s.makhov/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#11] services: Implement universal Sign/Verify service

Browse source 
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2020-08-24 13:05:10 +03:00 committed by Alex Vanin
parent 3308fcf56d
commit f71d64435e
2 changed files with 54 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
pkg/services/accounting/sign.go
View file

@ -5,39 +5,29 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"github.com/nspcc-dev/neofs-api-go/v2/accounting" "github.com/nspcc-dev/neofs-api-go/v2/accounting"
"github.com/nspcc-dev/neofs-api-go/v2/signature" "github.com/nspcc-dev/neofs-node/pkg/services/util"
"github.com/pkg/errors"
) )
type signService struct { type signService struct {
key *ecdsa.PrivateKey unarySigService *util.UnarySignService
svc accounting.Service
} }
func NewSignService(key *ecdsa.PrivateKey, svc accounting.Service) accounting.Service { func NewSignService(key *ecdsa.PrivateKey, svc accounting.Service) accounting.Service {
return &signService{ return &signService{
key: key, unarySigService: util.NewUnarySignService(
svc: svc, key,
func(ctx context.Context, req interface{}) (interface{}, error) {
return svc.Balance(ctx, req.(*accounting.BalanceRequest))
},
),
} }
} }
func (s *signService) Balance(ctx context.Context, req *accounting.BalanceRequest) (*accounting.BalanceResponse, error) { func (s *signService) Balance(ctx context.Context, req *accounting.BalanceRequest) (*accounting.BalanceResponse, error) {
// verify request signatures resp, err := s.unarySigService.HandleUnaryRequest(ctx, req)
if err := signature.VerifyServiceMessage(req); err != nil {
return nil, errors.Wrap(err, "could not verify request")
}
// process request
resp, err := s.svc.Balance(ctx, req)
if err != nil { if err != nil {
return nil, err return nil, err
} }
// sign the response return resp.(*accounting.BalanceResponse), nil
if err := signature.SignServiceMessage(s.key, resp); err != nil {
return nil, errors.Wrap(err, "could not sign response")
}
return resp, nil
} }

44
pkg/services/util/sign.go Normal file
View file

@ -0,0 +1,44 @@
package util
import (
"context"
"crypto/ecdsa"
"github.com/nspcc-dev/neofs-api-go/v2/signature"
"github.com/pkg/errors"
)
type UnaryHandler func(context.Context, interface{}) (interface{}, error)
type UnarySignService struct {
key *ecdsa.PrivateKey
unaryHandler UnaryHandler
}
func NewUnarySignService(key *ecdsa.PrivateKey, handler UnaryHandler) *UnarySignService {
return &UnarySignService{
key: key,
unaryHandler: handler,
}
}
func (s *UnarySignService) HandleUnaryRequest(ctx context.Context, req interface{}) (interface{}, error) {
// verify request signatures
if err := signature.VerifyServiceMessage(req); err != nil {
return nil, errors.Wrap(err, "could not verify request")
}
// process request
resp, err := s.unaryHandler(ctx, req)
if err != nil {
return nil, errors.Wrap(err, "could not handle request")
}
// sign the response
if err := signature.SignServiceMessage(s.key, resp); err != nil {
return nil, errors.Wrap(err, "could not sign response")
}
return resp, nil
}