From b9b920df4622c24046affe6c7877fcdf23e104ed Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Tue, 17 Sep 2024 17:07:40 +0400 Subject: [PATCH] session: Provide getters of lifetime claims Previously they could not be obtained directly. It's natural need to get what was set, e.g. in unit tests, logging, etc. So, it's better to provide way to receive such an open info. Signed-off-by: Leonard Lyubich --- session/common.go | 19 ++++++++++++++-- session/common_test.go | 47 +++++++++++++++++++++++++++++++++++++++ session/container_test.go | 19 ++++++++++++---- session/object_test.go | 19 ++++++++++++---- 4 files changed, 94 insertions(+), 10 deletions(-) create mode 100644 session/common_test.go diff --git a/session/common.go b/session/common.go index f75a3a9f..7e46491e 100644 --- a/session/common.go +++ b/session/common.go @@ -243,6 +243,11 @@ func (x *commonData) SetExp(exp uint64) { x.exp = exp } +// Exp returns "exp" (expiration time) claim. +func (x commonData) Exp() uint64 { + return x.exp +} + // SetNbf sets "nbf" (not before) claim which identifies the time (in NeoFS // epochs) before which the session MUST NOT be accepted for processing. // The processing of the "nbf" claim requires that the current date/time MUST be @@ -255,6 +260,11 @@ func (x *commonData) SetNbf(nbf uint64) { x.nbf = nbf } +// Nbf returns "nbf" (not before) claim. +func (x commonData) Nbf() uint64 { + return x.nbf +} + // SetIat sets "iat" (issued at) claim which identifies the time (in NeoFS // epochs) at which the session was issued. This claim can be used to // determine the age of the session. @@ -266,8 +276,13 @@ func (x *commonData) SetIat(iat uint64) { x.iat = iat } +// Iat returns "iat" (issued at) claim. +func (x commonData) Iat() uint64 { + return x.iat +} + func (x commonData) expiredAt(epoch uint64) bool { - return x.exp < epoch + return x.Exp() < epoch } // InvalidAt asserts "exp", "nbf" and "iat" claims. @@ -276,7 +291,7 @@ func (x commonData) expiredAt(epoch uint64) bool { // // See also SetExp, SetNbf, SetIat. func (x commonData) InvalidAt(epoch uint64) bool { - return x.expiredAt(epoch) || x.nbf > epoch || x.iat > epoch + return x.expiredAt(epoch) || x.Nbf() > epoch || x.Iat() > epoch } // SetID sets a unique identifier for the session. The identifier value MUST be diff --git a/session/common_test.go b/session/common_test.go new file mode 100644 index 00000000..22d64366 --- /dev/null +++ b/session/common_test.go @@ -0,0 +1,47 @@ +package session_test + +import ( + "testing" + + "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/stretchr/testify/require" +) + +func testLifetimeClaim[T session.Container | session.Object](t testing.TB, get func(T) uint64, set func(*T, uint64)) { + var x T + require.Zero(t, get(x)) + set(&x, 12094032) + require.EqualValues(t, 12094032, get(x)) + set(&x, 5469830342) + require.EqualValues(t, 5469830342, get(x)) +} + +type lifetime interface { + SetExp(uint64) + SetIat(uint64) + SetNbf(uint64) + InvalidAt(uint64) bool +} + +func testInvalidAt(t testing.TB, x lifetime) { + require.False(t, x.InvalidAt(0)) + + const iat = 13 + const nbf = iat + 1 + const exp = nbf + 1 + + x.SetIat(iat) + x.SetNbf(nbf) + x.SetExp(exp) + + require.True(t, x.InvalidAt(iat-1)) + require.True(t, x.InvalidAt(iat)) + require.False(t, x.InvalidAt(nbf)) + require.False(t, x.InvalidAt(exp)) + require.True(t, x.InvalidAt(exp+1)) +} + +func TestInvalidAt(t *testing.T) { + testInvalidAt(t, new(session.Container)) + testInvalidAt(t, new(session.Object)) +} diff --git a/session/container_test.go b/session/container_test.go index e322c843..caae3a49 100644 --- a/session/container_test.go +++ b/session/container_test.go @@ -152,10 +152,9 @@ func TestContainerProtocolV2(t *testing.T) { }, restore: restoreLifetime, assert: func(val session.Container) { - require.True(t, val.InvalidAt(1)) - require.False(t, val.InvalidAt(2)) - require.False(t, val.InvalidAt(3)) - require.True(t, val.InvalidAt(4)) + require.EqualValues(t, 1, val.Iat()) + require.EqualValues(t, 2, val.Nbf()) + require.EqualValues(t, 3, val.Exp()) }, breakSign: func(m *v2session.Token) { lt := m.GetBody().GetLifetime() @@ -624,3 +623,15 @@ func TestContainer_VerifyDataSignature(t *testing.T) { require.False(t, tok.VerifySessionDataSignature(append(data, 1), sigV2.GetSign())) require.False(t, tok.VerifySessionDataSignature(data, append(sigV2.GetSign(), 1))) } + +func TestContainer_SetExp(t *testing.T) { + testLifetimeClaim(t, session.Container.Exp, (*session.Container).SetExp) +} + +func TestContainer_SetIat(t *testing.T) { + testLifetimeClaim(t, session.Container.Iat, (*session.Container).SetIat) +} + +func TestContainer_SetNbf(t *testing.T) { + testLifetimeClaim(t, session.Container.Nbf, (*session.Container).SetNbf) +} diff --git a/session/object_test.go b/session/object_test.go index 1449fdaa..d275cd35 100644 --- a/session/object_test.go +++ b/session/object_test.go @@ -157,10 +157,9 @@ func TestObjectProtocolV2(t *testing.T) { }, restore: restoreLifetime, assert: func(val session.Object) { - require.True(t, val.InvalidAt(1)) - require.False(t, val.InvalidAt(2)) - require.False(t, val.InvalidAt(3)) - require.True(t, val.InvalidAt(4)) + require.EqualValues(t, 1, val.Iat()) + require.EqualValues(t, 2, val.Nbf()) + require.EqualValues(t, 3, val.Exp()) }, breakSign: func(m *v2session.Token) { lt := m.GetBody().GetLifetime() @@ -681,3 +680,15 @@ func TestObject_SignedData(t *testing.T) { usertest.TestSignedData(t, issuer, &tokenSession) } + +func TestObject_SetExp(t *testing.T) { + testLifetimeClaim(t, session.Object.Exp, (*session.Object).SetExp) +} + +func TestObject_SetIat(t *testing.T) { + testLifetimeClaim(t, session.Object.Iat, (*session.Object).SetIat) +} + +func TestObject_SetNbf(t *testing.T) { + testLifetimeClaim(t, session.Object.Nbf, (*session.Object).SetNbf) +}