storj/storagenode/vouchers/verification.go

53 lines
1.4 KiB
Go
Raw Normal View History

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package vouchers
import (
"context"
"time"
"github.com/zeebo/errs"
"storj.io/storj/internal/errs2"
"storj.io/storj/pkg/auth/signing"
"storj.io/storj/pkg/pb"
"storj.io/storj/pkg/storj"
)
var (
// ErrVerify is returned when voucher fields are not valid.
ErrVerify = errs.Class("verification")
)
// VerifyVoucher verifies that the signature and the information contained in a voucher are valid
func (service *Service) VerifyVoucher(ctx context.Context, satellite storj.NodeID, voucher *pb.Voucher) (err error) {
defer mon.Task()(&ctx)(&err)
if self := service.transport.Identity().ID; voucher.StorageNodeId != self {
return ErrVerify.New("Storage node ID does not match expected: (%v) (%v)", voucher.StorageNodeId, self)
}
if voucher.SatelliteId != satellite {
return ErrVerify.New("Satellite ID does not match expected: (%v) (%v)", voucher.SatelliteId, satellite)
}
if voucher.Expiration.Before(time.Now()) {
return ErrVerify.New("Voucher is already expired")
}
signee, err := service.trust.GetSignee(ctx, voucher.SatelliteId)
if err != nil {
if errs2.IsCanceled(err) {
return err
}
return ErrVerify.New("unable to get signee: %v", err) // TODO: report grpc status bad message
}
if err := signing.VerifyVoucher(ctx, signee, voucher); err != nil {
return ErrVerify.New("invalid voucher signature: %v", err) // TODO: report grpc bad message
}
return nil
}