179 lines
3.7 KiB
Go
179 lines
3.7 KiB
Go
package eacl
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
|
|
v2acl "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/acl"
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
|
)
|
|
|
|
// Target is a group of request senders to match ContainerEACL. Defined by role enum
|
|
// and set of public keys.
|
|
//
|
|
// Target is compatible with v2 acl.EACLRecord.Target message.
|
|
type Target struct {
|
|
role Role
|
|
keys [][]byte
|
|
}
|
|
|
|
func ecdsaKeysToPtrs(keys []ecdsa.PublicKey) []*ecdsa.PublicKey {
|
|
keysPtr := make([]*ecdsa.PublicKey, len(keys))
|
|
|
|
for i := range keys {
|
|
keysPtr[i] = &keys[i]
|
|
}
|
|
|
|
return keysPtr
|
|
}
|
|
|
|
// BinaryKeys returns list of public keys to identify
|
|
// target subject in a binary format.
|
|
func (t *Target) BinaryKeys() [][]byte {
|
|
return t.keys
|
|
}
|
|
|
|
// SetBinaryKeys sets list of binary public keys to identify
|
|
// target subject.
|
|
func (t *Target) SetBinaryKeys(keys [][]byte) {
|
|
t.keys = keys
|
|
}
|
|
|
|
// SetTargetECDSAKeys converts ECDSA public keys to a binary
|
|
// format and stores them in Target.
|
|
func SetTargetECDSAKeys(t *Target, pubs ...*ecdsa.PublicKey) {
|
|
binKeys := t.BinaryKeys()
|
|
ln := len(pubs)
|
|
|
|
if cap(binKeys) >= ln {
|
|
binKeys = binKeys[:0]
|
|
} else {
|
|
binKeys = make([][]byte, 0, ln)
|
|
}
|
|
|
|
for i := range ln {
|
|
binKeys = append(binKeys, (*keys.PublicKey)(pubs[i]).Bytes())
|
|
}
|
|
|
|
t.SetBinaryKeys(binKeys)
|
|
}
|
|
|
|
// TargetECDSAKeys interprets binary public keys of Target
|
|
// as ECDSA public keys. If any key has a different format,
|
|
// the corresponding element will be nil.
|
|
func TargetECDSAKeys(t *Target) []*ecdsa.PublicKey {
|
|
binKeys := t.BinaryKeys()
|
|
ln := len(binKeys)
|
|
|
|
pubs := make([]*ecdsa.PublicKey, ln)
|
|
|
|
for i := range ln {
|
|
p := new(keys.PublicKey)
|
|
if p.DecodeBytes(binKeys[i]) == nil {
|
|
pubs[i] = (*ecdsa.PublicKey)(p)
|
|
}
|
|
}
|
|
|
|
return pubs
|
|
}
|
|
|
|
// SetRole sets target subject's role class.
|
|
func (t *Target) SetRole(r Role) {
|
|
t.role = r
|
|
}
|
|
|
|
// Role returns target subject's role class.
|
|
func (t Target) Role() Role {
|
|
return t.role
|
|
}
|
|
|
|
// ToV2 converts Target to v2 acl.EACLRecord.Target message.
|
|
//
|
|
// Nil Target converts to nil.
|
|
func (t *Target) ToV2() *v2acl.Target {
|
|
if t == nil {
|
|
return nil
|
|
}
|
|
|
|
target := new(v2acl.Target)
|
|
target.SetRole(t.role.ToV2())
|
|
target.SetKeys(t.keys)
|
|
|
|
return target
|
|
}
|
|
|
|
// NewTarget creates, initializes and returns blank Target instance.
|
|
//
|
|
// Defaults:
|
|
// - role: RoleUnknown;
|
|
// - keys: nil.
|
|
func NewTarget() *Target {
|
|
return NewTargetFromV2(new(v2acl.Target))
|
|
}
|
|
|
|
// NewTargetFromV2 converts v2 acl.EACLRecord.Target message to Target.
|
|
func NewTargetFromV2(target *v2acl.Target) *Target {
|
|
if target == nil {
|
|
return new(Target)
|
|
}
|
|
|
|
return &Target{
|
|
role: RoleFromV2(target.GetRole()),
|
|
keys: target.GetKeys(),
|
|
}
|
|
}
|
|
|
|
// Marshal marshals Target into a protobuf binary form.
|
|
func (t *Target) Marshal() ([]byte, error) {
|
|
return t.ToV2().StableMarshal(nil), nil
|
|
}
|
|
|
|
// Unmarshal unmarshals protobuf binary representation of Target.
|
|
func (t *Target) Unmarshal(data []byte) error {
|
|
fV2 := new(v2acl.Target)
|
|
if err := fV2.Unmarshal(data); err != nil {
|
|
return err
|
|
}
|
|
|
|
*t = *NewTargetFromV2(fV2)
|
|
|
|
return nil
|
|
}
|
|
|
|
// MarshalJSON encodes Target to protobuf JSON format.
|
|
func (t *Target) MarshalJSON() ([]byte, error) {
|
|
return t.ToV2().MarshalJSON()
|
|
}
|
|
|
|
// UnmarshalJSON decodes Target from protobuf JSON format.
|
|
func (t *Target) UnmarshalJSON(data []byte) error {
|
|
tV2 := new(v2acl.Target)
|
|
if err := tV2.UnmarshalJSON(data); err != nil {
|
|
return err
|
|
}
|
|
|
|
*t = *NewTargetFromV2(tV2)
|
|
|
|
return nil
|
|
}
|
|
|
|
// equalTargets compares Target with each other.
|
|
func equalTargets(t1, t2 Target) bool {
|
|
if t1.Role() != t2.Role() {
|
|
return false
|
|
}
|
|
|
|
keys1, keys2 := t1.BinaryKeys(), t2.BinaryKeys()
|
|
|
|
if len(keys1) != len(keys2) {
|
|
return false
|
|
}
|
|
|
|
for i := range keys1 {
|
|
if !bytes.Equal(keys1[i], keys2[i]) {
|
|
return false
|
|
}
|
|
}
|
|
|
|
return true
|
|
}
|