diff --git a/policy/policy_contract.go b/policy/policy_contract.go index dd5876b..9d84eeb 100644 --- a/policy/policy_contract.go +++ b/policy/policy_contract.go @@ -4,6 +4,7 @@ import ( "git.frostfs.info/TrueCloudLab/frostfs-contract/common" "github.com/nspcc-dev/neo-go/pkg/interop" "github.com/nspcc-dev/neo-go/pkg/interop/iterator" + "github.com/nspcc-dev/neo-go/pkg/interop/native/crypto" "github.com/nspcc-dev/neo-go/pkg/interop/native/management" "github.com/nspcc-dev/neo-go/pkg/interop/runtime" "github.com/nspcc-dev/neo-go/pkg/interop/storage" @@ -16,6 +17,8 @@ type Kind byte const ( Namespace = 'n' Container = 'c' + User = 'u' + Group = 'g' IAM = 'i' ) @@ -105,6 +108,9 @@ func storageKey(prefix Kind, counter int, name []byte) []byte { } func mapKey(kind Kind, name []byte) []byte { + if len(name) > 0 { + name = crypto.Sha256(name) + } return append([]byte{mappingKeyPrefix, byte(kind)}, name...) } diff --git a/tests/policy_test.go b/tests/policy_test.go index 6690a1a..ea72f73 100644 --- a/tests/policy_test.go +++ b/tests/policy_test.go @@ -2,6 +2,7 @@ package tests import ( "bytes" + "crypto/sha256" "path" "testing" @@ -99,6 +100,12 @@ func TestPolicy(t *testing.T) { checkTargets(t, e, policy.Namespace, [][]byte{[]byte("mynamespace")}) checkTargets(t, e, policy.Container, [][]byte{[]byte("cnr1")}) }) + + t.Run("large entityname", func(t *testing.T) { + largeEntityName := "thisisverylargeentitynamethatcontainverylargenamespaceanduseraddress" + e.Invoke(t, stackitem.Null{}, "addChain", policy.User, largeEntityName, "s3:somerule", p1) + checkTargets(t, e, policy.User, [][]byte{[]byte(largeEntityName)}) + }) } func TestAutorization(t *testing.T) { @@ -185,8 +192,9 @@ func checkTargets(t *testing.T, e *neotest.ContractInvoker, kind byte, expected require.Equal(t, len(expected), len(targets)) for i := range expected { + exp := sha256.Sum256(expected[i]) bytesTargets, err := targets[i].TryBytes() require.NoError(t, err) - require.Equal(t, expected[i], bytesTargets) + require.Equal(t, exp[:], bytesTargets) } }