[#202] object/eacl: Verify signature of eACL table
Since the contract started returning the table signature, it became necessary to check its correctness. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
ffbf6b922f
commit
ad348afcd6
1 changed files with 28 additions and 3 deletions
|
@ -3,18 +3,43 @@ package eacl
|
||||||
import (
|
import (
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
|
"github.com/nspcc-dev/neofs-api-go/util/signature"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
|
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/util/logger"
|
"github.com/nspcc-dev/neofs-node/pkg/util/logger"
|
||||||
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
type morphStorage struct {
|
type morphStorage struct {
|
||||||
w *wrapper.Wrapper
|
w *wrapper.Wrapper
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) {
|
type signedEACLTable eacl.Table
|
||||||
table, _, err := s.w.GetEACL(cid)
|
|
||||||
|
|
||||||
return table, err
|
func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
|
||||||
|
return (*eacl.Table)(s).Marshal(buf)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *signedEACLTable) SignedDataSize() int {
|
||||||
|
// TODO: add eacl.Table.Size method
|
||||||
|
return (*eacl.Table)(s).ToV2().StableSize()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) {
|
||||||
|
table, sig, err := s.w.GetEACL(cid)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := signature.VerifyDataWithSource(
|
||||||
|
(*signedEACLTable)(table),
|
||||||
|
func() ([]byte, []byte) {
|
||||||
|
return sig.Key(), sig.Sign()
|
||||||
|
},
|
||||||
|
); err != nil {
|
||||||
|
return nil, errors.Wrap(err, "incorrect signature")
|
||||||
|
}
|
||||||
|
|
||||||
|
return table, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func WithLogger(v *logger.Logger) Option {
|
func WithLogger(v *logger.Logger) Option {
|
||||||
|
|
Loading…
Reference in a new issue