forked from TrueCloudLab/frostfs-node
[#317] morph/client: Return complete eACL signature from contract
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
c75a828adf
commit
a89567a88d
4 changed files with 26 additions and 14 deletions
|
@ -425,10 +425,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
|
|||
for i := 0; i < awaitTimeout; i++ {
|
||||
time.Sleep(1 * time.Second)
|
||||
|
||||
eaclSig, err := cli.GetEACLWithSignature(ctx, id, globalCallOptions()...)
|
||||
table, err := cli.GetEACL(ctx, id, globalCallOptions()...)
|
||||
if err == nil {
|
||||
// compare binary values because EACL could have been set already
|
||||
got, err := eaclSig.EACL().Marshal()
|
||||
got, err := table.Marshal()
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
|
|
@ -16,7 +16,9 @@ type EACLArgs struct {
|
|||
type EACLValues struct {
|
||||
eacl []byte // extended ACL table
|
||||
|
||||
signature []byte // signature of extended ACL table
|
||||
signature []byte // RFC-6979 signature of extended ACL table
|
||||
|
||||
publicKey []byte // public key of the extended ACL table signer
|
||||
}
|
||||
|
||||
// SetCID sets the container identifier
|
||||
|
@ -31,10 +33,16 @@ func (g *EACLValues) EACL() []byte {
|
|||
return g.eacl
|
||||
}
|
||||
|
||||
// Signature returns RFC-6979 signature of extended ACL table.
|
||||
func (g *EACLValues) Signature() []byte {
|
||||
return g.signature
|
||||
}
|
||||
|
||||
// PublicKey of the signature.
|
||||
func (g *EACLValues) PublicKey() []byte {
|
||||
return g.publicKey
|
||||
}
|
||||
|
||||
// EACL performs the test invoke of get eACL
|
||||
// method of NeoFS Container contract.
|
||||
func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
||||
|
@ -53,7 +61,7 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
|||
return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod)
|
||||
}
|
||||
|
||||
if len(arr) != 2 {
|
||||
if len(arr) != 3 {
|
||||
return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr))
|
||||
}
|
||||
|
||||
|
@ -67,8 +75,14 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
|||
return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod)
|
||||
}
|
||||
|
||||
pub, err := client.BytesFromStackItem(arr[2])
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "could not get byte array of eACL public key (%s)", c.eaclMethod)
|
||||
}
|
||||
|
||||
return &EACLValues{
|
||||
eacl: eacl,
|
||||
signature: sig,
|
||||
publicKey: pub,
|
||||
}, nil
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package wrapper
|
||||
|
||||
import (
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||
|
@ -10,7 +11,7 @@ import (
|
|||
|
||||
// GetEACL reads the extended ACL table from NeoFS system
|
||||
// through Container contract call.
|
||||
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
|
||||
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, error) {
|
||||
if cid == nil {
|
||||
return nil, nil, errNilArgument
|
||||
}
|
||||
|
@ -37,13 +38,17 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
|
|||
return nil, nil, container.ErrEACLNotFound
|
||||
}
|
||||
|
||||
tableSignature := pkg.NewSignature()
|
||||
tableSignature.SetKey(rpcAnswer.PublicKey())
|
||||
tableSignature.SetSign(sig)
|
||||
|
||||
table := eacl.NewTable()
|
||||
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
|
||||
// use other major version if there any
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
return table, sig, nil
|
||||
return table, tableSignature, nil
|
||||
}
|
||||
|
||||
// PutEACL saves the extended ACL table in NeoFS system
|
||||
|
|
|
@ -111,14 +111,7 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
|
|||
|
||||
res := new(container.GetExtendedACLResponseBody)
|
||||
res.SetEACL(table.ToV2())
|
||||
|
||||
// Public key should be obtained by request sender, so we set up only
|
||||
// the signature. Technically, node can make invocation to find container
|
||||
// owner public key, but request sender cannot trust this info.
|
||||
sig := new(refs.Signature)
|
||||
sig.SetSign(signature)
|
||||
|
||||
res.SetSignature(sig)
|
||||
res.SetSignature(signature.ToV2())
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue