forked from TrueCloudLab/frostfs-node
375c30e687
Object Tree Service allows changing trees assotiated with the container in runtime. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
44 lines
990 B
Go
44 lines
990 B
Go
package tree
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
|
"github.com/nspcc-dev/neofs-api-go/v2/signature"
|
|
cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
|
"github.com/nspcc-dev/neofs-sdk-go/user"
|
|
)
|
|
|
|
func (s *Service) verifyClient(req interface{}, cid cidSDK.ID, rawKey []byte) error {
|
|
// TODO(@fyrchik): #1328 access control
|
|
return nil
|
|
//nolint:govet
|
|
err := signature.VerifyServiceMessage(req)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
cnr, err := s.cnrSource.Get(cid)
|
|
if err != nil {
|
|
return fmt.Errorf("can't get container %s: %w", cid, err)
|
|
}
|
|
|
|
ownerID := cnr.Value.Owner()
|
|
|
|
pub, err := keys.NewPublicKeyFromBytes(rawKey, elliptic.P256())
|
|
if err != nil {
|
|
return fmt.Errorf("invalid public key: %w", err)
|
|
}
|
|
|
|
var actualID user.ID
|
|
user.IDFromKey(&actualID, (ecdsa.PublicKey)(*pub))
|
|
|
|
if !actualID.Equals(ownerID) {
|
|
return errors.New("`Move` request must be signed by a container owner")
|
|
}
|
|
|
|
return nil
|
|
}
|