[#317] morph/client: Return complete eACL signature from contract

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2021-01-14 19:00:10 +03:00 committed by Alex Vanin
parent c75a828adf
commit a89567a88d
4 changed files with 26 additions and 14 deletions

View file

@ -425,10 +425,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
for i := 0; i < awaitTimeout; i++ {
time.Sleep(1 * time.Second)
eaclSig, err := cli.GetEACLWithSignature(ctx, id, globalCallOptions()...)
table, err := cli.GetEACL(ctx, id, globalCallOptions()...)
if err == nil {
// compare binary values because EACL could have been set already
got, err := eaclSig.EACL().Marshal()
got, err := table.Marshal()
if err != nil {
continue
}

View file

@ -16,7 +16,9 @@ type EACLArgs struct {
type EACLValues struct {
eacl []byte // extended ACL table
signature []byte // signature of extended ACL table
signature []byte // RFC-6979 signature of extended ACL table
publicKey []byte // public key of the extended ACL table signer
}
// SetCID sets the container identifier
@ -31,10 +33,16 @@ func (g *EACLValues) EACL() []byte {
return g.eacl
}
// Signature returns RFC-6979 signature of extended ACL table.
func (g *EACLValues) Signature() []byte {
return g.signature
}
// PublicKey of the signature.
func (g *EACLValues) PublicKey() []byte {
return g.publicKey
}
// EACL performs the test invoke of get eACL
// method of NeoFS Container contract.
func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
@ -53,7 +61,7 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod)
}
if len(arr) != 2 {
if len(arr) != 3 {
return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr))
}
@ -67,8 +75,14 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod)
}
pub, err := client.BytesFromStackItem(arr[2])
if err != nil {
return nil, errors.Wrapf(err, "could not get byte array of eACL public key (%s)", c.eaclMethod)
}
return &EACLValues{
eacl: eacl,
signature: sig,
publicKey: pub,
}, nil
}

View file

@ -1,6 +1,7 @@
package wrapper
import (
"github.com/nspcc-dev/neofs-api-go/pkg"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-node/pkg/core/container"
@ -10,7 +11,7 @@ import (
// GetEACL reads the extended ACL table from NeoFS system
// through Container contract call.
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, error) {
if cid == nil {
return nil, nil, errNilArgument
}
@ -37,13 +38,17 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
return nil, nil, container.ErrEACLNotFound
}
tableSignature := pkg.NewSignature()
tableSignature.SetKey(rpcAnswer.PublicKey())
tableSignature.SetSign(sig)
table := eacl.NewTable()
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
// use other major version if there any
return nil, nil, err
}
return table, sig, nil
return table, tableSignature, nil
}
// PutEACL saves the extended ACL table in NeoFS system

View file

@ -111,14 +111,7 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
res := new(container.GetExtendedACLResponseBody)
res.SetEACL(table.ToV2())
// Public key should be obtained by request sender, so we set up only
// the signature. Technically, node can make invocation to find container
// owner public key, but request sender cannot trust this info.
sig := new(refs.Signature)
sig.SetSign(signature)
res.SetSignature(sig)
res.SetSignature(signature.ToV2())
return res, nil
}