nspcc-dev · cthulhu-rider · Jun 11, 2025 · Jun 11, 2025
@@ -82,7 +82,7 @@ func (c *Client) BalanceGet(ctx context.Context, prm PrmBalanceGet) (accounting.
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -91,11 +91,6 @@ func (c *Client) BalanceGet(ctx context.Context, prm PrmBalanceGet) (accounting.
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protoaccounting.BalanceResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return res, err
-	}
-
 	if err = apistatus.ToError(resp.GetMetaHeader().GetStatus()); err != nil {
 		return res, err
 	}

@@ -188,12 +188,6 @@ func TestClient_BalanceGet(t *testing.T) {
 						return err
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestGetBalanceServer, newTestAccountingClient, func(c *Client) error {
-						_, err := c.BalanceGet(ctx, anyValidPrm)
-						return err
-					})
-				})
 				t.Run("payloads", func(t *testing.T) {
 					tcs := []invalidResponseBodyTestcase[protoaccounting.BalanceResponse_Body]{
 						{name: "missing", body: nil,

@@ -133,7 +133,6 @@ loop:
 		LocalNodeInfo(context.Context, *protonetmap.LocalNodeInfoRequest) (*protonetmap.LocalNodeInfoResponse, error)
 	}
 	dialSrv := newTestGetNodeInfoServer()
-	dialSrv.signResponsesBy(testServerSignerOnDial.ECDSAPrivateKey)
 	dialSrv.respondWithNodePublicKey(testServerStateOnDial.pub)
 	dialSrv.respondWithMeta(&protosession.ResponseMetaHeader{Epoch: testServerStateOnDial.epoch})
 	handleDial := func(_ any, ctx context.Context, dec func(any) error, _ grpc.UnaryServerInterceptor) (any, error) {
@@ -609,27 +608,6 @@ func (x *testCommonServerStreamServerSettings[_, _, RESPBODY, RESP]) tuneNResp(n
 	x.resps[n] = s
 }
 
-// tells the server whether to sign the n-th response or not. By default, any
-// response is signed.
-//
-// Overrides signResponsesBy.
-func (x *testCommonServerStreamServerSettings[_, _, RESPBODY, RESP]) respondWithoutSigning(n uint) {
-	x.tuneNResp(n, func(s *testCommonResponseServerSettings[RESPBODY, RESP]) {
-		s.respondWithoutSigning()
-	})
-}
-
-// makes the server to sign n-th response using given signer. By default, and
-// if nil, random signer is used.
-//
-// No-op if signing is disabled using respondWithoutSigning.
-// nolint:unused // will be needed for https://github.com/nspcc-dev/neofs-sdk-go/issues/653
-func (x *testCommonServerStreamServerSettings[_, _, RESPBODY, RESP]) signResponsesBy(n uint, signer ecdsa.PrivateKey) {
-	x.tuneNResp(n, func(s *testCommonResponseServerSettings[RESPBODY, RESP]) {
-		s.signResponsesBy(signer)
-	})
-}
-
 // makes the server to return n-th response with given meta header. By default,
 // and if nil, no header is attached.
 //
@@ -824,22 +802,6 @@ type testCommonResponseServerSettings[
 	respBodyForced bool // if respBody = nil is explicitly set
 }
 
-// tells the server whether to sign all the responses or not. By default, any
-// response is signed.
-//
-// Overrides signResponsesBy.
-func (x *testCommonResponseServerSettings[_, _]) respondWithoutSigning() {
-	x.respUnsigned = true
-}
-
-// makes the server to always sign responses using given signer. By default, and
-// if nil, random signer is used.
-//
-// No-op if signing is disabled using respondWithoutSigning.
-func (x *testCommonResponseServerSettings[_, _]) signResponsesBy(key ecdsa.PrivateKey) {
-	x.respSigner = &key
-}
-
 // makes the server to always respond with the given meta header. By default,
 // and if nil, no header is attached.
 //
@@ -963,24 +925,6 @@ func testTransportFailure[SRV interface{ setHandlerError(error) }](
 	assertTransportErr(t, transportErr, err)
 }
 
-// asserts that given [Client] op returns an expected error when built test
-// server responds with incorrect verification header. The op must be executed
-// with all the correct parameters.
-func testInvalidResponseVerificationHeader[SRV interface{ respondWithoutSigning() }](
-	t testing.TB,
-	newSrv func() SRV,
-	connect func(t testing.TB, srv any) *Client,
-	op testedClientOp,
-) {
-	srv := newSrv()
-	srv.respondWithoutSigning()
-	// TODO: add cases with less radical corruption such as replacing one byte or
-	//  dropping only one of the signatures.
-	// Note: TBD during transition to proto/* packages in current repository.
-	c := connect(t, srv)
-	require.ErrorContains(t, op(c), "invalid response signature")
-}
-
 type invalidResponseBodyTestcase[BODY any] struct {
 	name      string
 	body      *BODY
@@ -1285,7 +1229,7 @@ func testIncorrectUnaryRPCResponseFormat(t testing.TB, svcName, method string, o
 		impl: nil, // disables interface assert
 	}
 	c := newClient(t, svc)
-	require.ErrorContains(t, op(c), "invalid response signature")
+	require.Error(t, op(c))
 	// TODO(https://github.com/nspcc-dev/neofs-sdk-go/issues/661): Although the
 	//  client will not accept such a response, current error does not make it clear
 	//  what exactly the problem is. It is worth reacting to the incorrect structure
@@ -1297,17 +1241,13 @@ func testIncorrectUnaryRPCResponseFormat(t testing.TB, svcName, method string, o
 // executed with all the correct parameters.
 func testUnaryResponseCallback[SRV interface {
 	respondWithMeta(*protosession.ResponseMetaHeader)
-	signResponsesBy(ecdsa.PrivateKey)
 }](
 	t testing.TB,
 	newSrv func() SRV,
 	newSvc func(t testing.TB, srv any) testService,
 	op testedClientOp,
 ) {
 	srv := newSrv()
-	srvSigner := neofscryptotest.Signer()
-	srvPub := neofscrypto.PublicKeyBytes(srvSigner.Public())
-	srv.signResponsesBy(srvSigner.ECDSAPrivateKey)
 	srvEpoch := rand.Uint64()
 	srv.respondWithMeta(&protosession.ResponseMetaHeader{Epoch: srvEpoch})
 
@@ -1330,13 +1270,13 @@ func testUnaryResponseCallback[SRV interface {
 
 	err := op(c)
 	require.NoError(t, err)
-	assert(srvEpoch, srvPub)
+	assert(srvEpoch, testServerStateOnDial.pub)
 
 	handlerErr = errors.New("any response meta handler failure")
 	err = op(c)
 	require.ErrorContains(t, err, "response callback error")
 	require.ErrorIs(t, err, handlerErr)
-	assert(srvEpoch, srvPub)
+	assert(srvEpoch, testServerStateOnDial.pub)
 }
 
 // checks that the [Client] correctly keeps exec statistics of specified ops

@@ -140,7 +140,7 @@ func (c *Client) ContainerPut(ctx context.Context, cont container.Container, sig
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -149,11 +149,6 @@ func (c *Client) ContainerPut(ctx context.Context, cont container.Container, sig
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.PutResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return res, err
-	}
-
 	if err = apistatus.ToError(resp.GetMetaHeader().GetStatus()); err != nil {
 		return res, err
 	}
@@ -224,7 +219,7 @@ func (c *Client) ContainerGet(ctx context.Context, id cid.ID, prm PrmContainerGe
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -233,11 +228,6 @@ func (c *Client) ContainerGet(ctx context.Context, id cid.ID, prm PrmContainerGe
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.GetResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return res, err
-	}
-
 	if err = apistatus.ToError(resp.GetMetaHeader().GetStatus()); err != nil {
 		return res, err
 	}
@@ -305,7 +295,7 @@ func (c *Client) ContainerList(ctx context.Context, ownerID user.ID, prm PrmCont
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -314,11 +304,6 @@ func (c *Client) ContainerList(ctx context.Context, ownerID user.ID, prm PrmCont
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.ListResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return nil, err
-	}
-
 	if err = apistatus.ToError(resp.GetMetaHeader().GetStatus()); err != nil {
 		return nil, err
 	}
@@ -448,7 +433,7 @@ func (c *Client) ContainerDelete(ctx context.Context, id cid.ID, signer neofscry
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -457,11 +442,6 @@ func (c *Client) ContainerDelete(ctx context.Context, id cid.ID, signer neofscry
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.DeleteResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return err
-	}
-
 	err = apistatus.ToError(resp.GetMetaHeader().GetStatus())
 	return err
 }
@@ -516,7 +496,7 @@ func (c *Client) ContainerEACL(ctx context.Context, id cid.ID, prm PrmContainerE
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -525,11 +505,6 @@ func (c *Client) ContainerEACL(ctx context.Context, id cid.ID, prm PrmContainerE
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.GetExtendedACLResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return res, err
-	}
-
 	if err = apistatus.ToError(resp.GetMetaHeader().GetStatus()); err != nil {
 		return res, err
 	}
@@ -667,7 +642,7 @@ func (c *Client) ContainerSetEACL(ctx context.Context, table eacl.Table, signer
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -676,11 +651,6 @@ func (c *Client) ContainerSetEACL(ctx context.Context, table eacl.Table, signer
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.SetExtendedACLResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return err
-	}
-
 	err = apistatus.ToError(resp.GetMetaHeader().GetStatus())
 	return err
 }
@@ -751,7 +721,7 @@ func (c *Client) ContainerAnnounceUsedSpace(ctx context.Context, announcements [
 
 	if c.prm.cbRespInfo != nil {
 		err = c.prm.cbRespInfo(ResponseMetaInfo{
-			key:   resp.GetVerifyHeader().GetBodySignature().GetKey(),
+			key:   c.nodeKey,
 			epoch: resp.GetMetaHeader().GetEpoch(),
 		})
 		if err != nil {
@@ -760,11 +730,6 @@ func (c *Client) ContainerAnnounceUsedSpace(ctx context.Context, announcements [
 		}
 	}
 
-	if err = neofscrypto.VerifyResponseWithBuffer[*protocontainer.AnnounceUsedSpaceResponse_Body](resp, *buf); err != nil {
-		err = fmt.Errorf("%w: %w", errResponseSignatures, err)
-		return err
-	}
-
 	err = apistatus.ToError(resp.GetMetaHeader().GetStatus())
 	return err
 }

@@ -770,12 +770,6 @@ func TestClient_ContainerPut(t *testing.T) {
 						return err
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestPutContainerServer, newTestContainerClient, func(c *Client) error {
-						_, err := c.ContainerPut(ctx, anyValidContainer, anyValidSigner, anyValidOpts)
-						return err
-					})
-				})
 				t.Run("payloads", func(t *testing.T) {
 					type testcase = invalidResponseBodyTestcase[protocontainer.PutResponse_Body]
 					tcs := []testcase{
@@ -1060,12 +1054,6 @@ func TestClient_ContainerGet(t *testing.T) {
 						return err
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestGetContainerServer, newTestContainerClient, func(c *Client) error {
-						_, err := c.ContainerGet(ctx, anyID, anyValidOpts)
-						return err
-					})
-				})
 				t.Run("payloads", func(t *testing.T) {
 					type testcase = invalidResponseBodyTestcase[protocontainer.GetResponse_Body]
 					tcs := []testcase{
@@ -1281,12 +1269,6 @@ func TestClient_ContainerList(t *testing.T) {
 						return err
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestListContainersServer, newTestContainerClient, func(c *Client) error {
-						_, err := c.ContainerList(ctx, anyUser, anyValidOpts)
-						return err
-					})
-				})
 				t.Run("payloads", func(t *testing.T) {
 					type testcase = invalidResponseBodyTestcase[protocontainer.ListResponse_Body]
 					var tcs []testcase
@@ -1454,11 +1436,6 @@ func TestClient_ContainerDelete(t *testing.T) {
 						return c.ContainerDelete(ctx, anyID, anyValidSigner, anyValidOpts)
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestDeleteContainerServer, newTestContainerClient, func(c *Client) error {
-						return c.ContainerDelete(ctx, anyID, anyValidSigner, anyValidOpts)
-					})
-				})
 			})
 		})
 	})
@@ -1581,12 +1558,6 @@ func TestClient_ContainerEACL(t *testing.T) {
 						return err
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestGetEACLServer, newTestContainerClient, func(c *Client) error {
-						_, err := c.ContainerEACL(ctx, anyID, anyValidOpts)
-						return err
-					})
-				})
 				t.Run("payloads", func(t *testing.T) {
 					type testcase = invalidResponseBodyTestcase[protocontainer.GetExtendedACLResponse_Body]
 					tcs := []testcase{
@@ -1779,11 +1750,6 @@ func TestClient_ContainerSetEACL(t *testing.T) {
 						return c.ContainerSetEACL(ctx, anyValidEACL, anyValidSigner, anyValidOpts)
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestSetEACLServer, newTestContainerClient, func(c *Client) error {
-						return c.ContainerSetEACL(ctx, anyValidEACL, anyValidSigner, anyValidOpts)
-					})
-				})
 			})
 		})
 	})
@@ -1908,11 +1874,6 @@ func TestClient_ContainerAnnounceUsedSpace(t *testing.T) {
 						return c.ContainerAnnounceUsedSpace(ctx, anyValidAnnouncements, anyValidOpts)
 					})
 				})
-				t.Run("verification header", func(t *testing.T) {
-					testInvalidResponseVerificationHeader(t, newTestAnnounceContainerSpaceServer, newTestContainerClient, func(c *Client) error {
-						return c.ContainerAnnounceUsedSpace(ctx, anyValidAnnouncements, anyValidOpts)
-					})
-				})
 			})
 		})
 	})