From a89567a88d07994929c7f58a5f9a542df59d458f Mon Sep 17 00:00:00 2001
From: Alex Vanin <alexey@nspcc.ru>
Date: Thu, 14 Jan 2021 19:00:10 +0300
Subject: [PATCH] [#317] morph/client: Return complete eACL signature from
 contract

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
---
 cmd/neofs-cli/modules/container.go         |  4 ++--
 pkg/morph/client/container/eacl.go         | 18 ++++++++++++++++--
 pkg/morph/client/container/wrapper/eacl.go |  9 +++++++--
 pkg/services/container/morph/executor.go   |  9 +--------
 4 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/cmd/neofs-cli/modules/container.go b/cmd/neofs-cli/modules/container.go
index 6ae5480d..95cddf75 100644
--- a/cmd/neofs-cli/modules/container.go
+++ b/cmd/neofs-cli/modules/container.go
@@ -425,10 +425,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
 			for i := 0; i < awaitTimeout; i++ {
 				time.Sleep(1 * time.Second)
 
-				eaclSig, err := cli.GetEACLWithSignature(ctx, id, globalCallOptions()...)
+				table, err := cli.GetEACL(ctx, id, globalCallOptions()...)
 				if err == nil {
 					// compare binary values because EACL could have been set already
-					got, err := eaclSig.EACL().Marshal()
+					got, err := table.Marshal()
 					if err != nil {
 						continue
 					}
diff --git a/pkg/morph/client/container/eacl.go b/pkg/morph/client/container/eacl.go
index d718bcd5..4629d832 100644
--- a/pkg/morph/client/container/eacl.go
+++ b/pkg/morph/client/container/eacl.go
@@ -16,7 +16,9 @@ type EACLArgs struct {
 type EACLValues struct {
 	eacl []byte // extended ACL table
 
-	signature []byte // signature of extended ACL table
+	signature []byte // RFC-6979 signature of extended ACL table
+
+	publicKey []byte // public key of the extended ACL table signer
 }
 
 // SetCID sets the container identifier
@@ -31,10 +33,16 @@ func (g *EACLValues) EACL() []byte {
 	return g.eacl
 }
 
+// Signature returns RFC-6979 signature of extended ACL table.
 func (g *EACLValues) Signature() []byte {
 	return g.signature
 }
 
+// PublicKey of the signature.
+func (g *EACLValues) PublicKey() []byte {
+	return g.publicKey
+}
+
 // EACL performs the test invoke of get eACL
 // method of NeoFS Container contract.
 func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
@@ -53,7 +61,7 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
 		return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod)
 	}
 
-	if len(arr) != 2 {
+	if len(arr) != 3 {
 		return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr))
 	}
 
@@ -67,8 +75,14 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
 		return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod)
 	}
 
+	pub, err := client.BytesFromStackItem(arr[2])
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not get byte array of eACL public key (%s)", c.eaclMethod)
+	}
+
 	return &EACLValues{
 		eacl:      eacl,
 		signature: sig,
+		publicKey: pub,
 	}, nil
 }
diff --git a/pkg/morph/client/container/wrapper/eacl.go b/pkg/morph/client/container/wrapper/eacl.go
index 2b966cbb..df4e2ccd 100644
--- a/pkg/morph/client/container/wrapper/eacl.go
+++ b/pkg/morph/client/container/wrapper/eacl.go
@@ -1,6 +1,7 @@
 package wrapper
 
 import (
+	"github.com/nspcc-dev/neofs-api-go/pkg"
 	"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
 	containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
 	"github.com/nspcc-dev/neofs-node/pkg/core/container"
@@ -10,7 +11,7 @@ import (
 
 // GetEACL reads the extended ACL table from NeoFS system
 // through Container contract call.
-func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
+func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, error) {
 	if cid == nil {
 		return nil, nil, errNilArgument
 	}
@@ -37,13 +38,17 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
 		return nil, nil, container.ErrEACLNotFound
 	}
 
+	tableSignature := pkg.NewSignature()
+	tableSignature.SetKey(rpcAnswer.PublicKey())
+	tableSignature.SetSign(sig)
+
 	table := eacl.NewTable()
 	if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
 		// use other major version if there any
 		return nil, nil, err
 	}
 
-	return table, sig, nil
+	return table, tableSignature, nil
 }
 
 // PutEACL saves the extended ACL table in NeoFS system
diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go
index 675dda85..5cbe5dfb 100644
--- a/pkg/services/container/morph/executor.go
+++ b/pkg/services/container/morph/executor.go
@@ -111,14 +111,7 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
 
 	res := new(container.GetExtendedACLResponseBody)
 	res.SetEACL(table.ToV2())
-
-	// Public key should be obtained by request sender, so we set up only
-	// the signature. Technically, node can make invocation to find container
-	// owner public key, but request sender cannot trust this info.
-	sig := new(refs.Signature)
-	sig.SetSign(signature)
-
-	res.SetSignature(sig)
+	res.SetSignature(signature.ToV2())
 
 	return res, nil
 }