// Copyright (C) 2019 Storj Labs, Inc. // See LICENSE for copying information. package vouchers import ( "context" "time" "github.com/zeebo/errs" "storj.io/storj/internal/errs2" "storj.io/storj/pkg/pb" "storj.io/storj/pkg/signing" "storj.io/storj/pkg/storj" ) var ( // ErrVerify is returned when voucher fields are not valid. ErrVerify = errs.Class("verification") ) // VerifyVoucher verifies that the signature and the information contained in a voucher are valid func (service *Service) VerifyVoucher(ctx context.Context, satellite storj.NodeID, voucher *pb.Voucher) (err error) { defer mon.Task()(&ctx)(&err) if self := service.transport.Identity().ID; voucher.StorageNodeId != self { return ErrVerify.New("Storage node ID does not match expected: (%v) (%v)", voucher.StorageNodeId, self) } if voucher.SatelliteId != satellite { return ErrVerify.New("Satellite ID does not match expected: (%v) (%v)", voucher.SatelliteId, satellite) } if voucher.Expiration.Before(time.Now()) { return ErrVerify.New("Voucher is already expired") } signee, err := service.trust.GetSignee(ctx, voucher.SatelliteId) if err != nil { if errs2.IsCanceled(err) { return err } return ErrVerify.New("unable to get signee: %v", err) // TODO: report grpc status bad message } if err := signing.VerifyVoucher(ctx, signee, voucher); err != nil { return ErrVerify.New("invalid voucher signature: %v", err) // TODO: report grpc bad message } return nil }