[#505] morph/container: Verify signature of deleting container ID

Get all owner keys and verify container ID signature until first success. If
none of the keys match, then prohibit deletion. Thus, the delete operation
is only allowed to the owner of the container. With this approach, a
separate check for key ownership is not required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-05-19 19:42:29 +03:00 committed by Alex Vanin
parent 83c27f6e8a
commit 369c12b702

View file

@ -96,8 +96,32 @@ func (cp *Processor) processContainerDelete(delete *containerEvent.Delete) {
} }
func (cp *Processor) checkDeleteContainer(e *containerEvent.Delete) error { func (cp *Processor) checkDeleteContainer(e *containerEvent.Delete) error {
cid := e.ContainerID()
// receive owner of the related container
cnr, err := cp.cnrClient.Get(cid)
if err != nil {
return fmt.Errorf("could not receive the container: %w", err)
}
// receive all owner keys
ownerKeys, err := cp.idClient.AccountKeys(cnr.OwnerID())
if err != nil {
return fmt.Errorf("could not received owner keys %s: %w", cnr.OwnerID(), err)
}
// verify signature
cidHash := sha256.Sum256(cid)
sig := e.Signature()
for _, ownerKey := range ownerKeys {
if ownerKey.Verify(sig, cidHash[:]) {
return nil return nil
} }
}
return errors.New("signature verification failed on all owner keys ")
}
func (cp *Processor) approveDeleteContainer(e *containerEvent.Delete) { func (cp *Processor) approveDeleteContainer(e *containerEvent.Delete) {
// FIXME: here we should try notary invoke // FIXME: here we should try notary invoke