forked from TrueCloudLab/frostfs-node
[#645] client/cache: Check response public key in all client operations
There is a need to check if public key in the RPC response matches the public key of the related storage node declared in network map. Define `ErrWrongPublicKey` error. Implement RPC response handler's constructor `AssertKeyResponseCallback` which checks public key. Construct handler and pass it to client's option `WithResponseInfoHandler`. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich
Alex Vanin
parent
78e4a87dca
commit
4661f65975
9 changed files with 90 additions and 12 deletions
19
pkg/services/object/internal/key.go
Normal file
19
pkg/services/object/internal/key.go
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
package internal
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/core/client"
|
||||
)
|
||||
|
||||
// VerifyResponseKeyV2 checks if response is signed with expected key. Returns client.ErrWrongPublicKey if not.
|
||||
func VerifyResponseKeyV2(expectedKey []byte, resp interface {
|
||||
GetVerificationHeader() *session.ResponseVerificationHeader
|
||||
}) error {
|
||||
if !bytes.Equal(resp.GetVerificationHeader().GetBodySignature().GetKey(), expectedKey) {
|
||||
return client.ErrWrongPublicKey
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue