2019-06-21 23:48:52 +01:00
|
|
|
// Copyright (C) 2019 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package vouchers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/zeebo/errs"
|
|
|
|
|
2019-06-26 16:30:37 +01:00
|
|
|
"storj.io/storj/internal/errs2"
|
2019-06-21 23:48:52 +01:00
|
|
|
"storj.io/storj/pkg/auth/signing"
|
|
|
|
"storj.io/storj/pkg/pb"
|
|
|
|
"storj.io/storj/pkg/storj"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// ErrVerify is returned when voucher fields are not valid.
|
|
|
|
ErrVerify = errs.Class("verification")
|
|
|
|
)
|
|
|
|
|
|
|
|
// VerifyVoucher verifies that the signature and the information contained in a voucher are valid
|
|
|
|
func (service *Service) VerifyVoucher(ctx context.Context, satellite storj.NodeID, voucher *pb.Voucher) (err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2019-07-18 15:09:25 +01:00
|
|
|
if self := service.transport.Identity().ID; voucher.StorageNodeId != self {
|
2019-06-21 23:48:52 +01:00
|
|
|
return ErrVerify.New("Storage node ID does not match expected: (%v) (%v)", voucher.StorageNodeId, self)
|
|
|
|
}
|
|
|
|
|
|
|
|
if voucher.SatelliteId != satellite {
|
|
|
|
return ErrVerify.New("Satellite ID does not match expected: (%v) (%v)", voucher.SatelliteId, satellite)
|
|
|
|
}
|
|
|
|
|
2019-07-08 18:07:30 +01:00
|
|
|
if voucher.Expiration.Before(time.Now()) {
|
2019-06-21 23:48:52 +01:00
|
|
|
return ErrVerify.New("Voucher is already expired")
|
|
|
|
}
|
|
|
|
|
|
|
|
signee, err := service.trust.GetSignee(ctx, voucher.SatelliteId)
|
|
|
|
if err != nil {
|
2019-06-26 16:30:37 +01:00
|
|
|
if errs2.IsCanceled(err) {
|
2019-06-21 23:48:52 +01:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return ErrVerify.New("unable to get signee: %v", err) // TODO: report grpc status bad message
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := signing.VerifyVoucher(ctx, signee, voucher); err != nil {
|
|
|
|
return ErrVerify.New("invalid voucher signature: %v", err) // TODO: report grpc bad message
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|