[#303] ir: Use pub key when validate container deletion

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2023-06-01 11:55:06 +03:00 · 2023-06-01 11:55:06 +03:00 · 50caa388b0
parent 69df0d21c2
commit 50caa388b0
6 changed files with 31 additions and 47 deletions
--- a/pkg/core/container/delete.go
+++ b/pkg/core/container/delete.go
@ -1,6 +1,7 @@
 package container

 import (
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 )
@ -8,43 +9,14 @@ import (
 // RemovalWitness groups the information required
 // to prove and verify the removal of a container.
 type RemovalWitness struct {
-	cnr cid.ID
+	// ContainerID returns the identifier of the container
+	// to be removed.
+	ContainerID cid.ID

-	sig []byte
+	// Signature the signature of the container identifier.
+	Signature *refs.Signature

-	token *session.Container
-}
-
-// ContainerID returns the identifier of the container
-// to be removed.
-func (x RemovalWitness) ContainerID() cid.ID {
-	return x.cnr
-}
-
-// SetContainerID sets the identifier of the container
-// to be removed.
-func (x *RemovalWitness) SetContainerID(id cid.ID) {
-	x.cnr = id
-}
-
-// Signature returns the signature of the container identifier.
-func (x RemovalWitness) Signature() []byte {
-	return x.sig
-}
-
-// SetSignature sets a signature of the container identifier.
-func (x *RemovalWitness) SetSignature(sig []byte) {
-	x.sig = sig
-}
-
-// SessionToken returns the token of the session within
-// which the container was removed.
-func (x RemovalWitness) SessionToken() *session.Container {
-	return x.token
-}
-
-// SetSessionToken sets the token of the session within
-// which the container was removed.
-func (x *RemovalWitness) SetSessionToken(tok *session.Container) {
-	x.token = tok
+	// SessionToken the token of the session within
+	// which the container was removed.
+	SessionToken *session.Container
 }
--- a/pkg/innerring/processors/container/process_container.go
+++ b/pkg/innerring/processors/container/process_container.go
@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error {
 		binTokenSession: e.SessionToken(),
 		signature:       e.Signature(),
 		signedData:      binCnr,
+		binPublicKey:    e.PublicKeyValue,
 	})
 	if err != nil {
 		return fmt.Errorf("auth container removal: %w", err)
--- a/pkg/morph/client/container/delete.go
+++ b/pkg/morph/client/container/delete.go
@ -14,14 +14,15 @@ import (
 // Returns error if container ID is nil.
 func Delete(c *Client, witness core.RemovalWitness) error {
 	binCnr := make([]byte, sha256.Size)
-	witness.ContainerID().Encode(binCnr)
+	witness.ContainerID.Encode(binCnr)

 	var prm DeletePrm

 	prm.SetCID(binCnr)
-	prm.SetSignature(witness.Signature())
+	prm.SetSignature(witness.Signature.GetSign())
+	prm.SetKey(witness.Signature.GetKey())

-	if tok := witness.SessionToken(); tok != nil {
+	if tok := witness.SessionToken; tok != nil {
 		prm.SetToken(tok.Marshal())
 	}

@ -33,6 +34,7 @@ type DeletePrm struct {
 	cnr       []byte
 	signature []byte
 	token     []byte
+	key       []byte

 	client.InvokePrmOptional
 }
@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) {
 	d.token = token
 }

+// SetKey sets public key.
+func (d *DeletePrm) SetKey(key []byte) {
+	d.key = key
+}
+
 // Delete removes the container from FrostFS system
 // through Container contract call.
 //
@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error {

 	prm := client.InvokePrm{}
 	prm.SetMethod(deleteMethod)
-	prm.SetArgs(p.cnr, p.signature, p.token)
+	prm.SetArgs(p.cnr, p.signature, p.key, p.token)
 	prm.InvokePrmOptional = p.InvokePrmOptional

 	err := c.client.Invoke(prm)
--- a/pkg/morph/event/container/delete.go
+++ b/pkg/morph/event/container/delete.go
@ -15,6 +15,7 @@ type Delete struct {
 	ContainerIDValue []byte
 	SignatureValue   []byte
 	TokenValue       []byte
+	PublicKeyValue   []byte

 	// For notary notifications only.
 	// Contains raw transactions of notary request.
@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest {
 	return d.NotaryRequestValue
 }

-const expectedItemNumDelete = 3
+const expectedItemNumDelete = 4

 // DeleteSuccess structures notification event of successful container removal
 // thrown by Container contract.
--- a/pkg/morph/event/container/delete_notary.go
+++ b/pkg/morph/event/container/delete_notary.go
@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) {
 	}
 }

+func (d *Delete) setPublicKey(v []byte) {
+	d.PublicKeyValue = v
+}
+
 func (d *Delete) setToken(v []byte) {
 	if v != nil {
 		d.TokenValue = v
@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) {
 var deleteFieldSetters = []func(*Delete, []byte){
 	// order on stack is reversed
 	(*Delete).setToken,
+	(*Delete).setPublicKey,
 	(*Delete).setSignature,
 	(*Delete).setContainerID,
 }
--- a/pkg/services/container/morph/executor.go
+++ b/pkg/services/container/morph/executor.go
@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
 		return nil, fmt.Errorf("invalid container ID: %w", err)
 	}

-	sig := body.GetSignature().GetSign()
-
 	var tok *session.Container

 	if tokV2 != nil {
@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *

 	var rmWitness containercore.RemovalWitness

-	rmWitness.SetContainerID(id)
-	rmWitness.SetSignature(sig)
-	rmWitness.SetSessionToken(tok)
+	rmWitness.ContainerID = id
+	rmWitness.Signature = body.GetSignature()
+	rmWitness.SessionToken = tok

 	err = s.wrt.Delete(rmWitness)
 	if err != nil {