ir: Use public key when validate container deletion #415

Merged
fyrchik merged 1 commit from acid-ant/frostfs-node:bugfix/303-del-cnt-by-owner into master 2023-06-20 08:02:49 +00:00
6 changed files with 31 additions and 47 deletions

View file

@ -1,6 +1,7 @@
package container
import (
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
)
@ -8,43 +9,14 @@ import (
// RemovalWitness groups the information required
// to prove and verify the removal of a container.
type RemovalWitness struct {
cnr cid.ID
// ContainerID returns the identifier of the container
// to be removed.
ContainerID cid.ID
sig []byte
// Signature the signature of the container identifier.
Signature *refs.Signature
token *session.Container
}
// ContainerID returns the identifier of the container
// to be removed.
func (x RemovalWitness) ContainerID() cid.ID {
return x.cnr
}
// SetContainerID sets the identifier of the container
// to be removed.
func (x *RemovalWitness) SetContainerID(id cid.ID) {
x.cnr = id
}
// Signature returns the signature of the container identifier.
func (x RemovalWitness) Signature() []byte {
return x.sig
}
// SetSignature sets a signature of the container identifier.
func (x *RemovalWitness) SetSignature(sig []byte) {
x.sig = sig
}
// SessionToken returns the token of the session within
// which the container was removed.
func (x RemovalWitness) SessionToken() *session.Container {
return x.token
}
// SetSessionToken sets the token of the session within
// which the container was removed.
func (x *RemovalWitness) SetSessionToken(tok *session.Container) {
x.token = tok
// SessionToken the token of the session within
// which the container was removed.
SessionToken *session.Container
}

View file

@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error {
binTokenSession: e.SessionToken(),
signature: e.Signature(),
signedData: binCnr,
binPublicKey: e.PublicKeyValue,
})
if err != nil {
return fmt.Errorf("auth container removal: %w", err)

View file

@ -14,14 +14,15 @@ import (
// Returns error if container ID is nil.
func Delete(c *Client, witness core.RemovalWitness) error {
binCnr := make([]byte, sha256.Size)
witness.ContainerID().Encode(binCnr)
witness.ContainerID.Encode(binCnr)
var prm DeletePrm
prm.SetCID(binCnr)
prm.SetSignature(witness.Signature())
prm.SetSignature(witness.Signature.GetSign())
prm.SetKey(witness.Signature.GetKey())
if tok := witness.SessionToken(); tok != nil {
if tok := witness.SessionToken; tok != nil {
prm.SetToken(tok.Marshal())
}
@ -33,6 +34,7 @@ type DeletePrm struct {
cnr []byte
signature []byte
token []byte
key []byte
client.InvokePrmOptional
}
@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) {
d.token = token
}
// SetKey sets public key.
func (d *DeletePrm) SetKey(key []byte) {
d.key = key
}
// Delete removes the container from FrostFS system
// through Container contract call.
//
@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error {
prm := client.InvokePrm{}
prm.SetMethod(deleteMethod)
prm.SetArgs(p.cnr, p.signature, p.token)
prm.SetArgs(p.cnr, p.signature, p.key, p.token)
prm.InvokePrmOptional = p.InvokePrmOptional
err := c.client.Invoke(prm)

View file

@ -15,6 +15,7 @@ type Delete struct {
ContainerIDValue []byte
SignatureValue []byte
TokenValue []byte
PublicKeyValue []byte
// For notary notifications only.
// Contains raw transactions of notary request.
@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest {
return d.NotaryRequestValue
}
const expectedItemNumDelete = 3
const expectedItemNumDelete = 4
// DeleteSuccess structures notification event of successful container removal
// thrown by Container contract.

View file

@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) {
}
}
func (d *Delete) setPublicKey(v []byte) {
d.PublicKeyValue = v
}
func (d *Delete) setToken(v []byte) {
if v != nil {
d.TokenValue = v
@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) {
var deleteFieldSetters = []func(*Delete, []byte){
// order on stack is reversed
(*Delete).setToken,
(*Delete).setPublicKey,
(*Delete).setSignature,
(*Delete).setContainerID,
}

View file

@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
return nil, fmt.Errorf("invalid container ID: %w", err)
}
sig := body.GetSignature().GetSign()
var tok *session.Container
if tokV2 != nil {
@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
var rmWitness containercore.RemovalWitness
rmWitness.SetContainerID(id)
rmWitness.SetSignature(sig)
rmWitness.SetSessionToken(tok)
rmWitness.ContainerID = id
rmWitness.Signature = body.GetSignature()
rmWitness.SessionToken = tok
err = s.wrt.Delete(rmWitness)
if err != nil {