diff --git a/session/common.go b/session/common.go index f75a3a9f..7e46491e 100644 --- a/session/common.go +++ b/session/common.go @@ -243,6 +243,11 @@ func (x *commonData) SetExp(exp uint64) { x.exp = exp } +// Exp returns "exp" (expiration time) claim. +func (x commonData) Exp() uint64 { + return x.exp +} + // SetNbf sets "nbf" (not before) claim which identifies the time (in NeoFS // epochs) before which the session MUST NOT be accepted for processing. // The processing of the "nbf" claim requires that the current date/time MUST be @@ -255,6 +260,11 @@ func (x *commonData) SetNbf(nbf uint64) { x.nbf = nbf } +// Nbf returns "nbf" (not before) claim. +func (x commonData) Nbf() uint64 { + return x.nbf +} + // SetIat sets "iat" (issued at) claim which identifies the time (in NeoFS // epochs) at which the session was issued. This claim can be used to // determine the age of the session. @@ -266,8 +276,13 @@ func (x *commonData) SetIat(iat uint64) { x.iat = iat } +// Iat returns "iat" (issued at) claim. +func (x commonData) Iat() uint64 { + return x.iat +} + func (x commonData) expiredAt(epoch uint64) bool { - return x.exp < epoch + return x.Exp() < epoch } // InvalidAt asserts "exp", "nbf" and "iat" claims. @@ -276,7 +291,7 @@ func (x commonData) expiredAt(epoch uint64) bool { // // See also SetExp, SetNbf, SetIat. func (x commonData) InvalidAt(epoch uint64) bool { - return x.expiredAt(epoch) || x.nbf > epoch || x.iat > epoch + return x.expiredAt(epoch) || x.Nbf() > epoch || x.Iat() > epoch } // SetID sets a unique identifier for the session. The identifier value MUST be diff --git a/session/common_test.go b/session/common_test.go new file mode 100644 index 00000000..22d64366 --- /dev/null +++ b/session/common_test.go @@ -0,0 +1,47 @@ +package session_test + +import ( + "testing" + + "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/stretchr/testify/require" +) + +func testLifetimeClaim[T session.Container | session.Object](t testing.TB, get func(T) uint64, set func(*T, uint64)) { + var x T + require.Zero(t, get(x)) + set(&x, 12094032) + require.EqualValues(t, 12094032, get(x)) + set(&x, 5469830342) + require.EqualValues(t, 5469830342, get(x)) +} + +type lifetime interface { + SetExp(uint64) + SetIat(uint64) + SetNbf(uint64) + InvalidAt(uint64) bool +} + +func testInvalidAt(t testing.TB, x lifetime) { + require.False(t, x.InvalidAt(0)) + + const iat = 13 + const nbf = iat + 1 + const exp = nbf + 1 + + x.SetIat(iat) + x.SetNbf(nbf) + x.SetExp(exp) + + require.True(t, x.InvalidAt(iat-1)) + require.True(t, x.InvalidAt(iat)) + require.False(t, x.InvalidAt(nbf)) + require.False(t, x.InvalidAt(exp)) + require.True(t, x.InvalidAt(exp+1)) +} + +func TestInvalidAt(t *testing.T) { + testInvalidAt(t, new(session.Container)) + testInvalidAt(t, new(session.Object)) +} diff --git a/session/container_test.go b/session/container_test.go index e322c843..caae3a49 100644 --- a/session/container_test.go +++ b/session/container_test.go @@ -152,10 +152,9 @@ func TestContainerProtocolV2(t *testing.T) { }, restore: restoreLifetime, assert: func(val session.Container) { - require.True(t, val.InvalidAt(1)) - require.False(t, val.InvalidAt(2)) - require.False(t, val.InvalidAt(3)) - require.True(t, val.InvalidAt(4)) + require.EqualValues(t, 1, val.Iat()) + require.EqualValues(t, 2, val.Nbf()) + require.EqualValues(t, 3, val.Exp()) }, breakSign: func(m *v2session.Token) { lt := m.GetBody().GetLifetime() @@ -624,3 +623,15 @@ func TestContainer_VerifyDataSignature(t *testing.T) { require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign())) require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1))) } + +func TestContainer_SetExp(t *testing.T) { + testLifetimeClaim(t, session.Container.Exp, (*session.Container).SetExp) +} + +func TestContainer_SetIat(t *testing.T) { + testLifetimeClaim(t, session.Container.Iat, (*session.Container).SetIat) +} + +func TestContainer_SetNbf(t *testing.T) { + testLifetimeClaim(t, session.Container.Nbf, (*session.Container).SetNbf) +} diff --git a/session/object_test.go b/session/object_test.go index 1449fdaa..d275cd35 100644 --- a/session/object_test.go +++ b/session/object_test.go @@ -157,10 +157,9 @@ func TestObjectProtocolV2(t *testing.T) { }, restore: restoreLifetime, assert: func(val session.Object) { - require.True(t, val.InvalidAt(1)) - require.False(t, val.InvalidAt(2)) - require.False(t, val.InvalidAt(3)) - require.True(t, val.InvalidAt(4)) + require.EqualValues(t, 1, val.Iat()) + require.EqualValues(t, 2, val.Nbf()) + require.EqualValues(t, 3, val.Exp()) }, breakSign: func(m *v2session.Token) { lt := m.GetBody().GetLifetime() @@ -681,3 +680,15 @@ func TestObject_SignedData(t *testing.T) { usertest.TestSignedData(t, issuer, &tokenSession) } + +func TestObject_SetExp(t *testing.T) { + testLifetimeClaim(t, session.Object.Exp, (*session.Object).SetExp) +} + +func TestObject_SetIat(t *testing.T) { + testLifetimeClaim(t, session.Object.Iat, (*session.Object).SetIat) +} + +func TestObject_SetNbf(t *testing.T) { + testLifetimeClaim(t, session.Object.Nbf, (*session.Object).SetNbf) +}