From 155396732829e3b9cb168e548583c4b94019c6ce Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <evgeniy@nspcc.ru>
Date: Mon, 31 May 2021 11:55:38 +0300
Subject: [PATCH] [#562] cmd/neofs-ir: use NEP-6 wallet for keys

Also remove neofs-crypto uses from `pkg/innerring`.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
---
 cmd/neofs-ir/defaults.go                      |  4 ++-
 pkg/innerring/indexer.go                      | 10 +++---
 pkg/innerring/innerring.go                    | 26 ++++++++------
 .../processors/netmap/cleanup_table_test.go   | 20 ++++++-----
 .../processors/settlement/audit/calculate.go  | 11 ++++--
 pkg/innerring/settlement.go                   | 11 ++++--
 pkg/util/config/crypto.go                     | 34 +++++++++++++++++++
 7 files changed, 85 insertions(+), 31 deletions(-)
 create mode 100644 pkg/util/config/crypto.go

diff --git a/cmd/neofs-ir/defaults.go b/cmd/neofs-ir/defaults.go
index a65ffd4d3..dd4040d78 100644
--- a/cmd/neofs-ir/defaults.go
+++ b/cmd/neofs-ir/defaults.go
@@ -52,7 +52,9 @@ func defaultConfiguration(cfg *viper.Viper) {
 	cfg.SetDefault("mainnet.endpoint.notification", "")
 	cfg.SetDefault("mainnet.dial_timeout", "10s")
 
-	cfg.SetDefault("key", "") // inner ring node key
+	cfg.SetDefault("wallet.path", "")     // inner ring node NEP-6 wallet
+	cfg.SetDefault("wallet.address", "")  // account address
+	cfg.SetDefault("wallet.password", "") // password
 
 	cfg.SetDefault("contracts.netmap", "")
 	cfg.SetDefault("contracts.neofs", "")
diff --git a/pkg/innerring/indexer.go b/pkg/innerring/indexer.go
index b05c8b8dd..ae644d0b1 100644
--- a/pkg/innerring/indexer.go
+++ b/pkg/innerring/indexer.go
@@ -2,13 +2,11 @@ package innerring
 
 import (
 	"bytes"
-	"crypto/ecdsa"
 	"fmt"
 	"sync"
 	"time"
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client"
 )
 
@@ -17,7 +15,7 @@ type (
 		sync.RWMutex
 
 		cli     *client.Client
-		key     *ecdsa.PublicKey
+		key     *keys.PublicKey
 		timeout time.Duration
 
 		ind indexes
@@ -31,7 +29,7 @@ type (
 	}
 )
 
-func newInnerRingIndexer(cli *client.Client, key *ecdsa.PublicKey, to time.Duration) *innerRingIndexer {
+func newInnerRingIndexer(cli *client.Client, key *keys.PublicKey, to time.Duration) *innerRingIndexer {
 	return &innerRingIndexer{
 		cli:     cli,
 		key:     key,
@@ -104,9 +102,9 @@ func (s *innerRingIndexer) AlphabetIndex() (int32, error) {
 
 // keyPosition returns "-1" if key is not found in the list, otherwise returns
 // index of the key.
-func keyPosition(key *ecdsa.PublicKey, list keys.PublicKeys) (result int32) {
+func keyPosition(key *keys.PublicKey, list keys.PublicKeys) (result int32) {
 	result = -1
-	rawBytes := crypto.MarshalPublicKey(key)
+	rawBytes := key.Bytes()
 
 	for i := range list {
 		if bytes.Equal(list[i].Bytes(), rawBytes) {
diff --git a/pkg/innerring/innerring.go b/pkg/innerring/innerring.go
index fe2cf89a1..aba503589 100644
--- a/pkg/innerring/innerring.go
+++ b/pkg/innerring/innerring.go
@@ -2,7 +2,6 @@ package innerring
 
 import (
 	"context"
-	"crypto/ecdsa"
 	"errors"
 	"fmt"
 	"io"
@@ -11,7 +10,6 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/util"
-	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring/config"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring/processors/alphabet"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring/processors/audit"
@@ -35,6 +33,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/morph/timer"
 	audittask "github.com/nspcc-dev/neofs-node/pkg/services/audit/taskmanager"
 	util2 "github.com/nspcc-dev/neofs-node/pkg/util"
+	utilConfig "github.com/nspcc-dev/neofs-node/pkg/util/config"
 	"github.com/nspcc-dev/neofs-node/pkg/util/precision"
 	"github.com/panjf2000/ants/v2"
 	"github.com/spf13/viper"
@@ -68,7 +67,7 @@ type (
 		sideNotaryConfig *notaryConfig
 
 		// internal variables
-		key                  *ecdsa.PrivateKey
+		key                  *keys.PrivateKey
 		pubKey               []byte
 		contracts            *contracts
 		predefinedValidators keys.PublicKeys
@@ -110,7 +109,7 @@ type (
 	chainParams struct {
 		log  *zap.Logger
 		cfg  *viper.Viper
-		key  *ecdsa.PrivateKey
+		key  *keys.PrivateKey
 		name string
 		gas  util.Uint160
 	}
@@ -264,11 +263,16 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
 	server.mainNotaryConfig, server.sideNotaryConfig = parseNotaryConfigs(cfg)
 
 	// prepare inner ring node private key
-	server.key, err = crypto.LoadPrivateKey(cfg.GetString("key"))
+	acc, err := utilConfig.LoadAccount(
+		cfg.GetString("wallet.path"),
+		cfg.GetString("wallet.address"),
+		cfg.GetString("wallet.password"))
 	if err != nil {
-		return nil, fmt.Errorf("ir: can't create private key: %w", err)
+		return nil, fmt.Errorf("ir: %w", err)
 	}
 
+	server.key = acc.PrivateKey()
+
 	// get all script hashes of contracts
 	server.contracts, err = parseContracts(cfg)
 	if err != nil {
@@ -344,11 +348,11 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
 		}
 	}
 
-	server.pubKey = crypto.MarshalPublicKey(&server.key.PublicKey)
+	server.pubKey = server.key.PublicKey().Bytes()
 
 	server.statusIndex = newInnerRingIndexer(
 		server.morphClient,
-		&server.key.PublicKey,
+		server.key.PublicKey(),
 		cfg.GetDuration("indexer.cache_timeout"),
 	)
 
@@ -394,7 +398,7 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
 
 	clientCache := newClientCache(&clientCacheParams{
 		Log:          log,
-		Key:          server.key,
+		Key:          &server.key.PrivateKey,
 		SGTimeout:    cfg.GetDuration("audit.timeout.get"),
 		HeadTimeout:  cfg.GetDuration("audit.timeout.head"),
 		RangeTimeout: cfg.GetDuration("audit.timeout.rangehash"),
@@ -432,7 +436,7 @@ func New(ctx context.Context, log *zap.Logger, cfg *viper.Viper) (*Server, error
 		IRList:            server,
 		FeeProvider:       server.feeConfig,
 		ClientCache:       clientCache,
-		Key:               server.key,
+		Key:               &server.key.PrivateKey,
 		RPCSearchTimeout:  cfg.GetDuration("audit.timeout.search"),
 		TaskManager:       auditTaskManager,
 		Reporter:          server,
@@ -738,7 +742,7 @@ func createListener(ctx context.Context, p *chainParams) (event.Listener, error)
 
 func createClient(ctx context.Context, p *chainParams) (*client.Client, error) {
 	return client.New(
-		p.key,
+		&p.key.PrivateKey,
 		p.cfg.GetString(p.name+".endpoint.client"),
 		client.WithContext(ctx),
 		client.WithLogger(p.log),
diff --git a/pkg/innerring/processors/netmap/cleanup_table_test.go b/pkg/innerring/processors/netmap/cleanup_table_test.go
index c6362ea2e..6ed91a51e 100644
--- a/pkg/innerring/processors/netmap/cleanup_table_test.go
+++ b/pkg/innerring/processors/netmap/cleanup_table_test.go
@@ -1,21 +1,25 @@
 package netmap
 
 import (
-	"crypto/ecdsa"
 	"encoding/hex"
 	"testing"
 
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
-	crypto "github.com/nspcc-dev/neofs-crypto"
-	"github.com/nspcc-dev/neofs-node/pkg/util/test"
 	"github.com/stretchr/testify/require"
 )
 
+func genKey(t *testing.T) *keys.PrivateKey {
+	priv, err := keys.NewPrivateKey()
+	require.NoError(t, err)
+	return priv
+}
+
 func TestCleanupTable(t *testing.T) {
 	infos := []netmap.NodeInfo{
-		newNodeInfo(&test.DecodeKey(1).PublicKey),
-		newNodeInfo(&test.DecodeKey(2).PublicKey),
-		newNodeInfo(&test.DecodeKey(3).PublicKey),
+		newNodeInfo(genKey(t).PublicKey()),
+		newNodeInfo(genKey(t).PublicKey()),
+		newNodeInfo(genKey(t).PublicKey()),
 	}
 
 	networkMap, err := netmap.NewNetmap(netmap.NodesFromInfo(infos))
@@ -117,7 +121,7 @@ func TestCleanupTable(t *testing.T) {
 	})
 }
 
-func newNodeInfo(key *ecdsa.PublicKey) (n netmap.NodeInfo) {
-	n.SetPublicKey(crypto.MarshalPublicKey(key))
+func newNodeInfo(key *keys.PublicKey) (n netmap.NodeInfo) {
+	n.SetPublicKey(key.Bytes())
 	return n
 }
diff --git a/pkg/innerring/processors/settlement/audit/calculate.go b/pkg/innerring/processors/settlement/audit/calculate.go
index 4dcc88b21..84a4cea83 100644
--- a/pkg/innerring/processors/settlement/audit/calculate.go
+++ b/pkg/innerring/processors/settlement/audit/calculate.go
@@ -2,14 +2,16 @@ package audit
 
 import (
 	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"encoding/hex"
 	"math/big"
 
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/pkg/audit"
 	cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
 	"github.com/nspcc-dev/neofs-api-go/pkg/object"
 	"github.com/nspcc-dev/neofs-api-go/pkg/owner"
-	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring/processors/settlement/common"
 	"github.com/nspcc-dev/neofs-node/pkg/util/logger"
 	"go.uber.org/zap"
@@ -312,9 +314,12 @@ func (c *singleResultCtx) auditEpoch() uint64 {
 }
 
 func ownerFromKey(key []byte) (*owner.ID, error) {
-	pubKey := crypto.UnmarshalPublicKey(key)
+	pubKey, err := keys.NewPublicKeyFromBytes(key, elliptic.P256())
+	if err != nil {
+		return nil, err
+	}
 
-	n3wallet, err := owner.NEO3WalletFromPublicKey(pubKey)
+	n3wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(pubKey))
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/innerring/settlement.go b/pkg/innerring/settlement.go
index 31070795f..f3203e58c 100644
--- a/pkg/innerring/settlement.go
+++ b/pkg/innerring/settlement.go
@@ -2,10 +2,13 @@ package innerring
 
 import (
 	"context"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"encoding/hex"
 	"fmt"
 	"math/big"
 
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	auditAPI "github.com/nspcc-dev/neofs-api-go/pkg/audit"
 	containerAPI "github.com/nspcc-dev/neofs-api-go/pkg/container"
 	cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
@@ -13,7 +16,6 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/pkg/object"
 	"github.com/nspcc-dev/neofs-api-go/pkg/owner"
 	"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
-	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-node/pkg/core/container"
 	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring/processors/settlement/audit"
@@ -181,7 +183,12 @@ func (s settlementDeps) SGInfo(addr *object.Address) (audit.SGInfo, error) {
 }
 
 func (s settlementDeps) ResolveKey(ni common.NodeInfo) (*owner.ID, error) {
-	w, err := owner.NEO3WalletFromPublicKey(crypto.UnmarshalPublicKey(ni.PublicKey()))
+	pub, err := keys.NewPublicKeyFromBytes(ni.PublicKey(), elliptic.P256())
+	if err != nil {
+		return nil, err
+	}
+
+	w, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(pub))
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/util/config/crypto.go b/pkg/util/config/crypto.go
new file mode 100644
index 000000000..2564b21c0
--- /dev/null
+++ b/pkg/util/config/crypto.go
@@ -0,0 +1,34 @@
+package config
+
+import (
+	"errors"
+
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+)
+
+// LoadAccount loads NEP-6 load, unlocks and returns provided account.
+func LoadAccount(path, addr, password string) (*wallet.Account, error) {
+	w, err := wallet.NewWalletFromFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	defer w.Close()
+
+	h, err := address.StringToUint160(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	acc := w.GetAccount(h)
+	if acc == nil {
+		return nil, errors.New("account is missing")
+	}
+
+	if err := acc.Decrypt(password); err != nil {
+		return nil, err
+	}
+
+	return acc, nil
+}