frostfs-node/pkg/innerring/processors/container/common.go

package container

import (
	"crypto/ecdsa"
	"fmt"

	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
	"github.com/nspcc-dev/neofs-api-go/pkg/owner"
)

type ownerIDSource interface {
	OwnerID() *owner.ID
}

func (cp *Processor) checkKeyOwnership(ownerIDSrc ownerIDSource, key *keys.PublicKey) error {
	// TODO: need more convenient way to do this
	w, err := owner.NEO3WalletFromPublicKey(&ecdsa.PublicKey{
		X: key.X,
		Y: key.Y,
	})
	if err != nil {
		return err
	}

	// TODO: need Equal method on owner.ID
	if ownerIDSrc.OwnerID().String() == owner.NewIDFromNeo3Wallet(w).String() {
		return nil
	}

	ownerKeys, err := cp.idClient.AccountKeys(ownerIDSrc.OwnerID())
	if err != nil {
		return fmt.Errorf("could not received owner keys %s: %w", ownerIDSrc.OwnerID(), err)
	}

	for _, ownerKey := range ownerKeys {
		if ownerKey.Equal(key) {
			return nil
		}
	}

	return fmt.Errorf("key %s is not tied to the owner of the container", key)
}
[#505] ir/container: Replace key ownership check into a separate method Method of key ownership verification is going to be reused by the handlers of the other events. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 16:14:00 +00:00			`package container`

			`import (`
[#505] ir/container: Check key-to-owner mapping in key ownership check Owner identifier can be calculated from public key. If it matches, no additional verification of key ownership is required. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-25 09:09:44 +00:00			`"crypto/ecdsa"`
[#505] ir/container: Replace key ownership check into a separate method Method of key ownership verification is going to be reused by the handlers of the other events. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 16:14:00 +00:00			`"fmt"`

			`"github.com/nspcc-dev/neo-go/pkg/crypto/keys"`
			`"github.com/nspcc-dev/neofs-api-go/pkg/owner"`
			`)`

			`type ownerIDSource interface {`
			`OwnerID() *owner.ID`
			`}`

			`func (cp Processor) checkKeyOwnership(ownerIDSrc ownerIDSource, key keys.PublicKey) error {`
[#505] ir/container: Check key-to-owner mapping in key ownership check Owner identifier can be calculated from public key. If it matches, no additional verification of key ownership is required. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-25 09:09:44 +00:00			`// TODO: need more convenient way to do this`
			`w, err := owner.NEO3WalletFromPublicKey(&ecdsa.PublicKey{`
			`X: key.X,`
			`Y: key.Y,`
			`})`
			`if err != nil {`
			`return err`
			`}`

			`// TODO: need Equal method on owner.ID`
			`if ownerIDSrc.OwnerID().String() == owner.NewIDFromNeo3Wallet(w).String() {`
			`return nil`
			`}`

[#505] ir/container: Replace key ownership check into a separate method Method of key ownership verification is going to be reused by the handlers of the other events. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 16:14:00 +00:00			`ownerKeys, err := cp.idClient.AccountKeys(ownerIDSrc.OwnerID())`
			`if err != nil {`
			`return fmt.Errorf("could not received owner keys %s: %w", ownerIDSrc.OwnerID(), err)`
			`}`

			`for _, ownerKey := range ownerKeys {`
			`if ownerKey.Equal(key) {`
			`return nil`
			`}`
			`}`

			`return fmt.Errorf("key %s is not tied to the owner of the container", key)`
			`}`