forked from TrueCloudLab/frostfs-node
[#303] ir: Use pub key when validate container deletion
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
This commit is contained in:
parent
69df0d21c2
commit
50caa388b0
6 changed files with 31 additions and 47 deletions
|
@ -1,6 +1,7 @@
|
||||||
package container
|
package container
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
||||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
|
||||||
)
|
)
|
||||||
|
@ -8,43 +9,14 @@ import (
|
||||||
// RemovalWitness groups the information required
|
// RemovalWitness groups the information required
|
||||||
// to prove and verify the removal of a container.
|
// to prove and verify the removal of a container.
|
||||||
type RemovalWitness struct {
|
type RemovalWitness struct {
|
||||||
cnr cid.ID
|
|
||||||
|
|
||||||
sig []byte
|
|
||||||
|
|
||||||
token *session.Container
|
|
||||||
}
|
|
||||||
|
|
||||||
// ContainerID returns the identifier of the container
|
// ContainerID returns the identifier of the container
|
||||||
// to be removed.
|
// to be removed.
|
||||||
func (x RemovalWitness) ContainerID() cid.ID {
|
ContainerID cid.ID
|
||||||
return x.cnr
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetContainerID sets the identifier of the container
|
// Signature the signature of the container identifier.
|
||||||
// to be removed.
|
Signature *refs.Signature
|
||||||
func (x *RemovalWitness) SetContainerID(id cid.ID) {
|
|
||||||
x.cnr = id
|
|
||||||
}
|
|
||||||
|
|
||||||
// Signature returns the signature of the container identifier.
|
// SessionToken the token of the session within
|
||||||
func (x RemovalWitness) Signature() []byte {
|
|
||||||
return x.sig
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetSignature sets a signature of the container identifier.
|
|
||||||
func (x *RemovalWitness) SetSignature(sig []byte) {
|
|
||||||
x.sig = sig
|
|
||||||
}
|
|
||||||
|
|
||||||
// SessionToken returns the token of the session within
|
|
||||||
// which the container was removed.
|
// which the container was removed.
|
||||||
func (x RemovalWitness) SessionToken() *session.Container {
|
SessionToken *session.Container
|
||||||
return x.token
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetSessionToken sets the token of the session within
|
|
||||||
// which the container was removed.
|
|
||||||
func (x *RemovalWitness) SetSessionToken(tok *session.Container) {
|
|
||||||
x.token = tok
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error {
|
||||||
binTokenSession: e.SessionToken(),
|
binTokenSession: e.SessionToken(),
|
||||||
signature: e.Signature(),
|
signature: e.Signature(),
|
||||||
signedData: binCnr,
|
signedData: binCnr,
|
||||||
|
binPublicKey: e.PublicKeyValue,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("auth container removal: %w", err)
|
return fmt.Errorf("auth container removal: %w", err)
|
||||||
|
|
|
@ -14,14 +14,15 @@ import (
|
||||||
// Returns error if container ID is nil.
|
// Returns error if container ID is nil.
|
||||||
func Delete(c *Client, witness core.RemovalWitness) error {
|
func Delete(c *Client, witness core.RemovalWitness) error {
|
||||||
binCnr := make([]byte, sha256.Size)
|
binCnr := make([]byte, sha256.Size)
|
||||||
witness.ContainerID().Encode(binCnr)
|
witness.ContainerID.Encode(binCnr)
|
||||||
|
|
||||||
var prm DeletePrm
|
var prm DeletePrm
|
||||||
|
|
||||||
prm.SetCID(binCnr)
|
prm.SetCID(binCnr)
|
||||||
prm.SetSignature(witness.Signature())
|
prm.SetSignature(witness.Signature.GetSign())
|
||||||
|
prm.SetKey(witness.Signature.GetKey())
|
||||||
|
|
||||||
if tok := witness.SessionToken(); tok != nil {
|
if tok := witness.SessionToken; tok != nil {
|
||||||
prm.SetToken(tok.Marshal())
|
prm.SetToken(tok.Marshal())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,6 +34,7 @@ type DeletePrm struct {
|
||||||
cnr []byte
|
cnr []byte
|
||||||
signature []byte
|
signature []byte
|
||||||
token []byte
|
token []byte
|
||||||
|
key []byte
|
||||||
|
|
||||||
client.InvokePrmOptional
|
client.InvokePrmOptional
|
||||||
}
|
}
|
||||||
|
@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) {
|
||||||
d.token = token
|
d.token = token
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetKey sets public key.
|
||||||
|
func (d *DeletePrm) SetKey(key []byte) {
|
||||||
|
d.key = key
|
||||||
|
}
|
||||||
|
|
||||||
// Delete removes the container from FrostFS system
|
// Delete removes the container from FrostFS system
|
||||||
// through Container contract call.
|
// through Container contract call.
|
||||||
//
|
//
|
||||||
|
@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error {
|
||||||
|
|
||||||
prm := client.InvokePrm{}
|
prm := client.InvokePrm{}
|
||||||
prm.SetMethod(deleteMethod)
|
prm.SetMethod(deleteMethod)
|
||||||
prm.SetArgs(p.cnr, p.signature, p.token)
|
prm.SetArgs(p.cnr, p.signature, p.key, p.token)
|
||||||
prm.InvokePrmOptional = p.InvokePrmOptional
|
prm.InvokePrmOptional = p.InvokePrmOptional
|
||||||
|
|
||||||
err := c.client.Invoke(prm)
|
err := c.client.Invoke(prm)
|
||||||
|
|
|
@ -15,6 +15,7 @@ type Delete struct {
|
||||||
ContainerIDValue []byte
|
ContainerIDValue []byte
|
||||||
SignatureValue []byte
|
SignatureValue []byte
|
||||||
TokenValue []byte
|
TokenValue []byte
|
||||||
|
PublicKeyValue []byte
|
||||||
|
|
||||||
// For notary notifications only.
|
// For notary notifications only.
|
||||||
// Contains raw transactions of notary request.
|
// Contains raw transactions of notary request.
|
||||||
|
@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest {
|
||||||
return d.NotaryRequestValue
|
return d.NotaryRequestValue
|
||||||
}
|
}
|
||||||
|
|
||||||
const expectedItemNumDelete = 3
|
const expectedItemNumDelete = 4
|
||||||
|
|
||||||
// DeleteSuccess structures notification event of successful container removal
|
// DeleteSuccess structures notification event of successful container removal
|
||||||
// thrown by Container contract.
|
// thrown by Container contract.
|
||||||
|
|
|
@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (d *Delete) setPublicKey(v []byte) {
|
||||||
|
d.PublicKeyValue = v
|
||||||
|
}
|
||||||
|
|
||||||
func (d *Delete) setToken(v []byte) {
|
func (d *Delete) setToken(v []byte) {
|
||||||
if v != nil {
|
if v != nil {
|
||||||
d.TokenValue = v
|
d.TokenValue = v
|
||||||
|
@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) {
|
||||||
var deleteFieldSetters = []func(*Delete, []byte){
|
var deleteFieldSetters = []func(*Delete, []byte){
|
||||||
// order on stack is reversed
|
// order on stack is reversed
|
||||||
(*Delete).setToken,
|
(*Delete).setToken,
|
||||||
|
(*Delete).setPublicKey,
|
||||||
(*Delete).setSignature,
|
(*Delete).setSignature,
|
||||||
(*Delete).setContainerID,
|
(*Delete).setContainerID,
|
||||||
}
|
}
|
||||||
|
|
|
@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
|
||||||
return nil, fmt.Errorf("invalid container ID: %w", err)
|
return nil, fmt.Errorf("invalid container ID: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
sig := body.GetSignature().GetSign()
|
|
||||||
|
|
||||||
var tok *session.Container
|
var tok *session.Container
|
||||||
|
|
||||||
if tokV2 != nil {
|
if tokV2 != nil {
|
||||||
|
@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
|
||||||
|
|
||||||
var rmWitness containercore.RemovalWitness
|
var rmWitness containercore.RemovalWitness
|
||||||
|
|
||||||
rmWitness.SetContainerID(id)
|
rmWitness.ContainerID = id
|
||||||
rmWitness.SetSignature(sig)
|
rmWitness.Signature = body.GetSignature()
|
||||||
rmWitness.SetSessionToken(tok)
|
rmWitness.SessionToken = tok
|
||||||
|
|
||||||
err = s.wrt.Delete(rmWitness)
|
err = s.wrt.Delete(rmWitness)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue