Skip to content

Commit 0af42f9

Browse files
cthulhu-ridercthulhu-rider
committed
node/object: Combine signature and session checks in one func
Previously, we checked in-signature public key against session token, then signature itself. Now signature is checked within one func which brings us closer to 8d3054d for objects. Error text became more clear as well. Signed-off-by: Leonard Lyubich <[email protected]>
1 parent ead5063 commit 0af42f9

File tree

2 files changed

+16
-13
lines changed

2 files changed

+16
-13
lines changed

pkg/core/object/fmt.go

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -162,12 +162,8 @@ func (v *FormatValidator) Validate(obj *object.Object, unprepared bool) error {
162162
return fmt.Errorf("could not validate header fields: invalid identifier: %w", err)
163163
}
164164

165-
if err := validateSignatureKey(obj); err != nil {
166-
return fmt.Errorf("could not validate signature key: %w", err)
167-
}
168-
169-
if !obj.VerifySignature() {
170-
return errors.New("could not validate header fields: invalid signature")
165+
if err := validateSignature(obj); err != nil {
166+
return fmt.Errorf("could not validate signature: %w", err)
171167
}
172168

173169
if err := v.checkExpiration(*obj); err != nil {
@@ -183,7 +179,7 @@ func (v *FormatValidator) Validate(obj *object.Object, unprepared bool) error {
183179
return nil
184180
}
185181

186-
func validateSignatureKey(obj *object.Object) error {
182+
func validateSignature(obj *object.Object) error {
187183
// FIXME(@cthulhu-rider): temp solution, see neofs-sdk-go#233
188184
sig := obj.Signature()
189185
if sig == nil {
@@ -193,6 +189,9 @@ func validateSignatureKey(obj *object.Object) error {
193189

194190
token := obj.SessionToken()
195191
if token == nil {
192+
if !obj.VerifySignature() {
193+
return errors.New("invalid signature")
194+
}
196195
return nil
197196
}
198197

@@ -211,6 +210,10 @@ func validateSignatureKey(obj *object.Object) error {
211210
return fmt.Errorf("different object owner %s and session issuer %s", owner, issuer)
212211
}
213212

213+
if !obj.VerifySignature() {
214+
return errors.New("invalid signature")
215+
}
216+
214217
return nil
215218
}
216219

pkg/core/object/fmt_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ func TestFormatValidator_Validate(t *testing.T) {
111111
t.Run("invalid signature", func(t *testing.T) {
112112
t.Run("unsigned", func(t *testing.T) {
113113
obj, _ := minUnsignedObject(t)
114-
require.EqualError(t, v.Validate(&obj, false), "could not validate signature key: missing signature")
114+
require.EqualError(t, v.Validate(&obj, false), "could not validate signature: missing signature")
115115
})
116116
t.Run("unsupported scheme", func(t *testing.T) {
117117
obj, signer := minUnsignedObject(t)
@@ -121,7 +121,7 @@ func TestFormatValidator_Validate(t *testing.T) {
121121
sig := neofscrypto.NewSignature(3, signer.Public(), sigBytes)
122122
obj.SetSignature(&sig)
123123

124-
require.EqualError(t, v.Validate(&obj, false), "could not validate header fields: invalid signature")
124+
require.EqualError(t, v.Validate(&obj, false), "could not validate signature: invalid signature")
125125
})
126126
t.Run("wrong scheme", func(t *testing.T) {
127127
obj, signer := minUnsignedObject(t)
@@ -131,7 +131,7 @@ func TestFormatValidator_Validate(t *testing.T) {
131131
sig := neofscrypto.NewSignature(neofscrypto.ECDSA_WALLETCONNECT, signer.Public(), sigBytes)
132132
obj.SetSignature(&sig)
133133

134-
require.EqualError(t, v.Validate(&obj, false), "could not validate header fields: invalid signature")
134+
require.EqualError(t, v.Validate(&obj, false), "could not validate signature: invalid signature")
135135
})
136136
t.Run("invalid public key", func(t *testing.T) {
137137
obj, signer := minUnsignedObject(t)
@@ -160,7 +160,7 @@ func TestFormatValidator_Validate(t *testing.T) {
160160
pub := slices.Clone(signer.PublicKeyBytes)
161161
sig.SetPublicKeyBytes(tc.changePub(pub))
162162
obj.SetSignature(&sig)
163-
require.EqualError(t, v.Validate(&obj, false), "could not validate header fields: invalid signature")
163+
require.EqualError(t, v.Validate(&obj, false), "could not validate signature: invalid signature")
164164
})
165165
}
166166
})
@@ -182,7 +182,7 @@ func TestFormatValidator_Validate(t *testing.T) {
182182
cp[i]++
183183
newSig := neofscrypto.NewSignatureFromRawKey(sig.Scheme(), sig.PublicKeyBytes(), cp)
184184
tc.object.SetSignature(&newSig)
185-
require.EqualError(t, v.Validate(&tc.object, false), "could not validate header fields: invalid signature")
185+
require.EqualError(t, v.Validate(&tc.object, false), "could not validate signature: invalid signature")
186186
}
187187
})
188188
}
@@ -256,7 +256,7 @@ func TestFormatValidator_Validate(t *testing.T) {
256256
require.NoError(t, obj.Sign(sessionSubj))
257257

258258
err = v.Validate(obj, false)
259-
require.EqualError(t, err, "could not validate signature key: authenticate session token: issuer mismatches signature")
259+
require.EqualError(t, err, "could not validate signature: authenticate session token: issuer mismatches signature")
260260
})
261261
})
262262

0 commit comments

Comments
 (0)