[#15] Sign base64 token representation

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-07-11 16:10:57 +03:00 committed by Alex Vanin
parent 5bee10d096
commit fd0ff4b803
4 changed files with 21 additions and 4 deletions

View file

@ -924,11 +924,13 @@ func signToken(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.Bearer
}
func signTokenWalletConnect(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.BearerToken {
sm, err := walletconnect.SignMessage(&key.PrivateKey, data[:])
b64Token := make([]byte, base64.StdEncoding.EncodedLen(len(data)))
base64.StdEncoding.Encode(b64Token, data)
sm, err := walletconnect.SignMessage(&key.PrivateKey, b64Token[:])
require.NoError(t, err)
return &handlers.BearerToken{
Token: base64.StdEncoding.EncodeToString(data),
Token: string(b64Token),
Signature: hex.EncodeToString(append(sm.Data, sm.Salt...)),
Key: hex.EncodeToString(key.PublicKey().Bytes()),
}

View file

@ -3,6 +3,7 @@ package handlers
import (
"testing"
sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/stretchr/testify/require"
)
@ -35,3 +36,17 @@ func TestCheckContainerName(t *testing.T) {
}
}
}
func TestPrepareSessionToken(t *testing.T) {
st := &SessionToken{
BearerToken: BearerToken{
Token: "ChASxCTiXwREjLAG7nkxjDHVEhsKGTVxfQ56a0uQeFmOO63mqykBS1HNpw1rxSgaBgjIAhjkASIhAnLj82Qmdlcg7JtoyhDjJ1OsRFjtmxdXbzrwVkwxWAdWMgQIAxAB",
Signature: "2ebdc1f2fea2bba397d1be6f982a6fe1b2bc9f46a348b700108fe2eba4e6531a1bb585febf9a40a3fa2e085fca5e2a75ca57f61166117c6d3e04a95ef9a2d2196f52648546784853e17c0b7ba762eae1",
Key: "03bd9108c0b49f657e9eee50d1399022bd1e436118e5b7529a1b7cd606652f578f",
},
Verb: sessionv2.ContainerVerbSetEACL,
}
_, err := prepareSessionToken(st, true)
require.NoError(t, err)
}

View file

@ -423,7 +423,7 @@ func prepareSessionToken(st *SessionToken, isWalletConnect bool) (*session.Token
stoken.ToV2().SetSignature(v2signature)
if isWalletConnect {
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), data, signature) {
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), []byte(st.Token), signature) {
return nil, fmt.Errorf("invalid signature")
}
} else if !stoken.VerifySignature() {

View file

@ -370,7 +370,7 @@ func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (*token.BearerTok
btoken.ToV2().SetSignature(v2signature)
if isWalletConnect {
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), data, signature) {
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), []byte(bt.Token), signature) {
return nil, fmt.Errorf("invalid signature")
}
} else if err = btoken.VerifySignature(); err != nil {