policy/policy_contract.go

@@ -4,6 +4,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-contract/common"
 	"github.com/nspcc-dev/neo-go/pkg/interop"
 	"github.com/nspcc-dev/neo-go/pkg/interop/iterator"
+	"github.com/nspcc-dev/neo-go/pkg/interop/native/crypto"
 	"github.com/nspcc-dev/neo-go/pkg/interop/native/management"
 	"github.com/nspcc-dev/neo-go/pkg/interop/runtime"
 	"github.com/nspcc-dev/neo-go/pkg/interop/storage"
@@ -16,6 +17,8 @@ type Kind byte
 const (
 	Namespace = 'n'
 	Container = 'c'
+	User      = 'u'
+	Group     = 'g'
 	IAM       = 'i'
 )
 
@@ -105,6 +108,9 @@ func storageKey(prefix Kind, counter int, name []byte) []byte {
 }
 
 func mapKey(kind Kind, name []byte) []byte {
+	if len(name) > 0 {
+		name = crypto.Sha256(name)
+	}
 	return append([]byte{mappingKeyPrefix, byte(kind)}, name...)
 }
 

tests/policy_test.go

@@ -2,6 +2,7 @@ package tests
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"path"
 	"testing"
 
@@ -99,6 +100,12 @@ func TestPolicy(t *testing.T) {
 		checkTargets(t, e, policy.Namespace, [][]byte{[]byte("mynamespace")})
 		checkTargets(t, e, policy.Container, [][]byte{[]byte("cnr1")})
 	})
+
+	t.Run("large entityname", func(t *testing.T) {
+		largeEntityName := "thisisverylargeentitynamethatcontainverylargenamespaceanduseraddress"
+		e.Invoke(t, stackitem.Null{}, "addChain", policy.User, largeEntityName, "s3:somerule", p1)
+		checkTargets(t, e, policy.User, [][]byte{[]byte(largeEntityName)})
+	})
 }
 
 func TestAutorization(t *testing.T) {
@@ -185,8 +192,9 @@ func checkTargets(t *testing.T, e *neotest.ContractInvoker, kind byte, expected
 	require.Equal(t, len(expected), len(targets))
 
 	for i := range expected {
+		exp := sha256.Sum256(expected[i])
 		bytesTargets, err := targets[i].TryBytes()
 		require.NoError(t, err)
-		require.Equal(t, expected[i], bytesTargets)
+		require.Equal(t, exp[:], bytesTargets)
 	}
 }