2020-09-29 12:37:19 +00:00
|
|
|
package object
|
|
|
|
|
|
|
|
import (
|
2023-04-12 14:01:29 +00:00
|
|
|
"context"
|
2020-09-30 11:07:28 +00:00
|
|
|
"crypto/ecdsa"
|
2023-07-28 12:44:35 +00:00
|
|
|
"fmt"
|
2021-02-15 08:28:42 +00:00
|
|
|
"strconv"
|
2020-09-29 12:37:19 +00:00
|
|
|
"testing"
|
|
|
|
|
2023-03-07 13:38:26 +00:00
|
|
|
objectV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
|
2023-07-28 12:44:35 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
|
|
|
containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
|
|
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
2023-03-07 13:38:26 +00:00
|
|
|
cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
|
2023-07-17 13:46:46 +00:00
|
|
|
frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
|
2023-07-28 12:44:35 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
|
2023-07-06 12:36:41 +00:00
|
|
|
objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
|
2023-03-07 13:38:26 +00:00
|
|
|
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
|
|
|
oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
|
|
|
|
sessiontest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session/test"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
|
2023-07-17 13:46:46 +00:00
|
|
|
"github.com/google/uuid"
|
2021-05-31 08:55:40 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
2020-09-29 12:37:19 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
func blankValidObject(key *ecdsa.PrivateKey) *objectSDK.Object {
|
2022-05-17 13:59:46 +00:00
|
|
|
var idOwner user.ID
|
|
|
|
user.IDFromKey(&idOwner, key.PublicKey)
|
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
obj := objectSDK.New()
|
2021-12-01 13:56:48 +00:00
|
|
|
obj.SetContainerID(cidtest.ID())
|
2022-05-17 13:59:46 +00:00
|
|
|
obj.SetOwnerID(&idOwner)
|
2020-09-30 11:07:28 +00:00
|
|
|
|
|
|
|
return obj
|
|
|
|
}
|
|
|
|
|
2021-02-15 08:28:42 +00:00
|
|
|
type testNetState struct {
|
|
|
|
epoch uint64
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s testNetState) CurrentEpoch() uint64 {
|
|
|
|
return s.epoch
|
|
|
|
}
|
|
|
|
|
2023-03-15 01:07:27 +00:00
|
|
|
type testLockSource struct {
|
|
|
|
m map[oid.Address]bool
|
|
|
|
}
|
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
func (t testLockSource) IsLocked(_ context.Context, address oid.Address) (bool, error) {
|
2023-03-15 01:07:27 +00:00
|
|
|
return t.m[address], nil
|
|
|
|
}
|
|
|
|
|
2020-09-29 12:37:19 +00:00
|
|
|
func TestFormatValidator_Validate(t *testing.T) {
|
2021-02-15 08:28:42 +00:00
|
|
|
const curEpoch = 13
|
|
|
|
|
2023-03-15 01:07:27 +00:00
|
|
|
ls := testLockSource{
|
|
|
|
m: make(map[oid.Address]bool),
|
|
|
|
}
|
|
|
|
|
2021-02-15 08:28:42 +00:00
|
|
|
v := NewFormatValidator(
|
|
|
|
WithNetState(testNetState{
|
|
|
|
epoch: curEpoch,
|
|
|
|
}),
|
2023-03-15 01:07:27 +00:00
|
|
|
WithLockSource(ls),
|
2021-02-15 08:28:42 +00:00
|
|
|
)
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2021-05-31 08:55:40 +00:00
|
|
|
ownerKey, err := keys.NewPrivateKey()
|
|
|
|
require.NoError(t, err)
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2020-09-29 12:37:19 +00:00
|
|
|
t.Run("nil input", func(t *testing.T) {
|
2023-04-12 14:01:29 +00:00
|
|
|
require.Error(t, v.Validate(context.Background(), nil, true))
|
2020-09-29 12:37:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("nil identifier", func(t *testing.T) {
|
2023-07-06 12:36:41 +00:00
|
|
|
obj := objectSDK.New()
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
require.ErrorIs(t, v.Validate(context.Background(), obj, false), errNilID)
|
2020-09-29 12:37:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("nil container identifier", func(t *testing.T) {
|
2023-07-06 12:36:41 +00:00
|
|
|
obj := objectSDK.New()
|
2022-05-12 16:37:46 +00:00
|
|
|
obj.SetID(oidtest.ID())
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
require.ErrorIs(t, v.Validate(context.Background(), obj, true), errNilCID)
|
2020-09-29 12:37:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("unsigned object", func(t *testing.T) {
|
2023-07-06 12:36:41 +00:00
|
|
|
obj := objectSDK.New()
|
2021-12-01 13:56:48 +00:00
|
|
|
obj.SetContainerID(cidtest.ID())
|
2022-05-12 16:37:46 +00:00
|
|
|
obj.SetID(oidtest.ID())
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
require.Error(t, v.Validate(context.Background(), obj, false))
|
2020-09-29 12:37:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("correct w/ session token", func(t *testing.T) {
|
2022-05-17 13:59:46 +00:00
|
|
|
var idOwner user.ID
|
|
|
|
user.IDFromKey(&idOwner, ownerKey.PrivateKey.PublicKey)
|
2021-05-31 11:34:39 +00:00
|
|
|
|
2022-05-18 15:20:08 +00:00
|
|
|
tok := sessiontest.Object()
|
2022-11-01 17:46:48 +00:00
|
|
|
err := tok.Sign(ownerKey.PrivateKey)
|
|
|
|
require.NoError(t, err)
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
obj := objectSDK.New()
|
2021-12-01 13:56:48 +00:00
|
|
|
obj.SetContainerID(cidtest.ID())
|
2022-05-18 15:20:08 +00:00
|
|
|
obj.SetSessionToken(tok)
|
|
|
|
obj.SetOwnerID(&idOwner)
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(ownerKey.PrivateKey, obj))
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
require.NoError(t, v.Validate(context.Background(), obj, false))
|
2020-09-29 12:37:19 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("correct w/o session token", func(t *testing.T) {
|
2022-01-21 12:15:10 +00:00
|
|
|
obj := blankValidObject(&ownerKey.PrivateKey)
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(ownerKey.PrivateKey, obj))
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
require.NoError(t, v.Validate(context.Background(), obj, false))
|
2020-09-30 11:07:28 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("tombstone content", func(t *testing.T) {
|
2023-07-06 12:36:41 +00:00
|
|
|
obj := objectSDK.New()
|
|
|
|
obj.SetType(objectSDK.TypeTombstone)
|
2022-05-12 16:37:46 +00:00
|
|
|
obj.SetContainerID(cidtest.ID())
|
2020-12-01 11:23:28 +00:00
|
|
|
|
2022-11-01 17:32:43 +00:00
|
|
|
_, err := v.ValidateContent(obj)
|
|
|
|
require.Error(t, err) // no tombstone content
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
content := objectSDK.NewTombstone()
|
2022-05-31 17:00:41 +00:00
|
|
|
content.SetMembers([]oid.ID{oidtest.ID()})
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2020-12-11 08:03:27 +00:00
|
|
|
data, err := content.Marshal()
|
2020-09-29 12:37:19 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2020-12-01 11:23:28 +00:00
|
|
|
obj.SetPayload(data)
|
|
|
|
|
2022-11-01 17:32:43 +00:00
|
|
|
_, err = v.ValidateContent(obj)
|
|
|
|
require.Error(t, err) // no members in tombstone
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2022-05-31 17:00:41 +00:00
|
|
|
content.SetMembers([]oid.ID{oidtest.ID()})
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2020-12-11 08:03:27 +00:00
|
|
|
data, err = content.Marshal()
|
2020-09-30 11:07:28 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2020-12-01 11:23:28 +00:00
|
|
|
obj.SetPayload(data)
|
|
|
|
|
2022-11-01 17:32:43 +00:00
|
|
|
_, err = v.ValidateContent(obj)
|
|
|
|
require.Error(t, err) // no expiration epoch in tombstone
|
2021-02-19 11:09:57 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
var expirationAttribute objectSDK.Attribute
|
2021-02-19 11:09:57 +00:00
|
|
|
expirationAttribute.SetKey(objectV2.SysAttributeExpEpoch)
|
|
|
|
expirationAttribute.SetValue(strconv.Itoa(10))
|
|
|
|
|
|
|
|
obj.SetAttributes(expirationAttribute)
|
|
|
|
|
2022-11-01 17:32:43 +00:00
|
|
|
_, err = v.ValidateContent(obj)
|
|
|
|
require.Error(t, err) // different expiration values
|
|
|
|
|
|
|
|
id := oidtest.ID()
|
2021-02-19 11:09:57 +00:00
|
|
|
|
|
|
|
content.SetExpirationEpoch(10)
|
2022-11-01 17:32:43 +00:00
|
|
|
content.SetMembers([]oid.ID{id})
|
2021-02-19 11:09:57 +00:00
|
|
|
data, err = content.Marshal()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
obj.SetPayload(data)
|
|
|
|
|
2022-11-01 17:32:43 +00:00
|
|
|
contentGot, err := v.ValidateContent(obj)
|
|
|
|
require.NoError(t, err) // all good
|
|
|
|
|
|
|
|
require.EqualValues(t, []oid.ID{id}, contentGot.Objects())
|
2023-07-06 12:36:41 +00:00
|
|
|
require.Equal(t, objectSDK.TypeTombstone, contentGot.Type())
|
2020-09-29 12:37:19 +00:00
|
|
|
})
|
2020-12-17 16:54:38 +00:00
|
|
|
|
2021-02-15 08:28:42 +00:00
|
|
|
t.Run("expiration", func(t *testing.T) {
|
2023-07-06 12:36:41 +00:00
|
|
|
fn := func(val string) *objectSDK.Object {
|
2022-01-21 12:15:10 +00:00
|
|
|
obj := blankValidObject(&ownerKey.PrivateKey)
|
2021-02-15 08:28:42 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
var a objectSDK.Attribute
|
2021-02-15 08:28:42 +00:00
|
|
|
a.SetKey(objectV2.SysAttributeExpEpoch)
|
|
|
|
a.SetValue(val)
|
|
|
|
|
|
|
|
obj.SetAttributes(a)
|
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(ownerKey.PrivateKey, obj))
|
2021-02-15 08:28:42 +00:00
|
|
|
|
2022-03-03 14:19:05 +00:00
|
|
|
return obj
|
2021-02-15 08:28:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
t.Run("invalid attribute value", func(t *testing.T) {
|
|
|
|
val := "text"
|
2023-04-12 14:01:29 +00:00
|
|
|
err := v.Validate(context.Background(), fn(val), false)
|
2021-02-15 08:28:42 +00:00
|
|
|
require.Error(t, err)
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("expired object", func(t *testing.T) {
|
|
|
|
val := strconv.FormatUint(curEpoch-1, 10)
|
2023-03-15 01:07:27 +00:00
|
|
|
obj := fn(val)
|
|
|
|
|
|
|
|
t.Run("non-locked", func(t *testing.T) {
|
2023-04-12 14:01:29 +00:00
|
|
|
err := v.Validate(context.Background(), obj, false)
|
2023-03-15 01:07:27 +00:00
|
|
|
require.ErrorIs(t, err, errExpired)
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("locked", func(t *testing.T) {
|
|
|
|
var addr oid.Address
|
|
|
|
oID, _ := obj.ID()
|
|
|
|
cID, _ := obj.ContainerID()
|
|
|
|
|
|
|
|
addr.SetContainer(cID)
|
|
|
|
addr.SetObject(oID)
|
|
|
|
ls.m[addr] = true
|
|
|
|
|
2023-04-12 14:01:29 +00:00
|
|
|
err := v.Validate(context.Background(), obj, false)
|
2023-03-15 01:07:27 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
})
|
2021-02-15 08:28:42 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("alive object", func(t *testing.T) {
|
|
|
|
val := strconv.FormatUint(curEpoch, 10)
|
2023-04-12 14:01:29 +00:00
|
|
|
err := v.Validate(context.Background(), fn(val), true)
|
2021-02-15 08:28:42 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
})
|
|
|
|
})
|
2021-06-23 13:30:14 +00:00
|
|
|
|
|
|
|
t.Run("attributes", func(t *testing.T) {
|
|
|
|
t.Run("duplication", func(t *testing.T) {
|
2022-01-21 12:15:10 +00:00
|
|
|
obj := blankValidObject(&ownerKey.PrivateKey)
|
2021-06-23 13:30:14 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
var a1 objectSDK.Attribute
|
2021-06-23 13:30:14 +00:00
|
|
|
a1.SetKey("key1")
|
|
|
|
a1.SetValue("val1")
|
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
var a2 objectSDK.Attribute
|
2021-06-23 13:30:14 +00:00
|
|
|
a2.SetKey("key2")
|
|
|
|
a2.SetValue("val2")
|
|
|
|
|
|
|
|
obj.SetAttributes(a1, a2)
|
|
|
|
|
2022-03-03 14:19:05 +00:00
|
|
|
err := v.checkAttributes(obj)
|
2021-06-23 13:30:14 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
a2.SetKey(a1.Key())
|
2022-03-15 12:11:35 +00:00
|
|
|
obj.SetAttributes(a1, a2)
|
2021-06-23 13:30:14 +00:00
|
|
|
|
2022-03-03 14:19:05 +00:00
|
|
|
err = v.checkAttributes(obj)
|
2021-06-23 13:30:14 +00:00
|
|
|
require.Equal(t, errDuplAttr, err)
|
|
|
|
})
|
2021-06-23 14:20:13 +00:00
|
|
|
|
|
|
|
t.Run("empty value", func(t *testing.T) {
|
2022-01-21 12:15:10 +00:00
|
|
|
obj := blankValidObject(&ownerKey.PrivateKey)
|
2021-06-23 14:20:13 +00:00
|
|
|
|
2023-07-06 12:36:41 +00:00
|
|
|
var a objectSDK.Attribute
|
2021-06-23 14:20:13 +00:00
|
|
|
a.SetKey("key")
|
|
|
|
|
|
|
|
obj.SetAttributes(a)
|
|
|
|
|
2022-03-03 14:19:05 +00:00
|
|
|
err := v.checkAttributes(obj)
|
2021-06-23 14:20:13 +00:00
|
|
|
require.Equal(t, errEmptyAttrVal, err)
|
|
|
|
})
|
2021-06-23 13:30:14 +00:00
|
|
|
})
|
2020-09-29 12:37:19 +00:00
|
|
|
}
|
2023-07-28 12:44:35 +00:00
|
|
|
|
|
|
|
func TestFormatValidator_ValidateTokenIssuer(t *testing.T) {
|
|
|
|
const curEpoch = 13
|
|
|
|
|
|
|
|
ls := testLockSource{
|
|
|
|
m: make(map[oid.Address]bool),
|
|
|
|
}
|
|
|
|
|
|
|
|
signer, err := keys.NewPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
var owner user.ID
|
|
|
|
ownerPrivKey, err := keys.NewPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
user.IDFromKey(&owner, ownerPrivKey.PrivateKey.PublicKey)
|
|
|
|
|
|
|
|
t.Run("different issuer and owner, verify issuer disabled", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
v := NewFormatValidator(
|
|
|
|
WithNetState(testNetState{
|
|
|
|
epoch: curEpoch,
|
|
|
|
}),
|
|
|
|
WithLockSource(ls),
|
|
|
|
WithVerifySessionTokenIssuer(false),
|
|
|
|
)
|
|
|
|
|
|
|
|
tok := sessiontest.Object()
|
|
|
|
fsPubKey := frostfsecdsa.PublicKey(*signer.PublicKey())
|
|
|
|
tok.SetID(uuid.New())
|
|
|
|
tok.SetAuthKey(&fsPubKey)
|
|
|
|
tok.SetExp(100500)
|
|
|
|
tok.SetIat(1)
|
|
|
|
tok.SetNbf(1)
|
|
|
|
require.NoError(t, tok.Sign(signer.PrivateKey))
|
|
|
|
|
|
|
|
obj := objectSDK.New()
|
|
|
|
obj.SetContainerID(cidtest.ID())
|
|
|
|
obj.SetSessionToken(tok)
|
|
|
|
obj.SetOwnerID(&owner)
|
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(signer.PrivateKey, obj))
|
|
|
|
|
|
|
|
require.NoError(t, v.Validate(context.Background(), obj, false))
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("different issuer and owner, issuer is IR node, verify issuer enabled", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
v := NewFormatValidator(
|
|
|
|
WithNetState(testNetState{
|
|
|
|
epoch: curEpoch,
|
|
|
|
}),
|
|
|
|
WithLockSource(ls),
|
|
|
|
WithVerifySessionTokenIssuer(true),
|
|
|
|
WithInnerRing(&testIRSource{
|
|
|
|
irNodes: [][]byte{signer.PublicKey().Bytes()},
|
|
|
|
}),
|
|
|
|
)
|
|
|
|
|
|
|
|
tok := sessiontest.Object()
|
|
|
|
fsPubKey := frostfsecdsa.PublicKey(*signer.PublicKey())
|
|
|
|
tok.SetID(uuid.New())
|
|
|
|
tok.SetAuthKey(&fsPubKey)
|
|
|
|
tok.SetExp(100500)
|
|
|
|
tok.SetIat(1)
|
|
|
|
tok.SetNbf(1)
|
|
|
|
require.NoError(t, tok.Sign(signer.PrivateKey))
|
|
|
|
|
|
|
|
obj := objectSDK.New()
|
|
|
|
obj.SetContainerID(cidtest.ID())
|
|
|
|
obj.SetSessionToken(tok)
|
|
|
|
obj.SetOwnerID(&owner)
|
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(signer.PrivateKey, obj))
|
|
|
|
|
|
|
|
require.NoError(t, v.Validate(context.Background(), obj, false))
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("different issuer and owner, issuer is container node in current epoch, verify issuer enabled", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
tok := sessiontest.Object()
|
|
|
|
fsPubKey := frostfsecdsa.PublicKey(*signer.PublicKey())
|
|
|
|
tok.SetID(uuid.New())
|
|
|
|
tok.SetAuthKey(&fsPubKey)
|
|
|
|
tok.SetExp(100500)
|
|
|
|
tok.SetIat(1)
|
|
|
|
tok.SetNbf(1)
|
|
|
|
require.NoError(t, tok.Sign(signer.PrivateKey))
|
|
|
|
|
|
|
|
cnrID := cidtest.ID()
|
|
|
|
cont := containerSDK.Container{}
|
|
|
|
cont.Init()
|
|
|
|
pp := netmap.PlacementPolicy{}
|
|
|
|
require.NoError(t, pp.DecodeString("REP 1"))
|
|
|
|
cont.SetPlacementPolicy(pp)
|
|
|
|
|
|
|
|
var node netmap.NodeInfo
|
|
|
|
node.SetPublicKey(signer.PublicKey().Bytes())
|
|
|
|
currentEpochNM := &netmap.NetMap{}
|
|
|
|
currentEpochNM.SetEpoch(curEpoch)
|
|
|
|
currentEpochNM.SetNodes([]netmap.NodeInfo{node})
|
|
|
|
|
|
|
|
obj := objectSDK.New()
|
|
|
|
obj.SetContainerID(cnrID)
|
|
|
|
obj.SetSessionToken(tok)
|
|
|
|
obj.SetOwnerID(&owner)
|
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(signer.PrivateKey, obj))
|
|
|
|
|
|
|
|
v := NewFormatValidator(
|
|
|
|
WithNetState(testNetState{
|
|
|
|
epoch: curEpoch,
|
|
|
|
}),
|
|
|
|
WithLockSource(ls),
|
|
|
|
WithVerifySessionTokenIssuer(true),
|
|
|
|
WithInnerRing(&testIRSource{
|
|
|
|
irNodes: [][]byte{},
|
|
|
|
}),
|
|
|
|
WithContainersSource(
|
|
|
|
&testContainerSource{
|
|
|
|
containers: map[cid.ID]*container.Container{
|
|
|
|
cnrID: {
|
|
|
|
Value: cont,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
),
|
|
|
|
WithNetmapSource(
|
|
|
|
&testNetmapSource{
|
|
|
|
netmaps: map[uint64]*netmap.NetMap{
|
|
|
|
curEpoch: currentEpochNM,
|
|
|
|
},
|
|
|
|
currentEpoch: curEpoch,
|
|
|
|
},
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
require.NoError(t, v.Validate(context.Background(), obj, false))
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("different issuer and owner, issuer is container node in previous epoch, verify issuer enabled", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
tok := sessiontest.Object()
|
|
|
|
fsPubKey := frostfsecdsa.PublicKey(*signer.PublicKey())
|
|
|
|
tok.SetID(uuid.New())
|
|
|
|
tok.SetAuthKey(&fsPubKey)
|
|
|
|
tok.SetExp(100500)
|
|
|
|
tok.SetIat(1)
|
|
|
|
tok.SetNbf(1)
|
|
|
|
require.NoError(t, tok.Sign(signer.PrivateKey))
|
|
|
|
|
|
|
|
cnrID := cidtest.ID()
|
|
|
|
cont := containerSDK.Container{}
|
|
|
|
cont.Init()
|
|
|
|
pp := netmap.PlacementPolicy{}
|
|
|
|
require.NoError(t, pp.DecodeString("REP 1"))
|
|
|
|
cont.SetPlacementPolicy(pp)
|
|
|
|
|
|
|
|
var issuerNode netmap.NodeInfo
|
|
|
|
issuerNode.SetPublicKey(signer.PublicKey().Bytes())
|
|
|
|
|
|
|
|
var nonIssuerNode netmap.NodeInfo
|
|
|
|
nonIssuerKey, err := keys.NewPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
nonIssuerNode.SetPublicKey(nonIssuerKey.PublicKey().Bytes())
|
|
|
|
|
|
|
|
currentEpochNM := &netmap.NetMap{}
|
|
|
|
currentEpochNM.SetEpoch(curEpoch)
|
|
|
|
currentEpochNM.SetNodes([]netmap.NodeInfo{nonIssuerNode})
|
|
|
|
|
|
|
|
previousEpochNM := &netmap.NetMap{}
|
|
|
|
previousEpochNM.SetEpoch(curEpoch - 1)
|
|
|
|
previousEpochNM.SetNodes([]netmap.NodeInfo{issuerNode})
|
|
|
|
|
|
|
|
obj := objectSDK.New()
|
|
|
|
obj.SetContainerID(cnrID)
|
|
|
|
obj.SetSessionToken(tok)
|
|
|
|
obj.SetOwnerID(&owner)
|
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(signer.PrivateKey, obj))
|
|
|
|
|
|
|
|
v := NewFormatValidator(
|
|
|
|
WithNetState(testNetState{
|
|
|
|
epoch: curEpoch,
|
|
|
|
}),
|
|
|
|
WithLockSource(ls),
|
|
|
|
WithVerifySessionTokenIssuer(true),
|
|
|
|
WithInnerRing(&testIRSource{
|
|
|
|
irNodes: [][]byte{},
|
|
|
|
}),
|
|
|
|
WithContainersSource(
|
|
|
|
&testContainerSource{
|
|
|
|
containers: map[cid.ID]*container.Container{
|
|
|
|
cnrID: {
|
|
|
|
Value: cont,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
),
|
|
|
|
WithNetmapSource(
|
|
|
|
&testNetmapSource{
|
|
|
|
netmaps: map[uint64]*netmap.NetMap{
|
|
|
|
curEpoch: currentEpochNM,
|
|
|
|
curEpoch - 1: previousEpochNM,
|
|
|
|
},
|
|
|
|
currentEpoch: curEpoch,
|
|
|
|
},
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
require.NoError(t, v.Validate(context.Background(), obj, false))
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("different issuer and owner, issuer is unknown, verify issuer enabled", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
tok := sessiontest.Object()
|
|
|
|
fsPubKey := frostfsecdsa.PublicKey(*signer.PublicKey())
|
|
|
|
tok.SetID(uuid.New())
|
|
|
|
tok.SetAuthKey(&fsPubKey)
|
|
|
|
tok.SetExp(100500)
|
|
|
|
tok.SetIat(1)
|
|
|
|
tok.SetNbf(1)
|
|
|
|
require.NoError(t, tok.Sign(signer.PrivateKey))
|
|
|
|
|
|
|
|
cnrID := cidtest.ID()
|
|
|
|
cont := containerSDK.Container{}
|
|
|
|
cont.Init()
|
|
|
|
pp := netmap.PlacementPolicy{}
|
|
|
|
require.NoError(t, pp.DecodeString("REP 1"))
|
|
|
|
cont.SetPlacementPolicy(pp)
|
|
|
|
|
|
|
|
var nonIssuerNode1 netmap.NodeInfo
|
|
|
|
nonIssuerKey1, err := keys.NewPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
nonIssuerNode1.SetPublicKey(nonIssuerKey1.PublicKey().Bytes())
|
|
|
|
|
|
|
|
var nonIssuerNode2 netmap.NodeInfo
|
|
|
|
nonIssuerKey2, err := keys.NewPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
nonIssuerNode2.SetPublicKey(nonIssuerKey2.PublicKey().Bytes())
|
|
|
|
|
|
|
|
currentEpochNM := &netmap.NetMap{}
|
|
|
|
currentEpochNM.SetEpoch(curEpoch)
|
|
|
|
currentEpochNM.SetNodes([]netmap.NodeInfo{nonIssuerNode1})
|
|
|
|
|
|
|
|
previousEpochNM := &netmap.NetMap{}
|
|
|
|
previousEpochNM.SetEpoch(curEpoch - 1)
|
|
|
|
previousEpochNM.SetNodes([]netmap.NodeInfo{nonIssuerNode2})
|
|
|
|
|
|
|
|
obj := objectSDK.New()
|
|
|
|
obj.SetContainerID(cnrID)
|
|
|
|
obj.SetSessionToken(tok)
|
|
|
|
obj.SetOwnerID(&owner)
|
|
|
|
require.NoError(t, objectSDK.SetIDWithSignature(signer.PrivateKey, obj))
|
|
|
|
|
|
|
|
v := NewFormatValidator(
|
|
|
|
WithNetState(testNetState{
|
|
|
|
epoch: curEpoch,
|
|
|
|
}),
|
|
|
|
WithLockSource(ls),
|
|
|
|
WithVerifySessionTokenIssuer(true),
|
|
|
|
WithInnerRing(&testIRSource{
|
|
|
|
irNodes: [][]byte{},
|
|
|
|
}),
|
|
|
|
WithContainersSource(
|
|
|
|
&testContainerSource{
|
|
|
|
containers: map[cid.ID]*container.Container{
|
|
|
|
cnrID: {
|
|
|
|
Value: cont,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
),
|
|
|
|
WithNetmapSource(
|
|
|
|
&testNetmapSource{
|
|
|
|
netmaps: map[uint64]*netmap.NetMap{
|
|
|
|
curEpoch: currentEpochNM,
|
|
|
|
curEpoch - 1: previousEpochNM,
|
|
|
|
},
|
|
|
|
currentEpoch: curEpoch,
|
|
|
|
},
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
require.Error(t, v.Validate(context.Background(), obj, false))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
type testIRSource struct {
|
|
|
|
irNodes [][]byte
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testIRSource) InnerRingKeys() ([][]byte, error) {
|
|
|
|
return s.irNodes, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type testContainerSource struct {
|
|
|
|
containers map[cid.ID]*container.Container
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testContainerSource) Get(cnrID cid.ID) (*container.Container, error) {
|
|
|
|
if cnr, found := s.containers[cnrID]; found {
|
|
|
|
return cnr, nil
|
|
|
|
}
|
|
|
|
return nil, fmt.Errorf("container not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testContainerSource) DeletionInfo(cid.ID) (*container.DelInfo, error) {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type testNetmapSource struct {
|
|
|
|
netmaps map[uint64]*netmap.NetMap
|
|
|
|
currentEpoch uint64
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testNetmapSource) GetNetMap(diff uint64) (*netmap.NetMap, error) {
|
|
|
|
if diff >= s.currentEpoch {
|
|
|
|
return nil, fmt.Errorf("invalid diff")
|
|
|
|
}
|
|
|
|
return s.GetNetMapByEpoch(s.currentEpoch - diff)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testNetmapSource) GetNetMapByEpoch(epoch uint64) (*netmap.NetMap, error) {
|
|
|
|
if nm, found := s.netmaps[epoch]; found {
|
|
|
|
return nm, nil
|
|
|
|
}
|
|
|
|
return nil, fmt.Errorf("netmap not found")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *testNetmapSource) Epoch() (uint64, error) {
|
|
|
|
return s.currentEpoch, nil
|
|
|
|
}
|