forked from TrueCloudLab/frostfs-rest-gw
[#15] Sign base64 token representation
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Alex Vanin
parent
5bee10d096
commit
fd0ff4b803
4 changed files with 21 additions and 4 deletions
|
|
@ -924,11 +924,13 @@ func signToken(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.Bearer
|
||||||
}
|
}
|
||||||
|
|
||||||
func signTokenWalletConnect(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.BearerToken {
|
func signTokenWalletConnect(t *testing.T, key *keys.PrivateKey, data []byte) *handlers.BearerToken {
|
||||||
sm, err := walletconnect.SignMessage(&key.PrivateKey, data[:])
|
b64Token := make([]byte, base64.StdEncoding.EncodedLen(len(data)))
|
||||||
|
base64.StdEncoding.Encode(b64Token, data)
|
||||||
|
sm, err := walletconnect.SignMessage(&key.PrivateKey, b64Token[:])
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
return &handlers.BearerToken{
|
return &handlers.BearerToken{
|
||||||
Token: base64.StdEncoding.EncodeToString(data),
|
Token: string(b64Token),
|
||||||
Signature: hex.EncodeToString(append(sm.Data, sm.Salt...)),
|
Signature: hex.EncodeToString(append(sm.Data, sm.Salt...)),
|
||||||
Key: hex.EncodeToString(key.PublicKey().Bytes()),
|
Key: hex.EncodeToString(key.PublicKey().Bytes()),
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ package handlers
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -35,3 +36,17 @@ func TestCheckContainerName(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPrepareSessionToken(t *testing.T) {
|
||||||
|
st := &SessionToken{
|
||||||
|
BearerToken: BearerToken{
|
||||||
|
Token: "ChASxCTiXwREjLAG7nkxjDHVEhsKGTVxfQ56a0uQeFmOO63mqykBS1HNpw1rxSgaBgjIAhjkASIhAnLj82Qmdlcg7JtoyhDjJ1OsRFjtmxdXbzrwVkwxWAdWMgQIAxAB",
|
||||||
|
Signature: "2ebdc1f2fea2bba397d1be6f982a6fe1b2bc9f46a348b700108fe2eba4e6531a1bb585febf9a40a3fa2e085fca5e2a75ca57f61166117c6d3e04a95ef9a2d2196f52648546784853e17c0b7ba762eae1",
|
||||||
|
Key: "03bd9108c0b49f657e9eee50d1399022bd1e436118e5b7529a1b7cd606652f578f",
|
||||||
|
},
|
||||||
|
Verb: sessionv2.ContainerVerbSetEACL,
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := prepareSessionToken(st, true)
|
||||||
|
require.NoError(t, err)
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -423,7 +423,7 @@ func prepareSessionToken(st *SessionToken, isWalletConnect bool) (*session.Token
|
||||||
stoken.ToV2().SetSignature(v2signature)
|
stoken.ToV2().SetSignature(v2signature)
|
||||||
|
|
||||||
if isWalletConnect {
|
if isWalletConnect {
|
||||||
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), data, signature) {
|
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), []byte(st.Token), signature) {
|
||||||
return nil, fmt.Errorf("invalid signature")
|
return nil, fmt.Errorf("invalid signature")
|
||||||
}
|
}
|
||||||
} else if !stoken.VerifySignature() {
|
} else if !stoken.VerifySignature() {
|
||||||
|
|
|
||||||
|
|
@ -370,7 +370,7 @@ func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (*token.BearerTok
|
||||||
btoken.ToV2().SetSignature(v2signature)
|
btoken.ToV2().SetSignature(v2signature)
|
||||||
|
|
||||||
if isWalletConnect {
|
if isWalletConnect {
|
||||||
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), data, signature) {
|
if !walletconnect.Verify((*ecdsa.PublicKey)(ownerKey), []byte(bt.Token), signature) {
|
||||||
return nil, fmt.Errorf("invalid signature")
|
return nil, fmt.Errorf("invalid signature")
|
||||||
}
|
}
|
||||||
} else if err = btoken.VerifySignature(); err != nil {
|
} else if err = btoken.VerifySignature(); err != nil {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue