package tests import ( "errors" "path" "testing" "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client" "github.com/nspcc-dev/neo-go/pkg/core/interop/storage" "github.com/nspcc-dev/neo-go/pkg/core/native/nativenames" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/neorpc/result" "github.com/nspcc-dev/neo-go/pkg/neotest" "github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap" "github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/vm" "github.com/nspcc-dev/neo-go/pkg/vm/stackitem" "github.com/nspcc-dev/neo-go/pkg/vm/vmstate" "github.com/nspcc-dev/neo-go/pkg/wallet" "github.com/stretchr/testify/require" ) const frostfsidPath = "../frostfsid" const defaultNamespace = "" const ( setAdminMethod = "setAdmin" getAdminMethod = "getAdmin" clearAdminMethod = "clearAdmin" createSubjectMethod = "createSubject" getSubjectMethod = "getSubject" listSubjectsMethod = "listSubjects" addSubjectKeyMethod = "addSubjectKey" removeSubjectKeyMethod = "removeSubjectKey" getSubjectByKeyMethod = "getSubjectByKey" getSubjectKeyByNameMethod = "getSubjectKeyByName" setSubjectNameMethod = "setSubjectName" setSubjectKVMethod = "setSubjectKV" deleteSubjectKVMethod = "deleteSubjectKV" deleteSubjectMethod = "deleteSubject" createNamespaceMethod = "createNamespace" getNamespaceMethod = "getNamespace" getNamespaceExtendedMethod = "getNamespaceExtended" listNamespacesMethod = "listNamespaces" listNamespaceSubjectsMethod = "listNamespaceSubjects" createGroupMethod = "createGroup" getGroupMethod = "getGroup" getGroupExtendedMethod = "getGroupExtended" getGroupIDByNameMethod = "getGroupIDByName" setGroupNameMethod = "setGroupName" setGroupKVMethod = "setGroupKV" deleteGroupKVMethod = "deleteGroupKV" listGroupsMethod = "listGroups" addSubjectToGroupMethod = "addSubjectToGroup" removeSubjectFromGroupMethod = "removeSubjectFromGroup" listGroupSubjectsMethod = "listGroupSubjects" deleteGroupMethod = "deleteGroup" ) const notWitnessedError = "not witnessed" type testFrostFSIDInvoker struct { e *neotest.Executor contractHash util.Uint160 owner *wallet.Account } func (f *testFrostFSIDInvoker) OwnerInvoker() *neotest.ContractInvoker { return f.e.NewInvoker(f.contractHash, neotest.NewSingleSigner(f.owner)) } func (f *testFrostFSIDInvoker) CommitteeInvoker() *neotest.ContractInvoker { return f.e.CommitteeInvoker(f.contractHash) } func (f *testFrostFSIDInvoker) AnonInvoker(t *testing.T) *neotest.ContractInvoker { acc, err := wallet.NewAccount() require.NoError(t, err) return f.e.NewInvoker(f.contractHash, newSigner(t, f.CommitteeInvoker(), acc)) } func newSigner(t *testing.T, c *neotest.ContractInvoker, acc *wallet.Account) neotest.Signer { amount := int64(100_0000_0000) tx := c.NewTx(t, []neotest.Signer{c.Validator}, c.NativeHash(t, nativenames.Gas), "transfer", c.Validator.ScriptHash(), acc.Contract.ScriptHash(), amount, nil) c.AddNewBlock(t, tx) c.CheckHalt(t, tx.Hash()) return neotest.NewSingleSigner(acc) } func deployFrostFSIDContract(t *testing.T, e *neotest.Executor, contractOwner util.Uint160) util.Uint160 { args := make([]any, 5) args[0] = contractOwner c := neotest.CompileFile(t, e.CommitteeHash, frostfsidPath, path.Join(frostfsidPath, "config.yml")) e.DeployContract(t, c, args) return c.Hash } func newFrostFSIDInvoker(t *testing.T) *testFrostFSIDInvoker { e := newExecutor(t) acc, err := wallet.NewAccount() require.NoError(t, err) h := deployFrostFSIDContract(t, e, acc.ScriptHash()) newSigner(t, e.CommitteeInvoker(h), acc) return &testFrostFSIDInvoker{ e: e, contractHash: h, owner: acc, } } func TestFrostFSID_ContractOwnersManagement(t *testing.T) { f := newFrostFSIDInvoker(t) anonInvoker := f.AnonInvoker(t) anonInvokerHash := anonInvoker.Signers[0].ScriptHash() invoker := f.OwnerInvoker() invokerHash := invoker.Signers[0].ScriptHash() committeeInvoker := f.CommitteeInvoker() checkOwner(t, anonInvoker, invokerHash) anonInvoker.InvokeFail(t, notWitnessedError, createNamespaceMethod, "namespace") invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, "namespace") t.Run("setAdmin is only allowed for committee", func(t *testing.T) { invoker.InvokeFail(t, notWitnessedError, setAdminMethod, anonInvokerHash) }) t.Run("replace owner", func(t *testing.T) { committeeInvoker.Invoke(t, stackitem.Null{}, setAdminMethod, anonInvokerHash) checkOwner(t, anonInvoker, anonInvokerHash) invoker.InvokeFail(t, notWitnessedError, createNamespaceMethod, "namespace2") anonInvoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, "namespace2") }) t.Run("remove owner", func(t *testing.T) { committeeInvoker.Invoke(t, stackitem.Null{}, clearAdminMethod) checkOwner(t, anonInvoker) invoker.InvokeFail(t, notWitnessedError, createNamespaceMethod, "namespace3") anonInvoker.InvokeFail(t, notWitnessedError, createNamespaceMethod, "namespace3") }) } func checkOwner(t *testing.T, invoker *neotest.ContractInvoker, owner ...util.Uint160) { if len(owner) > 1 { require.Fail(t, "invalid testcase") } s, err := invoker.TestInvoke(t, getAdminMethod) require.NoError(t, err) require.Equal(t, 1, s.Len(), "unexpected number items on stack") if len(owner) == 0 { _, isMissing := s.Pop().Item().(stackitem.Null) require.True(t, isMissing) return } bs, err := s.Pop().Item().TryBytes() require.NoError(t, err) require.Equal(t, bs, owner[0].BytesBE()) } func TestFrostFSID_DefaultNamespace(t *testing.T) { f := newFrostFSIDInvoker(t) subjKey, err := keys.NewPrivateKey() require.NoError(t, err) subjKeyAddr := subjKey.PublicKey().GetScriptHash() invoker := f.OwnerInvoker() groupID := int64(1) groupName := "group" invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, defaultNamespace, subjKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Make(groupID), createGroupMethod, defaultNamespace, groupName) invoker.Invoke(t, stackitem.Null{}, addSubjectToGroupMethod, subjKeyAddr, groupID) invoker.Invoke(t, stackitem.Null{}, removeSubjectFromGroupMethod, subjKeyAddr, groupID) invoker.Invoke(t, stackitem.Null{}, deleteGroupMethod, defaultNamespace, groupID) invoker.Invoke(t, stackitem.Null{}, deleteSubjectMethod, subjKeyAddr) } func TestFrostFSID_SubjectManagement(t *testing.T) { f := newFrostFSIDInvoker(t) subjKey, err := keys.NewPrivateKey() require.NoError(t, err) subjKeyAddr := subjKey.PublicKey().GetScriptHash() anonInvoker := f.AnonInvoker(t) invoker := f.OwnerInvoker() anonInvoker.InvokeFail(t, notWitnessedError, createSubjectMethod, defaultNamespace, subjKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, defaultNamespace, subjKey.PublicKey().Bytes()) invoker.InvokeFail(t, "already exists", createSubjectMethod, defaultNamespace, subjKey.PublicKey().Bytes()) s, err := anonInvoker.TestInvoke(t, getSubjectMethod, subjKeyAddr) require.NoError(t, err) subj := parseSubject(t, s) require.True(t, subjKey.PublicKey().Equal(&subj.PrimaryKey)) t.Run("add subject key", func(t *testing.T) { subjNewKey, err := keys.NewPrivateKey() require.NoError(t, err) anonInvoker.InvokeFail(t, notWitnessedError, addSubjectKeyMethod, subjKeyAddr, subjNewKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, addSubjectKeyMethod, subjKeyAddr, subjNewKey.PublicKey().Bytes()) s, err = anonInvoker.TestInvoke(t, getSubjectMethod, subjKeyAddr) require.NoError(t, err) subj := parseSubject(t, s) require.Len(t, subj.AdditionalKeys, 1) require.True(t, subjNewKey.PublicKey().Equal(subj.AdditionalKeys[0])) t.Run("get subject by additional key", func(t *testing.T) { s, err = anonInvoker.TestInvoke(t, getSubjectByKeyMethod, subjNewKey.PublicKey().Bytes()) require.NoError(t, err) subj := parseSubject(t, s) require.True(t, subjKey.PublicKey().Equal(&subj.PrimaryKey), "keys must be the same") s, err = anonInvoker.TestInvoke(t, getSubjectByKeyMethod, subjKey.PublicKey().Bytes()) require.NoError(t, err) subj = parseSubject(t, s) require.True(t, subjKey.PublicKey().Equal(&subj.PrimaryKey), "keys must be the same") t.Run("remove subject key", func(t *testing.T) { anonInvoker.InvokeFail(t, notWitnessedError, removeSubjectKeyMethod, subjKeyAddr, subjNewKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, removeSubjectKeyMethod, subjKeyAddr, subjNewKey.PublicKey().Bytes()) anonInvoker.InvokeFail(t, "not found", getSubjectByKeyMethod, subjNewKey.PublicKey().Bytes()) }) }) }) t.Run("set subject name", func(t *testing.T) { login := "some-login" anonInvoker.InvokeFail(t, notWitnessedError, setSubjectNameMethod, subjKeyAddr, login) invoker.Invoke(t, stackitem.Null{}, setSubjectNameMethod, subjKeyAddr, login) s, err = anonInvoker.TestInvoke(t, getSubjectMethod, subjKeyAddr) require.NoError(t, err) subj = parseSubject(t, s) require.Equal(t, login, subj.Name) }) t.Run("set subject KVs", func(t *testing.T) { iamPath := "iam/path" anonInvoker.InvokeFail(t, notWitnessedError, setSubjectKVMethod, subjKeyAddr, client.IAMPathKey, iamPath) invoker.Invoke(t, stackitem.Null{}, setSubjectKVMethod, subjKeyAddr, client.IAMPathKey, iamPath) s, err = anonInvoker.TestInvoke(t, getSubjectMethod, subjKeyAddr) require.NoError(t, err) subj = parseSubject(t, s) require.Equal(t, iamPath, subj.KV[client.IAMPathKey]) anonInvoker.InvokeFail(t, notWitnessedError, deleteSubjectKVMethod, subjKeyAddr, client.IAMPathKey) invoker.Invoke(t, stackitem.Null{}, deleteSubjectKVMethod, subjKeyAddr, client.IAMPathKey) s, err = anonInvoker.TestInvoke(t, getSubjectMethod, subjKeyAddr) require.NoError(t, err) subj = parseSubject(t, s) require.Empty(t, subj.KV) }) t.Run("list subjects", func(t *testing.T) { newSubjKey, err := keys.NewPrivateKey() require.NoError(t, err) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, defaultNamespace, newSubjKey.PublicKey().Bytes()) s, err = anonInvoker.TestInvoke(t, listSubjectsMethod) require.NoError(t, err) addresses, err := unwrap.ArrayOfUint160(makeValidRes(stackitem.NewArray(readIteratorAll(s))), nil) require.NoError(t, err) require.Len(t, addresses, 2) require.ElementsMatch(t, addresses, []util.Uint160{subjKeyAddr, newSubjKey.PublicKey().GetScriptHash()}) }) anonInvoker.InvokeFail(t, notWitnessedError, deleteSubjectMethod, subjKeyAddr) invoker.Invoke(t, stackitem.Null{}, deleteSubjectMethod, subjKeyAddr) anonInvoker.InvokeFail(t, "subject not found", getSubjectMethod, subjKeyAddr) } func TestFrostFSIS_SubjectNameRelatedInvariants(t *testing.T) { f := newFrostFSIDInvoker(t) subjName1 := "subj1" subjKey1, err := keys.NewPrivateKey() require.NoError(t, err) subjKeyAddr1 := subjKey1.PublicKey().GetScriptHash() subjName2 := "subj2" subjKey2, err := keys.NewPrivateKey() require.NoError(t, err) subjKeyAddr2 := subjKey2.PublicKey().GetScriptHash() subjName3 := "subj3" subjKey3, err := keys.NewPrivateKey() require.NoError(t, err) subjKeyAddr3 := subjKey3.PublicKey().GetScriptHash() invoker := f.OwnerInvoker() ns1, ns2 := "ns1", "ns2" invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, ns1) invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, ns2) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, ns1, subjKey1.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, setSubjectNameMethod, subjKeyAddr1, subjName1) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, ns1, subjKey2.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, ns2, subjKey3.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, setSubjectNameMethod, subjKeyAddr3, subjName3) // Check that we can find public key by name for subj1 (with name) // and cannot find key for subj2 (without name) s, err := invoker.TestInvoke(t, getSubjectKeyByNameMethod, ns1, subjName1) checkPublicKeyResult(t, s, err, subjKey1) s, err = invoker.TestInvoke(t, getSubjectKeyByNameMethod, ns1, subjName2) checkPublicKeyResult(t, s, err, nil) // Check that we can find public key for by name for subj2 when we set its name invoker.Invoke(t, stackitem.Null{}, setSubjectNameMethod, subjKeyAddr2, subjName2) s, err = invoker.TestInvoke(t, getSubjectKeyByNameMethod, ns1, subjName2) checkPublicKeyResult(t, s, err, subjKey2) // Check that we cannot set for second subject name that the first subject has already taken invoker.InvokeFail(t, "not available", setSubjectNameMethod, subjKeyAddr2, subjName1) // Check that we cannot find public key by name for subject that was removed invoker.Invoke(t, stackitem.Null{}, deleteSubjectMethod, subjKeyAddr2) s, err = invoker.TestInvoke(t, getSubjectKeyByNameMethod, ns1, subjName2) checkPublicKeyResult(t, s, err, nil) // Check that subj3 can have the same name as subj1 if they belong to different namespaces // Also check that after subject renaming its key cannot be found by old name invoker.Invoke(t, stackitem.Null{}, setSubjectNameMethod, subjKeyAddr3, subjName1) s, err = invoker.TestInvoke(t, getSubjectKeyByNameMethod, ns2, subjName1) checkPublicKeyResult(t, s, err, subjKey3) s, err = invoker.TestInvoke(t, getSubjectKeyByNameMethod, ns2, subjName3) checkPublicKeyResult(t, s, err, nil) } func TestFrostFSIS_GroupNameRelatedInvariants(t *testing.T) { f := newFrostFSIDInvoker(t) groupName1, groupName2 := "group1", "group2" groupID1, groupID2 := int64(1), int64(2) invoker := f.OwnerInvoker() ns1, ns2 := "ns1", "ns2" // Create two group // Create two namespace. // Add these groups to ns1 invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, ns1) invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, ns2) invoker.Invoke(t, stackitem.Make(groupID1), createGroupMethod, ns1, groupName1) invoker.Invoke(t, stackitem.Make(groupID2), createGroupMethod, ns1, groupName2) // Check that we can find group id by name for group1 in ns1 and not in ns2 s, err := invoker.TestInvoke(t, getGroupIDByNameMethod, ns1, groupName1) checkGroupIDResult(t, s, err, groupID1) s, err = invoker.TestInvoke(t, getGroupIDByNameMethod, ns2, groupName1) checkGroupIDResult(t, s, err, -1) // Check that we cannot set for second group name that the first subject has already taken invoker.InvokeFail(t, "not available", setGroupNameMethod, ns1, groupID1, groupName2) // Check that we cannot create group with the same name in namespace, but can in another invoker.InvokeFail(t, "not available", createGroupMethod, ns1, groupName2) invoker.Invoke(t, stackitem.Make(3), createGroupMethod, ns2, groupName2) // Check that we cannot find group id by name for group that was removed invoker.Invoke(t, stackitem.Null{}, deleteGroupMethod, ns1, groupID2) s, err = invoker.TestInvoke(t, getGroupIDByNameMethod, ns1, groupName2) checkGroupIDResult(t, s, err, -1) // Check that we can create group with the name that was freed after deleting invoker.Invoke(t, stackitem.Make(4), createGroupMethod, ns1, groupName2) // Check that after group renaming its id cannot be found by old name newGroupName := "new" invoker.Invoke(t, stackitem.Null{}, setGroupNameMethod, ns1, groupID1, newGroupName) s, err = invoker.TestInvoke(t, getGroupIDByNameMethod, ns1, groupName1) checkGroupIDResult(t, s, err, -1) s, err = invoker.TestInvoke(t, getGroupIDByNameMethod, ns1, newGroupName) checkGroupIDResult(t, s, err, groupID1) } func TestFrostFSID_NamespaceManagement(t *testing.T) { f := newFrostFSIDInvoker(t) anonInvoker := f.AnonInvoker(t) invoker := f.OwnerInvoker() namespace := "some-namespace" anonInvoker.InvokeFail(t, notWitnessedError, createNamespaceMethod, namespace) invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, namespace) invoker.InvokeFail(t, "already exists", createNamespaceMethod, namespace) s, err := anonInvoker.TestInvoke(t, getNamespaceMethod, namespace) require.NoError(t, err) ns := parseNamespace(t, s.Pop().Item()) require.Equal(t, namespace, ns.Name) t.Run("add user to namespace", func(t *testing.T) { subjKey, err := keys.NewPrivateKey() require.NoError(t, err) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, ns.Name, subjKey.PublicKey().Bytes()) subjName := "name" subjAddress := subjKey.PublicKey().GetScriptHash() invoker.Invoke(t, stackitem.Null{}, setSubjectNameMethod, subjAddress, subjName) s, err := anonInvoker.TestInvoke(t, getSubjectMethod, subjAddress) require.NoError(t, err) subj := parseSubject(t, s) require.Equal(t, namespace, subj.Namespace) t.Run("list namespace subjects", func(t *testing.T) { s, err := anonInvoker.TestInvoke(t, listNamespaceSubjectsMethod, namespace) require.NoError(t, err) addresses, err := unwrap.ArrayOfUint160(makeValidRes(stackitem.NewArray(readIteratorAll(s))), nil) require.NoError(t, err) require.ElementsMatch(t, addresses, []util.Uint160{subjAddress}) }) t.Run("get subject key by name", func(t *testing.T) { s, err := anonInvoker.TestInvoke(t, getSubjectKeyByNameMethod, namespace, subjName) require.NoError(t, err) foundKey, err := unwrap.PublicKey(makeValidRes(s.Pop().Item()), nil) require.NoError(t, err) require.Equal(t, subjKey.PublicKey(), foundKey) }) t.Run("list namespaces", func(t *testing.T) { namespace2 := "some-namespace2" invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, namespace2) s, err := anonInvoker.TestInvoke(t, listNamespacesMethod) require.NoError(t, err) namespaces := parseNamespaces(t, readIteratorAll(s)) require.NoError(t, err) require.ElementsMatch(t, namespaces, []Namespace{{Name: defaultNamespace}, {Name: namespace}, {Name: namespace2}}) t.Run("find namespaces with some subjects", func(t *testing.T) { for _, ns := range namespaces { s, err := anonInvoker.TestInvoke(t, getNamespaceExtendedMethod, ns.Name) require.NoError(t, err) nsExt := parseNamespaceExtended(t, s.Pop().Item()) if nsExt.SubjectsCount > 0 { require.Equal(t, namespace, nsExt.Name) } } }) }) }) } func TestFrostFSID_GroupManagement(t *testing.T) { f := newFrostFSIDInvoker(t) anonInvoker := f.AnonInvoker(t) invoker := f.OwnerInvoker() nsName := "namespace" invoker.Invoke(t, stackitem.Null{}, createNamespaceMethod, nsName) groupID := int64(1) groupName := "group" anonInvoker.InvokeFail(t, notWitnessedError, createGroupMethod, nsName, groupName) invoker.Invoke(t, stackitem.Make(groupID), createGroupMethod, nsName, groupName) s, err := anonInvoker.TestInvoke(t, getGroupMethod, nsName, groupID) require.NoError(t, err) group := parseGroup(t, s.Pop().Item()) require.Equal(t, groupID, group.ID) require.Equal(t, groupName, group.Name) s, err = anonInvoker.TestInvoke(t, listGroupsMethod, nsName) require.NoError(t, err) groups := parseGroups(t, readIteratorAll(s)) require.ElementsMatch(t, groups, []Group{{ID: groupID, Name: groupName, Namespace: nsName}}) t.Run("add subjects to group", func(t *testing.T) { subjKey, err := keys.NewPrivateKey() require.NoError(t, err) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, nsName, subjKey.PublicKey().Bytes()) subjAddress := subjKey.PublicKey().GetScriptHash() anonInvoker.InvokeFail(t, "not witnessed", addSubjectToGroupMethod, subjAddress, groupID) invoker.Invoke(t, stackitem.Null{}, addSubjectToGroupMethod, subjAddress, groupID) t.Run("list group subjects", func(t *testing.T) { s, err = anonInvoker.TestInvoke(t, listGroupSubjectsMethod, nsName, groupID) require.NoError(t, err) addresses, err := unwrap.ArrayOfUint160(makeValidRes(stackitem.NewArray(readIteratorAll(s))), nil) require.NoError(t, err) require.ElementsMatch(t, addresses, []util.Uint160{subjAddress}) anonInvoker.InvokeFail(t, "not witnessed", removeSubjectFromGroupMethod, subjAddress, groupID) invoker.Invoke(t, stackitem.Null{}, removeSubjectFromGroupMethod, subjAddress, groupID) s, err = anonInvoker.TestInvoke(t, listGroupSubjectsMethod, nsName, groupID) require.NoError(t, err) addresses, err = unwrap.ArrayOfUint160(makeValidRes(stackitem.NewArray(readIteratorAll(s))), nil) require.NoError(t, err) require.Empty(t, addresses) t.Run("get group extended", func(t *testing.T) { subjectsCount := 10 for i := 0; i < subjectsCount; i++ { subjKey, err := keys.NewPrivateKey() require.NoError(t, err) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, nsName, subjKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, addSubjectToGroupMethod, subjKey.PublicKey().GetScriptHash(), groupID) } s, err = anonInvoker.TestInvoke(t, getGroupExtendedMethod, nsName, groupID) require.NoError(t, err) groupExt := parseGroupExtended(t, s.Pop().Item()) require.Equal(t, groupID, groupExt.ID) require.Equal(t, groupName, groupExt.Name) require.Empty(t, groupExt.KV) require.EqualValues(t, subjectsCount, groupExt.SubjectsCount) }) }) }) t.Run("set group name", func(t *testing.T) { newGroupName := "new-name" anonInvoker.InvokeFail(t, notWitnessedError, setGroupNameMethod, nsName, groupID, newGroupName) invoker.Invoke(t, stackitem.Null{}, setGroupNameMethod, nsName, groupID, newGroupName) s, err = anonInvoker.TestInvoke(t, getGroupIDByNameMethod, nsName, newGroupName) require.NoError(t, err) require.Equal(t, groupID, s.Pop().BigInt().Int64()) s, err = anonInvoker.TestInvoke(t, getGroupMethod, nsName, groupID) require.NoError(t, err) group = parseGroup(t, s.Pop().Item()) require.Equal(t, newGroupName, group.Name) }) t.Run("set group KVs", func(t *testing.T) { iamARN := "arn" anonInvoker.InvokeFail(t, notWitnessedError, setGroupKVMethod, nsName, groupID, client.IAMARNKey, iamARN) invoker.Invoke(t, stackitem.Null{}, setGroupKVMethod, nsName, groupID, client.IAMARNKey, iamARN) s, err = anonInvoker.TestInvoke(t, getGroupMethod, nsName, groupID) require.NoError(t, err) group = parseGroup(t, s.Pop().Item()) require.Equal(t, iamARN, group.KV[client.IAMARNKey]) anonInvoker.InvokeFail(t, notWitnessedError, deleteGroupKVMethod, nsName, groupID, client.IAMARNKey) invoker.Invoke(t, stackitem.Null{}, deleteGroupKVMethod, nsName, groupID, client.IAMARNKey) s, err = anonInvoker.TestInvoke(t, getGroupMethod, nsName, groupID) require.NoError(t, err) group = parseGroup(t, s.Pop().Item()) require.Empty(t, group.KV) }) t.Run("delete group", func(t *testing.T) { anonInvoker.InvokeFail(t, notWitnessedError, deleteGroupMethod, nsName, groupID) invoker.Invoke(t, stackitem.Null{}, deleteGroupMethod, nsName, groupID) anonInvoker.InvokeFail(t, "group not found", getGroupMethod, nsName, groupID) s, err = anonInvoker.TestInvoke(t, listGroupsMethod, nsName) require.NoError(t, err) groups := parseGroups(t, readIteratorAll(s)) require.Empty(t, groups) }) } func TestAdditionalKeyFromPrimarySubject(t *testing.T) { f := newFrostFSIDInvoker(t) invoker := f.OwnerInvoker() subjAPrimaryKey, err := keys.NewPrivateKey() require.NoError(t, err) subjAKeyAddr := subjAPrimaryKey.PublicKey().GetScriptHash() subjBPrimaryKey, err := keys.NewPrivateKey() require.NoError(t, err) subjBKeyAddr := subjBPrimaryKey.PublicKey().GetScriptHash() subjCPrimaryKey, err := keys.NewPrivateKey() require.NoError(t, err) subjDPrimaryKey, err := keys.NewPrivateKey() require.NoError(t, err) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, defaultNamespace, subjAPrimaryKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, createSubjectMethod, defaultNamespace, subjBPrimaryKey.PublicKey().Bytes()) invoker.InvokeFail(t, "key is occupied", addSubjectKeyMethod, subjBKeyAddr, subjAPrimaryKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, addSubjectKeyMethod, subjAKeyAddr, subjCPrimaryKey.PublicKey().Bytes()) invoker.InvokeFail(t, "key is occupied", addSubjectKeyMethod, subjBKeyAddr, subjCPrimaryKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, addSubjectKeyMethod, subjAKeyAddr, subjDPrimaryKey.PublicKey().Bytes()) invoker.InvokeFail(t, "key is occupied", addSubjectKeyMethod, subjBKeyAddr, subjDPrimaryKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, removeSubjectKeyMethod, subjAKeyAddr, subjDPrimaryKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, addSubjectKeyMethod, subjBKeyAddr, subjDPrimaryKey.PublicKey().Bytes()) invoker.InvokeFail(t, "key is occupied", addSubjectKeyMethod, subjAKeyAddr, subjDPrimaryKey.PublicKey().Bytes()) invoker.Invoke(t, stackitem.Null{}, deleteSubjectMethod, subjBKeyAddr) invoker.Invoke(t, stackitem.Null{}, addSubjectKeyMethod, subjAKeyAddr, subjDPrimaryKey.PublicKey().Bytes()) } func checkPublicKeyResult(t *testing.T, s *vm.Stack, err error, key *keys.PrivateKey) { if key == nil { require.ErrorContains(t, err, "not found") return } require.NoError(t, err) foundKey, err := unwrap.PublicKey(makeValidRes(s.Pop().Item()), nil) require.NoError(t, err) require.Equal(t, key.PublicKey(), foundKey) } func checkGroupIDResult(t *testing.T, s *vm.Stack, err error, groupID int64) { if groupID == -1 { require.ErrorContains(t, err, "not found") return } require.NoError(t, err) foundGroupID, err := unwrap.Int64(makeValidRes(s.Pop().Item()), nil) require.NoError(t, err) require.Equal(t, groupID, foundGroupID) } func readIteratorAll(s *vm.Stack) []stackitem.Item { iter := s.Pop().Value().(*storage.Iterator) stackItems := make([]stackitem.Item, 0) for iter.Next() { stackItems = append(stackItems, iter.Value()) } return stackItems } type Subject struct { PrimaryKey keys.PublicKey AdditionalKeys keys.PublicKeys Namespace string Name string KV map[string]string } func parseSubject(t *testing.T, s *vm.Stack) Subject { var subj Subject subjStruct := s.Pop().Array() require.Len(t, subjStruct, 5) pkBytes, err := subjStruct[0].TryBytes() require.NoError(t, err) err = subj.PrimaryKey.DecodeBytes(pkBytes) require.NoError(t, err) if !subjStruct[1].Equals(stackitem.Null{}) { subj.AdditionalKeys, err = unwrap.ArrayOfPublicKeys(makeValidRes(subjStruct[1]), nil) require.NoError(t, err) } nsBytes, err := subjStruct[2].TryBytes() require.NoError(t, err) subj.Namespace = string(nsBytes) nameBytes, err := subjStruct[3].TryBytes() require.NoError(t, err) subj.Name = string(nameBytes) subj.KV, err = parseMap(subjStruct[4]) require.NoError(t, err) return subj } func parseMap(item stackitem.Item) (map[string]string, error) { if item.Equals(stackitem.Null{}) { return nil, nil } metaMap, err := unwrap.Map(makeValidRes(item), nil) if err != nil { return nil, err } meta, ok := metaMap.Value().([]stackitem.MapElement) if !ok { return nil, errors.New("invalid map type") } res := make(map[string]string, len(meta)) for _, element := range meta { key, err := element.Key.TryBytes() if err != nil { return nil, err } val, err := element.Value.TryBytes() if err != nil { return nil, err } res[string(key)] = string(val) } return res, nil } type Namespace struct { Name string } type NamespaceExtended struct { Name string SubjectsCount int64 GroupsCount int64 } func parseNamespace(t *testing.T, item stackitem.Item) Namespace { var ns Namespace subjStruct := item.Value().([]stackitem.Item) require.Len(t, subjStruct, 1) nameBytes, err := subjStruct[0].TryBytes() require.NoError(t, err) ns.Name = string(nameBytes) return ns } func parseNamespaceExtended(t *testing.T, item stackitem.Item) NamespaceExtended { var ns NamespaceExtended subjStruct := item.Value().([]stackitem.Item) require.Len(t, subjStruct, 3) nameBytes, err := subjStruct[0].TryBytes() require.NoError(t, err) ns.Name = string(nameBytes) groupCountInt, err := subjStruct[1].TryInteger() require.NoError(t, err) ns.GroupsCount = groupCountInt.Int64() subjectsCountInt, err := subjStruct[2].TryInteger() require.NoError(t, err) ns.SubjectsCount = subjectsCountInt.Int64() return ns } func parseNamespaces(t *testing.T, items []stackitem.Item) []Namespace { res := make([]Namespace, len(items)) for i := 0; i < len(items); i++ { res[i] = parseNamespace(t, items[i]) } return res } type Group struct { ID int64 Name string Namespace string KV map[string]string } type GroupExtended struct { ID int64 Name string Namespace string KV map[string]string SubjectsCount int64 } func parseGroup(t *testing.T, item stackitem.Item) Group { var group Group subjStruct := item.Value().([]stackitem.Item) require.Len(t, subjStruct, 4) groupID, err := subjStruct[0].TryInteger() require.NoError(t, err) group.ID = groupID.Int64() nameBytes, err := subjStruct[1].TryBytes() require.NoError(t, err) group.Name = string(nameBytes) namespaceBytes, err := subjStruct[2].TryBytes() require.NoError(t, err) group.Namespace = string(namespaceBytes) group.KV, err = parseMap(subjStruct[3]) require.NoError(t, err) return group } func parseGroupExtended(t *testing.T, item stackitem.Item) GroupExtended { var gr GroupExtended subjStruct := item.Value().([]stackitem.Item) require.Len(t, subjStruct, 5) groupID, err := subjStruct[0].TryInteger() require.NoError(t, err) gr.ID = groupID.Int64() nameBytes, err := subjStruct[1].TryBytes() require.NoError(t, err) gr.Name = string(nameBytes) namespaceBytes, err := subjStruct[2].TryBytes() require.NoError(t, err) gr.Namespace = string(namespaceBytes) gr.KV, err = parseMap(subjStruct[3]) require.NoError(t, err) subjectsCountInt, err := subjStruct[4].TryInteger() require.NoError(t, err) gr.SubjectsCount = subjectsCountInt.Int64() return gr } func parseGroups(t *testing.T, items []stackitem.Item) []Group { res := make([]Group, len(items)) for i := 0; i < len(items); i++ { res[i] = parseGroup(t, items[i]) } return res } func makeValidRes(item stackitem.Item) *result.Invoke { return &result.Invoke{ Stack: []stackitem.Item{item}, State: vmstate.Halt.String(), } }