[#528] objectcore: Validate token issuer

Add token issuer against object owner validation. Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-17 16:46:46 +03:00 · 2023-07-17 16:46:46 +03:00 · ab2614ec2d
commit ab2614ec2d
parent 4ea0df77d0
2 changed files with 36 additions and 1 deletions
--- a/pkg/core/object/fmt.go
+++ b/pkg/core/object/fmt.go
@ -153,9 +153,14 @@ func (v *FormatValidator) validateSignatureKey(obj *objectSDK.Object) error {
 	}

 	token := obj.SessionToken()
+	ownerID := *obj.OwnerID()

 	if token == nil || !token.AssertAuthKey(&key) {
-		return v.checkOwnerKey(*obj.OwnerID(), key)
+		return v.checkOwnerKey(ownerID, key)
+	}
+
+	if !token.Issuer().Equals(ownerID) {
+		return fmt.Errorf("(%T) different token issuer and object owner identifiers %s/%s", v, token.Issuer(), ownerID)
 	}

 	return nil