2020-07-24 13:54:03 +00:00
|
|
|
package container
|
|
|
|
|
|
|
|
import (
|
2021-05-18 08:12:51 +00:00
|
|
|
"fmt"
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
2020-07-24 13:54:03 +00:00
|
|
|
"github.com/nspcc-dev/neofs-node/pkg/morph/client"
|
2022-01-31 13:34:01 +00:00
|
|
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/signature"
|
2020-07-24 13:54:03 +00:00
|
|
|
)
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
// GetEACL reads the extended ACL table from NeoFS system
|
|
|
|
// through Container contract call.
|
|
|
|
func (c *Client) GetEACL(cid *cid.ID) (*eacl.Table, error) {
|
|
|
|
if cid == nil {
|
|
|
|
return nil, errNilArgument
|
|
|
|
}
|
2021-05-25 16:35:41 +00:00
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
v2 := cid.ToV2()
|
|
|
|
if v2 == nil {
|
|
|
|
return nil, errUnsupported // use other major version if there any
|
|
|
|
}
|
2021-11-09 20:52:29 +00:00
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
prm := client.TestInvokePrm{}
|
|
|
|
prm.SetMethod(eaclMethod)
|
|
|
|
prm.SetArgs(v2.GetValue())
|
2021-11-09 20:52:29 +00:00
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
prms, err := c.client.TestInvoke(prm)
|
2020-07-24 13:54:03 +00:00
|
|
|
if err != nil {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("could not perform test invocation (%s): %w", eaclMethod, err)
|
2020-07-24 13:54:03 +00:00
|
|
|
} else if ln := len(prms); ln != 1 {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("unexpected stack item count (%s): %d", eaclMethod, ln)
|
2020-07-24 13:54:03 +00:00
|
|
|
}
|
|
|
|
|
2020-09-04 12:18:47 +00:00
|
|
|
arr, err := client.ArrayFromStackItem(prms[0])
|
|
|
|
if err != nil {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("could not get item array of eACL (%s): %w", eaclMethod, err)
|
2020-09-04 12:18:47 +00:00
|
|
|
}
|
|
|
|
|
2021-05-25 14:46:34 +00:00
|
|
|
if len(arr) != 4 {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("unexpected eacl stack item count (%s): %d", eaclMethod, len(arr))
|
2020-09-04 12:18:47 +00:00
|
|
|
}
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
rawEACL, err := client.BytesFromStackItem(arr[0])
|
2020-09-04 12:18:47 +00:00
|
|
|
if err != nil {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("could not get byte array of eACL (%s): %w", eaclMethod, err)
|
2020-09-04 12:18:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
sig, err := client.BytesFromStackItem(arr[1])
|
2020-07-24 13:54:03 +00:00
|
|
|
if err != nil {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("could not get byte array of eACL signature (%s): %w", eaclMethod, err)
|
2020-07-24 13:54:03 +00:00
|
|
|
}
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
// Client may not return errors if the table is missing, so check this case additionally.
|
|
|
|
// The absence of a signature in the response can be taken as an eACL absence criterion,
|
|
|
|
// since unsigned table cannot be approved in the storage by design.
|
|
|
|
if len(sig) == 0 {
|
|
|
|
return nil, container.ErrEACLNotFound
|
|
|
|
}
|
|
|
|
|
2021-01-14 16:00:10 +00:00
|
|
|
pub, err := client.BytesFromStackItem(arr[2])
|
|
|
|
if err != nil {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("could not get byte array of eACL public key (%s): %w", eaclMethod, err)
|
2021-01-14 16:00:10 +00:00
|
|
|
}
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
binToken, err := client.BytesFromStackItem(arr[3])
|
2021-05-25 16:35:41 +00:00
|
|
|
if err != nil {
|
2022-01-29 13:06:36 +00:00
|
|
|
return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err)
|
2021-05-25 16:35:41 +00:00
|
|
|
}
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
table := eacl.NewTable()
|
|
|
|
if err = table.Unmarshal(rawEACL); err != nil {
|
|
|
|
// use other major version if there any
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(binToken) > 0 {
|
|
|
|
tok := session.NewToken()
|
|
|
|
|
|
|
|
err = tok.Unmarshal(binToken)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not unmarshal session token: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
table.SetSessionToken(tok)
|
|
|
|
}
|
|
|
|
|
|
|
|
tableSignature := signature.New()
|
|
|
|
tableSignature.SetKey(pub)
|
|
|
|
tableSignature.SetSign(sig)
|
|
|
|
|
|
|
|
table.SetSignature(tableSignature)
|
|
|
|
|
|
|
|
return table, nil
|
2020-07-24 13:54:03 +00:00
|
|
|
}
|