[#303] ir: Use pub key when validate container deletion

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
This commit is contained in:
Anton Nikiforov 2023-06-01 11:55:06 +03:00
parent 69b788a90b
commit 47792cf183
6 changed files with 31 additions and 47 deletions

View file

@ -1,6 +1,7 @@
package container package container
import ( import (
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
) )
@ -8,43 +9,14 @@ import (
// RemovalWitness groups the information required // RemovalWitness groups the information required
// to prove and verify the removal of a container. // to prove and verify the removal of a container.
type RemovalWitness struct { type RemovalWitness struct {
cnr cid.ID // ContainerID returns the identifier of the container
// to be removed.
ContainerID cid.ID
sig []byte // Signature the signature of the container identifier.
Signature *refs.Signature
token *session.Container // SessionToken the token of the session within
} // which the container was removed.
SessionToken *session.Container
// ContainerID returns the identifier of the container
// to be removed.
func (x RemovalWitness) ContainerID() cid.ID {
return x.cnr
}
// SetContainerID sets the identifier of the container
// to be removed.
func (x *RemovalWitness) SetContainerID(id cid.ID) {
x.cnr = id
}
// Signature returns the signature of the container identifier.
func (x RemovalWitness) Signature() []byte {
return x.sig
}
// SetSignature sets a signature of the container identifier.
func (x *RemovalWitness) SetSignature(sig []byte) {
x.sig = sig
}
// SessionToken returns the token of the session within
// which the container was removed.
func (x RemovalWitness) SessionToken() *session.Container {
return x.token
}
// SetSessionToken sets the token of the session within
// which the container was removed.
func (x *RemovalWitness) SetSessionToken(tok *session.Container) {
x.token = tok
} }

View file

@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error {
binTokenSession: e.SessionToken(), binTokenSession: e.SessionToken(),
signature: e.Signature(), signature: e.Signature(),
signedData: binCnr, signedData: binCnr,
binPublicKey: e.PublicKeyValue,
}) })
if err != nil { if err != nil {
return fmt.Errorf("auth container removal: %w", err) return fmt.Errorf("auth container removal: %w", err)

View file

@ -14,14 +14,15 @@ import (
// Returns error if container ID is nil. // Returns error if container ID is nil.
func Delete(c *Client, witness core.RemovalWitness) error { func Delete(c *Client, witness core.RemovalWitness) error {
binCnr := make([]byte, sha256.Size) binCnr := make([]byte, sha256.Size)
witness.ContainerID().Encode(binCnr) witness.ContainerID.Encode(binCnr)
var prm DeletePrm var prm DeletePrm
prm.SetCID(binCnr) prm.SetCID(binCnr)
prm.SetSignature(witness.Signature()) prm.SetSignature(witness.Signature.GetSign())
prm.SetKey(witness.Signature.GetKey())
if tok := witness.SessionToken(); tok != nil { if tok := witness.SessionToken; tok != nil {
prm.SetToken(tok.Marshal()) prm.SetToken(tok.Marshal())
} }
@ -33,6 +34,7 @@ type DeletePrm struct {
cnr []byte cnr []byte
signature []byte signature []byte
token []byte token []byte
key []byte
client.InvokePrmOptional client.InvokePrmOptional
} }
@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) {
d.token = token d.token = token
} }
// SetKey sets public key.
func (d *DeletePrm) SetKey(key []byte) {
d.key = key
}
// Delete removes the container from FrostFS system // Delete removes the container from FrostFS system
// through Container contract call. // through Container contract call.
// //
@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error {
prm := client.InvokePrm{} prm := client.InvokePrm{}
prm.SetMethod(deleteMethod) prm.SetMethod(deleteMethod)
prm.SetArgs(p.cnr, p.signature, p.token) prm.SetArgs(p.cnr, p.signature, p.key, p.token)
prm.InvokePrmOptional = p.InvokePrmOptional prm.InvokePrmOptional = p.InvokePrmOptional
err := c.client.Invoke(prm) err := c.client.Invoke(prm)

View file

@ -15,6 +15,7 @@ type Delete struct {
ContainerIDValue []byte ContainerIDValue []byte
SignatureValue []byte SignatureValue []byte
TokenValue []byte TokenValue []byte
PublicKeyValue []byte
// For notary notifications only. // For notary notifications only.
// Contains raw transactions of notary request. // Contains raw transactions of notary request.
@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest {
return d.NotaryRequestValue return d.NotaryRequestValue
} }
const expectedItemNumDelete = 3 const expectedItemNumDelete = 4
// DeleteSuccess structures notification event of successful container removal // DeleteSuccess structures notification event of successful container removal
// thrown by Container contract. // thrown by Container contract.

View file

@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) {
} }
} }
func (d *Delete) setPublicKey(v []byte) {
d.PublicKeyValue = v
}
func (d *Delete) setToken(v []byte) { func (d *Delete) setToken(v []byte) {
if v != nil { if v != nil {
d.TokenValue = v d.TokenValue = v
@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) {
var deleteFieldSetters = []func(*Delete, []byte){ var deleteFieldSetters = []func(*Delete, []byte){
// order on stack is reversed // order on stack is reversed
(*Delete).setToken, (*Delete).setToken,
(*Delete).setPublicKey,
(*Delete).setSignature, (*Delete).setSignature,
(*Delete).setContainerID, (*Delete).setContainerID,
} }

View file

@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
return nil, fmt.Errorf("invalid container ID: %w", err) return nil, fmt.Errorf("invalid container ID: %w", err)
} }
sig := body.GetSignature().GetSign()
var tok *session.Container var tok *session.Container
if tokV2 != nil { if tokV2 != nil {
@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
var rmWitness containercore.RemovalWitness var rmWitness containercore.RemovalWitness
rmWitness.SetContainerID(id) rmWitness.ContainerID = id
rmWitness.SetSignature(sig) rmWitness.Signature = body.GetSignature()
rmWitness.SetSessionToken(tok) rmWitness.SessionToken = tok
err = s.wrt.Delete(rmWitness) err = s.wrt.Delete(rmWitness)
if err != nil { if err != nil {