d, 0x91, 0x93,
- 0x1c, 0xb8, 0xad, 0x6d, 0x79, 0x2d, 0x62, 0x4b, 0x1e, 0x49, 0x6e, 0xeb, 0xaf, 0xc1, 0x89, 0x1b,
- 0x77, 0xbe, 0x00, 0x5f, 0xa1, 0x47, 0x8e, 0x4c, 0x0f, 0x19, 0x26, 0x7c, 0x00, 0xbe, 0x42, 0x47,
- 0xda, 0x5d, 0x7b, 0x37, 0xcd, 0xc5, 0xa3, 0xf7, 0x7e, 0xbf, 0x9f, 0xfc, 0xf4, 0xf4, 0x7b, 0x5a,
- 0x40, 0x7c, 0xfc, 0x2b, 0x99, 0xa8, 0x8e, 0xda, 0xac, 0x88, 0x0c, 0x56, 0x82, 0x2b, 0x8e, 0x2a,
- 0x71, 0xae, 0xe9, 0x0a, 0x32, 0x93, 0x59, 0xa4, 0xf9, 0x8e, 0x24, 0x52, 0x52, 0xce, 0x72, 0x49,
- 0x4f, 0x2a, 0x2e, 0xc2, 0x88, 0x44, 0x82, 0xaf, 0x57, 0x39, 0xe4, 0x28, 0xa2, 0x6a, 0xbe, 0x1e,
- 0x07, 0x13, 0xbe, 0xec, 0x44, 0x3c, 0xe2, 0x1d, 0x93, 0x1e, 0xaf, 0x67, 0x26, 0x32, 0x81, 0x59,
- 0xc5, 0x74, 0xff, 0x09, 0x94, 0x71, 0xc8, 0x22, 0x82, 0x1e, 0x42, 0xe5, 0x6c, 0x36, 0x93, 0x44,
- 0x79, 0xd6, 0xa1, 0xd5, 0xb6, 0x71, 0x12, 0xe9, 0xfc, 0x53, 0xc2, 0x22, 0x35, 0xf7, 0x8a, 0x71,
- 0x3e, 0x8e, 0xfc, 0x2f, 0x01, 0x2e, 0x24, 0x11, 0x7d, 0x12, 0x4e, 0x89, 0x40, 0x2e, 0x94, 0x7e,
- 0x24, 0x1b, 0x23, 0xad, 0x63, 0xbd, 0x44, 0x0f, 0xa0, 0x7c, 0x19, 0x2e, 0xd6, 0xc4, 0xc8, 0xea,
- 0x38, 0x0e, 0xfc, 0xbf, 0x6c, 0xa8, 0x24, 0x12, 0x1f, 0xec, 0xa7, 0x94, 0x5d, 0x19, 0x4d, 0xe3,
- 0xd8, 0x09, 0xe2, 0x06, 0x04, 0x3a, 0xd7, 0x2f, 0x60, 0x83, 0xa1, 0xcf, 0xa0, 0x86, 0xc9, 0x94,
- 0x0a, 0x32, 0x51, 0x66, 0x9f, 0xc6, 0xf1, 0x5e, 0xa0, 0x1b, 0x14, 0x9c, 0x4c, 0xa7, 0x82, 0x48,
- 0xd9, 0x2f, 0xe0, 0x2d, 0x01, 0xe5, 0x2a, 0xf2, 0x4a, 0x86, 0x8e, 0xd2, 0x6d, 0x77, 0x48, 0xbf,
- 0x80, 0xb3, 0x95, 0x7f, 0x01, 0xf5, 0x73, 0x11, 0x32, 0x39, 0xe3, 0x62, 0xe9, 0xd9, 0x46, 0x74,
- 0x3f, 0x15, 0x6d, 0x81, 0x7e, 0x01, 0xef, 0x58, 0x46, 0xc2, 0x97, 0x63, 0xa9, 0x38, 0x23, 0x5e,
- 0xf9, 0x96, 0x24, 0x05, 0x8c, 0x24, 0x0d, 0xd0, 0x57, 0x50, 0xb9, 0x24, 0x82, 0xce, 0x36, 0x5e,
- 0xc5, 0xf0, 0xdf, 0x0f, 0x92, 0x5b, 0x0d, 0x4c, 0x9a, 0x4e, 0x42, 0x45, 0x39, 0xdb, 0x16, 0x98,
- 0x90, 0xd1, 0x27, 0x50, 0xeb, 0xf3, 0x25, 0xef, 0x87, 0x72, 0xee, 0x55, 0x0f, 0xad, 0xb6, 0xd3,
- 0xad, 0xbd, 0xbe, 0x3e, 0xb0, 0x75, 0xac, 0x8f, 0x9e, 0x62, 0xe8, 0x11, 0xec, 0x0f, 0xc3, 0xcd,
- 0x82, 0x87, 0xd3, 0xd3, 0x39, 0x99, 0x5c, 0xc9, 0xf5, 0xd2, 0xab, 0x69, 0x7a, 0xbf, 0x80, 0x6f,
- 0x03, 0xe8, 0x09, 0xd4, 0x07, 0x4c, 0x91, 0x48, 0x50, 0xb5, 0xf1, 0xea, 0xa6, 0x9a, 0xf7, 0xd2,
- 0xea, 0xb7, 0xc0, 0xb6, 0x92, 0x1d, 0x17, 0x7d, 0x0b, 0xce, 0x28, 0x76, 0xdd, 0x0f, 0xda, 0x75,
- 0x1e, 0x18, 0x6d, 0x33, 0xc8, 0x5a, 0x31, 0xc8, 0x32, 0xfa, 0x05, 0x9c, 0x53, 0xe8, 0xc6, 0x0d,
- 0xd7, 0xe3, 0x05, 0x9d, 0x68, 0xaf, 0x34, 0xf2, 0x8d, 0xdb, 0x02, 0xfa, 0x4f, 0xb7, 0x41, 0xb7,
- 0x9a, 0xd8, 0xc8, 0x6f, 0x64, 0x9a, 0xee, 0xff, 0x6f, 0x81, 0x33, 0xda, 0x48, 0x45, 0x96, 0xc9,
- 0x2d, 0x7a, 0x50, 0xbd, 0x24, 0x42, 0x37, 0x34, 0xb1, 0x6f, 0x1a, 0xa2, 0x8f, 0x60, 0x2f, 0xe9,
- 0x40, 0xce, 0xc6, 0xf9, 0x24, 0x6a, 0x42, 0x71, 0xd0, 0x33, 0x9e, 0x71, 0xba, 0xf0, 0xea, 0xfa,
- 0xa0, 0xf0, 0xfa, 0xfa, 0xa0, 0x38, 0xe8, 0xe1, 0xe2, 0xa0, 0x87, 0x3e, 0x85, 0xea, 0xd9, 0x0b,
- 0x46, 0xc4, 0xa0, 0x67, 0xfc, 0xe1, 0x74, 0xf7, 0x13, 0x42, 0x9a, 0xc6, 0xe9, 0x02, 0x7d, 0x00,
- 0xa5, 0xd3, 0x41, 0xcf, 0x78, 0xc2, 0xe9, 0x36, 0x12, 0x9a, 0x4e, 0x61, 0xfd, 0x83, 0xbe, 0x86,
- 0xfa, 0xa9, 0x20, 0xa1, 0x22, 0xd3, 0x13, 0x95, 0x18, 0xe1, 0xdd, 0xf4, 0xfc, 0x06, 0xa0, 0x9c,
- 0x0d, 0x39, 0x65, 0xaa, 0x6b, 0x6b, 0x2d, 0xde, 0xb1, 0xfd, 0x13, 0xd8, 0xcb, 0x31, 0x50, 0x13,
- 0x6a, 0x17, 0x8c, 0xbe, 0x3c, 0xa7, 0x4b, 0x62, 0x8e, 0x5c, 0xc2, 0xdb, 0x58, 0xcf, 0xde, 0x77,
- 0x2b, 0x3e, 0x49, 0xcf, 0x1a, 0x07, 0x3e, 0x85, 0xfd, 0x5b, 0xf7, 0x8b, 0xda, 0xb0, 0x1f, 0xaf,
- 0xe4, 0xd6, 0x37, 0x7a, 0x2f, 0x07, 0xdf, 0x4e, 0xa3, 0xcf, 0xe1, 0x7e, 0xba, 0x1e, 0xd1, 0x88,
- 0x85, 0x6a, 0x2d, 0xe2, 0xd1, 0x76, 0xf0, 0xdb, 0x80, 0xff, 0x87, 0x15, 0x0f, 0x37, 0xfa, 0x18,
- 0x6c, 0xfd, 0x38, 0x99, 0x5d, 0xef, 0xed, 0x2e, 0x5b, 0x63, 0xc1, 0xf9, 0x66, 0x45, 0xb0, 0x81,
- 0x93, 0xf6, 0x17, 0xef, 0x6a, 0xbf, 0x7f, 0x0e, 0xb6, 0x66, 0xa2, 0x06, 0x54, 0x2f, 0xd8, 0x15,
- 0xe3, 0x2f, 0x98, 0x5b, 0x40, 0x00, 0x95, 0x61, 0x28, 0x08, 0x53, 0xae, 0x85, 0x1c, 0xa8, 0x0d,
- 0x05, 0x79, 0x4e, 0xf9, 0x5a, 0xba, 0x45, 0x54, 0x03, 0xfb, 0x19, 0x79, 0xa9, 0xdc, 0x12, 0xaa,
- 0x43, 0xf9, 0x74, 0x4e, 0x17, 0x53, 0xd7, 0x46, 0x6e, 0xde, 0xba, 0x6e, 0xd9, 0x5f, 0x64, 0xc6,
- 0x1e, 0x3d, 0xca, 0x55, 0xf9, 0xf0, 0xad, 0xf1, 0xcf, 0x94, 0xea, 0x3f, 0xbe, 0xab, 0x9c, 0x3a,
- 0x94, 0x47, 0xab, 0x05, 0xd5, 0xd5, 0xd4, 0xc0, 0xd6, 0x7d, 0x70, 0x8b, 0x3a, 0xf9, 0x13, 0x5f,
- 0x2f, 0xa6, 0x6e, 0xc9, 0xff, 0xcd, 0x82, 0xca, 0x99, 0xd9, 0x14, 0x7d, 0x93, 0x77, 0x6e, 0xf2,
- 0xfc, 0x3d, 0x48, 0xff, 0x33, 0x8b, 0x25, 0x2e, 0xc8, 0x3b, 0x3d, 0x80, 0x6a, 0x72, 0x37, 0x5e,
- 0xf1, 0xb0, 0xd4, 0x6e, 0x1c, 0xdf, 0x4b, 0xa5, 0x39, 0x51, 0x4a, 0xd2, 0x93, 0x91, 0x58, 0x3d,
- 0xb6, 0x37, 0x4e, 0x43, 0xff, 0xc3, 0xcc, 0x34, 0xee, 0x9e, 0xeb, 0xf8, 0xfe, 0xe3, 0xa0, 0xfb,
- 0xf3, 0xab, 0x9b, 0x96, 0xf5, 0xf7, 0x4d, 0xcb, 0xfa, 0xe7, 0xa6, 0x65, 0xfd, 0x7b, 0xd3, 0xb2,
- 0x7e, 0xff, 0xaf, 0x55, 0xf8, 0xa5, 0x9d, 0xf9, 0xc4, 0x30, 0xb9, 0x9a, 0x4c, 0x8e, 0xa6, 0xe4,
- 0x79, 0x87, 0x11, 0x3e, 0x93, 0x47, 0xe1, 0x8a, 0x1e, 0x45, 0xbc, 0x13, 0x97, 0xf4, 0x67, 0xd1,
- 0x7d, 0x46, 0xf8, 0xf7, 0xa3, 0xe0, 0x64, 0x38, 0x08, 0xe2, 0xf3, 0x8f, 0x2b, 0xe6, 0xbb, 0xf3,
- 0xf8, 0x4d, 0x00, 0x00, 0x00, 0xff, 0xff, 0xee, 0xb1, 0xc7, 0x51, 0x05, 0x07, 0x00, 0x00,
+ // 916 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x55, 0x4f, 0x8f, 0xdb, 0x44,
+ 0x14, 0xb7, 0x13, 0xe7, 0xdf, 0x8b, 0xb7, 0xeb, 0x8e, 0x96, 0x62, 0x45, 0x22, 0xbb, 0x58, 0x50,
+ 0x2d, 0x85, 0x75, 0x44, 0x8b, 0x54, 0xc1, 0x01, 0xb1, 0xd9, 0x40, 0x1d, 0x51, 0xba, 0x61, 0x92,
+ 0xed, 0x81, 0x9b, 0x93, 0x4c, 0x1c, 0xb3, 0xc9, 0x4c, 0x34, 0x33, 0xd9, 0x36, 0x5f, 0x83, 0x53,
+ 0x6f, 0x70, 0x44, 0x7c, 0x92, 0x1e, 0x39, 0xa2, 0x1e, 0x56, 0x68, 0xf9, 0x00, 0x7c, 0x85, 0x6a,
+ 0xc6, 0x76, 0x62, 0x6f, 0x7b, 0x89, 0xe6, 0xbd, 0xdf, 0xef, 0x37, 0x7e, 0xf3, 0xde, 0x6f, 0x26,
+ 0x80, 0xd8, 0xf8, 0x57, 0x32, 0x91, 0x1d, 0xb9, 0x59, 0x11, 0xe1, 0xaf, 0x38, 0x93, 0x0c, 0x55,
+ 0x93, 0x5c, 0xcb, 0xe1, 0x64, 0x26, 0xf2, 0x48, 0xeb, 0x40, 0x10, 0x7e, 0x15, 0x4f, 0x48, 0xe7,
+ 0x8a, 0xf0, 0x78, 0xb6, 0x49, 0xb3, 0xae, 0x90, 0x8c, 0x87, 0x11, 0x89, 0x38, 0x5b, 0xaf, 0x0a,
+ 0xfc, 0x93, 0x28, 0x96, 0xf3, 0xf5, 0xd8, 0x9f, 0xb0, 0x65, 0x27, 0x62, 0x11, 0xeb, 0xe8, 0xf4,
+ 0x78, 0x3d, 0xd3, 0x91, 0x0e, 0xf4, 0x2a, 0xa1, 0x7b, 0x8f, 0xa1, 0x82, 0x43, 0x1a, 0x11, 0x74,
+ 0x0f, 0xaa, 0xe7, 0xb3, 0x99, 0x20, 0xd2, 0x35, 0x8f, 0xcc, 0x63, 0x0b, 0xa7, 0x91, 0xca, 0x3f,
+ 0x25, 0x34, 0x92, 0x73, 0xb7, 0x94, 0xe4, 0x93, 0xc8, 0xfb, 0x0a, 0xe0, 0x42, 0x10, 0x1e, 0x90,
+ 0x70, 0x4a, 0x38, 0x72, 0xa0, 0xfc, 0x23, 0xd9, 0x68, 0x69, 0x03, 0xab, 0x25, 0x3a, 0x80, 0xca,
+ 0xf3, 0x70, 0xb1, 0x26, 0x5a, 0xd6, 0xc0, 0x49, 0xe0, 0xfd, 0x69, 0x41, 0x35, 0x95, 0x78, 0x60,
+ 0x3d, 0x8d, 0xe9, 0xa5, 0xd6, 0x34, 0x1f, 0xda, 0x7e, 0xd2, 0x01, 0x5f, 0xe5, 0x02, 0x03, 0x6b,
+ 0x0c, 0x7d, 0x0e, 0x75, 0x4c, 0xa6, 0x31, 0x27, 0x13, 0xa9, 0xf7, 0x69, 0x3e, 0xdc, 0xf3, 0x55,
+ 0x87, 0xfc, 0xd3, 0xe9, 0x94, 0x13, 0x21, 0x02, 0x03, 0x6f, 0x09, 0xa8, 0x50, 0x91, 0x5b, 0xd6,
+ 0x74, 0x94, 0x6d, 0xbb, 0x43, 0x02, 0x03, 0xe7, 0x2b, 0xff, 0x12, 0x1a, 0x23, 0x1e, 0x52, 0x31,
+ 0x63, 0x7c, 0xe9, 0x5a, 0x5a, 0x74, 0x37, 0x13, 0x6d, 0x81, 0xc0, 0xc0, 0x3b, 0x96, 0x96, 0xb0,
+ 0xe5, 0x58, 0x48, 0x46, 0x89, 0x5b, 0xb9, 0x25, 0xc9, 0x00, 0x2d, 0xc9, 0x02, 0x74, 0x1f, 0x2a,
+ 0x23, 0x76, 0x49, 0xa8, 0x5b, 0xd5, 0xf4, 0x3b, 0x7e, 0x3a, 0x55, 0x5f, 0x67, 0x03, 0x03, 0x27,
+ 0x30, 0xba, 0x0f, 0xf5, 0x80, 0x2d, 0x59, 0x10, 0x8a, 0xb9, 0x5b, 0x3b, 0x32, 0x8f, 0xed, 0x6e,
+ 0xfd, 0xcd, 0xf5, 0xa1, 0xa5, 0x62, 0x75, 0xd6, 0x0c, 0x43, 0x0f, 0x60, 0x7f, 0x10, 0x6e, 0x16,
+ 0x2c, 0x9c, 0x9e, 0xcd, 0xc9, 0xe4, 0x52, 0xac, 0x97, 0x6e, 0x5d, 0xd1, 0x03, 0x03, 0xdf, 0x06,
+ 0xd0, 0x63, 0x68, 0xf4, 0xa9, 0x24, 0x11, 0x8f, 0xe5, 0xc6, 0x6d, 0xe8, 0xef, 0x7f, 0x98, 0x95,
+ 0xbb, 0x05, 0xb6, 0xbd, 0xd9, 0x71, 0xd1, 0x77, 0x60, 0x0f, 0x13, 0x9b, 0x3d, 0x51, 0x36, 0x73,
+ 0x41, 0x6b, 0x5b, 0x7e, 0xde, 0x7b, 0x7e, 0x9e, 0x11, 0x18, 0xb8, 0xa0, 0x50, 0x9d, 0x1a, 0xac,
+ 0xc7, 0x8b, 0x78, 0xa2, 0xcc, 0xd1, 0x2c, 0x76, 0x6a, 0x0b, 0xa8, 0x8f, 0x6e, 0x83, 0x6e, 0x2d,
+ 0xf5, 0x8d, 0xd7, 0xcc, 0x75, 0xd9, 0xfb, 0xdf, 0x04, 0x7b, 0xb8, 0x11, 0x92, 0x2c, 0xd3, 0xb1,
+ 0xb9, 0x50, 0x7b, 0x4e, 0xb8, 0x88, 0x19, 0x4d, 0xfd, 0x9a, 0x85, 0xe8, 0x13, 0xd8, 0x4b, 0x3b,
+ 0x50, 0xf0, 0x6d, 0x31, 0x89, 0x5a, 0x50, 0xea, 0xf7, 0xb4, 0x49, 0xec, 0x2e, 0xbc, 0xbe, 0x3e,
+ 0x34, 0xde, 0x5c, 0x1f, 0x96, 0xfa, 0x3d, 0x5c, 0xea, 0xf7, 0xd0, 0x67, 0x50, 0x3b, 0x7f, 0x41,
+ 0x09, 0xef, 0xf7, 0xb4, 0x21, 0xec, 0xee, 0x7e, 0x4a, 0xc8, 0xd2, 0x38, 0x5b, 0xa0, 0x8f, 0xa0,
+ 0x7c, 0xd6, 0xef, 0x69, 0x13, 0xd8, 0xdd, 0x66, 0x4a, 0x53, 0x29, 0xac, 0x7e, 0xd0, 0xd7, 0xd0,
+ 0x38, 0xe3, 0x24, 0x94, 0x64, 0x7a, 0x2a, 0xd3, 0xd1, 0x7f, 0x90, 0x9d, 0x5f, 0x03, 0x31, 0xa3,
+ 0x03, 0x16, 0x53, 0xd9, 0xb5, 0x94, 0x16, 0xef, 0xd8, 0xde, 0x13, 0xd8, 0x2b, 0x30, 0x50, 0x0b,
+ 0xea, 0x17, 0x34, 0x7e, 0x39, 0x8a, 0x97, 0x44, 0x1f, 0xb9, 0x8c, 0xb7, 0xb1, 0xba, 0x6c, 0xdf,
+ 0xaf, 0xd8, 0x24, 0x3b, 0x6b, 0x12, 0x7c, 0x63, 0xbd, 0xfa, 0xe3, 0xd0, 0xf0, 0x62, 0xd8, 0xbf,
+ 0x35, 0x65, 0x74, 0x0c, 0xfb, 0xc9, 0x4a, 0x6c, 0xdd, 0xa3, 0x76, 0xb4, 0xf1, 0xed, 0x34, 0xfa,
+ 0x02, 0xee, 0x66, 0xeb, 0x61, 0x1c, 0xd1, 0x50, 0xae, 0x79, 0x72, 0xa3, 0x6d, 0xfc, 0x2e, 0xe0,
+ 0xfd, 0x6e, 0x26, 0x77, 0x1a, 0x7d, 0x0a, 0x96, 0x7a, 0x93, 0xf4, 0xae, 0x77, 0x76, 0x23, 0x57,
+ 0x98, 0x3f, 0xda, 0xac, 0x08, 0xd6, 0x70, 0x3a, 0x84, 0xd2, 0xfb, 0x86, 0xe0, 0x8d, 0xc0, 0x52,
+ 0x4c, 0xd4, 0x84, 0xda, 0x05, 0xbd, 0xa4, 0xec, 0x05, 0x75, 0x0c, 0x04, 0x50, 0x1d, 0x84, 0x9c,
+ 0x50, 0xe9, 0x98, 0xc8, 0x86, 0xfa, 0x80, 0x93, 0xab, 0x98, 0xad, 0x85, 0x53, 0x42, 0x75, 0xb0,
+ 0x9e, 0x91, 0x97, 0xd2, 0x29, 0xa3, 0x06, 0x54, 0xce, 0xe6, 0xf1, 0x62, 0xea, 0x58, 0xc8, 0x29,
+ 0x1a, 0xd8, 0xa9, 0x78, 0x8b, 0xdc, 0x6d, 0x47, 0x0f, 0x0a, 0x55, 0xde, 0x7b, 0xe7, 0xd6, 0xe7,
+ 0x4a, 0xf5, 0x1e, 0xbd, 0xaf, 0x9c, 0x06, 0x54, 0x86, 0xab, 0x45, 0xac, 0xaa, 0xa9, 0x83, 0xa5,
+ 0xfa, 0xe0, 0x94, 0x54, 0xf2, 0x27, 0xb6, 0x5e, 0x4c, 0x9d, 0xb2, 0xf7, 0x9b, 0x09, 0xd5, 0x73,
+ 0xbd, 0x29, 0xfa, 0xb6, 0xe8, 0xdf, 0xf4, 0xd5, 0x3b, 0xc8, 0xbe, 0x99, 0xc7, 0x52, 0x2f, 0x14,
+ 0xfd, 0xee, 0x43, 0x2d, 0x9d, 0x8d, 0x5b, 0x3a, 0x2a, 0xeb, 0x27, 0x24, 0x95, 0x16, 0x44, 0x19,
+ 0x49, 0xdd, 0x8f, 0xd4, 0xf0, 0x89, 0xc9, 0x71, 0x16, 0x7a, 0x1f, 0xe7, 0xee, 0xe4, 0xee, 0x95,
+ 0x4e, 0xe6, 0x9f, 0x04, 0xdd, 0x9f, 0x5f, 0xdf, 0xb4, 0xcd, 0xbf, 0x6f, 0xda, 0xe6, 0x3f, 0x37,
+ 0x6d, 0xf3, 0xdf, 0x9b, 0xb6, 0xf9, 0xea, 0xbf, 0xb6, 0xf1, 0xcb, 0x71, 0xee, 0x9f, 0x85, 0x8a,
+ 0xd5, 0x64, 0x72, 0x32, 0x25, 0x57, 0x1d, 0x4a, 0xd8, 0x4c, 0x9c, 0x84, 0xab, 0xf8, 0x24, 0x62,
+ 0x9d, 0xa4, 0xa4, 0xbf, 0x4a, 0xce, 0x33, 0xc2, 0x7e, 0x18, 0xfa, 0xa7, 0x83, 0xbe, 0x9f, 0x9c,
+ 0x7f, 0x5c, 0xd5, 0x7f, 0x37, 0x8f, 0xde, 0x06, 0x00, 0x00, 0xff, 0xff, 0x4e, 0xcb, 0xd2, 0xde,
+ 0xfd, 0x06, 0x00, 0x00,
}
func (m *Range) Marshal() (dAtA []byte, err error) {
@@ -1105,16 +1105,16 @@ func (m *Header_Tombstone) MarshalToSizedBuffer(dAtA []byte) (int, error) {
}
return len(dAtA) - i, nil
}
-func (m *Header_Verify) MarshalTo(dAtA []byte) (int, error) {
+func (m *Header_Token) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
-func (m *Header_Verify) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *Header_Token) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
- if m.Verify != nil {
+ if m.Token != nil {
{
- size, err := m.Verify.MarshalToSizedBuffer(dAtA[:i])
+ size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
@@ -1696,14 +1696,14 @@ func (m *Header_Tombstone) Size() (n int) {
}
return n
}
-func (m *Header_Verify) Size() (n int) {
+func (m *Header_Token) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
- if m.Verify != nil {
- l = m.Verify.Size()
+ if m.Token != nil {
+ l = m.Token.Size()
n += 1 + l + sovTypes(uint64(l))
}
return n
@@ -2336,7 +2336,7 @@ func (m *Header) Unmarshal(dAtA []byte) error {
iNdEx = postIndex
case 6:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Verify", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
@@ -2363,11 +2363,11 @@ func (m *Header) Unmarshal(dAtA []byte) error {
if postIndex > l {
return io.ErrUnexpectedEOF
}
- v := &session.VerificationHeader{}
+ v := &service.Token{}
if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
- m.Value = &Header_Verify{v}
+ m.Value = &Header_Token{v}
iNdEx = postIndex
case 7:
if wireType != 2 {
diff --git a/object/types.proto b/object/types.proto
index f21bf74..46e1549 100644
--- a/object/types.proto
+++ b/object/types.proto
@@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object";
option csharp_namespace = "NeoFS.API.Object";
import "refs/types.proto";
-import "session/types.proto";
+import "service/verify.proto";
import "storagegroup/types.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -36,8 +36,8 @@ message Header {
Transform Transform = 4;
// Tombstone header that set up in deleted objects
Tombstone Tombstone = 5;
- // Verify header that contains session public key and user's signature
- session.VerificationHeader Verify = 6;
+ // Token header contains token of the session within which the object was created
+ service.Token Token = 6;
// HomoHash is a homomorphic hash of original object payload
bytes HomoHash = 7 [(gogoproto.customtype) = "Hash"];
// PayloadChecksum of actual object's payload
@@ -70,6 +70,8 @@ message SystemHeader {
}
message CreationPoint {
+ option (gogoproto.goproto_stringer) = false;
+
// UnixTime is a date of creation in unixtime format
int64 UnixTime = 1;
// Epoch is a date of creation in NeoFS epochs
diff --git a/object/types_test.go b/object/types_test.go
new file mode 100644
index 0000000..3f9292d
--- /dev/null
+++ b/object/types_test.go
@@ -0,0 +1,201 @@
+package object
+
+import (
+ "bytes"
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/refs"
+ "github.com/nspcc-dev/neofs-api-go/service"
+ "github.com/nspcc-dev/neofs-api-go/storagegroup"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestStringify(t *testing.T) {
+ res := `
+Object:
+ SystemHeader:
+ - ID=7e0b9c6c-aabc-4985-949e-2680e577b48b
+ - CID=11111111111111111111111111111111
+ - OwnerID=ALYeYC41emF6MrmUMc4a8obEPdgFhq9ran
+ - Version=1
+ - PayloadLength=1
+ - CreatedAt={UnixTime=1 Epoch=1}
+ UserHeaders:
+ - Type=Link
+ Value={Type=Child ID=7e0b9c6c-aabc-4985-949e-2680e577b48b}
+ - Type=Redirect
+ Value={CID=11111111111111111111111111111111 OID=7e0b9c6c-aabc-4985-949e-2680e577b48b}
+ - Type=UserHeader
+ Value={Key=test_key Val=test_value}
+ - Type=Transform
+ Value=Split
+ - Type=Tombstone
+ Value=MARKED
+ - Type=Token
+ Value={ID=7e0b9c6c-aabc-4985-949e-2680e577b48b OwnerID=ALYeYC41emF6MrmUMc4a8obEPdgFhq9ran Verb=Search Address=11111111111111111111111111111111/7e0b9c6c-aabc-4985-949e-2680e577b48b Created=1 ValidUntil=2 SessionKey=010203040506 Signature=010203040506}
+ - Type=HomoHash
+ Value=1111111111111111111111111111111111111111111111111111111111111111
+ - Type=PayloadChecksum
+ Value=[1 2 3 4 5 6]
+ - Type=Integrity
+ Value={Checksum=010203040506 Signature=010203040506}
+ - Type=StorageGroup
+ Value={DataSize=5 Hash=31313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131313131 Lifetime={Unit=UnixTime Value=555}}
+ - Type=PublicKey
+ Value=[1 2 3 4 5 6]
+ Payload: []byte{0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7}
+`
+
+ key := test.DecodeKey(0)
+
+ uid, err := refs.NewOwnerID(&key.PublicKey)
+ require.NoError(t, err)
+
+ var oid refs.UUID
+
+ require.NoError(t, oid.Parse("7e0b9c6c-aabc-4985-949e-2680e577b48b"))
+
+ obj := &Object{
+ SystemHeader: SystemHeader{
+ Version: 1,
+ PayloadLength: 1,
+ ID: oid,
+ OwnerID: uid,
+ CID: CID{},
+ CreatedAt: CreationPoint{
+ UnixTime: 1,
+ Epoch: 1,
+ },
+ },
+ Payload: []byte{1, 2, 3, 4, 5, 6, 7},
+ }
+
+ // *Header_Link
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_Link{
+ Link: &Link{ID: oid, Type: Link_Child},
+ },
+ })
+
+ // *Header_Redirect
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_Redirect{
+ Redirect: &Address{ObjectID: oid, CID: CID{}},
+ },
+ })
+
+ // *Header_UserHeader
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_UserHeader{
+ UserHeader: &UserHeader{
+ Key: "test_key",
+ Value: "test_value",
+ },
+ },
+ })
+
+ // *Header_Transform
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_Transform{
+ Transform: &Transform{
+ Type: Transform_Split,
+ },
+ },
+ })
+
+ // *Header_Tombstone
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_Tombstone{
+ Tombstone: &Tombstone{},
+ },
+ })
+
+ token := new(Token)
+ token.SetID(oid)
+ token.SetOwnerID(uid)
+ token.SetVerb(service.Token_Info_Search)
+ token.SetAddress(Address{ObjectID: oid, CID: refs.CID{}})
+ token.SetCreationEpoch(1)
+ token.SetExpirationEpoch(2)
+ token.SetSessionKey([]byte{1, 2, 3, 4, 5, 6})
+ token.SetSignature([]byte{1, 2, 3, 4, 5, 6})
+
+ // *Header_Token
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_Token{
+ Token: token,
+ },
+ })
+
+ // *Header_HomoHash
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_HomoHash{
+ HomoHash: Hash{},
+ },
+ })
+
+ // *Header_PayloadChecksum
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_PayloadChecksum{
+ PayloadChecksum: []byte{1, 2, 3, 4, 5, 6},
+ },
+ })
+
+ // *Header_Integrity
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_Integrity{
+ Integrity: &IntegrityHeader{
+ HeadersChecksum: []byte{1, 2, 3, 4, 5, 6},
+ ChecksumSignature: []byte{1, 2, 3, 4, 5, 6},
+ },
+ },
+ })
+
+ // *Header_StorageGroup
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_StorageGroup{
+ StorageGroup: &storagegroup.StorageGroup{
+ ValidationDataSize: 5,
+ ValidationHash: storagegroup.Hash{},
+ Lifetime: &storagegroup.StorageGroup_Lifetime{
+ Unit: storagegroup.StorageGroup_Lifetime_UnixTime,
+ Value: 555,
+ },
+ },
+ },
+ })
+
+ // *Header_PublicKey
+ obj.Headers = append(obj.Headers, Header{
+ Value: &Header_PublicKey{
+ PublicKey: &PublicKey{Value: []byte{1, 2, 3, 4, 5, 6}},
+ },
+ })
+
+ buf := new(bytes.Buffer)
+
+ require.NoError(t, Stringify(buf, obj))
+ require.Equal(t, res, buf.String())
+}
+
+func TestObject_Copy(t *testing.T) {
+ t.Run("token header", func(t *testing.T) {
+ token := new(Token)
+ token.SetID(service.TokenID{1, 2, 3})
+
+ obj := new(Object)
+
+ obj.AddHeader(&Header{
+ Value: &Header_Token{
+ Token: token,
+ },
+ })
+
+ cp := obj.Copy()
+
+ _, h := cp.LastHeader(HeaderType(TokenHdr))
+ require.NotNil(t, h)
+ require.Equal(t, token, h.GetValue().(*Header_Token).Token)
+ })
+}
diff --git a/object/utils.go b/object/utils.go
index 07f0984..33423aa 100644
--- a/object/utils.go
+++ b/object/utils.go
@@ -4,7 +4,6 @@ import (
"io"
"strconv"
- "github.com/nspcc-dev/neofs-api-go/session"
"github.com/pkg/errors"
)
@@ -46,11 +45,10 @@ func (b ByteSize) String() string {
// MakePutRequestHeader combines object and session token value
// into header of object put request.
-func MakePutRequestHeader(obj *Object, token *session.Token) *PutRequest {
+func MakePutRequestHeader(obj *Object) *PutRequest {
return &PutRequest{
R: &PutRequest_Header{Header: &PutRequest_PutHeader{
Object: obj,
- Token: token,
}},
}
}
diff --git a/object/verification.go b/object/verification.go
index a00b30a..0bcbc7c 100644
--- a/object/verification.go
+++ b/object/verification.go
@@ -77,7 +77,7 @@ func (m Object) Verify() error {
integrity := ih.Value.(*Header_Integrity).Integrity
// Prepare structures
- _, vh := m.LastHeader(HeaderType(VerifyHdr))
+ _, vh := m.LastHeader(HeaderType(TokenHdr))
if vh == nil {
_, pkh := m.LastHeader(HeaderType(PublicKeyHdr))
if pkh == nil {
@@ -85,7 +85,7 @@ func (m Object) Verify() error {
}
pubkey = pkh.Value.(*Header_PublicKey).PublicKey.Value
} else {
- pubkey = vh.Value.(*Header_Verify).Verify.PublicKey
+ pubkey = vh.Value.(*Header_Token).Token.GetSessionKey()
}
// Verify signature
diff --git a/object/verification_test.go b/object/verification_test.go
index b37ec70..95a6d32 100644
--- a/object/verification_test.go
+++ b/object/verification_test.go
@@ -6,7 +6,6 @@ import (
"github.com/google/uuid"
"github.com/nspcc-dev/neofs-api-go/container"
"github.com/nspcc-dev/neofs-api-go/refs"
- "github.com/nspcc-dev/neofs-api-go/session"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-crypto/test"
"github.com/stretchr/testify/require"
@@ -77,11 +76,10 @@ func TestObject_Verify(t *testing.T) {
dataPK := crypto.MarshalPublicKey(&sessionkey.PublicKey)
signature, err = crypto.Sign(key, dataPK)
- vh := &session.VerificationHeader{
- PublicKey: dataPK,
- KeySignature: signature,
- }
- obj.SetVerificationHeader(vh)
+ tok := new(Token)
+ tok.SetSignature(signature)
+ tok.SetSessionKey(dataPK)
+ obj.AddHeader(&Header{Value: &Header_Token{Token: tok}})
// validation header is not last
t.Run("error validation header is not last", func(t *testing.T) {
@@ -90,7 +88,7 @@ func TestObject_Verify(t *testing.T) {
})
obj.Headers = obj.Headers[:len(obj.Headers)-2]
- obj.SetVerificationHeader(vh)
+ obj.AddHeader(&Header{Value: &Header_Token{Token: tok}})
obj.SetHeader(&Header{Value: &Header_Integrity{ih}})
t.Run("error invalid header checksum", func(t *testing.T) {
@@ -115,7 +113,7 @@ func TestObject_Verify(t *testing.T) {
require.NoError(t, err)
obj.SetHeader(genIH)
- t.Run("correct with vh", func(t *testing.T) {
+ t.Run("correct with tok", func(t *testing.T) {
err = obj.Verify()
require.NoError(t, err)
})
@@ -123,7 +121,7 @@ func TestObject_Verify(t *testing.T) {
pkh := Header{Value: &Header_PublicKey{&PublicKey{
Value: crypto.MarshalPublicKey(&key.PublicKey),
}}}
- // replace vh with pkh
+ // replace tok with pkh
obj.Headers[len(obj.Headers)-2] = pkh
// re-sign object
obj.Sign(sessionkey)
diff --git a/refs/types.go b/refs/types.go
index 117aa03..417eec3 100644
--- a/refs/types.go
+++ b/refs/types.go
@@ -37,6 +37,23 @@ type (
OwnerID chain.WalletAddress
)
+// OwnerIDSource is an interface of the container of an OwnerID value with read access.
+type OwnerIDSource interface {
+ GetOwnerID() OwnerID
+}
+
+// OwnerIDContainer is an interface of the container of an OwnerID value.
+type OwnerIDContainer interface {
+ OwnerIDSource
+ SetOwnerID(OwnerID)
+}
+
+// AddressContainer is an interface of the container of object address value.
+type AddressContainer interface {
+ GetAddress() Address
+ SetAddress(Address)
+}
+
const (
// UUIDSize contains size of UUID.
UUIDSize = 16
diff --git a/service/alias.go b/service/alias.go
new file mode 100644
index 0000000..9a40702
--- /dev/null
+++ b/service/alias.go
@@ -0,0 +1,20 @@
+package service
+
+import (
+ "github.com/nspcc-dev/neofs-api-go/refs"
+)
+
+// TokenID is a type alias of UUID ref.
+type TokenID = refs.UUID
+
+// OwnerID is a type alias of OwnerID ref.
+type OwnerID = refs.OwnerID
+
+// Address is a type alias of Address ref.
+type Address = refs.Address
+
+// AddressContainer is a type alias of refs.AddressContainer.
+type AddressContainer = refs.AddressContainer
+
+// OwnerIDContainer is a type alias of refs.OwnerIDContainer.
+type OwnerIDContainer = refs.OwnerIDContainer
diff --git a/service/epoch.go b/service/epoch.go
new file mode 100644
index 0000000..7a7a556
--- /dev/null
+++ b/service/epoch.go
@@ -0,0 +1,11 @@
+package service
+
+// SetEpoch is an Epoch field setter.
+func (m *ResponseMetaHeader) SetEpoch(v uint64) {
+ m.Epoch = v
+}
+
+// SetEpoch is an Epoch field setter.
+func (m *RequestMetaHeader) SetEpoch(v uint64) {
+ m.Epoch = v
+}
diff --git a/service/epoch_test.go b/service/epoch_test.go
new file mode 100644
index 0000000..47316c0
--- /dev/null
+++ b/service/epoch_test.go
@@ -0,0 +1,21 @@
+package service
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestGetSetEpoch(t *testing.T) {
+ v := uint64(5)
+
+ items := []EpochContainer{
+ new(ResponseMetaHeader),
+ new(RequestMetaHeader),
+ }
+
+ for _, item := range items {
+ item.SetEpoch(v)
+ require.Equal(t, v, item.GetEpoch())
+ }
+}
diff --git a/service/errors.go b/service/errors.go
new file mode 100644
index 0000000..f3a0dfc
--- /dev/null
+++ b/service/errors.go
@@ -0,0 +1,49 @@
+package service
+
+import "github.com/nspcc-dev/neofs-api-go/internal"
+
+// ErrNilToken is returned by functions that expect
+// a non-nil token argument, but received nil.
+const ErrNilToken = internal.Error("token is nil")
+
+// ErrInvalidTTL means that the TTL value does not
+// satisfy a specific criterion.
+const ErrInvalidTTL = internal.Error("invalid TTL value")
+
+// ErrInvalidPublicKeyBytes means that the public key could not be unmarshaled.
+const ErrInvalidPublicKeyBytes = internal.Error("cannot load public key")
+
+// ErrCannotFindOwner is raised when signatures empty in GetOwner.
+const ErrCannotFindOwner = internal.Error("cannot find owner public key")
+
+// ErrWrongOwner is raised when passed OwnerID
+// not equal to present PublicKey
+const ErrWrongOwner = internal.Error("wrong owner")
+
+// ErrNilSignedDataSource returned by functions that expect a non-nil
+// SignedDataSource, but received nil.
+const ErrNilSignedDataSource = internal.Error("signed data source is nil")
+
+// ErrNilSignatureKeySource is returned by functions that expect a non-nil
+// SignatureKeySource, but received nil.
+const ErrNilSignatureKeySource = internal.Error("empty key-signature source")
+
+// ErrEmptyDataWithSignature is returned by functions that expect
+// a non-nil DataWithSignature, but received nil.
+const ErrEmptyDataWithSignature = internal.Error("empty data with signature")
+
+// ErrNegativeLength is returned by functions that received
+// negative length for slice allocation.
+const ErrNegativeLength = internal.Error("negative slice length")
+
+// ErrNilDataWithTokenSignAccumulator is returned by functions that expect
+// a non-nil DataWithTokenSignAccumulator, but received nil.
+const ErrNilDataWithTokenSignAccumulator = internal.Error("signed data with token is nil")
+
+// ErrNilSignatureKeySourceWithToken is returned by functions that expect
+// a non-nil SignatureKeySourceWithToken, but received nil.
+const ErrNilSignatureKeySourceWithToken = internal.Error("key-signature source with token is nil")
+
+// ErrNilSignedDataReader is returned by functions that expect
+// a non-nil SignedDataReader, but received nil.
+const ErrNilSignedDataReader = internal.Error("signed data reader is nil")
diff --git a/service/meta.go b/service/meta.go
index 5e9886d..3f01758 100644
--- a/service/meta.go
+++ b/service/meta.go
@@ -1,127 +1,13 @@
package service
-import (
- "github.com/nspcc-dev/neofs-api-go/internal"
- "github.com/pkg/errors"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/status"
-)
-
-type (
- // MetaHeader contains meta information of request.
- // It provides methods to get or set meta information meta header.
- // Also contains methods to reset and restore meta header.
- // Also contains methods to get or set request protocol version
- MetaHeader interface {
- ResetMeta() RequestMetaHeader
- RestoreMeta(RequestMetaHeader)
-
- // TTLRequest to verify and update ttl requests.
- GetTTL() uint32
- SetTTL(uint32)
-
- // EpochHeader gives possibility to get or set epoch in RPC Requests.
- EpochHeader
-
- // VersionHeader allows get or set version of protocol request
- VersionHeader
- }
-
- // EpochHeader interface gives possibility to get or set epoch in RPC Requests.
- EpochHeader interface {
- GetEpoch() uint64
- SetEpoch(v uint64)
- }
-
- // VersionHeader allows get or set version of protocol request
- VersionHeader interface {
- GetVersion() uint32
- SetVersion(uint32)
- }
-
- // TTLCondition is closure, that allows to validate request with ttl.
- TTLCondition func(ttl uint32) error
-)
-
-const (
- // ZeroTTL is empty ttl, should produce ErrZeroTTL.
- ZeroTTL = iota
-
- // NonForwardingTTL is a ttl that allows direct connections only.
- NonForwardingTTL
-
- // SingleForwardingTTL is a ttl that allows connections through another node.
- SingleForwardingTTL
-)
-
-const (
- // ErrZeroTTL is raised when zero ttl is passed.
- ErrZeroTTL = internal.Error("zero ttl")
-
- // ErrIncorrectTTL is raised when NonForwardingTTL is passed and NodeRole != InnerRingNode.
- ErrIncorrectTTL = internal.Error("incorrect ttl")
-)
-
-// SetVersion sets protocol version to ResponseMetaHeader.
-func (m *ResponseMetaHeader) SetVersion(v uint32) { m.Version = v }
-
-// SetEpoch sets Epoch to ResponseMetaHeader.
-func (m *ResponseMetaHeader) SetEpoch(v uint64) { m.Epoch = v }
-
-// SetVersion sets protocol version to RequestMetaHeader.
-func (m *RequestMetaHeader) SetVersion(v uint32) { m.Version = v }
-
-// SetTTL sets TTL to RequestMetaHeader.
-func (m *RequestMetaHeader) SetTTL(v uint32) { m.TTL = v }
-
-// SetEpoch sets Epoch to RequestMetaHeader.
-func (m *RequestMetaHeader) SetEpoch(v uint64) { m.Epoch = v }
-
-// ResetMeta returns current value and sets RequestMetaHeader to empty value.
-func (m *RequestMetaHeader) ResetMeta() RequestMetaHeader {
+// CutMeta returns current value and sets RequestMetaHeader to empty value.
+func (m *RequestMetaHeader) CutMeta() RequestMetaHeader {
cp := *m
m.Reset()
return cp
}
// RestoreMeta sets current RequestMetaHeader to passed value.
-func (m *RequestMetaHeader) RestoreMeta(v RequestMetaHeader) { *m = v }
-
-// IRNonForwarding condition that allows NonForwardingTTL only for IR
-func IRNonForwarding(role NodeRole) TTLCondition {
- return func(ttl uint32) error {
- if ttl == NonForwardingTTL && role != InnerRingNode {
- return ErrIncorrectTTL
- }
-
- return nil
- }
-}
-
-// ProcessRequestTTL validates and update ttl requests.
-func ProcessRequestTTL(req MetaHeader, cond ...TTLCondition) error {
- ttl := req.GetTTL()
-
- if ttl == ZeroTTL {
- return status.New(codes.InvalidArgument, ErrZeroTTL.Error()).Err()
- }
-
- for i := range cond {
- if cond[i] == nil {
- continue
- }
-
- // check specific condition:
- if err := cond[i](ttl); err != nil {
- if st, ok := status.FromError(errors.Cause(err)); ok {
- return st.Err()
- }
-
- return status.New(codes.InvalidArgument, err.Error()).Err()
- }
- }
-
- req.SetTTL(ttl - 1)
-
- return nil
+func (m *RequestMetaHeader) RestoreMeta(v RequestMetaHeader) {
+ *m = v
}
diff --git a/service/meta.pb.go b/service/meta.pb.go
index 8039990..25a5469 100644
--- a/service/meta.pb.go
+++ b/service/meta.pb.go
@@ -32,7 +32,9 @@ type RequestMetaHeader struct {
Epoch uint64 `protobuf:"varint,2,opt,name=Epoch,proto3" json:"Epoch,omitempty"`
// Version defines protocol version
// TODO: not used for now, should be implemented in future
- Version uint32 `protobuf:"varint,3,opt,name=Version,proto3" json:"Version,omitempty"`
+ Version uint32 `protobuf:"varint,3,opt,name=Version,proto3" json:"Version,omitempty"`
+ // Raw determines whether the request is raw or not
+ Raw bool `protobuf:"varint,4,opt,name=Raw,proto3" json:"Raw,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@@ -88,6 +90,13 @@ func (m *RequestMetaHeader) GetVersion() uint32 {
return 0
}
+func (m *RequestMetaHeader) GetRaw() bool {
+ if m != nil {
+ return m.Raw
+ }
+ return false
+}
+
// ResponseMetaHeader contains meta information based on request processing by server
// (should be embedded into message)
type ResponseMetaHeader struct {
@@ -152,23 +161,24 @@ func init() {
func init() { proto.RegisterFile("service/meta.proto", fileDescriptor_a638867e7b43457c) }
var fileDescriptor_a638867e7b43457c = []byte{
- // 247 bytes of a gzipped FileDescriptorProto
+ // 261 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x2a, 0x4e, 0x2d, 0x2a,
0xcb, 0x4c, 0x4e, 0xd5, 0xcf, 0x4d, 0x2d, 0x49, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62,
0x87, 0x8a, 0x49, 0xe9, 0xa6, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, 0xe7, 0xea, 0xa7,
0xe7, 0xa7, 0xe7, 0xeb, 0x83, 0xe5, 0x93, 0x4a, 0xd3, 0xc0, 0x3c, 0x30, 0x07, 0xcc, 0x82, 0xe8,
- 0x53, 0x0a, 0xe5, 0x12, 0x0c, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0xf1, 0x4d, 0x2d, 0x49, 0xf4,
+ 0x53, 0x4a, 0xe7, 0x12, 0x0c, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0xf1, 0x4d, 0x2d, 0x49, 0xf4,
0x48, 0x4d, 0x4c, 0x49, 0x2d, 0x12, 0x12, 0xe0, 0x62, 0x0e, 0x09, 0xf1, 0x91, 0x60, 0x54, 0x60,
0xd4, 0xe0, 0x0d, 0x02, 0x31, 0x85, 0x44, 0xb8, 0x58, 0x5d, 0x0b, 0xf2, 0x93, 0x33, 0x24, 0x98,
0x14, 0x18, 0x35, 0x58, 0x82, 0x20, 0x1c, 0x21, 0x09, 0x2e, 0xf6, 0xb0, 0xd4, 0xa2, 0xe2, 0xcc,
- 0xfc, 0x3c, 0x09, 0x66, 0xb0, 0x5a, 0x18, 0x57, 0xc9, 0x85, 0x4b, 0x28, 0x28, 0xb5, 0xb8, 0x20,
- 0x3f, 0xaf, 0x38, 0x15, 0xc9, 0x5c, 0xb8, 0x29, 0x8c, 0x38, 0x4c, 0x61, 0x42, 0x31, 0xc5, 0x29,
- 0xf8, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x6f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48,
- 0x8e, 0x71, 0xc6, 0x63, 0x39, 0x86, 0x28, 0x4d, 0x24, 0x1f, 0xe6, 0x15, 0x17, 0x24, 0x27, 0xeb,
- 0xa6, 0xa4, 0x96, 0xe9, 0xe7, 0xa5, 0xe6, 0xa7, 0x15, 0xeb, 0x26, 0x16, 0x64, 0xea, 0xa6, 0xe7,
- 0xeb, 0x43, 0x03, 0x63, 0x15, 0x93, 0xa0, 0x5f, 0x6a, 0xbe, 0x5b, 0xb0, 0x9e, 0x63, 0x80, 0xa7,
- 0x5e, 0x30, 0x44, 0x2c, 0x89, 0x0d, 0xec, 0x71, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0x36,
- 0xce, 0x54, 0x19, 0x46, 0x01, 0x00, 0x00,
+ 0xfc, 0x3c, 0x09, 0x66, 0xb0, 0x5a, 0x18, 0x17, 0x64, 0x42, 0x50, 0x62, 0xb9, 0x04, 0x8b, 0x02,
+ 0xa3, 0x06, 0x47, 0x10, 0x88, 0xa9, 0xe4, 0xc2, 0x25, 0x14, 0x94, 0x5a, 0x5c, 0x90, 0x9f, 0x57,
+ 0x9c, 0x8a, 0x64, 0x13, 0xdc, 0x5c, 0x46, 0x1c, 0xe6, 0x32, 0xa1, 0x98, 0xeb, 0x14, 0x7c, 0xe2,
+ 0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72, 0x8c, 0x37, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x38,
+ 0xe3, 0xb1, 0x1c, 0x43, 0x94, 0x26, 0x92, 0x9f, 0xf3, 0x8a, 0x0b, 0x92, 0x93, 0x75, 0x53, 0x52,
+ 0xcb, 0xf4, 0xf3, 0x52, 0xf3, 0xd3, 0x8a, 0x75, 0x13, 0x0b, 0x32, 0x75, 0xd3, 0xf3, 0xf5, 0xa1,
+ 0xc1, 0xb3, 0x8a, 0x49, 0xd0, 0x2f, 0x35, 0xdf, 0x2d, 0x58, 0xcf, 0x31, 0xc0, 0x53, 0x2f, 0x18,
+ 0x22, 0x96, 0xc4, 0x06, 0x0e, 0x0a, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x12, 0x93,
+ 0x5e, 0x58, 0x01, 0x00, 0x00,
}
func (m *RequestMetaHeader) Marshal() (dAtA []byte, err error) {
@@ -195,6 +205,16 @@ func (m *RequestMetaHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
+ if m.Raw {
+ i--
+ if m.Raw {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i--
+ dAtA[i] = 0x20
+ }
if m.Version != 0 {
i = encodeVarintMeta(dAtA, i, uint64(m.Version))
i--
@@ -276,6 +296,9 @@ func (m *RequestMetaHeader) Size() (n int) {
if m.Version != 0 {
n += 1 + sovMeta(uint64(m.Version))
}
+ if m.Raw {
+ n += 2
+ }
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
@@ -392,6 +415,26 @@ func (m *RequestMetaHeader) Unmarshal(dAtA []byte) error {
break
}
}
+ case 4:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Raw", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowMeta
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.Raw = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipMeta(dAtA[iNdEx:])
diff --git a/service/meta.proto b/service/meta.proto
index 99b37d3..093f118 100644
--- a/service/meta.proto
+++ b/service/meta.proto
@@ -17,6 +17,8 @@ message RequestMetaHeader {
// Version defines protocol version
// TODO: not used for now, should be implemented in future
uint32 Version = 3;
+ // Raw determines whether the request is raw or not
+ bool Raw = 4;
}
// ResponseMetaHeader contains meta information based on request processing by server
diff --git a/service/meta_test.go b/service/meta_test.go
index 083ccd6..a0b85ef 100644
--- a/service/meta_test.go
+++ b/service/meta_test.go
@@ -3,102 +3,23 @@ package service
import (
"testing"
- "github.com/pkg/errors"
"github.com/stretchr/testify/require"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/status"
)
-type mockedRequest struct {
- msg string
- name string
- code codes.Code
- handler TTLCondition
- RequestMetaHeader
-}
-
-func TestMetaRequest(t *testing.T) {
- tests := []mockedRequest{
- {
- name: "direct to ir node",
- handler: IRNonForwarding(InnerRingNode),
- RequestMetaHeader: RequestMetaHeader{TTL: NonForwardingTTL},
- },
- {
- code: codes.InvalidArgument,
- msg: ErrIncorrectTTL.Error(),
- name: "direct to storage node",
- handler: IRNonForwarding(StorageNode),
- RequestMetaHeader: RequestMetaHeader{TTL: NonForwardingTTL},
- },
- {
- msg: ErrZeroTTL.Error(),
- code: codes.InvalidArgument,
- name: "zero ttl",
- handler: IRNonForwarding(StorageNode),
- RequestMetaHeader: RequestMetaHeader{TTL: ZeroTTL},
- },
- {
- name: "default to ir node",
- handler: IRNonForwarding(InnerRingNode),
- RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
- },
- {
- name: "default to storage node",
- handler: IRNonForwarding(StorageNode),
- RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
- },
- {
- msg: "not found",
- code: codes.NotFound,
- name: "custom status error",
- RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
- handler: func(_ uint32) error { return status.Error(codes.NotFound, "not found") },
- },
- {
- msg: "not found",
- code: codes.NotFound,
- name: "custom wrapped status error",
- RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
- handler: func(_ uint32) error {
- err := status.Error(codes.NotFound, "not found")
- err = errors.Wrap(err, "some error context")
- err = errors.Wrap(err, "another error context")
- return err
- },
+func TestCutRestoreMeta(t *testing.T) {
+ items := []func() SeizedMetaHeaderContainer{
+ func() SeizedMetaHeaderContainer {
+ m := new(RequestMetaHeader)
+ m.SetEpoch(1)
+ return m
},
}
- for i := range tests {
- tt := tests[i]
- t.Run(tt.name, func(t *testing.T) {
- before := tt.GetTTL()
- err := ProcessRequestTTL(&tt, tt.handler)
- if tt.msg != "" {
- require.Errorf(t, err, tt.msg)
+ for _, item := range items {
+ v1 := item()
+ m1 := v1.CutMeta()
+ v1.RestoreMeta(m1)
- state, ok := status.FromError(err)
- require.True(t, ok)
- require.Equal(t, tt.code, state.Code())
- require.Equal(t, tt.msg, state.Message())
- } else {
- require.NoError(t, err)
- require.NotEqualf(t, before, tt.GetTTL(), "ttl should be changed: %d vs %d", before, tt.GetTTL())
- }
- })
+ require.Equal(t, item(), v1)
}
}
-
-func TestRequestMetaHeader_SetEpoch(t *testing.T) {
- m := new(ResponseMetaHeader)
- epoch := uint64(3)
- m.SetEpoch(epoch)
- require.Equal(t, epoch, m.GetEpoch())
-}
-
-func TestRequestMetaHeader_SetVersion(t *testing.T) {
- m := new(ResponseMetaHeader)
- version := uint32(3)
- m.SetVersion(version)
- require.Equal(t, version, m.GetVersion())
-}
diff --git a/service/raw.go b/service/raw.go
new file mode 100644
index 0000000..0bb4b27
--- /dev/null
+++ b/service/raw.go
@@ -0,0 +1,6 @@
+package service
+
+// SetRaw is a Raw field setter.
+func (m *RequestMetaHeader) SetRaw(raw bool) {
+ m.Raw = raw
+}
diff --git a/service/raw_test.go b/service/raw_test.go
new file mode 100644
index 0000000..ad595ed
--- /dev/null
+++ b/service/raw_test.go
@@ -0,0 +1,24 @@
+package service
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestGetSetRaw(t *testing.T) {
+ items := []RawContainer{
+ new(RequestMetaHeader),
+ }
+
+ for _, item := range items {
+ // init with false
+ item.SetRaw(false)
+
+ item.SetRaw(true)
+ require.True(t, item.GetRaw())
+
+ item.SetRaw(false)
+ require.False(t, item.GetRaw())
+ }
+}
diff --git a/service/role.go b/service/role.go
index 53bcdf5..64a0074 100644
--- a/service/role.go
+++ b/service/role.go
@@ -1,7 +1,6 @@
package service
-// NodeRole to identify in Bootstrap service.
-type NodeRole int32
+import "encoding/binary"
const (
_ NodeRole = iota
@@ -22,3 +21,17 @@ func (nt NodeRole) String() string {
return "Unknown"
}
}
+
+// Size returns the size necessary for a binary representation of the NodeRole.
+func (nt NodeRole) Size() int {
+ return 4
+}
+
+// Bytes returns a binary representation of the NodeRole.
+func (nt NodeRole) Bytes() []byte {
+ data := make([]byte, nt.Size())
+
+ binary.BigEndian.PutUint32(data, uint32(nt))
+
+ return data
+}
diff --git a/service/sign.go b/service/sign.go
new file mode 100644
index 0000000..5b1548f
--- /dev/null
+++ b/service/sign.go
@@ -0,0 +1,229 @@
+package service
+
+import (
+ "crypto/ecdsa"
+ "sync"
+
+ crypto "github.com/nspcc-dev/neofs-crypto"
+)
+
+type keySign struct {
+ key *ecdsa.PublicKey
+ sign []byte
+}
+
+var bytesPool = sync.Pool{
+ New: func() interface{} {
+ return make([]byte, 5<<20)
+ },
+}
+
+// GetSignature is a sign field getter.
+func (s keySign) GetSignature() []byte {
+ return s.sign
+}
+
+// GetPublicKey is a key field getter,
+func (s keySign) GetPublicKey() *ecdsa.PublicKey {
+ return s.key
+}
+
+// Unites passed key with signature and returns SignKeyPair interface.
+func newSignatureKeyPair(key *ecdsa.PublicKey, sign []byte) SignKeyPair {
+ return &keySign{
+ key: key,
+ sign: sign,
+ }
+}
+
+// Returns data from DataSignatureAccumulator for signature creation/verification.
+//
+// If passed DataSignatureAccumulator provides a SignedDataReader interface, data for signature is obtained
+// using this interface for optimization. In this case, it is understood that reading into the slice D
+// that the method DataForSignature returns does not change D.
+//
+// If returned length of data is negative, ErrNegativeLength returns.
+func dataForSignature(src SignedDataSource) ([]byte, error) {
+ if src == nil {
+ return nil, ErrNilSignedDataSource
+ }
+
+ r, ok := src.(SignedDataReader)
+ if !ok {
+ return src.SignedData()
+ }
+
+ buf := bytesPool.Get().([]byte)
+
+ if size := r.SignedDataSize(); size < 0 {
+ return nil, ErrNegativeLength
+ } else if size <= cap(buf) {
+ buf = buf[:size]
+ } else {
+ buf = make([]byte, size)
+ }
+
+ n, err := r.ReadSignedData(buf)
+ if err != nil {
+ return nil, err
+ }
+
+ return buf[:n], nil
+
+}
+
+// DataSignature returns the signature of data obtained using the private key.
+//
+// If passed data container is nil, ErrNilSignedDataSource returns.
+// If passed private key is nil, crypto.ErrEmptyPrivateKey returns.
+// If the data container or the signature function returns an error, it is returned directly.
+func DataSignature(key *ecdsa.PrivateKey, src SignedDataSource) ([]byte, error) {
+ if key == nil {
+ return nil, crypto.ErrEmptyPrivateKey
+ }
+
+ data, err := dataForSignature(src)
+ if err != nil {
+ return nil, err
+ }
+ defer bytesPool.Put(data)
+
+ return crypto.Sign(key, data)
+}
+
+// AddSignatureWithKey calculates the data signature and adds it to accumulator with public key.
+//
+// Any change of data provoke signature breakdown.
+//
+// Returns signing errors only.
+func AddSignatureWithKey(key *ecdsa.PrivateKey, v DataWithSignKeyAccumulator) error {
+ sign, err := DataSignature(key, v)
+ if err != nil {
+ return err
+ }
+
+ v.AddSignKey(sign, &key.PublicKey)
+
+ return nil
+}
+
+// Checks passed key-signature pairs for data from the passed container.
+//
+// If passed key-signatures pair set is empty, nil returns immediately.
+func verifySignatures(src SignedDataSource, items ...SignKeyPair) error {
+ if len(items) <= 0 {
+ return nil
+ }
+
+ data, err := dataForSignature(src)
+ if err != nil {
+ return err
+ }
+ defer bytesPool.Put(data)
+
+ for _, signKey := range items {
+ if err := crypto.Verify(
+ signKey.GetPublicKey(),
+ data,
+ signKey.GetSignature(),
+ ); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// VerifySignatures checks passed key-signature pairs for data from the passed container.
+//
+// If passed data source is nil, ErrNilSignedDataSource returns.
+// If check data is not ready, corresponding error returns.
+// If at least one of the pairs is invalid, an error returns.
+func VerifySignatures(src SignedDataSource, items ...SignKeyPair) error {
+ return verifySignatures(src, items...)
+}
+
+// VerifyAccumulatedSignatures checks if accumulated key-signature pairs are valid.
+//
+// Behaves like VerifySignatures.
+// If passed key-signature source is empty, ErrNilSignatureKeySource returns.
+func VerifyAccumulatedSignatures(src DataWithSignKeySource) error {
+ if src == nil {
+ return ErrNilSignatureKeySource
+ }
+
+ return verifySignatures(src, src.GetSignKeyPairs()...)
+}
+
+// VerifySignatureWithKey checks data signature from the passed container with passed key.
+//
+// If passed data with signature is nil, ErrEmptyDataWithSignature returns.
+// If passed key is nil, crypto.ErrEmptyPublicKey returns.
+// A non-nil error returns if and only if the signature does not pass verification.
+func VerifySignatureWithKey(key *ecdsa.PublicKey, src DataWithSignature) error {
+ if src == nil {
+ return ErrEmptyDataWithSignature
+ } else if key == nil {
+ return crypto.ErrEmptyPublicKey
+ }
+
+ return verifySignatures(
+ src,
+ newSignatureKeyPair(
+ key,
+ src.GetSignature(),
+ ),
+ )
+}
+
+// SignDataWithSessionToken calculates data with token signature and adds it to accumulator.
+//
+// Any change of data or session token info provoke signature breakdown.
+//
+// If passed private key is nil, crypto.ErrEmptyPrivateKey returns.
+// If passed DataWithTokenSignAccumulator is nil, ErrNilDataWithTokenSignAccumulator returns.
+func SignDataWithSessionToken(key *ecdsa.PrivateKey, src DataWithTokenSignAccumulator) error {
+ if src == nil {
+ return ErrNilDataWithTokenSignAccumulator
+ } else if r, ok := src.(SignedDataReader); ok {
+ return AddSignatureWithKey(key, &signDataReaderWithToken{
+ SignedDataSource: src,
+ SignKeyPairAccumulator: src,
+
+ rdr: r,
+ token: src.GetSessionToken(),
+ },
+ )
+ }
+
+ return AddSignatureWithKey(key, &signAccumWithToken{
+ SignedDataSource: src,
+ SignKeyPairAccumulator: src,
+
+ token: src.GetSessionToken(),
+ })
+}
+
+// VerifyAccumulatedSignaturesWithToken checks if accumulated key-signature pairs of data with token are valid.
+//
+// If passed DataWithTokenSignSource is nil, ErrNilSignatureKeySourceWithToken returns.
+func VerifyAccumulatedSignaturesWithToken(src DataWithTokenSignSource) error {
+ if src == nil {
+ return ErrNilSignatureKeySourceWithToken
+ } else if r, ok := src.(SignedDataReader); ok {
+ return VerifyAccumulatedSignatures(&signDataReaderWithToken{
+ SignedDataSource: src,
+ SignKeyPairSource: src,
+
+ rdr: r,
+ token: src.GetSessionToken(),
+ })
+ }
+
+ return VerifyAccumulatedSignatures(&signAccumWithToken{
+ SignedDataSource: src,
+ SignKeyPairSource: src,
+
+ token: src.GetSessionToken(),
+ })
+}
diff --git a/service/sign_test.go b/service/sign_test.go
new file mode 100644
index 0000000..5cb7c40
--- /dev/null
+++ b/service/sign_test.go
@@ -0,0 +1,326 @@
+package service
+
+import (
+ "crypto/ecdsa"
+ "crypto/rand"
+ "errors"
+ "io"
+ "testing"
+
+ crypto "github.com/nspcc-dev/neofs-crypto"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+type testSignedDataSrc struct {
+ err error
+ data []byte
+ sig []byte
+ key *ecdsa.PublicKey
+ token SessionToken
+}
+
+type testSignedDataReader struct {
+ *testSignedDataSrc
+}
+
+func (s testSignedDataSrc) GetSignature() []byte {
+ return s.sig
+}
+
+func (s testSignedDataSrc) GetSignKeyPairs() []SignKeyPair {
+ return []SignKeyPair{
+ newSignatureKeyPair(s.key, s.sig),
+ }
+}
+
+func (s testSignedDataSrc) SignedData() ([]byte, error) {
+ return s.data, s.err
+}
+
+func (s *testSignedDataSrc) AddSignKey(sig []byte, key *ecdsa.PublicKey) {
+ s.key = key
+ s.sig = sig
+}
+
+func testData(t *testing.T, sz int) []byte {
+ d := make([]byte, sz)
+ _, err := rand.Read(d)
+ require.NoError(t, err)
+ return d
+}
+
+func (s testSignedDataSrc) GetSessionToken() SessionToken {
+ return s.token
+}
+
+func (s testSignedDataReader) SignedDataSize() int {
+ return len(s.data)
+}
+
+func (s testSignedDataReader) ReadSignedData(buf []byte) (int, error) {
+ if s.err != nil {
+ return 0, s.err
+ }
+
+ var err error
+ if len(buf) < len(s.data) {
+ err = io.ErrUnexpectedEOF
+ }
+ return copy(buf, s.data), err
+}
+
+func TestDataSignature(t *testing.T) {
+ var err error
+
+ // nil private key
+ _, err = DataSignature(nil, nil)
+ require.EqualError(t, err, crypto.ErrEmptyPrivateKey.Error())
+
+ // create test private key
+ sk := test.DecodeKey(0)
+
+ // nil private key
+ _, err = DataSignature(sk, nil)
+ require.EqualError(t, err, ErrNilSignedDataSource.Error())
+
+ t.Run("common signed data source", func(t *testing.T) {
+ // create test data source
+ src := &testSignedDataSrc{
+ data: testData(t, 10),
+ }
+
+ // create custom error for data source
+ src.err = errors.New("test error for data source")
+
+ _, err = DataSignature(sk, src)
+ require.EqualError(t, err, src.err.Error())
+
+ // reset error to nil
+ src.err = nil
+
+ // calculate data signature
+ sig, err := DataSignature(sk, src)
+ require.NoError(t, err)
+
+ // ascertain that the signature passes verification
+ require.NoError(t, crypto.Verify(&sk.PublicKey, src.data, sig))
+ })
+
+ t.Run("signed data reader", func(t *testing.T) {
+ // create test signed data reader
+ src := &testSignedDataSrc{
+ data: testData(t, 10),
+ }
+
+ // create custom error for signed data reader
+ src.err = errors.New("test error for signed data reader")
+
+ sig, err := DataSignature(sk, src)
+ require.EqualError(t, err, src.err.Error())
+
+ // reset error to nil
+ src.err = nil
+
+ // calculate data signature
+ sig, err = DataSignature(sk, src)
+ require.NoError(t, err)
+
+ // ascertain that the signature passes verification
+ require.NoError(t, crypto.Verify(&sk.PublicKey, src.data, sig))
+ })
+}
+
+func TestAddSignatureWithKey(t *testing.T) {
+ require.NoError(t,
+ AddSignatureWithKey(
+ test.DecodeKey(0),
+ &testSignedDataSrc{
+ data: testData(t, 10),
+ },
+ ),
+ )
+}
+
+func TestVerifySignatures(t *testing.T) {
+ // empty signatures
+ require.NoError(t, VerifySignatures(nil))
+
+ // create test signature source
+ src := &testSignedDataSrc{
+ data: testData(t, 10),
+ }
+
+ // create private key for test
+ sk := test.DecodeKey(0)
+
+ // calculate a signature of the data
+ sig, err := crypto.Sign(sk, src.data)
+ require.NoError(t, err)
+
+ // ascertain that verification is passed
+ require.NoError(t,
+ VerifySignatures(
+ src,
+ newSignatureKeyPair(&sk.PublicKey, sig),
+ ),
+ )
+
+ // break the signature
+ sig[0]++
+
+ require.Error(t,
+ VerifySignatures(
+ src,
+ newSignatureKeyPair(&sk.PublicKey, sig),
+ ),
+ )
+
+ // restore the signature
+ sig[0]--
+
+ // empty data source
+ require.EqualError(t,
+ VerifySignatures(nil, nil),
+ ErrNilSignedDataSource.Error(),
+ )
+
+}
+
+func TestVerifyAccumulatedSignatures(t *testing.T) {
+ // nil signature source
+ require.EqualError(t,
+ VerifyAccumulatedSignatures(nil),
+ ErrNilSignatureKeySource.Error(),
+ )
+
+ // create test private key
+ sk := test.DecodeKey(0)
+
+ // create signature source
+ src := &testSignedDataSrc{
+ data: testData(t, 10),
+ key: &sk.PublicKey,
+ }
+
+ var err error
+
+ // calculate a signature
+ src.sig, err = crypto.Sign(sk, src.data)
+ require.NoError(t, err)
+
+ // ascertain that verification is passed
+ require.NoError(t, VerifyAccumulatedSignatures(src))
+
+ // break the signature
+ src.sig[0]++
+
+ // ascertain that verification is failed
+ require.Error(t, VerifyAccumulatedSignatures(src))
+}
+
+func TestVerifySignatureWithKey(t *testing.T) {
+ // nil signature source
+ require.EqualError(t,
+ VerifySignatureWithKey(nil, nil),
+ ErrEmptyDataWithSignature.Error(),
+ )
+
+ // create test signature source
+ src := &testSignedDataSrc{
+ data: testData(t, 10),
+ }
+
+ // nil public key
+ require.EqualError(t,
+ VerifySignatureWithKey(nil, src),
+ crypto.ErrEmptyPublicKey.Error(),
+ )
+
+ // create test private key
+ sk := test.DecodeKey(0)
+
+ var err error
+
+ // calculate a signature
+ src.sig, err = crypto.Sign(sk, src.data)
+ require.NoError(t, err)
+
+ // ascertain that verification is passed
+ require.NoError(t, VerifySignatureWithKey(&sk.PublicKey, src))
+
+ // break the signature
+ src.sig[0]++
+
+ // ascertain that verification is failed
+ require.Error(t, VerifySignatureWithKey(&sk.PublicKey, src))
+}
+
+func TestSignVerifyDataWithSessionToken(t *testing.T) {
+ // sign with empty DataWithTokenSignAccumulator
+ require.EqualError(t,
+ SignDataWithSessionToken(nil, nil),
+ ErrNilDataWithTokenSignAccumulator.Error(),
+ )
+
+ // verify with empty DataWithTokenSignSource
+ require.EqualError(t,
+ VerifyAccumulatedSignaturesWithToken(nil),
+ ErrNilSignatureKeySourceWithToken.Error(),
+ )
+
+ // create test session token
+ var (
+ token = new(Token)
+ initVerb = Token_Info_Verb(1)
+ )
+
+ token.SetVerb(initVerb)
+
+ // create test data with token
+ src := &testSignedDataSrc{
+ data: testData(t, 10),
+ token: token,
+ }
+
+ // create test private key
+ sk := test.DecodeKey(0)
+
+ // sign with private key
+ require.NoError(t, SignDataWithSessionToken(sk, src))
+
+ // ascertain that verification is passed
+ require.NoError(t, VerifyAccumulatedSignaturesWithToken(src))
+
+ // break the data
+ src.data[0]++
+
+ // ascertain that verification is failed
+ require.Error(t, VerifyAccumulatedSignaturesWithToken(src))
+
+ // restore the data
+ src.data[0]--
+
+ // break the token
+ token.SetVerb(initVerb + 1)
+
+ // ascertain that verification is failed
+ require.Error(t, VerifyAccumulatedSignaturesWithToken(src))
+
+ // restore the token
+ token.SetVerb(initVerb)
+
+ // ascertain that verification is passed
+ require.NoError(t, VerifyAccumulatedSignaturesWithToken(src))
+
+ // wrap to data reader
+ rdr := &testSignedDataReader{
+ testSignedDataSrc: src,
+ }
+
+ // sign with private key
+ require.NoError(t, SignDataWithSessionToken(sk, rdr))
+
+ // ascertain that verification is passed
+ require.NoError(t, VerifyAccumulatedSignaturesWithToken(rdr))
+}
diff --git a/service/token.go b/service/token.go
new file mode 100644
index 0000000..32c390f
--- /dev/null
+++ b/service/token.go
@@ -0,0 +1,231 @@
+package service
+
+import (
+ "crypto/ecdsa"
+ "encoding/binary"
+ "io"
+
+ "github.com/nspcc-dev/neofs-api-go/refs"
+)
+
+type signAccumWithToken struct {
+ SignedDataSource
+ SignKeyPairAccumulator
+ SignKeyPairSource
+
+ token SessionToken
+}
+
+type signDataReaderWithToken struct {
+ SignedDataSource
+ SignKeyPairAccumulator
+ SignKeyPairSource
+
+ rdr SignedDataReader
+
+ token SessionToken
+}
+
+const verbSize = 4
+
+const fixedTokenDataSize = 0 +
+ refs.UUIDSize +
+ refs.OwnerIDSize +
+ verbSize +
+ refs.UUIDSize +
+ refs.CIDSize +
+ 8 +
+ 8
+
+var tokenEndianness = binary.BigEndian
+
+// GetID is an ID field getter.
+func (m Token_Info) GetID() TokenID {
+ return m.ID
+}
+
+// SetID is an ID field setter.
+func (m *Token_Info) SetID(id TokenID) {
+ m.ID = id
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m Token_Info) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *Token_Info) SetOwnerID(id OwnerID) {
+ m.OwnerID = id
+}
+
+// SetVerb is a Verb field setter.
+func (m *Token_Info) SetVerb(verb Token_Info_Verb) {
+ m.Verb = verb
+}
+
+// GetAddress is an Address field getter.
+func (m Token_Info) GetAddress() Address {
+ return m.Address
+}
+
+// SetAddress is an Address field setter.
+func (m *Token_Info) SetAddress(addr Address) {
+ m.Address = addr
+}
+
+// CreationEpoch is a Created field getter.
+func (m TokenLifetime) CreationEpoch() uint64 {
+ return m.Created
+}
+
+// SetCreationEpoch is a Created field setter.
+func (m *TokenLifetime) SetCreationEpoch(e uint64) {
+ m.Created = e
+}
+
+// ExpirationEpoch is a ValidUntil field getter.
+func (m TokenLifetime) ExpirationEpoch() uint64 {
+ return m.ValidUntil
+}
+
+// SetExpirationEpoch is a ValidUntil field setter.
+func (m *TokenLifetime) SetExpirationEpoch(e uint64) {
+ m.ValidUntil = e
+}
+
+// SetSessionKey is a SessionKey field setter.
+func (m *Token_Info) SetSessionKey(key []byte) {
+ m.SessionKey = key
+}
+
+// SetSignature is a Signature field setter.
+func (m *Token) SetSignature(sig []byte) {
+ m.Signature = sig
+}
+
+// Size returns the size of a binary representation of the verb.
+func (x Token_Info_Verb) Size() int {
+ return verbSize
+}
+
+// Bytes returns a binary representation of the verb.
+func (x Token_Info_Verb) Bytes() []byte {
+ data := make([]byte, verbSize)
+ tokenEndianness.PutUint32(data, uint32(x))
+ return data
+}
+
+// AddSignKey calls a Signature field setter with passed signature.
+func (m *Token) AddSignKey(sig []byte, _ *ecdsa.PublicKey) {
+ m.SetSignature(sig)
+}
+
+// SignedData returns token information in a binary representation.
+func (m *Token) SignedData() ([]byte, error) {
+ return SignedDataFromReader(m)
+}
+
+// ReadSignedData copies a binary representation of the token information to passed buffer.
+//
+// If buffer length is less than required, io.ErrUnexpectedEOF returns.
+func (m *Token_Info) ReadSignedData(p []byte) (int, error) {
+ sz := m.SignedDataSize()
+ if len(p) < sz {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ copyTokenSignedData(p, m)
+
+ return sz, nil
+}
+
+// SignedDataSize returns the length of signed token information slice.
+func (m *Token_Info) SignedDataSize() int {
+ return tokenInfoSize(m)
+}
+
+func tokenInfoSize(v SessionKeySource) int {
+ if v == nil {
+ return 0
+ }
+ return fixedTokenDataSize + len(v.GetSessionKey())
+}
+
+// Fills passed buffer with signing token information bytes.
+// Does not check buffer length, it is understood that enough space is allocated in it.
+//
+// If passed SessionTokenInfo, buffer remains unchanged.
+func copyTokenSignedData(buf []byte, token SessionTokenInfo) {
+ if token == nil {
+ return
+ }
+
+ var off int
+
+ off += copy(buf[off:], token.GetID().Bytes())
+
+ off += copy(buf[off:], token.GetOwnerID().Bytes())
+
+ off += copy(buf[off:], token.GetVerb().Bytes())
+
+ addr := token.GetAddress()
+ off += copy(buf[off:], addr.CID.Bytes())
+ off += copy(buf[off:], addr.ObjectID.Bytes())
+
+ tokenEndianness.PutUint64(buf[off:], token.CreationEpoch())
+ off += 8
+
+ tokenEndianness.PutUint64(buf[off:], token.ExpirationEpoch())
+ off += 8
+
+ copy(buf[off:], token.GetSessionKey())
+}
+
+// SignedData concatenates signed data with session token information. Returns concatenation result.
+//
+// Token bytes are added if and only if token is not nil.
+func (s signAccumWithToken) SignedData() ([]byte, error) {
+ data, err := s.SignedDataSource.SignedData()
+ if err != nil {
+ return nil, err
+ }
+
+ tokenData := make([]byte, tokenInfoSize(s.token))
+
+ copyTokenSignedData(tokenData, s.token)
+
+ return append(data, tokenData...), nil
+}
+
+func (s signDataReaderWithToken) SignedDataSize() int {
+ sz := s.rdr.SignedDataSize()
+ if sz < 0 {
+ return -1
+ }
+
+ sz += tokenInfoSize(s.token)
+
+ return sz
+}
+
+func (s signDataReaderWithToken) ReadSignedData(p []byte) (int, error) {
+ dataSize := s.rdr.SignedDataSize()
+ if dataSize < 0 {
+ return 0, ErrNegativeLength
+ }
+
+ sumSize := dataSize + tokenInfoSize(s.token)
+
+ if len(p) < sumSize {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ if n, err := s.rdr.ReadSignedData(p); err != nil {
+ return n, err
+ }
+
+ copyTokenSignedData(p[dataSize:], s.token)
+
+ return sumSize, nil
+}
diff --git a/service/token_test.go b/service/token_test.go
new file mode 100644
index 0000000..ce3d2c8
--- /dev/null
+++ b/service/token_test.go
@@ -0,0 +1,219 @@
+package service
+
+import (
+ "crypto/rand"
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/refs"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestTokenGettersSetters(t *testing.T) {
+ var tok SessionToken = new(Token)
+
+ { // ID
+ id, err := refs.NewUUID()
+ require.NoError(t, err)
+
+ tok.SetID(id)
+
+ require.Equal(t, id, tok.GetID())
+ }
+
+ { // OwnerID
+ ownerID := OwnerID{}
+ _, err := rand.Read(ownerID[:])
+ require.NoError(t, err)
+
+ tok.SetOwnerID(ownerID)
+
+ require.Equal(t, ownerID, tok.GetOwnerID())
+ }
+
+ { // Verb
+ verb := Token_Info_Verb(3)
+
+ tok.SetVerb(verb)
+
+ require.Equal(t, verb, tok.GetVerb())
+ }
+
+ { // Address
+ addr := Address{}
+ _, err := rand.Read(addr.CID[:])
+ require.NoError(t, err)
+ _, err = rand.Read(addr.ObjectID[:])
+ require.NoError(t, err)
+
+ tok.SetAddress(addr)
+
+ require.Equal(t, addr, tok.GetAddress())
+ }
+
+ { // Created
+ e := uint64(5)
+
+ tok.SetCreationEpoch(e)
+
+ require.Equal(t, e, tok.CreationEpoch())
+ }
+
+ { // ValidUntil
+ e := uint64(5)
+
+ tok.SetExpirationEpoch(e)
+
+ require.Equal(t, e, tok.ExpirationEpoch())
+ }
+
+ { // SessionKey
+ key := make([]byte, 10)
+ _, err := rand.Read(key)
+ require.NoError(t, err)
+
+ tok.SetSessionKey(key)
+
+ require.Equal(t, key, tok.GetSessionKey())
+ }
+
+ { // Signature
+ sig := make([]byte, 10)
+ _, err := rand.Read(sig)
+ require.NoError(t, err)
+
+ tok.SetSignature(sig)
+
+ require.Equal(t, sig, tok.GetSignature())
+ }
+}
+
+func TestSignToken(t *testing.T) {
+ token := new(Token)
+
+ // create private key for signing
+ sk := test.DecodeKey(0)
+ pk := &sk.PublicKey
+
+ id := TokenID{}
+ _, err := rand.Read(id[:])
+ require.NoError(t, err)
+ token.SetID(id)
+
+ ownerID := OwnerID{}
+ _, err = rand.Read(ownerID[:])
+ require.NoError(t, err)
+ token.SetOwnerID(ownerID)
+
+ verb := Token_Info_Verb(1)
+ token.SetVerb(verb)
+
+ addr := Address{}
+ _, err = rand.Read(addr.ObjectID[:])
+ require.NoError(t, err)
+ _, err = rand.Read(addr.CID[:])
+ require.NoError(t, err)
+ token.SetAddress(addr)
+
+ cEpoch := uint64(1)
+ token.SetCreationEpoch(cEpoch)
+
+ fEpoch := uint64(2)
+ token.SetExpirationEpoch(fEpoch)
+
+ sessionKey := make([]byte, 10)
+ _, err = rand.Read(sessionKey[:])
+ require.NoError(t, err)
+ token.SetSessionKey(sessionKey)
+
+ // sign and verify token
+ require.NoError(t, AddSignatureWithKey(sk, token))
+ require.NoError(t, VerifySignatureWithKey(pk, token))
+
+ items := []struct {
+ corrupt func()
+ restore func()
+ }{
+ { // ID
+ corrupt: func() {
+ id[0]++
+ token.SetID(id)
+ },
+ restore: func() {
+ id[0]--
+ token.SetID(id)
+ },
+ },
+ { // Owner ID
+ corrupt: func() {
+ ownerID[0]++
+ token.SetOwnerID(ownerID)
+ },
+ restore: func() {
+ ownerID[0]--
+ token.SetOwnerID(ownerID)
+ },
+ },
+ { // Verb
+ corrupt: func() {
+ token.SetVerb(verb + 1)
+ },
+ restore: func() {
+ token.SetVerb(verb)
+ },
+ },
+ { // ObjectID
+ corrupt: func() {
+ addr.ObjectID[0]++
+ token.SetAddress(addr)
+ },
+ restore: func() {
+ addr.ObjectID[0]--
+ token.SetAddress(addr)
+ },
+ },
+ { // CID
+ corrupt: func() {
+ addr.CID[0]++
+ token.SetAddress(addr)
+ },
+ restore: func() {
+ addr.CID[0]--
+ token.SetAddress(addr)
+ },
+ },
+ { // Creation epoch
+ corrupt: func() {
+ token.SetCreationEpoch(cEpoch + 1)
+ },
+ restore: func() {
+ token.SetCreationEpoch(cEpoch)
+ },
+ },
+ { // Expiration epoch
+ corrupt: func() {
+ token.SetExpirationEpoch(fEpoch + 1)
+ },
+ restore: func() {
+ token.SetExpirationEpoch(fEpoch)
+ },
+ },
+ { // Session key
+ corrupt: func() {
+ sessionKey[0]++
+ token.SetSessionKey(sessionKey)
+ },
+ restore: func() {
+ sessionKey[0]--
+ token.SetSessionKey(sessionKey)
+ },
+ },
+ }
+
+ for _, v := range items {
+ v.corrupt()
+ require.Error(t, VerifySignatureWithKey(pk, token))
+ v.restore()
+ require.NoError(t, VerifySignatureWithKey(pk, token))
+ }
+}
diff --git a/service/ttl.go b/service/ttl.go
new file mode 100644
index 0000000..28a5092
--- /dev/null
+++ b/service/ttl.go
@@ -0,0 +1,63 @@
+package service
+
+import (
+ "github.com/pkg/errors"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+)
+
+// TTL constants.
+const (
+ // ZeroTTL is an upper bound of invalid TTL values.
+ ZeroTTL = iota
+
+ // NonForwardingTTL is a TTL value that does not imply a request forwarding.
+ NonForwardingTTL
+
+ // SingleForwardingTTL is a TTL value that imply potential forwarding with NonForwardingTTL.
+ SingleForwardingTTL
+)
+
+// SetTTL is a TTL field setter.
+func (m *RequestMetaHeader) SetTTL(v uint32) {
+ m.TTL = v
+}
+
+// IRNonForwarding condition that allows NonForwardingTTL only for IR.
+func IRNonForwarding(role NodeRole) TTLCondition {
+ return func(ttl uint32) error {
+ if ttl == NonForwardingTTL && role != InnerRingNode {
+ return ErrInvalidTTL
+ }
+
+ return nil
+ }
+}
+
+// ProcessRequestTTL validates and updates requests with TTL.
+func ProcessRequestTTL(req TTLContainer, cond ...TTLCondition) error {
+ ttl := req.GetTTL()
+
+ if ttl == ZeroTTL {
+ return status.New(codes.InvalidArgument, ErrInvalidTTL.Error()).Err()
+ }
+
+ for i := range cond {
+ if cond[i] == nil {
+ continue
+ }
+
+ // check specific condition:
+ if err := cond[i](ttl); err != nil {
+ if st, ok := status.FromError(errors.Cause(err)); ok {
+ return st.Err()
+ }
+
+ return status.New(codes.InvalidArgument, err.Error()).Err()
+ }
+ }
+
+ req.SetTTL(ttl - 1)
+
+ return nil
+}
diff --git a/service/ttl_test.go b/service/ttl_test.go
new file mode 100644
index 0000000..1c982f5
--- /dev/null
+++ b/service/ttl_test.go
@@ -0,0 +1,99 @@
+package service
+
+import (
+ "testing"
+
+ "github.com/pkg/errors"
+ "github.com/stretchr/testify/require"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+)
+
+type mockedRequest struct {
+ msg string
+ name string
+ code codes.Code
+ handler TTLCondition
+ RequestMetaHeader
+}
+
+func TestMetaRequest(t *testing.T) {
+ tests := []mockedRequest{
+ {
+ name: "direct to ir node",
+ handler: IRNonForwarding(InnerRingNode),
+ RequestMetaHeader: RequestMetaHeader{TTL: NonForwardingTTL},
+ },
+ {
+ code: codes.InvalidArgument,
+ msg: ErrInvalidTTL.Error(),
+ name: "direct to storage node",
+ handler: IRNonForwarding(StorageNode),
+ RequestMetaHeader: RequestMetaHeader{TTL: NonForwardingTTL},
+ },
+ {
+ msg: ErrInvalidTTL.Error(),
+ code: codes.InvalidArgument,
+ name: "zero ttl",
+ handler: IRNonForwarding(StorageNode),
+ RequestMetaHeader: RequestMetaHeader{TTL: ZeroTTL},
+ },
+ {
+ name: "default to ir node",
+ handler: IRNonForwarding(InnerRingNode),
+ RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
+ },
+ {
+ name: "default to storage node",
+ handler: IRNonForwarding(StorageNode),
+ RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
+ },
+ {
+ msg: "not found",
+ code: codes.NotFound,
+ name: "custom status error",
+ RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
+ handler: func(_ uint32) error { return status.Error(codes.NotFound, "not found") },
+ },
+ {
+ msg: "not found",
+ code: codes.NotFound,
+ name: "custom wrapped status error",
+ RequestMetaHeader: RequestMetaHeader{TTL: SingleForwardingTTL},
+ handler: func(_ uint32) error {
+ err := status.Error(codes.NotFound, "not found")
+ err = errors.Wrap(err, "some error context")
+ err = errors.Wrap(err, "another error context")
+ return err
+ },
+ },
+ }
+
+ for i := range tests {
+ tt := tests[i]
+ t.Run(tt.name, func(t *testing.T) {
+ before := tt.GetTTL()
+ err := ProcessRequestTTL(&tt, tt.handler)
+ if tt.msg != "" {
+ require.Errorf(t, err, tt.msg)
+
+ state, ok := status.FromError(err)
+ require.True(t, ok)
+ require.Equal(t, tt.code, state.Code())
+ require.Equal(t, tt.msg, state.Message())
+ } else {
+ require.NoError(t, err)
+ require.NotEqualf(t, before, tt.GetTTL(), "ttl should be changed: %d vs %d", before, tt.GetTTL())
+ }
+ })
+ }
+}
+
+func TestRequestMetaHeader_SetTTL(t *testing.T) {
+ m := new(RequestMetaHeader)
+ ttl := uint32(3)
+
+ m.SetTTL(ttl)
+
+ require.Equal(t, ttl, m.GetTTL())
+}
diff --git a/service/types.go b/service/types.go
new file mode 100644
index 0000000..31f4507
--- /dev/null
+++ b/service/types.go
@@ -0,0 +1,256 @@
+package service
+
+import (
+ "crypto/ecdsa"
+)
+
+// NodeRole to identify in Bootstrap service.
+type NodeRole int32
+
+// TTLCondition is a function type that used to verify that TTL values match a specific criterion.
+// Nil error indicates compliance with the criterion.
+type TTLCondition func(uint32) error
+
+// RawSource is an interface of the container of a boolean Raw value with read access.
+type RawSource interface {
+ GetRaw() bool
+}
+
+// RawContainer is an interface of the container of a boolean Raw value.
+type RawContainer interface {
+ RawSource
+ SetRaw(bool)
+}
+
+// VersionSource is an interface of the container of a numerical Version value with read access.
+type VersionSource interface {
+ GetVersion() uint32
+}
+
+// VersionContainer is an interface of the container of a numerical Version value.
+type VersionContainer interface {
+ VersionSource
+ SetVersion(uint32)
+}
+
+// EpochSource is an interface of the container of a NeoFS epoch number with read access.
+type EpochSource interface {
+ GetEpoch() uint64
+}
+
+// EpochContainer is an interface of the container of a NeoFS epoch number.
+type EpochContainer interface {
+ EpochSource
+ SetEpoch(uint64)
+}
+
+// TTLSource is an interface of the container of a numerical TTL value with read access.
+type TTLSource interface {
+ GetTTL() uint32
+}
+
+// TTLContainer is an interface of the container of a numerical TTL value.
+type TTLContainer interface {
+ TTLSource
+ SetTTL(uint32)
+}
+
+// SeizedMetaHeaderContainer is an interface of container of RequestMetaHeader that can be cut and restored.
+type SeizedMetaHeaderContainer interface {
+ CutMeta() RequestMetaHeader
+ RestoreMeta(RequestMetaHeader)
+}
+
+// RequestMetaContainer is an interface of a fixed set of request meta value containers.
+// Contains:
+// - TTL value;
+// - NeoFS epoch number;
+// - Protocol version;
+// - Raw toggle option.
+type RequestMetaContainer interface {
+ TTLContainer
+ EpochContainer
+ VersionContainer
+ RawContainer
+}
+
+// SeizedRequestMetaContainer is a RequestMetaContainer with seized meta.
+type SeizedRequestMetaContainer interface {
+ RequestMetaContainer
+ SeizedMetaHeaderContainer
+}
+
+// VerbSource is an interface of the container of a token verb value with read access.
+type VerbSource interface {
+ GetVerb() Token_Info_Verb
+}
+
+// VerbContainer is an interface of the container of a token verb value.
+type VerbContainer interface {
+ VerbSource
+ SetVerb(Token_Info_Verb)
+}
+
+// TokenIDSource is an interface of the container of a token ID value with read access.
+type TokenIDSource interface {
+ GetID() TokenID
+}
+
+// TokenIDContainer is an interface of the container of a token ID value.
+type TokenIDContainer interface {
+ TokenIDSource
+ SetID(TokenID)
+}
+
+// CreationEpochSource is an interface of the container of a creation epoch number with read access.
+type CreationEpochSource interface {
+ CreationEpoch() uint64
+}
+
+// CreationEpochContainer is an interface of the container of a creation epoch number.
+type CreationEpochContainer interface {
+ CreationEpochSource
+ SetCreationEpoch(uint64)
+}
+
+// ExpirationEpochSource is an interface of the container of an expiration epoch number with read access.
+type ExpirationEpochSource interface {
+ ExpirationEpoch() uint64
+}
+
+// ExpirationEpochContainer is an interface of the container of an expiration epoch number.
+type ExpirationEpochContainer interface {
+ ExpirationEpochSource
+ SetExpirationEpoch(uint64)
+}
+
+// LifetimeSource is an interface of the container of creation-expiration epoch pair with read access.
+type LifetimeSource interface {
+ CreationEpochSource
+ ExpirationEpochSource
+}
+
+// LifetimeContainer is an interface of the container of creation-expiration epoch pair.
+type LifetimeContainer interface {
+ CreationEpochContainer
+ ExpirationEpochContainer
+}
+
+// SessionKeySource is an interface of the container of session key bytes with read access.
+type SessionKeySource interface {
+ GetSessionKey() []byte
+}
+
+// SessionKeyContainer is an interface of the container of public session key bytes.
+type SessionKeyContainer interface {
+ SessionKeySource
+ SetSessionKey([]byte)
+}
+
+// SignatureSource is an interface of the container of signature bytes with read access.
+type SignatureSource interface {
+ GetSignature() []byte
+}
+
+// SignatureContainer is an interface of the container of signature bytes.
+type SignatureContainer interface {
+ SignatureSource
+ SetSignature([]byte)
+}
+
+// SessionTokenSource is an interface of the container of a SessionToken with read access.
+type SessionTokenSource interface {
+ GetSessionToken() SessionToken
+}
+
+// SessionTokenInfo is an interface of a fixed set of token information value containers.
+// Contains:
+// - ID of the token;
+// - ID of the token's owner;
+// - verb of the session;
+// - address of the session object;
+// - token lifetime;
+// - public session key bytes.
+type SessionTokenInfo interface {
+ TokenIDContainer
+ OwnerIDContainer
+ VerbContainer
+ AddressContainer
+ LifetimeContainer
+ SessionKeyContainer
+}
+
+// SessionToken is an interface of token information and signature pair.
+type SessionToken interface {
+ SessionTokenInfo
+ SignatureContainer
+}
+
+// SignedDataSource is an interface of the container of a data for signing.
+type SignedDataSource interface {
+ // Must return the required for signature byte slice.
+ // A non-nil error indicates that the data is not ready for signature.
+ SignedData() ([]byte, error)
+}
+
+// SignedDataReader is an interface of signed data reader.
+type SignedDataReader interface {
+ // Must return the minimum length of the slice for full reading.
+ // Must return a negative value if the length cannot be calculated.
+ SignedDataSize() int
+
+ // Must behave like Read method of io.Reader and differ only in the reading of the signed data.
+ ReadSignedData([]byte) (int, error)
+}
+
+// SignKeyPairAccumulator is an interface of a set of key-signature pairs with append access.
+type SignKeyPairAccumulator interface {
+ AddSignKey([]byte, *ecdsa.PublicKey)
+}
+
+// SignKeyPairSource is an interface of a set of key-signature pairs with read access.
+type SignKeyPairSource interface {
+ GetSignKeyPairs() []SignKeyPair
+}
+
+// SignKeyPair is an interface of key-signature pair with read access.
+type SignKeyPair interface {
+ SignatureSource
+ GetPublicKey() *ecdsa.PublicKey
+}
+
+// DataWithSignature is an interface of data-signature pair with read access.
+type DataWithSignature interface {
+ SignedDataSource
+ SignatureSource
+}
+
+// DataWithSignKeyAccumulator is an interface of data and key-signature accumulator pair.
+type DataWithSignKeyAccumulator interface {
+ SignedDataSource
+ SignKeyPairAccumulator
+}
+
+// DataWithSignKeySource is an interface of data and key-signature source pair.
+type DataWithSignKeySource interface {
+ SignedDataSource
+ SignKeyPairSource
+}
+
+// SignedDataWithToken is an interface of data-token pair with read access.
+type SignedDataWithToken interface {
+ SignedDataSource
+ SessionTokenSource
+}
+
+// DataWithTokenSignAccumulator is an interface of data-token pair with signature write access.
+type DataWithTokenSignAccumulator interface {
+ SignedDataWithToken
+ SignKeyPairAccumulator
+}
+
+// DataWithTokenSignSource is an interface of data-token pair with signature read access.
+type DataWithTokenSignSource interface {
+ SignedDataWithToken
+ SignKeyPairSource
+}
diff --git a/service/utils.go b/service/utils.go
new file mode 100644
index 0000000..17b23bb
--- /dev/null
+++ b/service/utils.go
@@ -0,0 +1,18 @@
+package service
+
+// SignedDataFromReader allocates buffer and reads bytes from passed reader to it.
+//
+// If passed SignedDataReader is nil, ErrNilSignedDataReader returns.
+func SignedDataFromReader(r SignedDataReader) ([]byte, error) {
+ if r == nil {
+ return nil, ErrNilSignedDataReader
+ }
+
+ data := make([]byte, r.SignedDataSize())
+
+ if _, err := r.ReadSignedData(data); err != nil {
+ return nil, err
+ }
+
+ return data, nil
+}
diff --git a/service/utils_test.go b/service/utils_test.go
new file mode 100644
index 0000000..60a2352
--- /dev/null
+++ b/service/utils_test.go
@@ -0,0 +1,34 @@
+package service
+
+import (
+ "testing"
+
+ "github.com/pkg/errors"
+ "github.com/stretchr/testify/require"
+)
+
+func TestSignedDataFromReader(t *testing.T) {
+ // nil SignedDataReader
+ _, err := SignedDataFromReader(nil)
+ require.EqualError(t, err, ErrNilSignedDataReader.Error())
+
+ rdr := &testSignedDataReader{
+ testSignedDataSrc: new(testSignedDataSrc),
+ }
+
+ // make reader to return an error
+ rdr.err = errors.New("test error")
+
+ _, err = SignedDataFromReader(rdr)
+ require.EqualError(t, err, rdr.err.Error())
+
+ // remove the error
+ rdr.err = nil
+
+ // fill the data
+ rdr.data = testData(t, 10)
+
+ res, err := SignedDataFromReader(rdr)
+ require.NoError(t, err)
+ require.Equal(t, rdr.data, res)
+}
diff --git a/service/verify.go b/service/verify.go
index 9687032..62db2f5 100644
--- a/service/verify.go
+++ b/service/verify.go
@@ -2,226 +2,69 @@ package service
import (
"crypto/ecdsa"
- "sync"
"github.com/nspcc-dev/neofs-api-go/internal"
- "github.com/nspcc-dev/neofs-api-go/refs"
crypto "github.com/nspcc-dev/neofs-crypto"
- "github.com/pkg/errors"
)
-type (
- // VerifiableRequest adds possibility to sign and verify request header.
- VerifiableRequest interface {
- Size() int
- MarshalTo([]byte) (int, error)
- AddSignature(*RequestVerificationHeader_Signature)
- GetSignatures() []*RequestVerificationHeader_Signature
- SetSignatures([]*RequestVerificationHeader_Signature)
+// GetSessionToken returns SessionToken interface of Token field.
+//
+// If token field value is nil, nil returns.
+func (m RequestVerificationHeader) GetSessionToken() SessionToken {
+ if t := m.GetToken(); t != nil {
+ return t
}
- // MaintainableRequest adds possibility to set and get (+validate)
- // owner (client) public key from RequestVerificationHeader.
- MaintainableRequest interface {
- GetOwner() (*ecdsa.PublicKey, error)
- SetOwner(*ecdsa.PublicKey, []byte)
- GetLastPeer() (*ecdsa.PublicKey, error)
+ return nil
+}
+
+// AddSignKey adds new element to Signatures field.
+//
+// Sets Sign field to passed sign. Set Peer field to marshaled passed key.
+func (m *RequestVerificationHeader) AddSignKey(sign []byte, key *ecdsa.PublicKey) {
+ m.SetSignatures(
+ append(
+ m.GetSignatures(),
+ &RequestVerificationHeader_Signature{
+ Sign: sign,
+ Peer: crypto.MarshalPublicKey(key),
+ },
+ ),
+ )
+}
+
+// GetSignKeyPairs returns the elements of Signatures field as SignKeyPair slice.
+func (m RequestVerificationHeader) GetSignKeyPairs() []SignKeyPair {
+ var (
+ signs = m.GetSignatures()
+ res = make([]SignKeyPair, len(signs))
+ )
+
+ for i := range signs {
+ res[i] = signs[i]
}
-)
-const (
- // ErrCannotLoadPublicKey is raised when cannot unmarshal public key from RequestVerificationHeader_Sign.
- ErrCannotLoadPublicKey = internal.Error("cannot load public key")
+ return res
+}
- // ErrCannotFindOwner is raised when signatures empty in GetOwner.
- ErrCannotFindOwner = internal.Error("cannot find owner public key")
+// GetSignature returns the result of a Sign field getter.
+func (m RequestVerificationHeader_Signature) GetSignature() []byte {
+ return m.GetSign()
+}
- // ErrWrongOwner is raised when passed OwnerID not equal to present PublicKey
- ErrWrongOwner = internal.Error("wrong owner")
-)
+// GetPublicKey unmarshals and returns the result of a Peer field getter.
+func (m RequestVerificationHeader_Signature) GetPublicKey() *ecdsa.PublicKey {
+ return crypto.UnmarshalPublicKey(m.GetPeer())
+}
// SetSignatures replaces signatures stored in RequestVerificationHeader.
func (m *RequestVerificationHeader) SetSignatures(signatures []*RequestVerificationHeader_Signature) {
m.Signatures = signatures
}
-// AddSignature adds new Signature into RequestVerificationHeader.
-func (m *RequestVerificationHeader) AddSignature(sig *RequestVerificationHeader_Signature) {
- if sig == nil {
- return
- }
- m.Signatures = append(m.Signatures, sig)
-}
-
-// SetOwner adds origin (sign and public key) of owner (client) into first signature.
-func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte) {
- if len(m.Signatures) == 0 || pub == nil {
- return
- }
-
- m.Signatures[0].Origin = &RequestVerificationHeader_Sign{
- Sign: sign,
- Peer: crypto.MarshalPublicKey(pub),
- }
-}
-
-// CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
-func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
- if key, err := m.GetOwner(); err != nil {
- return err
- } else if user, err := refs.NewOwnerID(key); err != nil {
- return err
- } else if !user.Equal(owner) {
- return ErrWrongOwner
- }
- return nil
-}
-
-// GetOwner tries to get owner (client) public key from signatures.
-// If signatures contains not empty Origin, we should try to validate,
-// that session key was signed by owner (client), otherwise return error.
-func (m *RequestVerificationHeader) GetOwner() (*ecdsa.PublicKey, error) {
- if len(m.Signatures) == 0 {
- return nil, ErrCannotFindOwner
- }
-
- // if first signature contains origin, we should try to validate session key
- if m.Signatures[0].Origin != nil {
- owner := crypto.UnmarshalPublicKey(m.Signatures[0].Origin.Peer)
- if owner == nil {
- return nil, ErrCannotLoadPublicKey
- } else if err := crypto.Verify(owner, m.Signatures[0].Peer, m.Signatures[0].Origin.Sign); err != nil {
- return nil, errors.Wrap(err, "could not verify session token")
- }
-
- return owner, nil
- } else if key := crypto.UnmarshalPublicKey(m.Signatures[0].Peer); key != nil {
- return key, nil
- }
-
- return nil, ErrCannotLoadPublicKey
-}
-
-// GetLastPeer tries to get last peer public key from signatures.
-// If signatures has zero length, returns ErrCannotFindOwner.
-// If signatures has length equal to one, uses GetOwner.
-// Otherwise tries to unmarshal last peer public key.
-func (m *RequestVerificationHeader) GetLastPeer() (*ecdsa.PublicKey, error) {
- switch ln := len(m.Signatures); ln {
- case 0:
- return nil, ErrCannotFindOwner
- case 1:
- return m.GetOwner()
- default:
- if key := crypto.UnmarshalPublicKey(m.Signatures[ln-1].Peer); key != nil {
- return key, nil
- }
-
- return nil, ErrCannotLoadPublicKey
- }
-}
-
-func newSignature(key *ecdsa.PrivateKey, data []byte) (*RequestVerificationHeader_Signature, error) {
- sign, err := crypto.Sign(key, data)
- if err != nil {
- return nil, err
- }
-
- return &RequestVerificationHeader_Signature{
- RequestVerificationHeader_Sign: RequestVerificationHeader_Sign{
- Sign: sign,
- Peer: crypto.MarshalPublicKey(&key.PublicKey),
- },
- }, nil
-}
-
-var bytesPool = sync.Pool{New: func() interface{} {
- return make([]byte, 4.5*1024*1024) // 4.5MB
-}}
-
-// SignRequestHeader receives private key and request with RequestVerificationHeader,
-// tries to marshal and sign request with passed PrivateKey, after that adds
-// new signature to headers. If something went wrong, returns error.
-func SignRequestHeader(key *ecdsa.PrivateKey, msg VerifiableRequest) error {
- // ignore meta header
- if meta, ok := msg.(MetaHeader); ok {
- h := meta.ResetMeta()
-
- defer func() {
- meta.RestoreMeta(h)
- }()
- }
-
- data := bytesPool.Get().([]byte)
- defer func() {
- bytesPool.Put(data)
- }()
-
- if size := msg.Size(); size <= cap(data) {
- data = data[:size]
- } else {
- data = make([]byte, size)
- }
-
- size, err := msg.MarshalTo(data)
- if err != nil {
- return err
- }
-
- signature, err := newSignature(key, data[:size])
- if err != nil {
- return err
- }
-
- msg.AddSignature(signature)
-
- return nil
-}
-
-// VerifyRequestHeader receives request with RequestVerificationHeader,
-// tries to marshal and verify each signature from request.
-// If something went wrong, returns error.
-func VerifyRequestHeader(msg VerifiableRequest) error {
- // ignore meta header
- if meta, ok := msg.(MetaHeader); ok {
- h := meta.ResetMeta()
-
- defer func() {
- meta.RestoreMeta(h)
- }()
- }
-
- data := bytesPool.Get().([]byte)
- signatures := msg.GetSignatures()
- defer func() {
- bytesPool.Put(data)
- msg.SetSignatures(signatures)
- }()
-
- for i := range signatures {
- msg.SetSignatures(signatures[:i])
- peer := signatures[i].GetPeer()
- sign := signatures[i].GetSign()
-
- key := crypto.UnmarshalPublicKey(peer)
- if key == nil {
- return errors.Wrapf(ErrCannotLoadPublicKey, "%d: %02x", i, peer)
- }
-
- if size := msg.Size(); size <= cap(data) {
- data = data[:size]
- } else {
- data = make([]byte, size)
- }
-
- if size, err := msg.MarshalTo(data); err != nil {
- return errors.Wrapf(err, "%d: %02x", i, peer)
- } else if err := crypto.Verify(key, data[:size], sign); err != nil {
- return errors.Wrapf(err, "%d: %02x", i, peer)
- }
- }
-
- return nil
+// SetToken is a Token field setter.
+func (m *RequestVerificationHeader) SetToken(token *Token) {
+ m.Token = token
}
// testCustomField for test usage only.
diff --git a/service/verify.pb.go b/service/verify.pb.go
index 9dca855..3dadf0b 100644
--- a/service/verify.pb.go
+++ b/service/verify.pb.go
@@ -7,6 +7,7 @@ import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/golang/protobuf/proto"
+ _ "github.com/nspcc-dev/neofs-api-go/refs"
io "io"
math "math"
math_bits "math/bits"
@@ -23,14 +24,64 @@ var _ = math.Inf
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+// Verb is an enumeration of session request types
+type Token_Info_Verb int32
+
+const (
+ // Put refers to object.Put RPC call
+ Token_Info_Put Token_Info_Verb = 0
+ // Get refers to object.Get RPC call
+ Token_Info_Get Token_Info_Verb = 1
+ // Head refers to object.Head RPC call
+ Token_Info_Head Token_Info_Verb = 2
+ // Search refers to object.Search RPC call
+ Token_Info_Search Token_Info_Verb = 3
+ // Delete refers to object.Delete RPC call
+ Token_Info_Delete Token_Info_Verb = 4
+ // Range refers to object.GetRange RPC call
+ Token_Info_Range Token_Info_Verb = 5
+ // RangeHash refers to object.GetRangeHash RPC call
+ Token_Info_RangeHash Token_Info_Verb = 6
+)
+
+var Token_Info_Verb_name = map[int32]string{
+ 0: "Put",
+ 1: "Get",
+ 2: "Head",
+ 3: "Search",
+ 4: "Delete",
+ 5: "Range",
+ 6: "RangeHash",
+}
+
+var Token_Info_Verb_value = map[string]int32{
+ "Put": 0,
+ "Get": 1,
+ "Head": 2,
+ "Search": 3,
+ "Delete": 4,
+ "Range": 5,
+ "RangeHash": 6,
+}
+
+func (x Token_Info_Verb) String() string {
+ return proto.EnumName(Token_Info_Verb_name, int32(x))
+}
+
+func (Token_Info_Verb) EnumDescriptor() ([]byte, []int) {
+ return fileDescriptor_4bdd5bc50ec96238, []int{1, 0, 0}
+}
+
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
// (should be embedded into message).
type RequestVerificationHeader struct {
// Signatures is a set of signatures of every passed NeoFS Node
- Signatures []*RequestVerificationHeader_Signature `protobuf:"bytes,1,rep,name=Signatures,proto3" json:"Signatures,omitempty"`
- XXX_NoUnkeyedLiteral struct{} `json:"-"`
- XXX_unrecognized []byte `json:"-"`
- XXX_sizecache int32 `json:"-"`
+ Signatures []*RequestVerificationHeader_Signature `protobuf:"bytes,1,rep,name=Signatures,proto3" json:"Signatures,omitempty"`
+ // Token is a token of the session within which the request is sent
+ Token *Token `protobuf:"bytes,2,opt,name=Token,proto3" json:"Token,omitempty"`
+ XXX_NoUnkeyedLiteral struct{} `json:"-"`
+ XXX_unrecognized []byte `json:"-"`
+ XXX_sizecache int32 `json:"-"`
}
func (m *RequestVerificationHeader) Reset() { *m = RequestVerificationHeader{} }
@@ -69,7 +120,14 @@ func (m *RequestVerificationHeader) GetSignatures() []*RequestVerificationHeader
return nil
}
-type RequestVerificationHeader_Sign struct {
+func (m *RequestVerificationHeader) GetToken() *Token {
+ if m != nil {
+ return m.Token
+ }
+ return nil
+}
+
+type RequestVerificationHeader_Signature struct {
// Sign is signature of the request or session key.
Sign []byte `protobuf:"bytes,1,opt,name=Sign,proto3" json:"Sign,omitempty"`
// Peer is compressed public key used for signature.
@@ -79,66 +137,11 @@ type RequestVerificationHeader_Sign struct {
XXX_sizecache int32 `json:"-"`
}
-func (m *RequestVerificationHeader_Sign) Reset() { *m = RequestVerificationHeader_Sign{} }
-func (m *RequestVerificationHeader_Sign) String() string { return proto.CompactTextString(m) }
-func (*RequestVerificationHeader_Sign) ProtoMessage() {}
-func (*RequestVerificationHeader_Sign) Descriptor() ([]byte, []int) {
- return fileDescriptor_4bdd5bc50ec96238, []int{0, 0}
-}
-func (m *RequestVerificationHeader_Sign) XXX_Unmarshal(b []byte) error {
- return m.Unmarshal(b)
-}
-func (m *RequestVerificationHeader_Sign) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
- b = b[:cap(b)]
- n, err := m.MarshalToSizedBuffer(b)
- if err != nil {
- return nil, err
- }
- return b[:n], nil
-}
-func (m *RequestVerificationHeader_Sign) XXX_Merge(src proto.Message) {
- xxx_messageInfo_RequestVerificationHeader_Sign.Merge(m, src)
-}
-func (m *RequestVerificationHeader_Sign) XXX_Size() int {
- return m.Size()
-}
-func (m *RequestVerificationHeader_Sign) XXX_DiscardUnknown() {
- xxx_messageInfo_RequestVerificationHeader_Sign.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_RequestVerificationHeader_Sign proto.InternalMessageInfo
-
-func (m *RequestVerificationHeader_Sign) GetSign() []byte {
- if m != nil {
- return m.Sign
- }
- return nil
-}
-
-func (m *RequestVerificationHeader_Sign) GetPeer() []byte {
- if m != nil {
- return m.Peer
- }
- return nil
-}
-
-type RequestVerificationHeader_Signature struct {
- // Sign is a signature and public key of the request.
- RequestVerificationHeader_Sign `protobuf:"bytes,1,opt,name=Sign,proto3,embedded=Sign" json:"Sign"`
- // Origin used for requests, when trusted node changes it and re-sign with session key.
- // If session key used for signature request, then Origin should contain
- // public key of user and signed session key.
- Origin *RequestVerificationHeader_Sign `protobuf:"bytes,2,opt,name=Origin,proto3" json:"Origin,omitempty"`
- XXX_NoUnkeyedLiteral struct{} `json:"-"`
- XXX_unrecognized []byte `json:"-"`
- XXX_sizecache int32 `json:"-"`
-}
-
func (m *RequestVerificationHeader_Signature) Reset() { *m = RequestVerificationHeader_Signature{} }
func (m *RequestVerificationHeader_Signature) String() string { return proto.CompactTextString(m) }
func (*RequestVerificationHeader_Signature) ProtoMessage() {}
func (*RequestVerificationHeader_Signature) Descriptor() ([]byte, []int) {
- return fileDescriptor_4bdd5bc50ec96238, []int{0, 1}
+ return fileDescriptor_4bdd5bc50ec96238, []int{0, 0}
}
func (m *RequestVerificationHeader_Signature) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -163,42 +166,231 @@ func (m *RequestVerificationHeader_Signature) XXX_DiscardUnknown() {
var xxx_messageInfo_RequestVerificationHeader_Signature proto.InternalMessageInfo
-func (m *RequestVerificationHeader_Signature) GetOrigin() *RequestVerificationHeader_Sign {
+func (m *RequestVerificationHeader_Signature) GetSign() []byte {
if m != nil {
- return m.Origin
+ return m.Sign
}
return nil
}
+func (m *RequestVerificationHeader_Signature) GetPeer() []byte {
+ if m != nil {
+ return m.Peer
+ }
+ return nil
+}
+
+// User token granting rights for object manipulation
+type Token struct {
+ // TokenInfo is a grouped information about token
+ Token_Info `protobuf:"bytes,1,opt,name=TokenInfo,proto3,embedded=TokenInfo" json:"TokenInfo"`
+ // Signature is a signature of session token information
+ Signature []byte `protobuf:"bytes,8,opt,name=Signature,proto3" json:"Signature,omitempty"`
+ XXX_NoUnkeyedLiteral struct{} `json:"-"`
+ XXX_unrecognized []byte `json:"-"`
+ XXX_sizecache int32 `json:"-"`
+}
+
+func (m *Token) Reset() { *m = Token{} }
+func (m *Token) String() string { return proto.CompactTextString(m) }
+func (*Token) ProtoMessage() {}
+func (*Token) Descriptor() ([]byte, []int) {
+ return fileDescriptor_4bdd5bc50ec96238, []int{1}
+}
+func (m *Token) XXX_Unmarshal(b []byte) error {
+ return m.Unmarshal(b)
+}
+func (m *Token) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+ b = b[:cap(b)]
+ n, err := m.MarshalToSizedBuffer(b)
+ if err != nil {
+ return nil, err
+ }
+ return b[:n], nil
+}
+func (m *Token) XXX_Merge(src proto.Message) {
+ xxx_messageInfo_Token.Merge(m, src)
+}
+func (m *Token) XXX_Size() int {
+ return m.Size()
+}
+func (m *Token) XXX_DiscardUnknown() {
+ xxx_messageInfo_Token.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Token proto.InternalMessageInfo
+
+func (m *Token) GetSignature() []byte {
+ if m != nil {
+ return m.Signature
+ }
+ return nil
+}
+
+type Token_Info struct {
+ // ID is a token identifier. valid UUIDv4 represented in bytes
+ ID TokenID `protobuf:"bytes,1,opt,name=ID,proto3,customtype=TokenID" json:"ID"`
+ // OwnerID is an owner of manipulation object
+ OwnerID OwnerID `protobuf:"bytes,2,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
+ // Verb is a type of request for which the token is issued
+ Verb Token_Info_Verb `protobuf:"varint,3,opt,name=verb,proto3,enum=service.Token_Info_Verb" json:"verb,omitempty"`
+ // Address is an object address for which token is issued
+ Address Address `protobuf:"bytes,4,opt,name=Address,proto3,customtype=Address" json:"Address"`
+ // Lifetime is a lifetime of the session
+ TokenLifetime `protobuf:"bytes,5,opt,name=Lifetime,proto3,embedded=Lifetime" json:"Lifetime"`
+ // SessionKey is a public key of session key
+ SessionKey []byte `protobuf:"bytes,6,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
+ XXX_NoUnkeyedLiteral struct{} `json:"-"`
+ XXX_unrecognized []byte `json:"-"`
+ XXX_sizecache int32 `json:"-"`
+}
+
+func (m *Token_Info) Reset() { *m = Token_Info{} }
+func (m *Token_Info) String() string { return proto.CompactTextString(m) }
+func (*Token_Info) ProtoMessage() {}
+func (*Token_Info) Descriptor() ([]byte, []int) {
+ return fileDescriptor_4bdd5bc50ec96238, []int{1, 0}
+}
+func (m *Token_Info) XXX_Unmarshal(b []byte) error {
+ return m.Unmarshal(b)
+}
+func (m *Token_Info) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+ b = b[:cap(b)]
+ n, err := m.MarshalToSizedBuffer(b)
+ if err != nil {
+ return nil, err
+ }
+ return b[:n], nil
+}
+func (m *Token_Info) XXX_Merge(src proto.Message) {
+ xxx_messageInfo_Token_Info.Merge(m, src)
+}
+func (m *Token_Info) XXX_Size() int {
+ return m.Size()
+}
+func (m *Token_Info) XXX_DiscardUnknown() {
+ xxx_messageInfo_Token_Info.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Token_Info proto.InternalMessageInfo
+
+func (m *Token_Info) GetVerb() Token_Info_Verb {
+ if m != nil {
+ return m.Verb
+ }
+ return Token_Info_Put
+}
+
+func (m *Token_Info) GetSessionKey() []byte {
+ if m != nil {
+ return m.SessionKey
+ }
+ return nil
+}
+
+// TokenLifetime carries a group of lifetime parameters of the token
+type TokenLifetime struct {
+ // Created carries an initial epoch of token lifetime
+ Created uint64 `protobuf:"varint,1,opt,name=Created,proto3" json:"Created,omitempty"`
+ // ValidUntil carries a last epoch of token lifetime
+ ValidUntil uint64 `protobuf:"varint,2,opt,name=ValidUntil,proto3" json:"ValidUntil,omitempty"`
+ XXX_NoUnkeyedLiteral struct{} `json:"-"`
+ XXX_unrecognized []byte `json:"-"`
+ XXX_sizecache int32 `json:"-"`
+}
+
+func (m *TokenLifetime) Reset() { *m = TokenLifetime{} }
+func (m *TokenLifetime) String() string { return proto.CompactTextString(m) }
+func (*TokenLifetime) ProtoMessage() {}
+func (*TokenLifetime) Descriptor() ([]byte, []int) {
+ return fileDescriptor_4bdd5bc50ec96238, []int{2}
+}
+func (m *TokenLifetime) XXX_Unmarshal(b []byte) error {
+ return m.Unmarshal(b)
+}
+func (m *TokenLifetime) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+ b = b[:cap(b)]
+ n, err := m.MarshalToSizedBuffer(b)
+ if err != nil {
+ return nil, err
+ }
+ return b[:n], nil
+}
+func (m *TokenLifetime) XXX_Merge(src proto.Message) {
+ xxx_messageInfo_TokenLifetime.Merge(m, src)
+}
+func (m *TokenLifetime) XXX_Size() int {
+ return m.Size()
+}
+func (m *TokenLifetime) XXX_DiscardUnknown() {
+ xxx_messageInfo_TokenLifetime.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_TokenLifetime proto.InternalMessageInfo
+
+func (m *TokenLifetime) GetCreated() uint64 {
+ if m != nil {
+ return m.Created
+ }
+ return 0
+}
+
+func (m *TokenLifetime) GetValidUntil() uint64 {
+ if m != nil {
+ return m.ValidUntil
+ }
+ return 0
+}
+
func init() {
+ proto.RegisterEnum("service.Token_Info_Verb", Token_Info_Verb_name, Token_Info_Verb_value)
proto.RegisterType((*RequestVerificationHeader)(nil), "service.RequestVerificationHeader")
- proto.RegisterType((*RequestVerificationHeader_Sign)(nil), "service.RequestVerificationHeader.Sign")
proto.RegisterType((*RequestVerificationHeader_Signature)(nil), "service.RequestVerificationHeader.Signature")
+ proto.RegisterType((*Token)(nil), "service.Token")
+ proto.RegisterType((*Token_Info)(nil), "service.Token.Info")
+ proto.RegisterType((*TokenLifetime)(nil), "service.TokenLifetime")
}
func init() { proto.RegisterFile("service/verify.proto", fileDescriptor_4bdd5bc50ec96238) }
var fileDescriptor_4bdd5bc50ec96238 = []byte{
- // 291 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x29, 0x4e, 0x2d, 0x2a,
- 0xcb, 0x4c, 0x4e, 0xd5, 0x2f, 0x4b, 0x2d, 0xca, 0x4c, 0xab, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9,
- 0x17, 0x62, 0x87, 0x8a, 0x4a, 0xe9, 0xa6, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, 0xe7,
- 0xea, 0xa7, 0xe7, 0xa7, 0xe7, 0xeb, 0x83, 0xe5, 0x93, 0x4a, 0xd3, 0xc0, 0x3c, 0x30, 0x07, 0xcc,
- 0x82, 0xe8, 0x53, 0x5a, 0xcf, 0xc4, 0x25, 0x19, 0x94, 0x5a, 0x58, 0x9a, 0x5a, 0x5c, 0x12, 0x06,
- 0x32, 0x2f, 0x33, 0x39, 0xb1, 0x24, 0x33, 0x3f, 0xcf, 0x23, 0x35, 0x31, 0x25, 0xb5, 0x48, 0xc8,
- 0x87, 0x8b, 0x2b, 0x38, 0x33, 0x3d, 0x2f, 0xb1, 0xa4, 0xb4, 0x28, 0xb5, 0x58, 0x82, 0x51, 0x81,
- 0x59, 0x83, 0xdb, 0x48, 0x47, 0x0f, 0x6a, 0x95, 0x1e, 0x4e, 0x7d, 0x7a, 0x70, 0x4d, 0x41, 0x48,
- 0xfa, 0xa5, 0xf4, 0xb8, 0x58, 0x40, 0x3c, 0x21, 0x21, 0x08, 0x2d, 0xc1, 0xa8, 0xc0, 0xa8, 0xc1,
- 0x13, 0x04, 0x17, 0x0b, 0x48, 0x4d, 0x2d, 0x92, 0x60, 0x82, 0x88, 0x81, 0xd8, 0x52, 0x93, 0x19,
- 0xb9, 0x38, 0xe1, 0xda, 0x85, 0x5c, 0x91, 0x74, 0x71, 0x1b, 0xa9, 0x13, 0xe9, 0x0a, 0x27, 0x8e,
- 0x13, 0xf7, 0xe4, 0x19, 0x2e, 0xdc, 0x93, 0x67, 0x84, 0x5a, 0x64, 0xcf, 0xc5, 0xe6, 0x5f, 0x94,
- 0x99, 0x9e, 0x99, 0x07, 0xb6, 0x8a, 0x78, 0x83, 0x82, 0xa0, 0xda, 0x9c, 0x82, 0x4f, 0x3c, 0x92,
- 0x63, 0xbc, 0xf0, 0x48, 0x8e, 0xf1, 0xc6, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x67, 0x3c,
- 0x96, 0x63, 0x88, 0xd2, 0x44, 0x0a, 0xf6, 0xbc, 0xe2, 0x82, 0xe4, 0x64, 0xdd, 0x94, 0xd4, 0x32,
- 0xfd, 0xbc, 0xd4, 0xfc, 0xb4, 0x62, 0xdd, 0xc4, 0x82, 0x4c, 0xdd, 0xf4, 0x7c, 0x7d, 0xa8, 0x3d,
- 0xab, 0x98, 0x04, 0xfd, 0x52, 0xf3, 0xdd, 0x82, 0xf5, 0x1c, 0x03, 0x3c, 0xf5, 0x82, 0x21, 0x62,
- 0x49, 0x6c, 0xe0, 0xd8, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x23, 0xa3, 0x9d, 0x94, 0xdd,
- 0x01, 0x00, 0x00,
+ // 567 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x4d, 0x6f, 0xd3, 0x40,
+ 0x10, 0xed, 0x26, 0xce, 0xd7, 0xf4, 0x03, 0xb3, 0x20, 0x64, 0x22, 0x94, 0x44, 0x11, 0x87, 0x54,
+ 0x22, 0x8e, 0x94, 0x4a, 0x08, 0x09, 0x2e, 0x0d, 0x11, 0x34, 0xa2, 0x82, 0x6a, 0x53, 0x7a, 0xe0,
+ 0xe6, 0xd8, 0x63, 0x77, 0x45, 0xeb, 0x0d, 0xbb, 0x9b, 0xa0, 0xfe, 0x13, 0x7e, 0x03, 0xbf, 0x83,
+ 0x43, 0x8f, 0x3d, 0x22, 0x24, 0x22, 0x14, 0xfe, 0x04, 0x47, 0xe4, 0xb5, 0x93, 0xb8, 0x12, 0xdc,
+ 0xde, 0xbc, 0x99, 0x37, 0xef, 0x65, 0xe2, 0x85, 0xfb, 0x0a, 0xe5, 0x9c, 0xfb, 0xd8, 0x9b, 0xa3,
+ 0xe4, 0xe1, 0x95, 0x3b, 0x95, 0x42, 0x0b, 0x5a, 0xc9, 0xd8, 0xba, 0x2d, 0x31, 0x54, 0x3d, 0x7d,
+ 0x35, 0x45, 0x95, 0xb6, 0xea, 0xdd, 0x88, 0xeb, 0xf3, 0xd9, 0xc4, 0xf5, 0xc5, 0x65, 0x2f, 0x12,
+ 0x91, 0xe8, 0x19, 0x7a, 0x32, 0x0b, 0x4d, 0x65, 0x0a, 0x83, 0xd2, 0xf1, 0xf6, 0x37, 0x02, 0x0f,
+ 0x19, 0x7e, 0x9a, 0xa1, 0xd2, 0x67, 0x89, 0x03, 0xf7, 0x3d, 0xcd, 0x45, 0x7c, 0x84, 0x5e, 0x80,
+ 0x92, 0x1e, 0x03, 0x8c, 0x79, 0x14, 0x7b, 0x7a, 0x26, 0x51, 0x39, 0xa4, 0x55, 0xec, 0x6c, 0xf7,
+ 0x9f, 0xb8, 0x99, 0xb9, 0xfb, 0x5f, 0x9d, 0xbb, 0x16, 0xb1, 0x9c, 0x9e, 0x3e, 0x86, 0xd2, 0xa9,
+ 0xf8, 0x88, 0xb1, 0x53, 0x68, 0x91, 0xce, 0x76, 0x7f, 0x6f, 0xbd, 0xc8, 0xb0, 0x2c, 0x6d, 0xd6,
+ 0x0f, 0xa0, 0xb6, 0xd6, 0x50, 0x0a, 0x56, 0x52, 0x38, 0xa4, 0x45, 0x3a, 0x3b, 0xcc, 0xe0, 0x84,
+ 0x3b, 0x41, 0x94, 0x66, 0xcb, 0x0e, 0x33, 0xb8, 0xfd, 0xb3, 0x98, 0xed, 0xa6, 0xcf, 0xa1, 0x66,
+ 0xc0, 0x28, 0x0e, 0x85, 0x91, 0x6d, 0xf7, 0xef, 0xdd, 0x36, 0x72, 0x93, 0xd6, 0xa0, 0x7a, 0xbd,
+ 0x68, 0x6e, 0xdd, 0x2c, 0x9a, 0x84, 0x6d, 0xe6, 0xe9, 0xa3, 0x9c, 0xb7, 0x53, 0x35, 0xfb, 0x37,
+ 0x44, 0xfd, 0x4f, 0x01, 0x2c, 0x33, 0xd6, 0x84, 0xc2, 0x68, 0x98, 0x66, 0x1a, 0xdc, 0x49, 0xf6,
+ 0xfc, 0x58, 0x34, 0x2b, 0xe9, 0x96, 0x21, 0x2b, 0x8c, 0x86, 0x74, 0x1f, 0x2a, 0xef, 0x3e, 0xc7,
+ 0x28, 0x47, 0xc3, 0x34, 0xe5, 0x66, 0x2a, 0xa3, 0xd9, 0x0a, 0xd0, 0xa7, 0x60, 0xcd, 0x51, 0x4e,
+ 0x9c, 0x62, 0x8b, 0x74, 0xf6, 0xfa, 0xce, 0x3f, 0xa2, 0xba, 0x67, 0x28, 0x27, 0x83, 0xea, 0x72,
+ 0xd1, 0xb4, 0x12, 0xc4, 0xcc, 0x3c, 0x7d, 0x06, 0x95, 0xc3, 0x20, 0x90, 0xa8, 0x94, 0x63, 0x99,
+ 0x5f, 0xb9, 0xeb, 0x26, 0xdf, 0x82, 0x9b, 0x91, 0x1b, 0xc7, 0x8c, 0x60, 0x2b, 0x40, 0x5f, 0x40,
+ 0xf5, 0x98, 0x87, 0xa8, 0xf9, 0x25, 0x3a, 0x25, 0x23, 0x7d, 0x70, 0xdb, 0x75, 0xd5, 0xcd, 0xdd,
+ 0x68, 0xad, 0xa0, 0x0d, 0x80, 0x31, 0x2a, 0xc5, 0x45, 0xfc, 0x06, 0xaf, 0x9c, 0xb2, 0xb9, 0x51,
+ 0x8e, 0x69, 0x9f, 0x82, 0x49, 0x49, 0x2b, 0x50, 0x3c, 0x99, 0x69, 0x7b, 0x2b, 0x01, 0xaf, 0x51,
+ 0xdb, 0x84, 0x56, 0xc1, 0x4a, 0x3e, 0x0f, 0xbb, 0x40, 0x01, 0xca, 0x63, 0xf4, 0xa4, 0x7f, 0x6e,
+ 0x17, 0x13, 0x3c, 0xc4, 0x0b, 0xd4, 0x68, 0x5b, 0xb4, 0x06, 0x25, 0xe6, 0xc5, 0x11, 0xda, 0x25,
+ 0xba, 0x0b, 0x35, 0x03, 0x8f, 0x3c, 0x75, 0x6e, 0x97, 0xdb, 0x23, 0xd8, 0xbd, 0x15, 0x8d, 0x3a,
+ 0x50, 0x79, 0x29, 0xd1, 0xd3, 0x18, 0x98, 0xff, 0xc1, 0x62, 0xab, 0x32, 0x09, 0x78, 0xe6, 0x5d,
+ 0xf0, 0xe0, 0x7d, 0xac, 0xf9, 0x85, 0x39, 0xbf, 0xc5, 0x72, 0xcc, 0x60, 0x7c, 0xbd, 0x6c, 0x90,
+ 0x9b, 0x65, 0x83, 0x7c, 0x5f, 0x36, 0xc8, 0xaf, 0x65, 0x83, 0x7c, 0xf9, 0xdd, 0xd8, 0xfa, 0xb0,
+ 0x9f, 0x7b, 0x36, 0xb1, 0x9a, 0xfa, 0x7e, 0x37, 0xc0, 0x79, 0x2f, 0x46, 0x11, 0xaa, 0xae, 0x37,
+ 0xe5, 0xdd, 0x48, 0xf4, 0xb2, 0x1b, 0x7d, 0x2d, 0xdc, 0x7d, 0x8b, 0xe2, 0xd5, 0xd8, 0x3d, 0x3c,
+ 0x19, 0xb9, 0xe3, 0x94, 0x9b, 0x94, 0xcd, 0x6b, 0x3a, 0xf8, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x13,
+ 0xf0, 0xba, 0xcc, 0xaf, 0x03, 0x00, 0x00,
}
func (m *RequestVerificationHeader) Marshal() (dAtA []byte, err error) {
@@ -225,6 +417,18 @@ func (m *RequestVerificationHeader) MarshalToSizedBuffer(dAtA []byte) (int, erro
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
+ if m.Token != nil {
+ {
+ size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = encodeVarintVerify(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0x12
+ }
if len(m.Signatures) > 0 {
for iNdEx := len(m.Signatures) - 1; iNdEx >= 0; iNdEx-- {
{
@@ -242,47 +446,6 @@ func (m *RequestVerificationHeader) MarshalToSizedBuffer(dAtA []byte) (int, erro
return len(dAtA) - i, nil
}
-func (m *RequestVerificationHeader_Sign) Marshal() (dAtA []byte, err error) {
- size := m.Size()
- dAtA = make([]byte, size)
- n, err := m.MarshalToSizedBuffer(dAtA[:size])
- if err != nil {
- return nil, err
- }
- return dAtA[:n], nil
-}
-
-func (m *RequestVerificationHeader_Sign) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *RequestVerificationHeader_Sign) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- _ = i
- var l int
- _ = l
- if m.XXX_unrecognized != nil {
- i -= len(m.XXX_unrecognized)
- copy(dAtA[i:], m.XXX_unrecognized)
- }
- if len(m.Peer) > 0 {
- i -= len(m.Peer)
- copy(dAtA[i:], m.Peer)
- i = encodeVarintVerify(dAtA, i, uint64(len(m.Peer)))
- i--
- dAtA[i] = 0x12
- }
- if len(m.Sign) > 0 {
- i -= len(m.Sign)
- copy(dAtA[i:], m.Sign)
- i = encodeVarintVerify(dAtA, i, uint64(len(m.Sign)))
- i--
- dAtA[i] = 0xa
- }
- return len(dAtA) - i, nil
-}
-
func (m *RequestVerificationHeader_Signature) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -307,20 +470,56 @@ func (m *RequestVerificationHeader_Signature) MarshalToSizedBuffer(dAtA []byte)
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
- if m.Origin != nil {
- {
- size, err := m.Origin.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintVerify(dAtA, i, uint64(size))
- }
+ if len(m.Peer) > 0 {
+ i -= len(m.Peer)
+ copy(dAtA[i:], m.Peer)
+ i = encodeVarintVerify(dAtA, i, uint64(len(m.Peer)))
i--
dAtA[i] = 0x12
}
+ if len(m.Sign) > 0 {
+ i -= len(m.Sign)
+ copy(dAtA[i:], m.Sign)
+ i = encodeVarintVerify(dAtA, i, uint64(len(m.Sign)))
+ i--
+ dAtA[i] = 0xa
+ }
+ return len(dAtA) - i, nil
+}
+
+func (m *Token) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalToSizedBuffer(dAtA[:size])
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *Token) MarshalTo(dAtA []byte) (int, error) {
+ size := m.Size()
+ return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Token) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+ i := len(dAtA)
+ _ = i
+ var l int
+ _ = l
+ if m.XXX_unrecognized != nil {
+ i -= len(m.XXX_unrecognized)
+ copy(dAtA[i:], m.XXX_unrecognized)
+ }
+ if len(m.Signature) > 0 {
+ i -= len(m.Signature)
+ copy(dAtA[i:], m.Signature)
+ i = encodeVarintVerify(dAtA, i, uint64(len(m.Signature)))
+ i--
+ dAtA[i] = 0x42
+ }
{
- size, err := m.RequestVerificationHeader_Sign.MarshalToSizedBuffer(dAtA[:i])
+ size, err := m.Token_Info.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
@@ -332,6 +531,122 @@ func (m *RequestVerificationHeader_Signature) MarshalToSizedBuffer(dAtA []byte)
return len(dAtA) - i, nil
}
+func (m *Token_Info) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalToSizedBuffer(dAtA[:size])
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *Token_Info) MarshalTo(dAtA []byte) (int, error) {
+ size := m.Size()
+ return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Token_Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+ i := len(dAtA)
+ _ = i
+ var l int
+ _ = l
+ if m.XXX_unrecognized != nil {
+ i -= len(m.XXX_unrecognized)
+ copy(dAtA[i:], m.XXX_unrecognized)
+ }
+ if len(m.SessionKey) > 0 {
+ i -= len(m.SessionKey)
+ copy(dAtA[i:], m.SessionKey)
+ i = encodeVarintVerify(dAtA, i, uint64(len(m.SessionKey)))
+ i--
+ dAtA[i] = 0x32
+ }
+ {
+ size, err := m.TokenLifetime.MarshalToSizedBuffer(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = encodeVarintVerify(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0x2a
+ {
+ size := m.Address.Size()
+ i -= size
+ if _, err := m.Address.MarshalTo(dAtA[i:]); err != nil {
+ return 0, err
+ }
+ i = encodeVarintVerify(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0x22
+ if m.Verb != 0 {
+ i = encodeVarintVerify(dAtA, i, uint64(m.Verb))
+ i--
+ dAtA[i] = 0x18
+ }
+ {
+ size := m.OwnerID.Size()
+ i -= size
+ if _, err := m.OwnerID.MarshalTo(dAtA[i:]); err != nil {
+ return 0, err
+ }
+ i = encodeVarintVerify(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0x12
+ {
+ size := m.ID.Size()
+ i -= size
+ if _, err := m.ID.MarshalTo(dAtA[i:]); err != nil {
+ return 0, err
+ }
+ i = encodeVarintVerify(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0xa
+ return len(dAtA) - i, nil
+}
+
+func (m *TokenLifetime) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalToSizedBuffer(dAtA[:size])
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *TokenLifetime) MarshalTo(dAtA []byte) (int, error) {
+ size := m.Size()
+ return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TokenLifetime) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+ i := len(dAtA)
+ _ = i
+ var l int
+ _ = l
+ if m.XXX_unrecognized != nil {
+ i -= len(m.XXX_unrecognized)
+ copy(dAtA[i:], m.XXX_unrecognized)
+ }
+ if m.ValidUntil != 0 {
+ i = encodeVarintVerify(dAtA, i, uint64(m.ValidUntil))
+ i--
+ dAtA[i] = 0x10
+ }
+ if m.Created != 0 {
+ i = encodeVarintVerify(dAtA, i, uint64(m.Created))
+ i--
+ dAtA[i] = 0x8
+ }
+ return len(dAtA) - i, nil
+}
+
func encodeVarintVerify(dAtA []byte, offset int, v uint64) int {
offset -= sovVerify(v)
base := offset
@@ -355,13 +670,17 @@ func (m *RequestVerificationHeader) Size() (n int) {
n += 1 + l + sovVerify(uint64(l))
}
}
+ if m.Token != nil {
+ l = m.Token.Size()
+ n += 1 + l + sovVerify(uint64(l))
+ }
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
-func (m *RequestVerificationHeader_Sign) Size() (n int) {
+func (m *RequestVerificationHeader_Signature) Size() (n int) {
if m == nil {
return 0
}
@@ -381,16 +700,16 @@ func (m *RequestVerificationHeader_Sign) Size() (n int) {
return n
}
-func (m *RequestVerificationHeader_Signature) Size() (n int) {
+func (m *Token) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
- l = m.RequestVerificationHeader_Sign.Size()
+ l = m.Token_Info.Size()
n += 1 + l + sovVerify(uint64(l))
- if m.Origin != nil {
- l = m.Origin.Size()
+ l = len(m.Signature)
+ if l > 0 {
n += 1 + l + sovVerify(uint64(l))
}
if m.XXX_unrecognized != nil {
@@ -399,6 +718,51 @@ func (m *RequestVerificationHeader_Signature) Size() (n int) {
return n
}
+func (m *Token_Info) Size() (n int) {
+ if m == nil {
+ return 0
+ }
+ var l int
+ _ = l
+ l = m.ID.Size()
+ n += 1 + l + sovVerify(uint64(l))
+ l = m.OwnerID.Size()
+ n += 1 + l + sovVerify(uint64(l))
+ if m.Verb != 0 {
+ n += 1 + sovVerify(uint64(m.Verb))
+ }
+ l = m.Address.Size()
+ n += 1 + l + sovVerify(uint64(l))
+ l = m.TokenLifetime.Size()
+ n += 1 + l + sovVerify(uint64(l))
+ l = len(m.SessionKey)
+ if l > 0 {
+ n += 1 + l + sovVerify(uint64(l))
+ }
+ if m.XXX_unrecognized != nil {
+ n += len(m.XXX_unrecognized)
+ }
+ return n
+}
+
+func (m *TokenLifetime) Size() (n int) {
+ if m == nil {
+ return 0
+ }
+ var l int
+ _ = l
+ if m.Created != 0 {
+ n += 1 + sovVerify(uint64(m.Created))
+ }
+ if m.ValidUntil != 0 {
+ n += 1 + sovVerify(uint64(m.ValidUntil))
+ }
+ if m.XXX_unrecognized != nil {
+ n += len(m.XXX_unrecognized)
+ }
+ return n
+}
+
func sovVerify(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
@@ -468,6 +832,42 @@ func (m *RequestVerificationHeader) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 2:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthVerify
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.Token == nil {
+ m.Token = &Token{}
+ }
+ if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipVerify(dAtA[iNdEx:])
@@ -493,7 +893,7 @@ func (m *RequestVerificationHeader) Unmarshal(dAtA []byte) error {
}
return nil
}
-func (m *RequestVerificationHeader_Sign) Unmarshal(dAtA []byte) error {
+func (m *RequestVerificationHeader_Signature) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
@@ -516,10 +916,10 @@ func (m *RequestVerificationHeader_Sign) Unmarshal(dAtA []byte) error {
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
- return fmt.Errorf("proto: Sign: wiretype end group for non-group")
+ return fmt.Errorf("proto: Signature: wiretype end group for non-group")
}
if fieldNum <= 0 {
- return fmt.Errorf("proto: Sign: illegal tag %d (wire type %d)", fieldNum, wire)
+ return fmt.Errorf("proto: Signature: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
@@ -615,7 +1015,7 @@ func (m *RequestVerificationHeader_Sign) Unmarshal(dAtA []byte) error {
}
return nil
}
-func (m *RequestVerificationHeader_Signature) Unmarshal(dAtA []byte) error {
+func (m *Token) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
@@ -638,15 +1038,15 @@ func (m *RequestVerificationHeader_Signature) Unmarshal(dAtA []byte) error {
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
- return fmt.Errorf("proto: Signature: wiretype end group for non-group")
+ return fmt.Errorf("proto: Token: wiretype end group for non-group")
}
if fieldNum <= 0 {
- return fmt.Errorf("proto: Signature: illegal tag %d (wire type %d)", fieldNum, wire)
+ return fmt.Errorf("proto: Token: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field RequestVerificationHeader_Sign", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field Token_Info", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
@@ -673,13 +1073,186 @@ func (m *RequestVerificationHeader_Signature) Unmarshal(dAtA []byte) error {
if postIndex > l {
return io.ErrUnexpectedEOF
}
- if err := m.RequestVerificationHeader_Sign.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ if err := m.Token_Info.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 8:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Signature", wireType)
+ }
+ var byteLen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ byteLen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if byteLen < 0 {
+ return ErrInvalidLengthVerify
+ }
+ postIndex := iNdEx + byteLen
+ if postIndex < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.Signature = append(m.Signature[:0], dAtA[iNdEx:postIndex]...)
+ if m.Signature == nil {
+ m.Signature = []byte{}
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipVerify(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if (iNdEx + skippy) < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *Token_Info) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: Info: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: Info: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+ }
+ var byteLen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ byteLen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if byteLen < 0 {
+ return ErrInvalidLengthVerify
+ }
+ postIndex := iNdEx + byteLen
+ if postIndex < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.ID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Origin", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field OwnerID", wireType)
+ }
+ var byteLen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ byteLen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if byteLen < 0 {
+ return ErrInvalidLengthVerify
+ }
+ postIndex := iNdEx + byteLen
+ if postIndex < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.OwnerID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 3:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Verb", wireType)
+ }
+ m.Verb = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Verb |= Token_Info_Verb(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 4:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Address", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
@@ -706,13 +1279,169 @@ func (m *RequestVerificationHeader_Signature) Unmarshal(dAtA []byte) error {
if postIndex > l {
return io.ErrUnexpectedEOF
}
- if m.Origin == nil {
- m.Origin = &RequestVerificationHeader_Sign{}
- }
- if err := m.Origin.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ if err := m.Address.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
+ case 5:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field TokenLifetime", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthVerify
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if err := m.TokenLifetime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 6:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SessionKey", wireType)
+ }
+ var byteLen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ byteLen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if byteLen < 0 {
+ return ErrInvalidLengthVerify
+ }
+ postIndex := iNdEx + byteLen
+ if postIndex < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.SessionKey = append(m.SessionKey[:0], dAtA[iNdEx:postIndex]...)
+ if m.SessionKey == nil {
+ m.SessionKey = []byte{}
+ }
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipVerify(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if skippy < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if (iNdEx + skippy) < 0 {
+ return ErrInvalidLengthVerify
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
+func (m *TokenLifetime) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: TokenLifetime: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: TokenLifetime: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Created", wireType)
+ }
+ m.Created = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Created |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 2:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field ValidUntil", wireType)
+ }
+ m.ValidUntil = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowVerify
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.ValidUntil |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
default:
iNdEx = preIndex
skippy, err := skipVerify(dAtA[iNdEx:])
diff --git a/service/verify.proto b/service/verify.proto
index de0a69a..ed360be 100644
--- a/service/verify.proto
+++ b/service/verify.proto
@@ -3,6 +3,7 @@ package service;
option go_package = "github.com/nspcc-dev/neofs-api-go/service";
option csharp_namespace = "NeoFS.API.Service";
+import "refs/types.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
option (gogoproto.stable_marshaler_all) = true;
@@ -10,22 +11,80 @@ option (gogoproto.stable_marshaler_all) = true;
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
// (should be embedded into message).
message RequestVerificationHeader {
- message Sign {
+ message Signature {
// Sign is signature of the request or session key.
bytes Sign = 1;
// Peer is compressed public key used for signature.
bytes Peer = 2;
}
- message Signature {
- // Sign is a signature and public key of the request.
- Sign Sign = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
- // Origin used for requests, when trusted node changes it and re-sign with session key.
- // If session key used for signature request, then Origin should contain
- // public key of user and signed session key.
- Sign Origin = 2;
- }
-
// Signatures is a set of signatures of every passed NeoFS Node
repeated Signature Signatures = 1;
+
+ // Token is a token of the session within which the request is sent
+ Token Token = 2;
}
+
+// User token granting rights for object manipulation
+message Token {
+ message Info {
+ // ID is a token identifier. valid UUIDv4 represented in bytes
+ bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+
+ // OwnerID is an owner of manipulation object
+ bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+ // Verb is an enumeration of session request types
+ enum Verb {
+ // Put refers to object.Put RPC call
+ Put = 0;
+ // Get refers to object.Get RPC call
+ Get = 1;
+ // Head refers to object.Head RPC call
+ Head = 2;
+ // Search refers to object.Search RPC call
+ Search = 3;
+ // Delete refers to object.Delete RPC call
+ Delete = 4;
+ // Range refers to object.GetRange RPC call
+ Range = 5;
+ // RangeHash refers to object.GetRangeHash RPC call
+ RangeHash = 6;
+ }
+
+ // Verb is a type of request for which the token is issued
+ Verb verb = 3 [(gogoproto.customname) = "Verb"];
+
+ // Address is an object address for which token is issued
+ refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
+
+ // Lifetime is a lifetime of the session
+ TokenLifetime Lifetime = 5 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
+ // SessionKey is a public key of session key
+ bytes SessionKey = 6;
+ }
+
+ // TokenInfo is a grouped information about token
+ Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
+ // Signature is a signature of session token information
+ bytes Signature = 8;
+}
+
+// TokenLifetime carries a group of lifetime parameters of the token
+message TokenLifetime {
+ // Created carries an initial epoch of token lifetime
+ uint64 Created = 1;
+
+ // ValidUntil carries a last epoch of token lifetime
+ uint64 ValidUntil = 2;
+}
+
+// TODO: for variable token types and version redefine message
+// Example:
+// message Token {
+// TokenType TokenType = 1;
+// uint32 Version = 2;
+// bytes Data = 3;
+// }
diff --git a/service/verify_test.go b/service/verify_test.go
index 27491da..c6e4d61 100644
--- a/service/verify_test.go
+++ b/service/verify_test.go
@@ -1,201 +1,117 @@
package service
import (
- "bytes"
- "log"
+ "encoding/binary"
+ "io"
"math"
"testing"
- "github.com/gogo/protobuf/proto"
"github.com/nspcc-dev/neofs-api-go/refs"
- crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-crypto/test"
- "github.com/pkg/errors"
"github.com/stretchr/testify/require"
)
-func BenchmarkSignRequestHeader(b *testing.B) {
+func (m TestRequest) SignedData() ([]byte, error) {
+ return SignedDataFromReader(m)
+}
+
+func (m TestRequest) SignedDataSize() (sz int) {
+ sz += 4
+
+ sz += len(m.StringField)
+
+ sz += len(m.BytesField)
+
+ sz += m.CustomField.Size()
+
+ return
+}
+
+func (m TestRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ binary.BigEndian.PutUint32(p[off:], uint32(m.IntField))
+ off += 4
+
+ off += copy(p[off:], []byte(m.StringField))
+
+ off += copy(p[off:], m.BytesField)
+
+ n, err := m.CustomField.MarshalTo(p[off:])
+ off += n
+
+ return off, err
+}
+
+func BenchmarkSignDataWithSessionToken(b *testing.B) {
key := test.DecodeKey(0)
- custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
+ customField := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
- some := &TestRequest{
- IntField: math.MaxInt32,
- StringField: "TestRequestStringField",
- BytesField: make([]byte, 1<<22),
- CustomField: &custom,
- RequestMetaHeader: RequestMetaHeader{
- TTL: math.MaxInt32 - 8,
- Epoch: math.MaxInt64 - 12,
- },
- }
+ token := new(Token)
- b.ResetTimer()
- b.ReportAllocs()
-
- for i := 0; i < b.N; i++ {
- require.NoError(b, SignRequestHeader(key, some))
- }
-}
-
-func BenchmarkVerifyRequestHeader(b *testing.B) {
- custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
-
- some := &TestRequest{
- IntField: math.MaxInt32,
- StringField: "TestRequestStringField",
- BytesField: make([]byte, 1<<22),
- CustomField: &custom,
- RequestMetaHeader: RequestMetaHeader{
- TTL: math.MaxInt32 - 8,
- Epoch: math.MaxInt64 - 12,
- },
- }
-
- for i := 0; i < 10; i++ {
- key := test.DecodeKey(i)
- require.NoError(b, SignRequestHeader(key, some))
- }
-
- b.ResetTimer()
- b.ReportAllocs()
-
- for i := 0; i < b.N; i++ {
- require.NoError(b, VerifyRequestHeader(some))
- }
-}
-
-func TestSignRequestHeader(t *testing.T) {
req := &TestRequest{
IntField: math.MaxInt32,
StringField: "TestRequestStringField",
- BytesField: []byte("TestRequestBytesField"),
+ BytesField: make([]byte, 1<<22),
+ CustomField: &customField,
}
- key := test.DecodeKey(0)
- peer := crypto.MarshalPublicKey(&key.PublicKey)
+ req.SetTTL(math.MaxInt32 - 8)
+ req.SetEpoch(math.MaxInt64 - 12)
+ req.SetToken(token)
- data, err := req.Marshal()
+ b.ResetTimer()
+ b.ReportAllocs()
+
+ for i := 0; i < b.N; i++ {
+ require.NoError(b, SignDataWithSessionToken(key, req))
+ }
+}
+
+func BenchmarkVerifyAccumulatedSignaturesWithToken(b *testing.B) {
+ customField := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
+
+ token := new(Token)
+
+ req := &TestRequest{
+ IntField: math.MaxInt32,
+ StringField: "TestRequestStringField",
+ BytesField: make([]byte, 1<<22),
+ CustomField: &customField,
+ }
+
+ req.SetTTL(math.MaxInt32 - 8)
+ req.SetEpoch(math.MaxInt64 - 12)
+ req.SetToken(token)
+
+ for i := 0; i < 10; i++ {
+ key := test.DecodeKey(i)
+ require.NoError(b, SignDataWithSessionToken(key, req))
+ }
+
+ b.ResetTimer()
+ b.ReportAllocs()
+
+ for i := 0; i < b.N; i++ {
+ require.NoError(b, VerifyAccumulatedSignaturesWithToken(req))
+ }
+}
+
+func TestRequestVerificationHeader_SetToken(t *testing.T) {
+ id, err := refs.NewUUID()
require.NoError(t, err)
- require.NoError(t, SignRequestHeader(key, req))
+ token := new(Token)
+ token.SetID(id)
- require.Len(t, req.Signatures, 1)
- for i := range req.Signatures {
- sign := req.Signatures[i].GetSign()
- require.Equal(t, peer, req.Signatures[i].GetPeer())
- require.NoError(t, crypto.Verify(&key.PublicKey, data, sign))
- }
-}
-
-func TestVerifyRequestHeader(t *testing.T) {
- req := &TestRequest{
- IntField: math.MaxInt32,
- StringField: "TestRequestStringField",
- BytesField: []byte("TestRequestBytesField"),
- RequestMetaHeader: RequestMetaHeader{TTL: 10},
- }
-
- for i := 0; i < 10; i++ {
- req.TTL--
- require.NoError(t, SignRequestHeader(test.DecodeKey(i), req))
- }
-
- require.NoError(t, VerifyRequestHeader(req))
-}
-
-func TestMaintainableRequest(t *testing.T) {
- req := &TestRequest{
- IntField: math.MaxInt32,
- StringField: "TestRequestStringField",
- BytesField: []byte("TestRequestBytesField"),
- RequestMetaHeader: RequestMetaHeader{TTL: 10},
- }
-
- count := 10
- owner := test.DecodeKey(count + 1)
-
- for i := 0; i < count; i++ {
- req.TTL--
-
- key := test.DecodeKey(i)
- require.NoError(t, SignRequestHeader(key, req))
-
- // sign first key (session key) by owner key
- if i == 0 {
- sign, err := crypto.Sign(owner, crypto.MarshalPublicKey(&key.PublicKey))
- require.NoError(t, err)
-
- req.SetOwner(&owner.PublicKey, sign)
- }
- }
-
- { // Validate owner
- user, err := refs.NewOwnerID(&owner.PublicKey)
- require.NoError(t, err)
- require.NoError(t, req.CheckOwner(user))
- }
-
- { // Good case:
- require.NoError(t, VerifyRequestHeader(req))
-
- // validate, that first key (session key) was signed with owner
- signatures := req.GetSignatures()
-
- require.Len(t, signatures, count)
-
- pub, err := req.GetOwner()
- require.NoError(t, err)
-
- require.Equal(t, &owner.PublicKey, pub)
- }
-
- { // wrong owner:
- req.Signatures[0].Origin = nil
-
- pub, err := req.GetOwner()
- require.NoError(t, err)
-
- require.NotEqual(t, &owner.PublicKey, pub)
- }
-
- { // Wrong signatures:
- copy(req.Signatures[count-1].Sign, req.Signatures[count-1].Peer)
- err := VerifyRequestHeader(req)
- require.EqualError(t, errors.Cause(err), crypto.ErrInvalidSignature.Error())
- }
-}
-
-func TestVerifyAndSignRequestHeaderWithoutCloning(t *testing.T) {
- key := test.DecodeKey(0)
-
- custom := testCustomField{1, 2, 3, 4, 5, 6, 7, 8}
-
- b := &TestRequest{
- IntField: math.MaxInt32,
- StringField: "TestRequestStringField",
- BytesField: []byte("TestRequestBytesField"),
- CustomField: &custom,
- RequestMetaHeader: RequestMetaHeader{
- TTL: math.MaxInt32 - 8,
- Epoch: math.MaxInt64 - 12,
- },
- }
-
- require.NoError(t, SignRequestHeader(key, b))
- require.NoError(t, VerifyRequestHeader(b))
-
- require.Len(t, b.Signatures, 1)
- require.Equal(t, custom, *b.CustomField)
- require.Equal(t, uint32(math.MaxInt32-8), b.GetTTL())
- require.Equal(t, uint64(math.MaxInt64-12), b.GetEpoch())
-
- buf := bytes.NewBuffer(nil)
- log.SetOutput(buf)
-
- cp, ok := proto.Clone(b).(*TestRequest)
- require.True(t, ok)
- require.NotEqual(t, b, cp)
-
- require.Contains(t, buf.String(), "proto: don't know how to copy")
+ h := new(RequestVerificationHeader)
+
+ h.SetToken(token)
+
+ require.Equal(t, token, h.GetToken())
}
diff --git a/service/version.go b/service/version.go
new file mode 100644
index 0000000..6f4839c
--- /dev/null
+++ b/service/version.go
@@ -0,0 +1,11 @@
+package service
+
+// SetVersion is a Version field setter.
+func (m *ResponseMetaHeader) SetVersion(v uint32) {
+ m.Version = v
+}
+
+// SetVersion is a Version field setter.
+func (m *RequestMetaHeader) SetVersion(v uint32) {
+ m.Version = v
+}
diff --git a/service/version_test.go b/service/version_test.go
new file mode 100644
index 0000000..d102d30
--- /dev/null
+++ b/service/version_test.go
@@ -0,0 +1,21 @@
+package service
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestGetSetVersion(t *testing.T) {
+ v := uint32(7)
+
+ items := []VersionContainer{
+ new(ResponseMetaHeader),
+ new(RequestMetaHeader),
+ }
+
+ for _, item := range items {
+ item.SetVersion(v)
+ require.Equal(t, v, item.GetVersion())
+ }
+}
diff --git a/session/alias.go b/session/alias.go
new file mode 100644
index 0000000..aa49d55
--- /dev/null
+++ b/session/alias.go
@@ -0,0 +1,15 @@
+package session
+
+import (
+ "github.com/nspcc-dev/neofs-api-go/refs"
+ "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+// OwnerID is a type alias of OwnerID ref.
+type OwnerID = refs.OwnerID
+
+// TokenID is a type alias of TokenID ref.
+type TokenID = service.TokenID
+
+// Token is a type alias of Token.
+type Token = service.Token
diff --git a/session/create.go b/session/create.go
new file mode 100644
index 0000000..35d0540
--- /dev/null
+++ b/session/create.go
@@ -0,0 +1,62 @@
+package session
+
+import (
+ "context"
+ "crypto/ecdsa"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+ crypto "github.com/nspcc-dev/neofs-crypto"
+ "google.golang.org/grpc"
+)
+
+type gRPCCreator struct {
+ conn *grpc.ClientConn
+
+ key *ecdsa.PrivateKey
+
+ clientFunc func(*grpc.ClientConn) SessionClient
+}
+
+// NewGRPCCreator unites virtual gRPC client with private ket and returns Creator interface.
+//
+// If passed ClientConn is nil, ErrNilGPRCClientConn returns.
+// If passed private key is nil, crypto.ErrEmptyPrivateKey returns.
+func NewGRPCCreator(conn *grpc.ClientConn, key *ecdsa.PrivateKey) (Creator, error) {
+ if conn == nil {
+ return nil, ErrNilGPRCClientConn
+ } else if key == nil {
+ return nil, crypto.ErrEmptyPrivateKey
+ }
+
+ return &gRPCCreator{
+ conn: conn,
+
+ key: key,
+
+ clientFunc: NewSessionClient,
+ }, nil
+}
+
+// Create constructs message, signs it with private key and sends it to a gRPC client.
+//
+// If passed CreateParamsSource is nil, ErrNilCreateParamsSource returns.
+// If message could not be signed, an error returns.
+func (s gRPCCreator) Create(ctx context.Context, p CreateParamsSource) (CreateResult, error) {
+ if p == nil {
+ return nil, ErrNilCreateParamsSource
+ }
+
+ // create and fill a message
+ req := new(CreateRequest)
+ req.SetOwnerID(p.GetOwnerID())
+ req.SetCreationEpoch(p.CreationEpoch())
+ req.SetExpirationEpoch(p.ExpirationEpoch())
+
+ // sign with private key
+ if err := service.SignDataWithSessionToken(s.key, req); err != nil {
+ return nil, err
+ }
+
+ // make gRPC call
+ return s.clientFunc(s.conn).Create(ctx, req)
+}
diff --git a/session/create_test.go b/session/create_test.go
new file mode 100644
index 0000000..732d4fd
--- /dev/null
+++ b/session/create_test.go
@@ -0,0 +1,103 @@
+package session
+
+import (
+ "context"
+ "crypto/ecdsa"
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+ crypto "github.com/nspcc-dev/neofs-crypto"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/pkg/errors"
+ "github.com/stretchr/testify/require"
+ "google.golang.org/grpc"
+)
+
+type testSessionClient struct {
+ fn func(*CreateRequest)
+ resp *CreateResponse
+ err error
+}
+
+func (s testSessionClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
+ if s.fn != nil {
+ s.fn(in)
+ }
+
+ return s.resp, s.err
+}
+
+func TestNewGRPCCreator(t *testing.T) {
+ var (
+ err error
+ conn = new(grpc.ClientConn)
+ sk = new(ecdsa.PrivateKey)
+ )
+
+ // nil client connection
+ _, err = NewGRPCCreator(nil, sk)
+ require.EqualError(t, err, ErrNilGPRCClientConn.Error())
+
+ // nil private key
+ _, err = NewGRPCCreator(conn, nil)
+ require.EqualError(t, err, crypto.ErrEmptyPrivateKey.Error())
+
+ // valid params
+ res, err := NewGRPCCreator(conn, sk)
+ require.NoError(t, err)
+
+ v := res.(*gRPCCreator)
+ require.Equal(t, conn, v.conn)
+ require.Equal(t, sk, v.key)
+ require.NotNil(t, v.clientFunc)
+}
+
+func TestGRPCCreator_Create(t *testing.T) {
+ ctx := context.TODO()
+ s := new(gRPCCreator)
+
+ // nil CreateParamsSource
+ _, err := s.Create(ctx, nil)
+ require.EqualError(t, err, ErrNilCreateParamsSource.Error())
+
+ var (
+ ownerID = OwnerID{1, 2, 3}
+ created = uint64(2)
+ expired = uint64(4)
+ )
+
+ p := NewParams()
+ p.SetOwnerID(ownerID)
+ p.SetCreationEpoch(created)
+ p.SetExpirationEpoch(expired)
+
+ // nil private key
+ _, err = s.Create(ctx, p)
+ require.Error(t, err)
+
+ // create test private key
+ s.key = test.DecodeKey(0)
+
+ // create test client
+ c := &testSessionClient{
+ fn: func(req *CreateRequest) {
+ require.Equal(t, ownerID, req.GetOwnerID())
+ require.Equal(t, created, req.CreationEpoch())
+ require.Equal(t, expired, req.ExpirationEpoch())
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(req))
+ },
+ resp: &CreateResponse{
+ ID: TokenID{1, 2, 3},
+ SessionKey: []byte{1, 2, 3},
+ },
+ err: errors.New("test error"),
+ }
+
+ s.clientFunc = func(*grpc.ClientConn) SessionClient {
+ return c
+ }
+
+ res, err := s.Create(ctx, p)
+ require.EqualError(t, err, c.err.Error())
+ require.Equal(t, c.resp, res)
+}
diff --git a/session/errors.go b/session/errors.go
new file mode 100644
index 0000000..3a9c129
--- /dev/null
+++ b/session/errors.go
@@ -0,0 +1,15 @@
+package session
+
+import "github.com/nspcc-dev/neofs-api-go/internal"
+
+// ErrNilCreateParamsSource is returned by functions that expect a non-nil
+// CreateParamsSource, but received nil.
+const ErrNilCreateParamsSource = internal.Error("create params source is nil")
+
+// ErrNilGPRCClientConn is returned by functions that expect a non-nil
+// grpc.ClientConn, but received nil.
+const ErrNilGPRCClientConn = internal.Error("gRPC client connection is nil")
+
+// ErrPrivateTokenNotFound is returned when addressed private token was
+// not found in storage.
+const ErrPrivateTokenNotFound = internal.Error("private token not found")
diff --git a/session/private.go b/session/private.go
new file mode 100644
index 0000000..42bb205
--- /dev/null
+++ b/session/private.go
@@ -0,0 +1,55 @@
+package session
+
+import (
+ "crypto/ecdsa"
+ "crypto/elliptic"
+ "crypto/rand"
+
+ crypto "github.com/nspcc-dev/neofs-crypto"
+)
+
+type pToken struct {
+ // private session token
+ sessionKey *ecdsa.PrivateKey
+ // last epoch of the lifetime
+ validUntil uint64
+}
+
+// NewPrivateToken creates PrivateToken instance that expires after passed epoch.
+//
+// Returns non-nil error on key generation error.
+func NewPrivateToken(validUntil uint64) (PrivateToken, error) {
+ sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+ if err != nil {
+ return nil, err
+ }
+
+ return &pToken{
+ sessionKey: sk,
+ validUntil: validUntil,
+ }, nil
+}
+
+// Sign signs data with session private key.
+func (t *pToken) Sign(data []byte) ([]byte, error) {
+ return crypto.Sign(t.sessionKey, data)
+}
+
+// PublicKey returns a binary representation of the session public key.
+func (t *pToken) PublicKey() []byte {
+ return crypto.MarshalPublicKey(&t.sessionKey.PublicKey)
+}
+
+func (t *pToken) Expired(epoch uint64) bool {
+ return t.validUntil < epoch
+}
+
+// SetOwnerID is an owner ID field setter.
+func (s *PrivateTokenKey) SetOwnerID(id OwnerID) {
+ s.owner = id
+}
+
+// SetTokenID is a token ID field setter.
+func (s *PrivateTokenKey) SetTokenID(id TokenID) {
+ s.token = id
+}
diff --git a/session/private_test.go b/session/private_test.go
new file mode 100644
index 0000000..8097b97
--- /dev/null
+++ b/session/private_test.go
@@ -0,0 +1,70 @@
+package session
+
+import (
+ "crypto/rand"
+ "testing"
+
+ crypto "github.com/nspcc-dev/neofs-crypto"
+ "github.com/stretchr/testify/require"
+)
+
+func TestPrivateToken(t *testing.T) {
+ // create new private token
+ pToken, err := NewPrivateToken(0)
+ require.NoError(t, err)
+
+ // generate data to sign
+ data := make([]byte, 10)
+ _, err = rand.Read(data)
+ require.NoError(t, err)
+
+ // sign data via private token
+ sig, err := pToken.Sign(data)
+ require.NoError(t, err)
+
+ // check signature
+ require.NoError(t,
+ crypto.Verify(
+ crypto.UnmarshalPublicKey(pToken.PublicKey()),
+ data,
+ sig,
+ ),
+ )
+}
+
+func TestPToken_Expired(t *testing.T) {
+ e := uint64(10)
+
+ var token PrivateToken = &pToken{
+ validUntil: e,
+ }
+
+ // must not be expired in the epoch before last
+ require.False(t, token.Expired(e-1))
+
+ // must not be expired in the last epoch
+ require.False(t, token.Expired(e))
+
+ // must be expired in the epoch after last
+ require.True(t, token.Expired(e+1))
+}
+
+func TestPrivateTokenKey_SetOwnerID(t *testing.T) {
+ ownerID := OwnerID{1, 2, 3}
+
+ s := new(PrivateTokenKey)
+
+ s.SetOwnerID(ownerID)
+
+ require.Equal(t, ownerID, s.owner)
+}
+
+func TestPrivateTokenKey_SetTokenID(t *testing.T) {
+ tokenID := TokenID{1, 2, 3}
+
+ s := new(PrivateTokenKey)
+
+ s.SetTokenID(tokenID)
+
+ require.Equal(t, tokenID, s.token)
+}
diff --git a/session/request.go b/session/request.go
new file mode 100644
index 0000000..73c05e5
--- /dev/null
+++ b/session/request.go
@@ -0,0 +1,62 @@
+package session
+
+import (
+ "encoding/binary"
+ "io"
+
+ "github.com/nspcc-dev/neofs-api-go/refs"
+ "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+const signedRequestDataSize = 0 +
+ refs.OwnerIDSize +
+ 8 +
+ 8
+
+var requestEndianness = binary.BigEndian
+
+// NewParams creates a new CreateRequest message and returns CreateParamsContainer interface.
+func NewParams() CreateParamsContainer {
+ return new(CreateRequest)
+}
+
+// GetOwnerID is an OwnerID field getter.
+func (m CreateRequest) GetOwnerID() OwnerID {
+ return m.OwnerID
+}
+
+// SetOwnerID is an OwnerID field setter.
+func (m *CreateRequest) SetOwnerID(id OwnerID) {
+ m.OwnerID = id
+}
+
+// SignedData returns payload bytes of the request.
+func (m CreateRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m CreateRequest) SignedDataSize() int {
+ return signedRequestDataSize
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the buffer size is insufficient, io.ErrUnexpectedEOF returns.
+func (m CreateRequest) ReadSignedData(p []byte) (int, error) {
+ sz := m.SignedDataSize()
+ if len(p) < sz {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetOwnerID().Bytes())
+
+ requestEndianness.PutUint64(p[off:], m.CreationEpoch())
+ off += 8
+
+ requestEndianness.PutUint64(p[off:], m.ExpirationEpoch())
+
+ return sz, nil
+}
diff --git a/session/request_test.go b/session/request_test.go
new file mode 100644
index 0000000..094ca66
--- /dev/null
+++ b/session/request_test.go
@@ -0,0 +1,92 @@
+package session
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestCreateRequestGettersSetters(t *testing.T) {
+ t.Run("owner ID", func(t *testing.T) {
+ id := OwnerID{1, 2, 3}
+ m := new(CreateRequest)
+
+ m.SetOwnerID(id)
+
+ require.Equal(t, id, m.GetOwnerID())
+ })
+
+ t.Run("lifetime", func(t *testing.T) {
+ e1, e2 := uint64(3), uint64(4)
+ m := new(CreateRequest)
+
+ m.SetCreationEpoch(e1)
+ m.SetExpirationEpoch(e2)
+
+ require.Equal(t, e1, m.CreationEpoch())
+ require.Equal(t, e2, m.ExpirationEpoch())
+ })
+}
+
+func TestCreateRequest_SignedData(t *testing.T) {
+ var (
+ id = OwnerID{1, 2, 3}
+ e1 = uint64(1)
+ e2 = uint64(2)
+ )
+
+ // create new message
+ m := new(CreateRequest)
+
+ // fill the fields
+ m.SetOwnerID(id)
+ m.SetCreationEpoch(e1)
+ m.SetExpirationEpoch(e2)
+
+ // calculate initial signed data
+ d, err := m.SignedData()
+ require.NoError(t, err)
+
+ items := []struct {
+ change func()
+ reset func()
+ }{
+ { // OwnerID
+ change: func() {
+ id2 := id
+ id2[0]++
+ m.SetOwnerID(id2)
+ },
+ reset: func() {
+ m.SetOwnerID(id)
+ },
+ },
+ { // CreationEpoch
+ change: func() {
+ m.SetCreationEpoch(e1 + 1)
+ },
+ reset: func() {
+ m.SetCreationEpoch(e1)
+ },
+ },
+ { // ExpirationEpoch
+ change: func() {
+ m.SetExpirationEpoch(e2 + 1)
+ },
+ reset: func() {
+ m.SetExpirationEpoch(e2)
+ },
+ },
+ }
+
+ for _, item := range items {
+ item.change()
+
+ d2, err := m.SignedData()
+ require.NoError(t, err)
+
+ require.NotEqual(t, d, d2)
+
+ item.reset()
+ }
+}
diff --git a/session/response.go b/session/response.go
new file mode 100644
index 0000000..3426d7c
--- /dev/null
+++ b/session/response.go
@@ -0,0 +1,16 @@
+package session
+
+// GetID is an ID field getter.
+func (m CreateResponse) GetID() TokenID {
+ return m.ID
+}
+
+// SetID is an ID field setter.
+func (m *CreateResponse) SetID(id TokenID) {
+ m.ID = id
+}
+
+// SetSessionKey is a SessionKey field setter.
+func (m *CreateResponse) SetSessionKey(key []byte) {
+ m.SessionKey = key
+}
diff --git a/session/response_test.go b/session/response_test.go
new file mode 100644
index 0000000..0e1de0b
--- /dev/null
+++ b/session/response_test.go
@@ -0,0 +1,27 @@
+package session
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestCreateResponseGettersSetters(t *testing.T) {
+ t.Run("id", func(t *testing.T) {
+ id := TokenID{1, 2, 3}
+ m := new(CreateResponse)
+
+ m.SetID(id)
+
+ require.Equal(t, id, m.GetID())
+ })
+
+ t.Run("session key", func(t *testing.T) {
+ key := []byte{1, 2, 3}
+ m := new(CreateResponse)
+
+ m.SetSessionKey(key)
+
+ require.Equal(t, key, m.GetSessionKey())
+ })
+}
diff --git a/session/service.go b/session/service.go
deleted file mode 100644
index 182ff7d..0000000
--- a/session/service.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package session
-
-import (
- "context"
- "crypto/ecdsa"
-
- "github.com/nspcc-dev/neofs-api-go/refs"
- crypto "github.com/nspcc-dev/neofs-crypto"
-)
-
-type (
- // KeyStore is an interface that describes storage,
- // that allows to fetch public keys by OwnerID.
- KeyStore interface {
- Get(ctx context.Context, id refs.OwnerID) ([]*ecdsa.PublicKey, error)
- }
-
- // TokenStore is a PToken storage manipulation interface.
- TokenStore interface {
- // New returns new token with specified parameters.
- New(p TokenParams) *PToken
-
- // Fetch tries to fetch a token with specified id.
- Fetch(id TokenID) *PToken
-
- // Remove removes token with id from store.
- Remove(id TokenID)
- }
-
- // TokenParams contains params to create new PToken.
- TokenParams struct {
- FirstEpoch uint64
- LastEpoch uint64
- ObjectID []ObjectID
- OwnerID OwnerID
- PublicKeys [][]byte
- }
-)
-
-// NewInitRequest returns new initialization CreateRequest from passed Token.
-func NewInitRequest(t *Token) *CreateRequest {
- return &CreateRequest{Message: &CreateRequest_Init{Init: t}}
-}
-
-// NewSignedRequest returns new signed CreateRequest from passed Token.
-func NewSignedRequest(t *Token) *CreateRequest {
- return &CreateRequest{Message: &CreateRequest_Signed{Signed: t}}
-}
-
-// Sign signs contents of the header with the private key.
-func (m *VerificationHeader) Sign(key *ecdsa.PrivateKey) error {
- s, err := crypto.Sign(key, m.PublicKey)
- if err != nil {
- return err
- }
- m.KeySignature = s
- return nil
-}
diff --git a/session/service.pb.go b/session/service.pb.go
index abd1618..e68c0fd 100644
--- a/session/service.pb.go
+++ b/session/service.pb.go
@@ -28,13 +28,12 @@ var _ = math.Inf
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+// CreateRequest carries an information necessary for opening a session
type CreateRequest struct {
- // Message should be one of
- //
- // Types that are valid to be assigned to Message:
- // *CreateRequest_Init
- // *CreateRequest_Signed
- Message isCreateRequest_Message `protobuf_oneof:"Message"`
+ // OwnerID carries an identifier of a session initiator
+ OwnerID OwnerID `protobuf:"bytes,1,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
+ // Lifetime carries a lifetime of the session
+ service.TokenLifetime `protobuf:"bytes,2,opt,name=Lifetime,proto3,embedded=Lifetime" json:"Lifetime"`
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -73,59 +72,15 @@ func (m *CreateRequest) XXX_DiscardUnknown() {
var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
-type isCreateRequest_Message interface {
- isCreateRequest_Message()
- MarshalTo([]byte) (int, error)
- Size() int
-}
-
-type CreateRequest_Init struct {
- Init *Token `protobuf:"bytes,1,opt,name=Init,proto3,oneof" json:"Init,omitempty"`
-}
-type CreateRequest_Signed struct {
- Signed *Token `protobuf:"bytes,2,opt,name=Signed,proto3,oneof" json:"Signed,omitempty"`
-}
-
-func (*CreateRequest_Init) isCreateRequest_Message() {}
-func (*CreateRequest_Signed) isCreateRequest_Message() {}
-
-func (m *CreateRequest) GetMessage() isCreateRequest_Message {
- if m != nil {
- return m.Message
- }
- return nil
-}
-
-func (m *CreateRequest) GetInit() *Token {
- if x, ok := m.GetMessage().(*CreateRequest_Init); ok {
- return x.Init
- }
- return nil
-}
-
-func (m *CreateRequest) GetSigned() *Token {
- if x, ok := m.GetMessage().(*CreateRequest_Signed); ok {
- return x.Signed
- }
- return nil
-}
-
-// XXX_OneofWrappers is for the internal use of the proto package.
-func (*CreateRequest) XXX_OneofWrappers() []interface{} {
- return []interface{}{
- (*CreateRequest_Init)(nil),
- (*CreateRequest_Signed)(nil),
- }
-}
-
+// CreateResponse carries an information about the opened session
type CreateResponse struct {
- // Types that are valid to be assigned to Message:
- // *CreateResponse_Unsigned
- // *CreateResponse_Result
- Message isCreateResponse_Message `protobuf_oneof:"Message"`
- XXX_NoUnkeyedLiteral struct{} `json:"-"`
- XXX_unrecognized []byte `json:"-"`
- XXX_sizecache int32 `json:"-"`
+ // ID carries an identifier of session token
+ ID TokenID `protobuf:"bytes,1,opt,name=ID,proto3,customtype=TokenID" json:"ID"`
+ // SessionKey carries a session public key
+ SessionKey []byte `protobuf:"bytes,2,opt,name=SessionKey,proto3" json:"SessionKey,omitempty"`
+ XXX_NoUnkeyedLiteral struct{} `json:"-"`
+ XXX_unrecognized []byte `json:"-"`
+ XXX_sizecache int32 `json:"-"`
}
func (m *CreateResponse) Reset() { *m = CreateResponse{} }
@@ -157,51 +112,13 @@ func (m *CreateResponse) XXX_DiscardUnknown() {
var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
-type isCreateResponse_Message interface {
- isCreateResponse_Message()
- MarshalTo([]byte) (int, error)
- Size() int
-}
-
-type CreateResponse_Unsigned struct {
- Unsigned *Token `protobuf:"bytes,1,opt,name=Unsigned,proto3,oneof" json:"Unsigned,omitempty"`
-}
-type CreateResponse_Result struct {
- Result *Token `protobuf:"bytes,2,opt,name=Result,proto3,oneof" json:"Result,omitempty"`
-}
-
-func (*CreateResponse_Unsigned) isCreateResponse_Message() {}
-func (*CreateResponse_Result) isCreateResponse_Message() {}
-
-func (m *CreateResponse) GetMessage() isCreateResponse_Message {
+func (m *CreateResponse) GetSessionKey() []byte {
if m != nil {
- return m.Message
+ return m.SessionKey
}
return nil
}
-func (m *CreateResponse) GetUnsigned() *Token {
- if x, ok := m.GetMessage().(*CreateResponse_Unsigned); ok {
- return x.Unsigned
- }
- return nil
-}
-
-func (m *CreateResponse) GetResult() *Token {
- if x, ok := m.GetMessage().(*CreateResponse_Result); ok {
- return x.Result
- }
- return nil
-}
-
-// XXX_OneofWrappers is for the internal use of the proto package.
-func (*CreateResponse) XXX_OneofWrappers() []interface{} {
- return []interface{}{
- (*CreateResponse_Unsigned)(nil),
- (*CreateResponse_Result)(nil),
- }
-}
-
func init() {
proto.RegisterType((*CreateRequest)(nil), "session.CreateRequest")
proto.RegisterType((*CreateResponse)(nil), "session.CreateResponse")
@@ -210,32 +127,32 @@ func init() {
func init() { proto.RegisterFile("session/service.proto", fileDescriptor_b329bee0fd1148e0) }
var fileDescriptor_b329bee0fd1148e0 = []byte{
- // 388 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x52, 0x4f, 0x6f, 0xda, 0x30,
- 0x14, 0xc7, 0x08, 0x05, 0xe6, 0x69, 0x48, 0xf3, 0xfe, 0x45, 0x39, 0x84, 0x09, 0xed, 0xc0, 0xa4,
- 0x25, 0x99, 0xd8, 0x65, 0x97, 0x1d, 0xc6, 0xa6, 0x0a, 0x0e, 0x54, 0x55, 0xd2, 0xf6, 0xd0, 0x5b,
- 0x12, 0x1e, 0xa9, 0xd5, 0x62, 0xa7, 0xb1, 0x83, 0xc4, 0x37, 0xe9, 0x67, 0xe8, 0x27, 0xe1, 0xc8,
- 0xb1, 0x27, 0x54, 0xa5, 0xb7, 0x7e, 0x8a, 0x0a, 0xc7, 0x41, 0xb4, 0x88, 0x9b, 0xdf, 0xef, 0xcf,
- 0x7b, 0xef, 0x67, 0x1b, 0x7f, 0x12, 0x20, 0x04, 0xe5, 0xcc, 0x13, 0x90, 0xcd, 0x69, 0x0c, 0x6e,
- 0x9a, 0x71, 0xc9, 0x49, 0x53, 0xc3, 0xd6, 0x87, 0x8a, 0x97, 0x8b, 0x14, 0x44, 0xc9, 0x5a, 0x44,
- 0x8b, 0xbd, 0x19, 0xc8, 0x50, 0x63, 0x1f, 0x2b, 0x6c, 0x0e, 0x19, 0x9d, 0x2e, 0x34, 0xea, 0x24,
- 0x54, 0x5e, 0xe6, 0x91, 0x1b, 0xf3, 0x99, 0x97, 0xf0, 0x84, 0x7b, 0x0a, 0x8e, 0xf2, 0xa9, 0xaa,
- 0x54, 0xa1, 0x4e, 0xa5, 0xbc, 0xfb, 0x84, 0xf0, 0xbb, 0x7f, 0x19, 0x84, 0x12, 0x7c, 0xb8, 0xc9,
- 0x41, 0x48, 0xf2, 0x0d, 0x37, 0x46, 0x8c, 0x4a, 0x13, 0x7d, 0x45, 0xbd, 0xb7, 0xfd, 0xb6, 0xab,
- 0xd7, 0x71, 0x4f, 0xf9, 0x15, 0xb0, 0x61, 0xcd, 0x57, 0x2c, 0xe9, 0x61, 0x23, 0xa0, 0x09, 0x83,
- 0x89, 0x59, 0x3f, 0xa0, 0xd3, 0x3c, 0xf9, 0x8d, 0x1b, 0x63, 0x90, 0xa1, 0x19, 0x29, 0x9d, 0xe5,
- 0x56, 0xb1, 0xf5, 0xbc, 0x0d, 0x37, 0x84, 0x70, 0x02, 0xd9, 0xa0, 0xb5, 0x5c, 0x77, 0x6a, 0xab,
- 0x75, 0x07, 0xf9, 0xca, 0x41, 0xfe, 0x63, 0xe3, 0x5c, 0x45, 0x33, 0x63, 0xe5, 0xed, 0xbe, 0xf6,
- 0x2a, 0x96, 0xc6, 0xa1, 0xa4, 0x9c, 0xed, 0xf5, 0xd0, 0xde, 0xc1, 0x1b, 0xdc, 0x1c, 0x83, 0x10,
- 0x61, 0x02, 0x5d, 0x81, 0xdb, 0x55, 0x56, 0x91, 0x72, 0x26, 0x80, 0xfc, 0xc0, 0xad, 0x33, 0x26,
- 0xca, 0x20, 0x87, 0x02, 0x6f, 0x15, 0x9b, 0xd0, 0x3e, 0x88, 0xfc, 0x5a, 0x1e, 0x0e, 0x5d, 0xf2,
- 0x3b, 0x43, 0xfb, 0x43, 0xdc, 0x0c, 0x4a, 0x15, 0xf9, 0x83, 0x8d, 0x72, 0x3e, 0xf9, 0xbc, 0x75,
- 0xbe, 0xb8, 0x7c, 0xeb, 0xcb, 0x1e, 0x5e, 0x2e, 0xda, 0x43, 0x3f, 0xd1, 0x20, 0x58, 0x16, 0x36,
- 0x5a, 0x15, 0x36, 0xba, 0x2f, 0x6c, 0xf4, 0x50, 0xd8, 0xe8, 0xf6, 0xd1, 0xae, 0x5d, 0x7c, 0xdf,
- 0x79, 0x70, 0x26, 0xd2, 0x38, 0x76, 0x26, 0x30, 0xf7, 0x18, 0xf0, 0xa9, 0x70, 0xc2, 0x94, 0x3a,
- 0x09, 0xf7, 0x74, 0xcf, 0xbb, 0xfa, 0xfb, 0x63, 0xe0, 0x47, 0x81, 0xfb, 0xf7, 0x64, 0xe4, 0xea,
- 0x9d, 0x22, 0x43, 0xfd, 0x83, 0x5f, 0xcf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x18, 0x94, 0x4c, 0x61,
- 0x97, 0x02, 0x00, 0x00,
+ // 386 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x91, 0xcf, 0x6e, 0xda, 0x40,
+ 0x10, 0xc6, 0x59, 0xab, 0x02, 0xb4, 0xa5, 0xad, 0xba, 0xea, 0x1f, 0xcb, 0x07, 0x1b, 0x71, 0x82,
+ 0x83, 0x6d, 0x89, 0x5e, 0x5a, 0xa9, 0x97, 0x52, 0xab, 0xaa, 0xd5, 0xe6, 0x9f, 0x89, 0x72, 0xc8,
+ 0xcd, 0x36, 0x63, 0x67, 0x15, 0xe1, 0x75, 0xbc, 0x0b, 0x11, 0x6f, 0x92, 0x67, 0xc8, 0x93, 0x70,
+ 0xe4, 0x18, 0xe5, 0x80, 0x22, 0xe7, 0x25, 0x72, 0x8c, 0x58, 0xaf, 0x11, 0x09, 0xb7, 0x9d, 0xdf,
+ 0xec, 0xf7, 0x69, 0xbe, 0x19, 0xfc, 0x99, 0x03, 0xe7, 0x94, 0x65, 0x2e, 0x87, 0x62, 0x4e, 0x63,
+ 0x70, 0xf2, 0x82, 0x09, 0x46, 0x5a, 0x0a, 0x1b, 0x44, 0x71, 0x77, 0x0a, 0x22, 0xac, 0x9a, 0xc6,
+ 0xa7, 0x9a, 0xcd, 0xa1, 0xa0, 0xc9, 0x42, 0x51, 0x3b, 0xa5, 0xe2, 0x62, 0x16, 0x39, 0x31, 0x9b,
+ 0xba, 0x29, 0x4b, 0x99, 0x2b, 0x71, 0x34, 0x4b, 0x64, 0x25, 0x0b, 0xf9, 0xaa, 0xbe, 0xf7, 0x9e,
+ 0x10, 0x7e, 0xf7, 0xbb, 0x80, 0x50, 0x40, 0x00, 0x57, 0x33, 0xe0, 0x82, 0x0c, 0x70, 0xeb, 0xe8,
+ 0x3a, 0x83, 0xc2, 0xf7, 0x74, 0xd4, 0x45, 0xfd, 0xce, 0xe8, 0xc3, 0x72, 0x6d, 0x35, 0xee, 0xd7,
+ 0x56, 0x8d, 0x83, 0xfa, 0x41, 0x7e, 0xe2, 0xf6, 0x7f, 0x9a, 0x80, 0xa0, 0x53, 0xd0, 0xb5, 0x2e,
+ 0xea, 0xbf, 0x1d, 0x7e, 0x71, 0xea, 0x00, 0xa7, 0xec, 0x12, 0xb2, 0xba, 0x3b, 0x6a, 0x6f, 0x3c,
+ 0x56, 0x6b, 0x0b, 0x05, 0x5b, 0x05, 0xf9, 0x8e, 0xdf, 0x1c, 0x80, 0x08, 0xf5, 0x48, 0x2a, 0x8d,
+ 0xad, 0x52, 0x0d, 0xb2, 0xe9, 0xfd, 0x85, 0x70, 0x02, 0xc5, 0x8e, 0x5a, 0x2a, 0x88, 0x87, 0x9b,
+ 0x67, 0x32, 0xb3, 0x1e, 0x4b, 0x6d, 0xef, 0xb5, 0x56, 0x76, 0x69, 0x1c, 0x0a, 0xca, 0xb2, 0x3d,
+ 0x0f, 0xa5, 0xed, 0x9d, 0xe0, 0xf7, 0x75, 0x72, 0x9e, 0xb3, 0x8c, 0x03, 0xb1, 0xb0, 0xb6, 0x9f,
+ 0x5a, 0x06, 0xf1, 0xbd, 0x40, 0xf3, 0x3d, 0x62, 0x62, 0x3c, 0xae, 0x2e, 0xf2, 0x0f, 0x16, 0x32,
+ 0x72, 0x27, 0xd8, 0x21, 0x43, 0x0f, 0xb7, 0x54, 0x45, 0x7e, 0xe0, 0x66, 0xe5, 0x4e, 0x36, 0x3b,
+ 0x91, 0xcc, 0x79, 0xb1, 0x68, 0xe3, 0xeb, 0x1e, 0xaf, 0xc6, 0x18, 0x8d, 0x97, 0xa5, 0x89, 0x56,
+ 0xa5, 0x89, 0xee, 0x4a, 0x13, 0x3d, 0x94, 0x26, 0xba, 0x79, 0x34, 0x1b, 0xe7, 0x83, 0x9d, 0xc3,
+ 0x66, 0x3c, 0x8f, 0x63, 0x7b, 0x02, 0x73, 0x37, 0x03, 0x96, 0x70, 0x3b, 0xcc, 0xa9, 0x9d, 0x32,
+ 0x57, 0xf9, 0xdd, 0x6a, 0x1f, 0x0f, 0x81, 0xfd, 0x19, 0x3b, 0xbf, 0x8e, 0x7d, 0x47, 0xcd, 0x13,
+ 0x35, 0xe5, 0xbd, 0xbf, 0x3d, 0x07, 0x00, 0x00, 0xff, 0xff, 0xf5, 0x66, 0xc9, 0x19, 0x6a, 0x02,
+ 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
@@ -250,17 +167,8 @@ const _ = grpc.SupportPackageIsVersion4
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type SessionClient interface {
- // Create is a method that used to open a trusted session to manipulate
- // an object. In order to put or delete object client have to obtain session
- // token with trusted node. Trusted node will modify client's object
- // (add missing headers, checksums, homomorphic hash) and sign id with
- // session key. Session is established during 4-step handshake in one gRPC stream
- //
- // - First client stream message SHOULD BE type of `CreateRequest_Init`.
- // - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
- // - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
- // - Second server stream message SHOULD BE type of `CreateResponse_Result`.
- Create(ctx context.Context, opts ...grpc.CallOption) (Session_CreateClient, error)
+ // Create opens new session between the client and the server
+ Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error)
}
type sessionClient struct {
@@ -271,102 +179,61 @@ func NewSessionClient(cc *grpc.ClientConn) SessionClient {
return &sessionClient{cc}
}
-func (c *sessionClient) Create(ctx context.Context, opts ...grpc.CallOption) (Session_CreateClient, error) {
- stream, err := c.cc.NewStream(ctx, &_Session_serviceDesc.Streams[0], "/session.Session/Create", opts...)
+func (c *sessionClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
+ out := new(CreateResponse)
+ err := c.cc.Invoke(ctx, "/session.Session/Create", in, out, opts...)
if err != nil {
return nil, err
}
- x := &sessionCreateClient{stream}
- return x, nil
-}
-
-type Session_CreateClient interface {
- Send(*CreateRequest) error
- Recv() (*CreateResponse, error)
- grpc.ClientStream
-}
-
-type sessionCreateClient struct {
- grpc.ClientStream
-}
-
-func (x *sessionCreateClient) Send(m *CreateRequest) error {
- return x.ClientStream.SendMsg(m)
-}
-
-func (x *sessionCreateClient) Recv() (*CreateResponse, error) {
- m := new(CreateResponse)
- if err := x.ClientStream.RecvMsg(m); err != nil {
- return nil, err
- }
- return m, nil
+ return out, nil
}
// SessionServer is the server API for Session service.
type SessionServer interface {
- // Create is a method that used to open a trusted session to manipulate
- // an object. In order to put or delete object client have to obtain session
- // token with trusted node. Trusted node will modify client's object
- // (add missing headers, checksums, homomorphic hash) and sign id with
- // session key. Session is established during 4-step handshake in one gRPC stream
- //
- // - First client stream message SHOULD BE type of `CreateRequest_Init`.
- // - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
- // - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
- // - Second server stream message SHOULD BE type of `CreateResponse_Result`.
- Create(Session_CreateServer) error
+ // Create opens new session between the client and the server
+ Create(context.Context, *CreateRequest) (*CreateResponse, error)
}
// UnimplementedSessionServer can be embedded to have forward compatible implementations.
type UnimplementedSessionServer struct {
}
-func (*UnimplementedSessionServer) Create(srv Session_CreateServer) error {
- return status.Errorf(codes.Unimplemented, "method Create not implemented")
+func (*UnimplementedSessionServer) Create(ctx context.Context, req *CreateRequest) (*CreateResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
}
func RegisterSessionServer(s *grpc.Server, srv SessionServer) {
s.RegisterService(&_Session_serviceDesc, srv)
}
-func _Session_Create_Handler(srv interface{}, stream grpc.ServerStream) error {
- return srv.(SessionServer).Create(&sessionCreateServer{stream})
-}
-
-type Session_CreateServer interface {
- Send(*CreateResponse) error
- Recv() (*CreateRequest, error)
- grpc.ServerStream
-}
-
-type sessionCreateServer struct {
- grpc.ServerStream
-}
-
-func (x *sessionCreateServer) Send(m *CreateResponse) error {
- return x.ServerStream.SendMsg(m)
-}
-
-func (x *sessionCreateServer) Recv() (*CreateRequest, error) {
- m := new(CreateRequest)
- if err := x.ServerStream.RecvMsg(m); err != nil {
+func _Session_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(CreateRequest)
+ if err := dec(in); err != nil {
return nil, err
}
- return m, nil
+ if interceptor == nil {
+ return srv.(SessionServer).Create(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: "/session.Session/Create",
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(SessionServer).Create(ctx, req.(*CreateRequest))
+ }
+ return interceptor(ctx, in, info, handler)
}
var _Session_serviceDesc = grpc.ServiceDesc{
ServiceName: "session.Session",
HandlerType: (*SessionServer)(nil),
- Methods: []grpc.MethodDesc{},
- Streams: []grpc.StreamDesc{
+ Methods: []grpc.MethodDesc{
{
- StreamName: "Create",
- Handler: _Session_Create_Handler,
- ServerStreams: true,
- ClientStreams: true,
+ MethodName: "Create",
+ Handler: _Session_Create_Handler,
},
},
+ Streams: []grpc.StreamDesc{},
Metadata: "session/service.proto",
}
@@ -418,60 +285,29 @@ func (m *CreateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
dAtA[i] = 0x6
i--
dAtA[i] = 0x92
- if m.Message != nil {
- {
- size := m.Message.Size()
- i -= size
- if _, err := m.Message.MarshalTo(dAtA[i:]); err != nil {
- return 0, err
- }
+ {
+ size, err := m.TokenLifetime.MarshalToSizedBuffer(dAtA[:i])
+ if err != nil {
+ return 0, err
}
+ i -= size
+ i = encodeVarintService(dAtA, i, uint64(size))
}
+ i--
+ dAtA[i] = 0x12
+ {
+ size := m.OwnerID.Size()
+ i -= size
+ if _, err := m.OwnerID.MarshalTo(dAtA[i:]); err != nil {
+ return 0, err
+ }
+ i = encodeVarintService(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0xa
return len(dAtA) - i, nil
}
-func (m *CreateRequest_Init) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *CreateRequest_Init) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- if m.Init != nil {
- {
- size, err := m.Init.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintService(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0xa
- }
- return len(dAtA) - i, nil
-}
-func (m *CreateRequest_Signed) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *CreateRequest_Signed) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- if m.Signed != nil {
- {
- size, err := m.Signed.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintService(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0x12
- }
- return len(dAtA) - i, nil
-}
func (m *CreateResponse) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -496,60 +332,26 @@ func (m *CreateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
- if m.Message != nil {
- {
- size := m.Message.Size()
- i -= size
- if _, err := m.Message.MarshalTo(dAtA[i:]); err != nil {
- return 0, err
- }
- }
- }
- return len(dAtA) - i, nil
-}
-
-func (m *CreateResponse_Unsigned) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *CreateResponse_Unsigned) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- if m.Unsigned != nil {
- {
- size, err := m.Unsigned.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintService(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0xa
- }
- return len(dAtA) - i, nil
-}
-func (m *CreateResponse_Result) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *CreateResponse_Result) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- if m.Result != nil {
- {
- size, err := m.Result.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintService(dAtA, i, uint64(size))
- }
+ if len(m.SessionKey) > 0 {
+ i -= len(m.SessionKey)
+ copy(dAtA[i:], m.SessionKey)
+ i = encodeVarintService(dAtA, i, uint64(len(m.SessionKey)))
i--
dAtA[i] = 0x12
}
+ {
+ size := m.ID.Size()
+ i -= size
+ if _, err := m.ID.MarshalTo(dAtA[i:]); err != nil {
+ return 0, err
+ }
+ i = encodeVarintService(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0xa
return len(dAtA) - i, nil
}
+
func encodeVarintService(dAtA []byte, offset int, v uint64) int {
offset -= sovService(v)
base := offset
@@ -567,9 +369,10 @@ func (m *CreateRequest) Size() (n int) {
}
var l int
_ = l
- if m.Message != nil {
- n += m.Message.Size()
- }
+ l = m.OwnerID.Size()
+ n += 1 + l + sovService(uint64(l))
+ l = m.TokenLifetime.Size()
+ n += 1 + l + sovService(uint64(l))
l = m.RequestMetaHeader.Size()
n += 2 + l + sovService(uint64(l))
l = m.RequestVerificationHeader.Size()
@@ -580,38 +383,17 @@ func (m *CreateRequest) Size() (n int) {
return n
}
-func (m *CreateRequest_Init) Size() (n int) {
- if m == nil {
- return 0
- }
- var l int
- _ = l
- if m.Init != nil {
- l = m.Init.Size()
- n += 1 + l + sovService(uint64(l))
- }
- return n
-}
-func (m *CreateRequest_Signed) Size() (n int) {
- if m == nil {
- return 0
- }
- var l int
- _ = l
- if m.Signed != nil {
- l = m.Signed.Size()
- n += 1 + l + sovService(uint64(l))
- }
- return n
-}
func (m *CreateResponse) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
- if m.Message != nil {
- n += m.Message.Size()
+ l = m.ID.Size()
+ n += 1 + l + sovService(uint64(l))
+ l = len(m.SessionKey)
+ if l > 0 {
+ n += 1 + l + sovService(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
@@ -619,31 +401,6 @@ func (m *CreateResponse) Size() (n int) {
return n
}
-func (m *CreateResponse_Unsigned) Size() (n int) {
- if m == nil {
- return 0
- }
- var l int
- _ = l
- if m.Unsigned != nil {
- l = m.Unsigned.Size()
- n += 1 + l + sovService(uint64(l))
- }
- return n
-}
-func (m *CreateResponse_Result) Size() (n int) {
- if m == nil {
- return 0
- }
- var l int
- _ = l
- if m.Result != nil {
- l = m.Result.Size()
- n += 1 + l + sovService(uint64(l))
- }
- return n
-}
-
func sovService(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
@@ -681,9 +438,9 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
switch fieldNum {
case 1:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Init", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field OwnerID", wireType)
}
- var msglen int
+ var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowService
@@ -693,30 +450,28 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
- msglen |= int(b&0x7F) << shift
+ byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
- if msglen < 0 {
+ if byteLen < 0 {
return ErrInvalidLengthService
}
- postIndex := iNdEx + msglen
+ postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthService
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
- v := &Token{}
- if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ if err := m.OwnerID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
- m.Message = &CreateRequest_Init{v}
iNdEx = postIndex
case 2:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Signed", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field TokenLifetime", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
@@ -743,11 +498,9 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
if postIndex > l {
return io.ErrUnexpectedEOF
}
- v := &Token{}
- if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ if err := m.TokenLifetime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
- m.Message = &CreateRequest_Signed{v}
iNdEx = postIndex
case 98:
if wireType != 2 {
@@ -871,9 +624,9 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
switch fieldNum {
case 1:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Unsigned", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
}
- var msglen int
+ var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowService
@@ -883,32 +636,30 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
- msglen |= int(b&0x7F) << shift
+ byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
- if msglen < 0 {
+ if byteLen < 0 {
return ErrInvalidLengthService
}
- postIndex := iNdEx + msglen
+ postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthService
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
- v := &Token{}
- if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ if err := m.ID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
- m.Message = &CreateResponse_Unsigned{v}
iNdEx = postIndex
case 2:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field SessionKey", wireType)
}
- var msglen int
+ var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowService
@@ -918,26 +669,25 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
- msglen |= int(b&0x7F) << shift
+ byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
- if msglen < 0 {
+ if byteLen < 0 {
return ErrInvalidLengthService
}
- postIndex := iNdEx + msglen
+ postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthService
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
- v := &Token{}
- if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
+ m.SessionKey = append(m.SessionKey[:0], dAtA[iNdEx:postIndex]...)
+ if m.SessionKey == nil {
+ m.SessionKey = []byte{}
}
- m.Message = &CreateResponse_Result{v}
iNdEx = postIndex
default:
iNdEx = preIndex
diff --git a/session/service.proto b/session/service.proto
index 524213a..b7eb0df 100644
--- a/session/service.proto
+++ b/session/service.proto
@@ -3,7 +3,6 @@ package session;
option go_package = "github.com/nspcc-dev/neofs-api-go/session";
option csharp_namespace = "NeoFS.API.Session";
-import "session/types.proto";
import "service/meta.proto";
import "service/verify.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -12,42 +11,29 @@ option (gogoproto.stable_marshaler_all) = true;
service Session {
- // Create is a method that used to open a trusted session to manipulate
- // an object. In order to put or delete object client have to obtain session
- // token with trusted node. Trusted node will modify client's object
- // (add missing headers, checksums, homomorphic hash) and sign id with
- // session key. Session is established during 4-step handshake in one gRPC stream
- //
- // - First client stream message SHOULD BE type of `CreateRequest_Init`.
- // - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
- // - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
- // - Second server stream message SHOULD BE type of `CreateResponse_Result`.
- rpc Create (stream CreateRequest) returns (stream CreateResponse);
+ // Create opens new session between the client and the server
+ rpc Create (CreateRequest) returns (CreateResponse);
}
-
+// CreateRequest carries an information necessary for opening a session
message CreateRequest {
- // Message should be one of
- oneof Message {
- // Init is a message to initialize session opening. Carry:
- // owner of manipulation object;
- // ID of manipulation object;
- // token lifetime bounds.
- session.Token Init = 1;
- // Signed Init message response (Unsigned) from server with user private key
- session.Token Signed = 2;
- }
+ // OwnerID carries an identifier of a session initiator
+ bytes OwnerID = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
+
+ // Lifetime carries a lifetime of the session
+ service.TokenLifetime Lifetime = 2 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
}
+// CreateResponse carries an information about the opened session
message CreateResponse {
- oneof Message {
- // Unsigned token with token ID and session public key generated on server side
- session.Token Unsigned = 1;
- // Result is a resulting token which can be used for object placing through an trusted intermediary
- session.Token Result = 2;
- }
+ // ID carries an identifier of session token
+ bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+
+ // SessionKey carries a session public key
+ bytes SessionKey = 2;
}
diff --git a/session/store.go b/session/store.go
index f6a6655..fa33b7e 100644
--- a/session/store.go
+++ b/session/store.go
@@ -1,82 +1,64 @@
package session
import (
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rand"
"sync"
-
- "github.com/nspcc-dev/neofs-api-go/refs"
- crypto "github.com/nspcc-dev/neofs-crypto"
)
-type simpleStore struct {
+type mapTokenStore struct {
*sync.RWMutex
- tokens map[TokenID]*PToken
+ tokens map[PrivateTokenKey]PrivateToken
}
-// TODO get curve from neofs-crypto
-func defaultCurve() elliptic.Curve {
- return elliptic.P256()
-}
-
-// NewSimpleStore creates simple token storage
-func NewSimpleStore() TokenStore {
- return &simpleStore{
+// NewMapTokenStore creates new PrivateTokenStore instance.
+//
+// The elements of the instance are stored in the map.
+func NewMapTokenStore() PrivateTokenStore {
+ return &mapTokenStore{
RWMutex: new(sync.RWMutex),
- tokens: make(map[TokenID]*PToken),
+ tokens: make(map[PrivateTokenKey]PrivateToken),
}
}
-// New returns new token with specified parameters.
-func (s *simpleStore) New(p TokenParams) *PToken {
- tid, err := refs.NewUUID()
- if err != nil {
- return nil
- }
-
- key, err := ecdsa.GenerateKey(defaultCurve(), rand.Reader)
- if err != nil {
- return nil
- }
-
- if p.FirstEpoch > p.LastEpoch || p.OwnerID.Empty() {
- return nil
- }
-
- t := &PToken{
- mtx: new(sync.Mutex),
- Token: Token{
- ID: tid,
- Header: VerificationHeader{PublicKey: crypto.MarshalPublicKey(&key.PublicKey)},
- FirstEpoch: p.FirstEpoch,
- LastEpoch: p.LastEpoch,
- ObjectID: p.ObjectID,
- OwnerID: p.OwnerID,
- PublicKeys: p.PublicKeys,
- },
- PrivateKey: key,
- }
-
+// Store adds passed token to the map.
+//
+// Resulting error is always nil.
+func (s *mapTokenStore) Store(key PrivateTokenKey, token PrivateToken) error {
s.Lock()
- s.tokens[t.ID] = t
+ s.tokens[key] = token
s.Unlock()
- return t
+ return nil
}
-// Fetch tries to fetch a token with specified id.
-func (s *simpleStore) Fetch(id TokenID) *PToken {
+// Fetch returns the map element corresponding to the given key.
+//
+// Returns ErrPrivateTokenNotFound is there is no element in map.
+func (s *mapTokenStore) Fetch(key PrivateTokenKey) (PrivateToken, error) {
s.RLock()
defer s.RUnlock()
- return s.tokens[id]
+ t, ok := s.tokens[key]
+ if !ok {
+ return nil, ErrPrivateTokenNotFound
+ }
+
+ return t, nil
}
-// Remove removes token with id from store.
-func (s *simpleStore) Remove(id TokenID) {
+// RemoveExpired removes all the map elements that are expired in the passed epoch.
+//
+// Resulting error is always nil.
+func (s *mapTokenStore) RemoveExpired(epoch uint64) error {
s.Lock()
- delete(s.tokens, id)
+
+ for key, token := range s.tokens {
+ if token.Expired(epoch) {
+ delete(s.tokens, key)
+ }
+ }
+
s.Unlock()
+
+ return nil
}
diff --git a/session/store_test.go b/session/store_test.go
index 9ad0e1d..74e0023 100644
--- a/session/store_test.go
+++ b/session/store_test.go
@@ -1,96 +1,111 @@
package session
import (
- "crypto/ecdsa"
- "crypto/rand"
"testing"
"github.com/nspcc-dev/neofs-api-go/refs"
- crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/stretchr/testify/require"
)
-type testClient struct {
- *ecdsa.PrivateKey
- OwnerID OwnerID
+func TestMapTokenStore(t *testing.T) {
+ // create new private token
+ pToken, err := NewPrivateToken(0)
+ require.NoError(t, err)
+
+ // create map token store
+ s := NewMapTokenStore()
+
+ // create test TokenID
+ tid, err := refs.NewUUID()
+ require.NoError(t, err)
+
+ // create test OwnerID
+ ownerID := OwnerID{1, 2, 3}
+
+ key := PrivateTokenKey{}
+ key.SetOwnerID(ownerID)
+ key.SetTokenID(tid)
+
+ // ascertain that there is no record for the key
+ _, err = s.Fetch(key)
+ require.EqualError(t, err, ErrPrivateTokenNotFound.Error())
+
+ // save private token record
+ require.NoError(t, s.Store(key, pToken))
+
+ // fetch private token by the key
+ res, err := s.Fetch(key)
+ require.NoError(t, err)
+
+ // ascertain that returned token equals to initial
+ require.Equal(t, pToken, res)
}
-func (c *testClient) Sign(data []byte) ([]byte, error) {
- return crypto.Sign(c.PrivateKey, data)
-}
-
-func newTestClient(t *testing.T) *testClient {
- key, err := ecdsa.GenerateKey(defaultCurve(), rand.Reader)
- require.NoError(t, err)
-
- owner, err := refs.NewOwnerID(&key.PublicKey)
- require.NoError(t, err)
-
- return &testClient{PrivateKey: key, OwnerID: owner}
-}
-
-func signToken(t *testing.T, token *PToken, c *testClient) {
- require.NotNil(t, token)
- token.SetPublicKeys(&c.PublicKey)
-
- signH, err := c.Sign(token.Header.PublicKey)
- require.NoError(t, err)
- require.NotNil(t, signH)
-
- // data is not yet signed
- keys := UnmarshalPublicKeys(&token.Token)
- require.False(t, token.Verify(keys...))
-
- signT, err := c.Sign(token.verificationData())
- require.NoError(t, err)
- require.NotNil(t, signT)
-
- token.AddSignatures(signH, signT)
- require.True(t, token.Verify(keys...))
-}
-
-func TestTokenStore(t *testing.T) {
- s := NewSimpleStore()
-
- oid, err := refs.NewObjectID()
- require.NoError(t, err)
-
- c := newTestClient(t)
- require.NotNil(t, c)
- pk := [][]byte{crypto.MarshalPublicKey(&c.PublicKey)}
-
- // create new token
- token := s.New(TokenParams{
- ObjectID: []ObjectID{oid},
- OwnerID: c.OwnerID,
- PublicKeys: pk,
- })
- signToken(t, token, c)
-
- // check that it can be fetched
- t1 := s.Fetch(token.ID)
- require.NotNil(t, t1)
- require.Equal(t, token, t1)
-
- // create and sign another token by the same client
- t1 = s.New(TokenParams{
- ObjectID: []ObjectID{oid},
- OwnerID: c.OwnerID,
- PublicKeys: pk,
- })
-
- signToken(t, t1, c)
-
- data := []byte{1, 2, 3}
- sign, err := t1.SignData(data)
- require.NoError(t, err)
- require.Error(t, token.Header.VerifyData(data, sign))
-
- sign, err = token.SignData(data)
- require.NoError(t, err)
- require.NoError(t, token.Header.VerifyData(data, sign))
-
- s.Remove(token.ID)
- require.Nil(t, s.Fetch(token.ID))
- require.NotNil(t, s.Fetch(t1.ID))
+func TestMapTokenStore_RemoveExpired(t *testing.T) {
+ // create some epoch number
+ e1 := uint64(1)
+
+ // create private token that expires after e1
+ tok1, err := NewPrivateToken(e1)
+ require.NoError(t, err)
+
+ // create some greater than e1 epoch number
+ e2 := e1 + 1
+
+ // create private token that expires after e2
+ tok2, err := NewPrivateToken(e2)
+ require.NoError(t, err)
+
+ // create token store instance
+ s := NewMapTokenStore()
+
+ // create test PrivateTokenKey
+ key := PrivateTokenKey{}
+ key.SetOwnerID(OwnerID{1, 2, 3})
+
+ // create IDs for tokens
+ id1, err := refs.NewUUID()
+ require.NoError(t, err)
+ id2, err := refs.NewUUID()
+ require.NoError(t, err)
+
+ assertPresence := func(ids ...TokenID) {
+ for i := range ids {
+ key.SetTokenID(ids[i])
+ _, err = s.Fetch(key)
+ require.NoError(t, err)
+ }
+ }
+
+ assertAbsence := func(ids ...TokenID) {
+ for i := range ids {
+ key.SetTokenID(ids[i])
+ _, err = s.Fetch(key)
+ require.EqualError(t, err, ErrPrivateTokenNotFound.Error())
+ }
+ }
+
+ // store both tokens
+ key.SetTokenID(id1)
+ require.NoError(t, s.Store(key, tok1))
+ key.SetTokenID(id2)
+ require.NoError(t, s.Store(key, tok2))
+
+ // ascertain that both tokens are available
+ assertPresence(id1, id2)
+
+ // perform cleaning for epoch in which both tokens are not expired
+ require.NoError(t, s.RemoveExpired(e1))
+
+ // ascertain that both tokens are still available
+ assertPresence(id1, id2)
+
+ // perform cleaning for epoch greater than e1 and not greater than e2
+ require.NoError(t, s.RemoveExpired(e1+1))
+
+ // ascertain that tok1 was removed
+ assertAbsence(id1)
+
+ // ascertain that tok2 was not removed
+ assertPresence(id2)
}
diff --git a/session/types.go b/session/types.go
index 4165291..ee13b92 100644
--- a/session/types.go
+++ b/session/types.go
@@ -1,181 +1,86 @@
package session
import (
+ "context"
"crypto/ecdsa"
- "encoding/binary"
- "sync"
- "github.com/nspcc-dev/neofs-api-go/chain"
- "github.com/nspcc-dev/neofs-api-go/internal"
"github.com/nspcc-dev/neofs-api-go/refs"
- crypto "github.com/nspcc-dev/neofs-crypto"
- "github.com/pkg/errors"
+ "github.com/nspcc-dev/neofs-api-go/service"
)
-type (
- // ObjectID type alias.
- ObjectID = refs.ObjectID
- // OwnerID type alias.
- OwnerID = refs.OwnerID
- // TokenID type alias.
- TokenID = refs.UUID
+// PrivateToken is an interface of session private part.
+type PrivateToken interface {
+ // PublicKey must return a binary representation of session public key.
+ PublicKey() []byte
- // PToken is a wrapper around Token that allows to sign data
- // and to do thread-safe manipulations.
- PToken struct {
- Token
+ // Sign must return the signature of passed data.
+ //
+ // Resulting signature must be verified by crypto.Verify function
+ // with the session public key.
+ Sign([]byte) ([]byte, error)
- mtx *sync.Mutex
- PrivateKey *ecdsa.PrivateKey
- }
-)
-
-const (
- // ErrWrongFirstEpoch is raised when passed Token contains wrong first epoch.
- // First epoch is an epoch since token is valid
- ErrWrongFirstEpoch = internal.Error("wrong first epoch")
-
- // ErrWrongLastEpoch is raised when passed Token contains wrong last epoch.
- // Last epoch is an epoch until token is valid
- ErrWrongLastEpoch = internal.Error("wrong last epoch")
-
- // ErrWrongOwner is raised when passed Token contains wrong OwnerID.
- ErrWrongOwner = internal.Error("wrong owner")
-
- // ErrEmptyPublicKey is raised when passed Token contains wrong public key.
- ErrEmptyPublicKey = internal.Error("empty public key")
-
- // ErrWrongObjectsCount is raised when passed Token contains wrong objects count.
- ErrWrongObjectsCount = internal.Error("wrong objects count")
-
- // ErrWrongObjects is raised when passed Token contains wrong object ids.
- ErrWrongObjects = internal.Error("wrong objects")
-
- // ErrInvalidSignature is raised when wrong signature is passed to VerificationHeader.VerifyData().
- ErrInvalidSignature = internal.Error("invalid signature")
-)
-
-// verificationData returns byte array to sign.
-// Note: protobuf serialization is inconsistent as
-// wire order is unspecified.
-func (m *Token) verificationData() (data []byte) {
- var size int
- if l := len(m.ObjectID); l > 0 {
- size = m.ObjectID[0].Size()
- data = make([]byte, 16+l*size)
- } else {
- data = make([]byte, 16)
- }
- binary.BigEndian.PutUint64(data, m.FirstEpoch)
- binary.BigEndian.PutUint64(data[8:], m.LastEpoch)
- for i := range m.ObjectID {
- copy(data[16+i*size:], m.ObjectID[i].Bytes())
- }
- return
+ // Expired must return true if and only if private token is expired in the given epoch number.
+ Expired(uint64) bool
}
-// IsSame checks if the passed token is valid and equal to current token
-func (m *Token) IsSame(t *Token) error {
- switch {
- case m.FirstEpoch != t.FirstEpoch:
- return ErrWrongFirstEpoch
- case m.LastEpoch != t.LastEpoch:
- return ErrWrongLastEpoch
- case !m.OwnerID.Equal(t.OwnerID):
- return ErrWrongOwner
- case m.Header.PublicKey == nil:
- return ErrEmptyPublicKey
- case len(m.ObjectID) != len(t.ObjectID):
- return ErrWrongObjectsCount
- default:
- for i := range m.ObjectID {
- if !m.ObjectID[i].Equal(t.ObjectID[i]) {
- return errors.Wrapf(ErrWrongObjects, "expect %s, actual: %s", m.ObjectID[i], t.ObjectID[i])
- }
- }
- }
- return nil
+// PrivateTokenKey is a structure of private token storage key.
+type PrivateTokenKey struct {
+ owner OwnerID
+ token TokenID
}
-// Sign tries to sign current Token data and stores signature inside it.
-func (m *Token) Sign(key *ecdsa.PrivateKey) error {
- if err := m.Header.Sign(key); err != nil {
- return err
- }
-
- s, err := crypto.Sign(key, m.verificationData())
- if err != nil {
- return err
- }
-
- m.Signature = s
- return nil
+// PrivateTokenSource is an interface of private token storage with read access.
+type PrivateTokenSource interface {
+ // Fetch must return the storage record corresponding to the passed key.
+ //
+ // Resulting error must be ErrPrivateTokenNotFound if there is no corresponding record.
+ Fetch(PrivateTokenKey) (PrivateToken, error)
}
-// SetPublicKeys sets owner's public keys to the token
-func (m *Token) SetPublicKeys(keys ...*ecdsa.PublicKey) {
- m.PublicKeys = m.PublicKeys[:0]
- for i := range keys {
- m.PublicKeys = append(m.PublicKeys, crypto.MarshalPublicKey(keys[i]))
- }
+// EpochLifetimeStore is an interface of the storage of elements that lifetime is limited by NeoFS epoch.
+type EpochLifetimeStore interface {
+ // RemoveExpired must remove all elements that are expired in the given epoch.
+ RemoveExpired(uint64) error
}
-// Verify checks if token is correct and signed.
-func (m *Token) Verify(keys ...*ecdsa.PublicKey) bool {
- if m.FirstEpoch > m.LastEpoch {
- return false
- }
- ownerFromKeys := chain.KeysToAddress(keys...)
- if m.OwnerID.String() != ownerFromKeys {
- return false
- }
+// PrivateTokenStore is an interface of the storage of private tokens addressable by TokenID.
+type PrivateTokenStore interface {
+ PrivateTokenSource
+ EpochLifetimeStore
- for i := range keys {
- if m.Header.Verify(keys[i]) && crypto.Verify(keys[i], m.verificationData(), m.Signature) == nil {
- return true
- }
- }
- return false
+ // Store must save passed private token in the storage under the given key.
+ //
+ // Resulting error must be nil if private token was stored successfully.
+ Store(PrivateTokenKey, PrivateToken) error
}
-// AddSignatures adds token signatures.
-func (t *PToken) AddSignatures(signH, signT []byte) {
- t.mtx.Lock()
-
- t.Header.KeySignature = signH
- t.Signature = signT
-
- t.mtx.Unlock()
+// KeyStore is an interface of the storage of public keys addressable by OwnerID,
+type KeyStore interface {
+ // Get must return the storage record corresponding to the passed key.
+ //
+ // Resulting error must be ErrKeyNotFound if there is no corresponding record.
+ Get(context.Context, OwnerID) ([]*ecdsa.PublicKey, error)
}
-// SignData signs data with session private key.
-func (t *PToken) SignData(data []byte) ([]byte, error) {
- return crypto.Sign(t.PrivateKey, data)
+// CreateParamsSource is an interface of the container of session parameters with read access.
+type CreateParamsSource interface {
+ refs.OwnerIDSource
+ service.LifetimeSource
}
-// VerifyData checks if signature of data by token is equal to sign.
-func (m *VerificationHeader) VerifyData(data, sign []byte) error {
- if crypto.Verify(crypto.UnmarshalPublicKey(m.PublicKey), data, sign) != nil {
- return ErrInvalidSignature
- }
- return nil
+// CreateParamsContainer is an interface of the container of session parameters.
+type CreateParamsContainer interface {
+ refs.OwnerIDContainer
+ service.LifetimeContainer
}
-// Verify checks if verification header was issued by id.
-func (m *VerificationHeader) Verify(keys ...*ecdsa.PublicKey) bool {
- for i := range keys {
- if crypto.Verify(keys[i], m.PublicKey, m.KeySignature) == nil {
- return true
- }
- }
- return false
+// CreateResult is an interface of the container of an opened session info with read access.
+type CreateResult interface {
+ service.TokenIDSource
+ service.SessionKeySource
}
-// UnmarshalPublicKeys returns unmarshal public keys from the token
-func UnmarshalPublicKeys(t *Token) []*ecdsa.PublicKey {
- r := make([]*ecdsa.PublicKey, 0, len(t.PublicKeys))
- for i := range t.PublicKeys {
- r = append(r, crypto.UnmarshalPublicKey(t.PublicKeys[i]))
- }
- return r
+// Creator is an interface of the tool for a session opening.
+type Creator interface {
+ Create(context.Context, CreateParamsSource) (CreateResult, error)
}
diff --git a/session/types.pb.go b/session/types.pb.go
deleted file mode 100644
index 01458dd..0000000
--- a/session/types.pb.go
+++ /dev/null
@@ -1,913 +0,0 @@
-// Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: session/types.proto
-
-package session
-
-import (
- fmt "fmt"
- _ "github.com/gogo/protobuf/gogoproto"
- proto "github.com/golang/protobuf/proto"
- io "io"
- math "math"
- math_bits "math/bits"
-)
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
-
-type VerificationHeader struct {
- // PublicKey is a session public key
- PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"PublicKey,omitempty"`
- // KeySignature is a session public key signature. Signed by trusted side
- KeySignature []byte `protobuf:"bytes,2,opt,name=KeySignature,proto3" json:"KeySignature,omitempty"`
- XXX_NoUnkeyedLiteral struct{} `json:"-"`
- XXX_unrecognized []byte `json:"-"`
- XXX_sizecache int32 `json:"-"`
-}
-
-func (m *VerificationHeader) Reset() { *m = VerificationHeader{} }
-func (m *VerificationHeader) String() string { return proto.CompactTextString(m) }
-func (*VerificationHeader) ProtoMessage() {}
-func (*VerificationHeader) Descriptor() ([]byte, []int) {
- return fileDescriptor_c0d9d9cb855cdad8, []int{0}
-}
-func (m *VerificationHeader) XXX_Unmarshal(b []byte) error {
- return m.Unmarshal(b)
-}
-func (m *VerificationHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
- b = b[:cap(b)]
- n, err := m.MarshalToSizedBuffer(b)
- if err != nil {
- return nil, err
- }
- return b[:n], nil
-}
-func (m *VerificationHeader) XXX_Merge(src proto.Message) {
- xxx_messageInfo_VerificationHeader.Merge(m, src)
-}
-func (m *VerificationHeader) XXX_Size() int {
- return m.Size()
-}
-func (m *VerificationHeader) XXX_DiscardUnknown() {
- xxx_messageInfo_VerificationHeader.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_VerificationHeader proto.InternalMessageInfo
-
-func (m *VerificationHeader) GetPublicKey() []byte {
- if m != nil {
- return m.PublicKey
- }
- return nil
-}
-
-func (m *VerificationHeader) GetKeySignature() []byte {
- if m != nil {
- return m.KeySignature
- }
- return nil
-}
-
-// User token granting rights for object manipulation
-type Token struct {
- // Header carries verification data of session key
- Header VerificationHeader `protobuf:"bytes,1,opt,name=Header,proto3" json:"Header"`
- // OwnerID is an owner of manipulation object
- OwnerID OwnerID `protobuf:"bytes,2,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
- // FirstEpoch is an initial epoch of token lifetime
- FirstEpoch uint64 `protobuf:"varint,3,opt,name=FirstEpoch,proto3" json:"FirstEpoch,omitempty"`
- // LastEpoch is a last epoch of token lifetime
- LastEpoch uint64 `protobuf:"varint,4,opt,name=LastEpoch,proto3" json:"LastEpoch,omitempty"`
- // ObjectID is an object identifier of manipulation object
- ObjectID []ObjectID `protobuf:"bytes,5,rep,name=ObjectID,proto3,customtype=ObjectID" json:"ObjectID"`
- // Signature is a token signature, signed by owner of manipulation object
- Signature []byte `protobuf:"bytes,6,opt,name=Signature,proto3" json:"Signature,omitempty"`
- // ID is a token identifier. valid UUIDv4 represented in bytes
- ID TokenID `protobuf:"bytes,7,opt,name=ID,proto3,customtype=TokenID" json:"ID"`
- // PublicKeys associated with owner
- PublicKeys [][]byte `protobuf:"bytes,8,rep,name=PublicKeys,proto3" json:"PublicKeys,omitempty"`
- XXX_NoUnkeyedLiteral struct{} `json:"-"`
- XXX_unrecognized []byte `json:"-"`
- XXX_sizecache int32 `json:"-"`
-}
-
-func (m *Token) Reset() { *m = Token{} }
-func (m *Token) String() string { return proto.CompactTextString(m) }
-func (*Token) ProtoMessage() {}
-func (*Token) Descriptor() ([]byte, []int) {
- return fileDescriptor_c0d9d9cb855cdad8, []int{1}
-}
-func (m *Token) XXX_Unmarshal(b []byte) error {
- return m.Unmarshal(b)
-}
-func (m *Token) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
- b = b[:cap(b)]
- n, err := m.MarshalToSizedBuffer(b)
- if err != nil {
- return nil, err
- }
- return b[:n], nil
-}
-func (m *Token) XXX_Merge(src proto.Message) {
- xxx_messageInfo_Token.Merge(m, src)
-}
-func (m *Token) XXX_Size() int {
- return m.Size()
-}
-func (m *Token) XXX_DiscardUnknown() {
- xxx_messageInfo_Token.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Token proto.InternalMessageInfo
-
-func (m *Token) GetHeader() VerificationHeader {
- if m != nil {
- return m.Header
- }
- return VerificationHeader{}
-}
-
-func (m *Token) GetFirstEpoch() uint64 {
- if m != nil {
- return m.FirstEpoch
- }
- return 0
-}
-
-func (m *Token) GetLastEpoch() uint64 {
- if m != nil {
- return m.LastEpoch
- }
- return 0
-}
-
-func (m *Token) GetSignature() []byte {
- if m != nil {
- return m.Signature
- }
- return nil
-}
-
-func (m *Token) GetPublicKeys() [][]byte {
- if m != nil {
- return m.PublicKeys
- }
- return nil
-}
-
-func init() {
- proto.RegisterType((*VerificationHeader)(nil), "session.VerificationHeader")
- proto.RegisterType((*Token)(nil), "session.Token")
-}
-
-func init() { proto.RegisterFile("session/types.proto", fileDescriptor_c0d9d9cb855cdad8) }
-
-var fileDescriptor_c0d9d9cb855cdad8 = []byte{
- // 374 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x91, 0xcd, 0x4e, 0x83, 0x40,
- 0x14, 0x85, 0x0b, 0xfd, 0x75, 0x6c, 0xa2, 0x8e, 0x1b, 0xa2, 0x86, 0x36, 0x5d, 0xb5, 0x89, 0x40,
- 0xa2, 0x2b, 0x97, 0x12, 0x6c, 0x24, 0x35, 0xb6, 0x01, 0xd3, 0x85, 0x3b, 0xa0, 0x53, 0x3a, 0xfe,
- 0x30, 0x84, 0x19, 0x34, 0x7d, 0x13, 0x9f, 0xc1, 0x27, 0xf0, 0x11, 0xba, 0x74, 0x69, 0x5c, 0x34,
- 0x06, 0x5f, 0xc4, 0x30, 0x50, 0xda, 0xc6, 0xdd, 0x9d, 0xef, 0xcc, 0xdc, 0x73, 0xe7, 0x5c, 0x70,
- 0x48, 0x11, 0xa5, 0x98, 0x04, 0x1a, 0x9b, 0x87, 0x88, 0xaa, 0x61, 0x44, 0x18, 0x81, 0xf5, 0x1c,
- 0x1e, 0x29, 0x3e, 0x66, 0xb3, 0xd8, 0x55, 0x3d, 0xf2, 0xac, 0xf9, 0xc4, 0x27, 0x1a, 0xd7, 0xdd,
- 0x78, 0xca, 0x4f, 0xfc, 0xc0, 0xab, 0xec, 0x5d, 0x67, 0x0c, 0xe0, 0x18, 0x45, 0x78, 0x8a, 0x3d,
- 0x87, 0x61, 0x12, 0x5c, 0x23, 0x67, 0x82, 0x22, 0x78, 0x02, 0x76, 0x46, 0xb1, 0xfb, 0x84, 0xbd,
- 0x01, 0x9a, 0x4b, 0x42, 0x5b, 0xe8, 0x36, 0xad, 0x35, 0x80, 0x1d, 0xd0, 0x1c, 0xa0, 0xb9, 0x8d,
- 0xfd, 0xc0, 0x61, 0x71, 0x84, 0x24, 0x91, 0x5f, 0xd8, 0x62, 0x9d, 0x0f, 0x11, 0x54, 0xef, 0xc8,
- 0x23, 0x0a, 0xe0, 0x05, 0xa8, 0x65, 0x5d, 0x79, 0xa3, 0xdd, 0xb3, 0x63, 0x35, 0x1f, 0x55, 0xfd,
- 0x6f, 0xac, 0x57, 0x16, 0xcb, 0x56, 0xc9, 0xca, 0x1f, 0xc0, 0x1e, 0xa8, 0x0f, 0x5f, 0x03, 0x14,
- 0x99, 0x46, 0xe6, 0xa1, 0xef, 0xa5, 0xf2, 0xf7, 0xb2, 0xb5, 0xc2, 0xd6, 0xaa, 0x80, 0x32, 0x00,
- 0x7d, 0x1c, 0x51, 0x76, 0x15, 0x12, 0x6f, 0x26, 0x95, 0xdb, 0x42, 0xb7, 0x62, 0x6d, 0x90, 0xf4,
- 0x47, 0x37, 0xce, 0x4a, 0xae, 0x70, 0x79, 0x0d, 0xe0, 0x29, 0x68, 0x0c, 0xdd, 0x07, 0xe4, 0x31,
- 0xd3, 0x90, 0xaa, 0xed, 0x72, 0xb7, 0xa9, 0xef, 0xe7, 0x4e, 0x05, 0xb7, 0x8a, 0x2a, 0xed, 0xb5,
- 0xfe, 0x7c, 0x2d, 0x4b, 0xa7, 0x00, 0xb0, 0x05, 0x44, 0xd3, 0x90, 0xea, 0xdb, 0xf3, 0xf2, 0x28,
- 0x4c, 0xc3, 0x12, 0xb3, 0x51, 0x8b, 0x2c, 0xa9, 0xd4, 0x48, 0xed, 0xac, 0x0d, 0xa2, 0xdb, 0x8b,
- 0x44, 0x16, 0x3e, 0x13, 0x59, 0xf8, 0x4a, 0x64, 0xe1, 0x27, 0x91, 0x85, 0xb7, 0x5f, 0xb9, 0x74,
- 0xdf, 0xdb, 0xd8, 0x6b, 0x40, 0x43, 0xcf, 0x53, 0x26, 0xe8, 0x45, 0x0b, 0x10, 0x99, 0x52, 0xc5,
- 0x09, 0xb1, 0xe2, 0x13, 0x2d, 0xcf, 0xf5, 0x5d, 0x3c, 0xb8, 0x45, 0xa4, 0x6f, 0xab, 0x97, 0x23,
- 0x53, 0xb5, 0x33, 0xe6, 0xd6, 0xf8, 0xba, 0xcf, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0xa2, 0x24,
- 0xcd, 0x60, 0x3d, 0x02, 0x00, 0x00,
-}
-
-func (m *VerificationHeader) Marshal() (dAtA []byte, err error) {
- size := m.Size()
- dAtA = make([]byte, size)
- n, err := m.MarshalToSizedBuffer(dAtA[:size])
- if err != nil {
- return nil, err
- }
- return dAtA[:n], nil
-}
-
-func (m *VerificationHeader) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *VerificationHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- _ = i
- var l int
- _ = l
- if m.XXX_unrecognized != nil {
- i -= len(m.XXX_unrecognized)
- copy(dAtA[i:], m.XXX_unrecognized)
- }
- if len(m.KeySignature) > 0 {
- i -= len(m.KeySignature)
- copy(dAtA[i:], m.KeySignature)
- i = encodeVarintTypes(dAtA, i, uint64(len(m.KeySignature)))
- i--
- dAtA[i] = 0x12
- }
- if len(m.PublicKey) > 0 {
- i -= len(m.PublicKey)
- copy(dAtA[i:], m.PublicKey)
- i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKey)))
- i--
- dAtA[i] = 0xa
- }
- return len(dAtA) - i, nil
-}
-
-func (m *Token) Marshal() (dAtA []byte, err error) {
- size := m.Size()
- dAtA = make([]byte, size)
- n, err := m.MarshalToSizedBuffer(dAtA[:size])
- if err != nil {
- return nil, err
- }
- return dAtA[:n], nil
-}
-
-func (m *Token) MarshalTo(dAtA []byte) (int, error) {
- size := m.Size()
- return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *Token) MarshalToSizedBuffer(dAtA []byte) (int, error) {
- i := len(dAtA)
- _ = i
- var l int
- _ = l
- if m.XXX_unrecognized != nil {
- i -= len(m.XXX_unrecognized)
- copy(dAtA[i:], m.XXX_unrecognized)
- }
- if len(m.PublicKeys) > 0 {
- for iNdEx := len(m.PublicKeys) - 1; iNdEx >= 0; iNdEx-- {
- i -= len(m.PublicKeys[iNdEx])
- copy(dAtA[i:], m.PublicKeys[iNdEx])
- i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKeys[iNdEx])))
- i--
- dAtA[i] = 0x42
- }
- }
- {
- size := m.ID.Size()
- i -= size
- if _, err := m.ID.MarshalTo(dAtA[i:]); err != nil {
- return 0, err
- }
- i = encodeVarintTypes(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0x3a
- if len(m.Signature) > 0 {
- i -= len(m.Signature)
- copy(dAtA[i:], m.Signature)
- i = encodeVarintTypes(dAtA, i, uint64(len(m.Signature)))
- i--
- dAtA[i] = 0x32
- }
- if len(m.ObjectID) > 0 {
- for iNdEx := len(m.ObjectID) - 1; iNdEx >= 0; iNdEx-- {
- {
- size := m.ObjectID[iNdEx].Size()
- i -= size
- if _, err := m.ObjectID[iNdEx].MarshalTo(dAtA[i:]); err != nil {
- return 0, err
- }
- i = encodeVarintTypes(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0x2a
- }
- }
- if m.LastEpoch != 0 {
- i = encodeVarintTypes(dAtA, i, uint64(m.LastEpoch))
- i--
- dAtA[i] = 0x20
- }
- if m.FirstEpoch != 0 {
- i = encodeVarintTypes(dAtA, i, uint64(m.FirstEpoch))
- i--
- dAtA[i] = 0x18
- }
- {
- size := m.OwnerID.Size()
- i -= size
- if _, err := m.OwnerID.MarshalTo(dAtA[i:]); err != nil {
- return 0, err
- }
- i = encodeVarintTypes(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0x12
- {
- size, err := m.Header.MarshalToSizedBuffer(dAtA[:i])
- if err != nil {
- return 0, err
- }
- i -= size
- i = encodeVarintTypes(dAtA, i, uint64(size))
- }
- i--
- dAtA[i] = 0xa
- return len(dAtA) - i, nil
-}
-
-func encodeVarintTypes(dAtA []byte, offset int, v uint64) int {
- offset -= sovTypes(v)
- base := offset
- for v >= 1<<7 {
- dAtA[offset] = uint8(v&0x7f | 0x80)
- v >>= 7
- offset++
- }
- dAtA[offset] = uint8(v)
- return base
-}
-func (m *VerificationHeader) Size() (n int) {
- if m == nil {
- return 0
- }
- var l int
- _ = l
- l = len(m.PublicKey)
- if l > 0 {
- n += 1 + l + sovTypes(uint64(l))
- }
- l = len(m.KeySignature)
- if l > 0 {
- n += 1 + l + sovTypes(uint64(l))
- }
- if m.XXX_unrecognized != nil {
- n += len(m.XXX_unrecognized)
- }
- return n
-}
-
-func (m *Token) Size() (n int) {
- if m == nil {
- return 0
- }
- var l int
- _ = l
- l = m.Header.Size()
- n += 1 + l + sovTypes(uint64(l))
- l = m.OwnerID.Size()
- n += 1 + l + sovTypes(uint64(l))
- if m.FirstEpoch != 0 {
- n += 1 + sovTypes(uint64(m.FirstEpoch))
- }
- if m.LastEpoch != 0 {
- n += 1 + sovTypes(uint64(m.LastEpoch))
- }
- if len(m.ObjectID) > 0 {
- for _, e := range m.ObjectID {
- l = e.Size()
- n += 1 + l + sovTypes(uint64(l))
- }
- }
- l = len(m.Signature)
- if l > 0 {
- n += 1 + l + sovTypes(uint64(l))
- }
- l = m.ID.Size()
- n += 1 + l + sovTypes(uint64(l))
- if len(m.PublicKeys) > 0 {
- for _, b := range m.PublicKeys {
- l = len(b)
- n += 1 + l + sovTypes(uint64(l))
- }
- }
- if m.XXX_unrecognized != nil {
- n += len(m.XXX_unrecognized)
- }
- return n
-}
-
-func sovTypes(x uint64) (n int) {
- return (math_bits.Len64(x|1) + 6) / 7
-}
-func sozTypes(x uint64) (n int) {
- return sovTypes(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-func (m *VerificationHeader) Unmarshal(dAtA []byte) error {
- l := len(dAtA)
- iNdEx := 0
- for iNdEx < l {
- preIndex := iNdEx
- var wire uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- wire |= uint64(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- fieldNum := int32(wire >> 3)
- wireType := int(wire & 0x7)
- if wireType == 4 {
- return fmt.Errorf("proto: VerificationHeader: wiretype end group for non-group")
- }
- if fieldNum <= 0 {
- return fmt.Errorf("proto: VerificationHeader: illegal tag %d (wire type %d)", fieldNum, wire)
- }
- switch fieldNum {
- case 1:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...)
- if m.PublicKey == nil {
- m.PublicKey = []byte{}
- }
- iNdEx = postIndex
- case 2:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field KeySignature", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.KeySignature = append(m.KeySignature[:0], dAtA[iNdEx:postIndex]...)
- if m.KeySignature == nil {
- m.KeySignature = []byte{}
- }
- iNdEx = postIndex
- default:
- iNdEx = preIndex
- skippy, err := skipTypes(dAtA[iNdEx:])
- if err != nil {
- return err
- }
- if skippy < 0 {
- return ErrInvalidLengthTypes
- }
- if (iNdEx + skippy) < 0 {
- return ErrInvalidLengthTypes
- }
- if (iNdEx + skippy) > l {
- return io.ErrUnexpectedEOF
- }
- m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
- iNdEx += skippy
- }
- }
-
- if iNdEx > l {
- return io.ErrUnexpectedEOF
- }
- return nil
-}
-func (m *Token) Unmarshal(dAtA []byte) error {
- l := len(dAtA)
- iNdEx := 0
- for iNdEx < l {
- preIndex := iNdEx
- var wire uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- wire |= uint64(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- fieldNum := int32(wire >> 3)
- wireType := int(wire & 0x7)
- if wireType == 4 {
- return fmt.Errorf("proto: Token: wiretype end group for non-group")
- }
- if fieldNum <= 0 {
- return fmt.Errorf("proto: Token: illegal tag %d (wire type %d)", fieldNum, wire)
- }
- switch fieldNum {
- case 1:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Header", wireType)
- }
- var msglen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- msglen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if msglen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + msglen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- if err := m.Header.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
- case 2:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field OwnerID", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- if err := m.OwnerID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
- case 3:
- if wireType != 0 {
- return fmt.Errorf("proto: wrong wireType = %d for field FirstEpoch", wireType)
- }
- m.FirstEpoch = 0
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- m.FirstEpoch |= uint64(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- case 4:
- if wireType != 0 {
- return fmt.Errorf("proto: wrong wireType = %d for field LastEpoch", wireType)
- }
- m.LastEpoch = 0
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- m.LastEpoch |= uint64(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- case 5:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field ObjectID", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- var v ObjectID
- m.ObjectID = append(m.ObjectID, v)
- if err := m.ObjectID[len(m.ObjectID)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
- case 6:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Signature", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.Signature = append(m.Signature[:0], dAtA[iNdEx:postIndex]...)
- if m.Signature == nil {
- m.Signature = []byte{}
- }
- iNdEx = postIndex
- case 7:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- if err := m.ID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
- case 8:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field PublicKeys", wireType)
- }
- var byteLen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- byteLen |= int(b&0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if byteLen < 0 {
- return ErrInvalidLengthTypes
- }
- postIndex := iNdEx + byteLen
- if postIndex < 0 {
- return ErrInvalidLengthTypes
- }
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.PublicKeys = append(m.PublicKeys, make([]byte, postIndex-iNdEx))
- copy(m.PublicKeys[len(m.PublicKeys)-1], dAtA[iNdEx:postIndex])
- iNdEx = postIndex
- default:
- iNdEx = preIndex
- skippy, err := skipTypes(dAtA[iNdEx:])
- if err != nil {
- return err
- }
- if skippy < 0 {
- return ErrInvalidLengthTypes
- }
- if (iNdEx + skippy) < 0 {
- return ErrInvalidLengthTypes
- }
- if (iNdEx + skippy) > l {
- return io.ErrUnexpectedEOF
- }
- m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
- iNdEx += skippy
- }
- }
-
- if iNdEx > l {
- return io.ErrUnexpectedEOF
- }
- return nil
-}
-func skipTypes(dAtA []byte) (n int, err error) {
- l := len(dAtA)
- iNdEx := 0
- depth := 0
- for iNdEx < l {
- var wire uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return 0, ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return 0, io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- wire |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- wireType := int(wire & 0x7)
- switch wireType {
- case 0:
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return 0, ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return 0, io.ErrUnexpectedEOF
- }
- iNdEx++
- if dAtA[iNdEx-1] < 0x80 {
- break
- }
- }
- case 1:
- iNdEx += 8
- case 2:
- var length int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return 0, ErrIntOverflowTypes
- }
- if iNdEx >= l {
- return 0, io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- length |= (int(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if length < 0 {
- return 0, ErrInvalidLengthTypes
- }
- iNdEx += length
- case 3:
- depth++
- case 4:
- if depth == 0 {
- return 0, ErrUnexpectedEndOfGroupTypes
- }
- depth--
- case 5:
- iNdEx += 4
- default:
- return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
- }
- if iNdEx < 0 {
- return 0, ErrInvalidLengthTypes
- }
- if depth == 0 {
- return iNdEx, nil
- }
- }
- return 0, io.ErrUnexpectedEOF
-}
-
-var (
- ErrInvalidLengthTypes = fmt.Errorf("proto: negative length found during unmarshaling")
- ErrIntOverflowTypes = fmt.Errorf("proto: integer overflow")
- ErrUnexpectedEndOfGroupTypes = fmt.Errorf("proto: unexpected end of group")
-)
diff --git a/session/types.proto b/session/types.proto
deleted file mode 100644
index 3ae49a3..0000000
--- a/session/types.proto
+++ /dev/null
@@ -1,35 +0,0 @@
-syntax = "proto3";
-package session;
-option go_package = "github.com/nspcc-dev/neofs-api-go/session";
-option csharp_namespace = "NeoFS.API.Session";
-
-import "github.com/gogo/protobuf/gogoproto/gogo.proto";
-
-option (gogoproto.stable_marshaler_all) = true;
-
-message VerificationHeader {
- // PublicKey is a session public key
- bytes PublicKey = 1;
- // KeySignature is a session public key signature. Signed by trusted side
- bytes KeySignature = 2;
-}
-
-// User token granting rights for object manipulation
-message Token {
- // Header carries verification data of session key
- VerificationHeader Header = 1 [(gogoproto.nullable) = false];
- // OwnerID is an owner of manipulation object
- bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
- // FirstEpoch is an initial epoch of token lifetime
- uint64 FirstEpoch = 3;
- // LastEpoch is a last epoch of token lifetime
- uint64 LastEpoch = 4;
- // ObjectID is an object identifier of manipulation object
- repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
- // Signature is a token signature, signed by owner of manipulation object
- bytes Signature = 6;
- // ID is a token identifier. valid UUIDv4 represented in bytes
- bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
- // PublicKeys associated with owner
- repeated bytes PublicKeys = 8;
-}
diff --git a/state/sign.go b/state/sign.go
new file mode 100644
index 0000000..88f038c
--- /dev/null
+++ b/state/sign.go
@@ -0,0 +1,67 @@
+package state
+
+import (
+ "io"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+)
+
+// SignedData returns payload bytes of the request.
+//
+// Always returns an empty slice.
+func (m NetmapRequest) SignedData() ([]byte, error) {
+ return make([]byte, 0), nil
+}
+
+// SignedData returns payload bytes of the request.
+//
+// Always returns an empty slice.
+func (m MetricsRequest) SignedData() ([]byte, error) {
+ return make([]byte, 0), nil
+}
+
+// SignedData returns payload bytes of the request.
+//
+// Always returns an empty slice.
+func (m HealthRequest) SignedData() ([]byte, error) {
+ return make([]byte, 0), nil
+}
+
+// SignedData returns payload bytes of the request.
+//
+// Always returns an empty slice.
+func (m DumpRequest) SignedData() ([]byte, error) {
+ return make([]byte, 0), nil
+}
+
+// SignedData returns payload bytes of the request.
+//
+// Always returns an empty slice.
+func (m DumpVarsRequest) SignedData() ([]byte, error) {
+ return make([]byte, 0), nil
+}
+
+// SignedData returns payload bytes of the request.
+func (m ChangeStateRequest) SignedData() ([]byte, error) {
+ return service.SignedDataFromReader(m)
+}
+
+// SignedDataSize returns payload size of the request.
+func (m ChangeStateRequest) SignedDataSize() int {
+ return m.GetState().Size()
+}
+
+// ReadSignedData copies payload bytes to passed buffer.
+//
+// If the Request size is insufficient, io.ErrUnexpectedEOF returns.
+func (m ChangeStateRequest) ReadSignedData(p []byte) (int, error) {
+ if len(p) < m.SignedDataSize() {
+ return 0, io.ErrUnexpectedEOF
+ }
+
+ var off int
+
+ off += copy(p[off:], m.GetState().Bytes())
+
+ return off, nil
+}
diff --git a/state/sign_test.go b/state/sign_test.go
new file mode 100644
index 0000000..9b2bca9
--- /dev/null
+++ b/state/sign_test.go
@@ -0,0 +1,94 @@
+package state
+
+import (
+ "testing"
+
+ "github.com/nspcc-dev/neofs-api-go/service"
+ "github.com/nspcc-dev/neofs-crypto/test"
+ "github.com/stretchr/testify/require"
+)
+
+func TestRequestSign(t *testing.T) {
+ sk := test.DecodeKey(0)
+
+ type sigType interface {
+ service.SignedDataWithToken
+ service.SignKeyPairAccumulator
+ service.SignKeyPairSource
+ SetToken(*service.Token)
+ }
+
+ items := []struct {
+ constructor func() sigType
+ payloadCorrupt []func(sigType)
+ }{
+ { // NetmapRequest
+ constructor: func() sigType {
+ return new(NetmapRequest)
+ },
+ },
+ { // MetricsRequest
+ constructor: func() sigType {
+ return new(MetricsRequest)
+ },
+ },
+ { // HealthRequest
+ constructor: func() sigType {
+ return new(HealthRequest)
+ },
+ },
+ { // DumpRequest
+ constructor: func() sigType {
+ return new(DumpRequest)
+ },
+ },
+ { // DumpVarsRequest
+ constructor: func() sigType {
+ return new(DumpVarsRequest)
+ },
+ },
+ {
+ constructor: func() sigType {
+ return new(ChangeStateRequest)
+ },
+ payloadCorrupt: []func(sigType){
+ func(s sigType) {
+ req := s.(*ChangeStateRequest)
+
+ req.SetState(req.GetState() + 1)
+ },
+ },
+ },
+ }
+
+ for _, item := range items {
+ { // token corruptions
+ v := item.constructor()
+
+ token := new(service.Token)
+ v.SetToken(token)
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ token.SetSessionKey(append(token.GetSessionKey(), 1))
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+
+ { // payload corruptions
+ for _, corruption := range item.payloadCorrupt {
+ v := item.constructor()
+
+ require.NoError(t, service.SignDataWithSessionToken(sk, v))
+
+ require.NoError(t, service.VerifyAccumulatedSignaturesWithToken(v))
+
+ corruption(v)
+
+ require.Error(t, service.VerifyAccumulatedSignaturesWithToken(v))
+ }
+ }
+ }
+}
diff --git a/state/types.go b/state/types.go
new file mode 100644
index 0000000..6b572db
--- /dev/null
+++ b/state/types.go
@@ -0,0 +1,24 @@
+package state
+
+import (
+ "encoding/binary"
+)
+
+// SetState is a State field setter.
+func (m *ChangeStateRequest) SetState(st ChangeStateRequest_State) {
+ m.State = st
+}
+
+// Size returns the size of the state binary representation.
+func (ChangeStateRequest_State) Size() int {
+ return 4
+}
+
+// Bytes returns the state binary representation.
+func (x ChangeStateRequest_State) Bytes() []byte {
+ data := make([]byte, x.Size())
+
+ binary.BigEndian.PutUint32(data, uint32(x))
+
+ return data
+}
diff --git a/state/types_test.go b/state/types_test.go
new file mode 100644
index 0000000..5d5f5de
--- /dev/null
+++ b/state/types_test.go
@@ -0,0 +1,18 @@
+package state
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestChangeStateRequestGettersSetters(t *testing.T) {
+ t.Run("state", func(t *testing.T) {
+ st := ChangeStateRequest_State(1)
+ m := new(ChangeStateRequest)
+
+ m.SetState(st)
+
+ require.Equal(t, st, m.GetState())
+ })
+}