namer/signer/verifier: implementation

Closes TNTP-4190

Author: patapenka-alexey

hasher/hasher_test.go

@@ -61,9 +61,9 @@ func TestSHA256Hasher(t *testing.T) {
 	t.Parallel()
 
 	tests := []struct {
-		name string
-		in   []byte
-		out  string
+		name     string
+		in       []byte
+		expected string
 	}{
 		{"empty", []byte(""), "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},
 		{"abc", []byte("abc"), "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"},
@@ -77,7 +77,7 @@ func TestSHA256Hasher(t *testing.T) {
 
 			result, _ := h.Hash(test.in)
 
-			assert.Equal(t, test.out, hex.EncodeToString(result))
+			assert.Equal(t, test.expected, hex.EncodeToString(result))
 		})
 	}
 }

marshaller/marshaller.go

@@ -17,24 +17,24 @@ var ErrUnmarshall = errors.New("failed to unmarshal")
 // implements one time for all objects.
 // Required for `integrity.Storage` to set marshalling format for any type object
 // and as recommendation for developers of `Storage` wrappers.
-type DefaultMarshaller interface {
+type DefaultMarshaller interface { //nolint:iface
 	Marshal(data any) ([]byte, error)
 	Unmarshal(data []byte, out any) error
 }
 
 // Marshallable - custom object serialization, implements for each object.
 // Required for `integrity.Storage` type to set marshalling format to specific object
 // and as recommendation for developers of `Storage` wrappers.
-type Marshallable interface {
-	Marshal() ([]byte, error)
+type Marshallable interface { //nolint:iface
+	Marshal(data any) ([]byte, error)
 	Unmarshal(data []byte, out any) error
 }
 
 // YAMLMarshaller struct represent realization.
 type YAMLMarshaller struct{}
 
 // NewYamlMarshaller creates new NewYamlMarshaller object.
-func NewYamlMarshaller() YAMLMarshaller {
+func NewYamlMarshaller() Marshallable {
 	return YAMLMarshaller{}
 }
 

namer/namer.go

@@ -2,7 +2,15 @@
 package namer
 
 import (
+	"bytes"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/tarantool/go-storage/crypto"
+	"github.com/tarantool/go-storage/hasher"
 	"github.com/tarantool/go-storage/kv"
+	"github.com/tarantool/go-storage/marshaller"
 )
 
 // KeyType represents key types.
@@ -17,6 +25,19 @@ const (
 	KeyTypeSignature
 )
 
+const (
+	hashName    = "hash"
+	sigName     = "sig"
+	namesNumber = 3
+)
+
+var (
+	// ErrInvalidKey is returned when missing key, hash or signature.
+	ErrInvalidKey = errors.New("missing key, hash or signature")
+	// ErrHashMismatch is returned when hash mismatch.
+	ErrHashMismatch = errors.New("hash mismatch")
+)
+
 // Key implements internal realization.
 type Key struct {
 	Name     string  // Object identificator.
@@ -30,6 +51,69 @@ type Namer interface {
 	ParseNames(names []string) []Key    // Convert names into keys.
 }
 
+// -----------------------------------------------------------------------------
+
+// DefaultNamer represents default namer.
+type DefaultNamer struct {
+	prefix string
+}
+
+// NewDefaultNamer returns new DefaultNamer object.
+func NewDefaultNamer(prefix string) *DefaultNamer {
+	return &DefaultNamer{
+		prefix: prefix,
+	}
+}
+
+// GenerateNames generates set on names from basic name.
+func (n *DefaultNamer) GenerateNames(name string) []string {
+	return []string{
+		n.prefix + "/" + name,
+		n.prefix + "/" + hashName + "/" + name,
+		n.prefix + "/" + sigName + "/" + name,
+	}
+}
+
+// ParseNames returns set of Keys with different types.
+func (n *DefaultNamer) ParseNames(names []string) []Key {
+	keys := make([]Key, 0, namesNumber)
+
+	for _, name := range names {
+		var key Key
+
+		// Remove prefix.
+		result := strings.ReplaceAll(name, n.prefix, "")
+
+		parts := strings.Split(result, "/")
+
+		key.Name = name
+
+		switch parts[1] {
+		case "all":
+			{
+				key.Property = ""
+				key.Type = KeyTypeValue
+			}
+		case "hash":
+			{
+				key.Property = ""
+				key.Type = KeyTypeHash
+			}
+		case "sig":
+			{
+				key.Property = ""
+				key.Type = KeyTypeSignature
+			}
+		}
+
+		keys = append(keys, key)
+	}
+
+	return keys
+}
+
+//-----------------------------------------------------------------------------
+
 // Generator generates signer K/V pairs.
 // Implementation should use `generic` and will used for strong typing of the solution.
 type Generator[T any] interface {
@@ -40,3 +124,123 @@ type Generator[T any] interface {
 type Validator[T any] interface {
 	Validate(pairs []kv.KeyValue) (T, error)
 }
+
+//-----------------------------------------------------------------------------
+
+// DefaultGeneratorValidator represent default generator-validator.
+type DefaultGeneratorValidator[T any] struct {
+	Namer          Namer
+	Hasher         hasher.Hasher
+	SignerVerifier crypto.SignerVerifier
+	Marshaller     marshaller.Marshallable
+}
+
+// NewDefaultGeneratorValidator returns new object.
+func NewDefaultGeneratorValidator[T any](
+	namer Namer,
+	hasher hasher.Hasher,
+	signverifier crypto.SignerVerifier,
+	marshaller marshaller.Marshallable,
+) DefaultGeneratorValidator[T] {
+	return DefaultGeneratorValidator[T]{
+		Namer:          namer,
+		Hasher:         hasher,
+		SignerVerifier: signverifier,
+		Marshaller:     marshaller,
+	}
+}
+
+// Generate create KV pairs with value, hash and signature.
+func (gv DefaultGeneratorValidator[T]) Generate(name string, value T) ([]kv.KeyValue, error) {
+	var kvList []kv.KeyValue
+
+	blob, err := gv.Marshaller.Marshal(value)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal: %w", err)
+	}
+
+	hash, err := gv.Hasher.Hash(blob)
+	if err != nil {
+		return nil, fmt.Errorf("failed to hash: %w", err)
+	}
+
+	signature, err := gv.SignerVerifier.Sign(hash)
+	if err != nil {
+		return nil, fmt.Errorf("failed to sign: %w", err)
+	}
+
+	names := gv.Namer.GenerateNames(name)
+	keys := gv.Namer.ParseNames(names)
+
+	for _, key := range keys {
+		switch key.Type {
+		case KeyTypeValue:
+			{
+				kvList = append(kvList, kv.KeyValue{
+					Key:         []byte(key.Name),
+					Value:       blob,
+					ModRevision: 1,
+				})
+			}
+		case KeyTypeHash:
+			{
+				kvList = append(kvList, kv.KeyValue{
+					Key:         []byte(key.Name),
+					Value:       hash,
+					ModRevision: 1,
+				})
+			}
+		case KeyTypeSignature:
+			{
+				kvList = append(kvList, kv.KeyValue{
+					Key:         []byte(key.Name),
+					Value:       signature,
+					ModRevision: 1,
+				})
+			}
+		}
+	}
+
+	return kvList, nil
+}
+
+// Validate checks hash match, verify signature, unmarshall object and return it.
+func (gv DefaultGeneratorValidator[T]) Validate(pairs []kv.KeyValue) (T, error) {
+	var value T
+
+	var blob []byte
+
+	var hash, signature []byte
+
+	for _, keyvalue := range pairs {
+		switch {
+		case strings.Contains(string(keyvalue.Key), hashName):
+			hash = keyvalue.Value
+		case strings.Contains(string(keyvalue.Key), sigName):
+			signature = keyvalue.Value
+		default:
+			blob = keyvalue.Value
+		}
+	}
+
+	if blob == nil || hash == nil || signature == nil {
+		return value, ErrInvalidKey
+	}
+
+	err := gv.SignerVerifier.Verify(hash, signature)
+	if err != nil {
+		return value, fmt.Errorf("signature verification failed: %w", err)
+	}
+
+	computedHash, err := gv.Hasher.Hash(blob)
+	if !bytes.Equal(computedHash, hash) || err != nil {
+		return value, ErrHashMismatch
+	}
+
+	err = gv.Marshaller.Unmarshal(blob, &value)
+	if err != nil {
+		return value, fmt.Errorf("failed to unmarshal: %w", err)
+	}
+
+	return value, nil
+}