From d69693c92dbd82cfe5e797f2dbffc6f32e0e2ff0 Mon Sep 17 00:00:00 2001
From: Peter Amstutz <pamstutz@veritasgenetics.com>
Date: Mon, 10 Sep 2018 16:18:01 -0400
Subject: [PATCH] 13993: Consolidate SignedLocatorPattern with
 keepclient.SignedLocatorRe

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>
---
 lib/controller/federation.go      | 10 ++++------
 lib/controller/federation_test.go |  7 +++++--
 sdk/go/keepclient/perms.go        | 10 ++++++----
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/lib/controller/federation.go b/lib/controller/federation.go
index 3467a6de92..c4ccb15d25 100644
--- a/lib/controller/federation.go
+++ b/lib/controller/federation.go
@@ -19,6 +19,7 @@ import (
 	"git.curoverse.com/arvados.git/sdk/go/arvados"
 	"git.curoverse.com/arvados.git/sdk/go/auth"
 	"git.curoverse.com/arvados.git/sdk/go/httpserver"
+	"git.curoverse.com/arvados.git/sdk/go/keepclient"
 )
 
 var wfRe = regexp.MustCompile(`^/arvados/v1/workflows/([0-9a-z]{5})-[^/]+$`)
@@ -72,9 +73,6 @@ func (h *GenericFederatedRequestHandler) ServeHTTP(w http.ResponseWriter, req *h
 	h.handler.remoteClusterRequest(m[1], w, req, nil)
 }
 
-var SignedLocatorPattern = regexp.MustCompile(
-	`^([0-9a-fA-F]{32}\+[0-9]+)((\+[B-Z][A-Za-z0-9@_-]*)*)(\+A[A-Za-z0-9@_-]*)((\+[B-Z][A-Za-z0-9@_-]*)*)$`)
-
 type rewriteSignaturesClusterId string
 
 func (clusterId rewriteSignaturesClusterId) rewriteSignatures(resp *http.Response) (newResponse *http.Response, err error) {
@@ -93,7 +91,7 @@ func (clusterId rewriteSignaturesClusterId) rewriteSignatures(resp *http.Respons
 
 	// rewriting signatures will make manifest text 5-10% bigger so calculate
 	// capacity accordingly
-	updatedManifest := bytes.NewBuffer(make([]byte, 0, len(col.ManifestText)+(len(col.ManifestText)/10)))
+	updatedManifest := bytes.NewBuffer(make([]byte, 0, int(float64(len(col.ManifestText))*1.1)))
 
 	scanner := bufio.NewScanner(strings.NewReader(col.ManifestText))
 	scanner.Buffer(make([]byte, 1048576), len(col.ManifestText))
@@ -107,10 +105,10 @@ func (clusterId rewriteSignaturesClusterId) rewriteSignatures(resp *http.Respons
 		updatedManifest.WriteString(tokens[0])
 		for _, token := range tokens[1:] {
 			updatedManifest.WriteString(" ")
-			m := SignedLocatorPattern.FindStringSubmatch(token)
+			m := keepclient.SignedLocatorRe.FindStringSubmatch(token)
 			if m != nil {
 				// Rewrite the block signature to be a remote signature
-				fmt.Fprintf(updatedManifest, "%s%s+R%s-%s%s", m[1], m[2], clusterId, m[4][2:], m[5])
+				fmt.Fprintf(updatedManifest, "%s%s%s+R%s-%s%s", m[1], m[2], m[3], clusterId, m[5][2:], m[8])
 			} else {
 				updatedManifest.WriteString(token)
 			}
diff --git a/lib/controller/federation_test.go b/lib/controller/federation_test.go
index 1b9bd11221..f70a8981f4 100644
--- a/lib/controller/federation_test.go
+++ b/lib/controller/federation_test.go
@@ -16,6 +16,7 @@ import (
 	"git.curoverse.com/arvados.git/sdk/go/arvados"
 	"git.curoverse.com/arvados.git/sdk/go/arvadostest"
 	"git.curoverse.com/arvados.git/sdk/go/httpserver"
+	"git.curoverse.com/arvados.git/sdk/go/keepclient"
 	"github.com/Sirupsen/logrus"
 	check "gopkg.in/check.v1"
 )
@@ -313,11 +314,13 @@ func (s *FederationSuite) TestGetRemoteCollection(c *check.C) {
 `)
 
 	// Confirm the regular expression identifies other groups of hints correctly
-	c.Check(SignedLocatorPattern.FindStringSubmatch(`6a4ff0499484c6c79c95cd8c566bd25f+249025+B1+C2+A05227438989d04712ea9ca1c91b556cef01d5cc7@5ba5405b+D3+E4`),
+	c.Check(keepclient.SignedLocatorRe.FindStringSubmatch(`6a4ff0499484c6c79c95cd8c566bd25f+249025+B1+C2+A05227438989d04712ea9ca1c91b556cef01d5cc7@5ba5405b+D3+E4`),
 		check.DeepEquals,
 		[]string{"6a4ff0499484c6c79c95cd8c566bd25f+249025+B1+C2+A05227438989d04712ea9ca1c91b556cef01d5cc7@5ba5405b+D3+E4",
-			"6a4ff0499484c6c79c95cd8c566bd25f+249025",
+			"6a4ff0499484c6c79c95cd8c566bd25f",
+			"+249025",
 			"+B1+C2", "+C2",
 			"+A05227438989d04712ea9ca1c91b556cef01d5cc7@5ba5405b",
+			"05227438989d04712ea9ca1c91b556cef01d5cc7", "5ba5405b",
 			"+D3+E4", "+E4"})
 }
diff --git a/sdk/go/keepclient/perms.go b/sdk/go/keepclient/perms.go
index 68f0b46bea..a77983322d 100644
--- a/sdk/go/keepclient/perms.go
+++ b/sdk/go/keepclient/perms.go
@@ -65,7 +65,9 @@ func SignLocator(blobLocator, apiToken string, expiry time.Time, blobSignatureTT
 		"@" + timestampHex
 }
 
-var signedLocatorRe = regexp.MustCompile(`^([[:xdigit:]]{32}).*\+A([[:xdigit:]]{40})@([[:xdigit:]]{8})`)
+var SignedLocatorRe = regexp.MustCompile(
+	//1                 2          34                         5   6                  7                 89
+	`^([[:xdigit:]]{32})(\+[0-9]+)?((\+[B-Z][A-Za-z0-9@_-]*)*)(\+A([[:xdigit:]]{40})@([[:xdigit:]]{8}))((\+[B-Z][A-Za-z0-9@_-]*)*)$`)
 
 // VerifySignature returns nil if the signature on the signedLocator
 // can be verified using the given apiToken. Otherwise it returns
@@ -78,13 +80,13 @@ var signedLocatorRe = regexp.MustCompile(`^([[:xdigit:]]{32}).*\+A([[:xdigit:]]{
 // This function is intended to be used by system components and admin
 // utilities: userland programs do not know the permissionSecret.
 func VerifySignature(signedLocator, apiToken string, blobSignatureTTL time.Duration, permissionSecret []byte) error {
-	matches := signedLocatorRe.FindStringSubmatch(signedLocator)
+	matches := SignedLocatorRe.FindStringSubmatch(signedLocator)
 	if matches == nil {
 		return ErrSignatureMissing
 	}
 	blobHash := matches[1]
-	signatureHex := matches[2]
-	expiryHex := matches[3]
+	signatureHex := matches[6]
+	expiryHex := matches[7]
 	if expiryTime, err := parseHexTimestamp(expiryHex); err != nil {
 		return ErrSignatureInvalid
 	} else if expiryTime.Before(time.Now()) {
-- 
2.30.2