ea48322dd3
So we can have stable UploadID for multipart uploads. Change-Id: Iac6780394c8cc0f96c0b9c4b850b92ed3627a9b0
91 lines
2.7 KiB
Go
91 lines
2.7 KiB
Go
// Copyright (C) 2019 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package metainfo
|
|
|
|
import (
|
|
"context"
|
|
|
|
"storj.io/common/pb"
|
|
"storj.io/common/signing"
|
|
"storj.io/storj/satellite/internalpb"
|
|
)
|
|
|
|
// SignStreamID signs the stream ID using the specified signer.
|
|
// Signer is a satellite.
|
|
func SignStreamID(ctx context.Context, signer signing.Signer, unsigned *internalpb.StreamID) (_ *internalpb.StreamID, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
bytes, err := EncodeStreamID(ctx, unsigned)
|
|
if err != nil {
|
|
return nil, Error.Wrap(err)
|
|
}
|
|
|
|
signed := *unsigned
|
|
signed.SatelliteSignature, err = signer.SignHMACSHA256(ctx, bytes)
|
|
if err != nil {
|
|
return nil, Error.Wrap(err)
|
|
}
|
|
|
|
return &signed, nil
|
|
}
|
|
|
|
// SignSegmentID signs the segment ID using the specified signer.
|
|
// Signer is a satellite.
|
|
func SignSegmentID(ctx context.Context, signer signing.Signer, unsigned *internalpb.SegmentID) (_ *internalpb.SegmentID, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
bytes, err := EncodeSegmentID(ctx, unsigned)
|
|
if err != nil {
|
|
return nil, Error.Wrap(err)
|
|
}
|
|
|
|
signed := *unsigned
|
|
signed.SatelliteSignature, err = signer.HashAndSign(ctx, bytes)
|
|
if err != nil {
|
|
return nil, Error.Wrap(err)
|
|
}
|
|
|
|
return &signed, nil
|
|
}
|
|
|
|
// EncodeStreamID encodes stream ID into bytes for signing.
|
|
func EncodeStreamID(ctx context.Context, streamID *internalpb.StreamID) (_ []byte, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
signature := streamID.SatelliteSignature
|
|
streamID.SatelliteSignature = nil
|
|
out, err := pb.Marshal(streamID)
|
|
streamID.SatelliteSignature = signature
|
|
return out, err
|
|
}
|
|
|
|
// EncodeSegmentID encodes segment ID into bytes for signing.
|
|
func EncodeSegmentID(ctx context.Context, segmentID *internalpb.SegmentID) (_ []byte, err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
signature := segmentID.SatelliteSignature
|
|
segmentID.SatelliteSignature = nil
|
|
out, err := pb.Marshal(segmentID)
|
|
segmentID.SatelliteSignature = signature
|
|
return out, err
|
|
}
|
|
|
|
// VerifyStreamID verifies that the signature inside stream ID belongs to the satellite.
|
|
func VerifyStreamID(ctx context.Context, satellite signing.Signer, signed *internalpb.StreamID) (err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
bytes, err := EncodeStreamID(ctx, signed)
|
|
if err != nil {
|
|
return Error.Wrap(err)
|
|
}
|
|
|
|
return satellite.VerifyHMACSHA256(ctx, bytes, signed.SatelliteSignature)
|
|
}
|
|
|
|
// VerifySegmentID verifies that the signature inside segment ID belongs to the satellite.
|
|
func VerifySegmentID(ctx context.Context, satellite signing.Signee, signed *internalpb.SegmentID) (err error) {
|
|
defer mon.Task()(&ctx)(&err)
|
|
bytes, err := EncodeSegmentID(ctx, signed)
|
|
if err != nil {
|
|
return Error.Wrap(err)
|
|
}
|
|
|
|
return satellite.HashAndVerifySignature(ctx, bytes, signed.SatelliteSignature)
|
|
}
|