frostfs-node/pkg/innerring/processors/container/process_eacl.go

package container

import (
	"crypto/elliptic"
	"crypto/sha256"
	"errors"
	"fmt"

	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
	"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
	"github.com/nspcc-dev/neofs-node/pkg/morph/event/container"
	"github.com/nspcc-dev/neofs-sdk-go/eacl"
	"github.com/nspcc-dev/neofs-sdk-go/session"
	"go.uber.org/zap"
)

func (cp *Processor) processSetEACL(e container.SetEACL) {
	if !cp.alphabetState.IsAlphabet() {
		cp.log.Info("non alphabet mode, ignore set EACL")
		return
	}

	err := cp.checkSetEACL(e)
	if err != nil {
		cp.log.Error("set EACL check failed",
			zap.String("error", err.Error()),
		)

		return
	}

	cp.approveSetEACL(e)
}

func (cp *Processor) checkSetEACL(e container.SetEACL) error {
	// verify signature
	key, err := keys.NewPublicKeyFromBytes(e.PublicKey(), elliptic.P256())
	if err != nil {
		return fmt.Errorf("invalid key: %w", err)
	}

	binTable := e.Table()
	tableHash := sha256.Sum256(binTable)

	if !key.Verify(e.Signature(), tableHash[:]) {
		return errors.New("invalid signature")
	}

	// verify the identity of the container owner

	// unmarshal table
	table := eacl.NewTable()

	err = table.Unmarshal(binTable)
	if err != nil {
		return fmt.Errorf("invalid binary table: %w", err)
	}

	// receive owner of the related container
	cnr, err := wrapper.Get(cp.cnrClient, table.CID())
	if err != nil {
		return fmt.Errorf("could not receive the container: %w", err)
	}

	// unmarshal session token if presented
	tok, err := tokenFromEvent(e)
	if err != nil {
		return err
	}

	if tok != nil {
		// check token context
		err = checkTokenContextWithCID(tok, table.CID(), func(c *session.ContainerContext) bool {
			return c.IsForSetEACL()
		})
		if err != nil {
			return err
		}
	}

	// check key ownership
	return cp.checkKeyOwnership(cnr, key)
}

func (cp *Processor) approveSetEACL(e container.SetEACL) {
	var err error

	if nr := e.NotaryRequest(); nr != nil {
		// setEACL event was received via Notary service
		err = cp.cnrClient.Morph().NotarySignAndInvokeTX(nr.MainTransaction)
	} else {
		// setEACL event was received via notification service
		err = cp.cnrClient.PutEACL(e.Table(), e.PublicKey(), e.Signature(), e.SessionToken())
	}
	if err != nil {
		cp.log.Error("could not approve set EACL",
			zap.String("error", err.Error()),
		)
	}
}
[#505] ir/container: Implement simplified handling of SetEACL event Implement `handleSetEACL` method similar to other handling methods in Container processor. To begin with, the validation logic is skipped, and all tables will be sent to the contract. In the future, the necessary checks will be implemented. Listening for events in the IR node will also be added. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:18:07 +00:00			`package container`

			`import (`
[#505] ir/container: Verify signature of binary eACL tables Add signature check to `checkSetEACL` method of the `setEACL` notification handler in Container processor. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:26:41 +00:00			`"crypto/elliptic"`
			`"crypto/sha256"`
			`"errors"`
			`"fmt"`

			`"github.com/nspcc-dev/neo-go/pkg/crypto/keys"`
[#505] morph/container: Change get container API Make `Get` method of the wrapper over Container contract's client to accept binary container ID. Create `Get` function similar to the previous `Get` variation. Use this function in Container service server in the place where `Get` method was used. Additionally implement `AsContainerSource` function which allows to simply compose container Source interface from the wrapper. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 16:32:25 +00:00			`"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"`
[#505] ir/container: Implement simplified handling of SetEACL event Implement `handleSetEACL` method similar to other handling methods in Container processor. To begin with, the validation logic is skipped, and all tables will be sent to the contract. In the future, the necessary checks will be implemented. Listening for events in the IR node will also be added. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:18:07 +00:00			`"github.com/nspcc-dev/neofs-node/pkg/morph/event/container"`
*: replace neofs-api-go with neofs-sdk-go Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2021-11-10 07:08:33 +00:00			`"github.com/nspcc-dev/neofs-sdk-go/eacl"`
			`"github.com/nspcc-dev/neofs-sdk-go/session"`
[#505] ir/container: Implement simplified handling of SetEACL event Implement `handleSetEACL` method similar to other handling methods in Container processor. To begin with, the validation logic is skipped, and all tables will be sent to the contract. In the future, the necessary checks will be implemented. Listening for events in the IR node will also be added. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:18:07 +00:00			`"go.uber.org/zap"`
			`)`

			`func (cp *Processor) processSetEACL(e container.SetEACL) {`
			`if !cp.alphabetState.IsAlphabet() {`
			`cp.log.Info("non alphabet mode, ignore set EACL")`
			`return`
			`}`

			`err := cp.checkSetEACL(e)`
			`if err != nil {`
			`cp.log.Error("set EACL check failed",`
			`zap.String("error", err.Error()),`
			`)`

			`return`
			`}`

			`cp.approveSetEACL(e)`
			`}`

			`func (cp *Processor) checkSetEACL(e container.SetEACL) error {`
[#505] ir/container: Verify signature of binary eACL tables Add signature check to `checkSetEACL` method of the `setEACL` notification handler in Container processor. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:26:41 +00:00			`// verify signature`
			`key, err := keys.NewPublicKeyFromBytes(e.PublicKey(), elliptic.P256())`
			`if err != nil {`
			`return fmt.Errorf("invalid key: %w", err)`
			`}`

[#525] ir/container: Verify operations with session token Session token can be presented `Put`, `Delete` and `SetEACL` notification events. IR should consider this case as issuing a power of attorney to a third party. Thus, checking the eligibility for an operation should be complicated: - token owner should be the owner of the related container; - the intent must be signed with a session key; - the power of attorney must be signed by the owner of the container. Omitted checks (TBD): - session token should have container session context; - the verb of the context should correspond to the operation. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-27 12:07:39 +00:00			`binTable := e.Table()`
			`tableHash := sha256.Sum256(binTable)`
[#505] ir/container: Verify signature of binary eACL tables Add signature check to `checkSetEACL` method of the `setEACL` notification handler in Container processor. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:26:41 +00:00
			`if !key.Verify(e.Signature(), tableHash[:]) {`
			`return errors.New("invalid signature")`
			`}`

[#505] ir/container: Check key ownership during set eACL handling Use NeoFS ID contract client to check if public key from notification event is tied to the owner of the container for which the eACL is being changed. Approve changes coming from the owner of the container only. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:28:10 +00:00			`// verify the identity of the container owner`

			`// unmarshal table`
			`table := eacl.NewTable()`

[#525] ir/container: Verify operations with session token Session token can be presented `Put`, `Delete` and `SetEACL` notification events. IR should consider this case as issuing a power of attorney to a third party. Thus, checking the eligibility for an operation should be complicated: - token owner should be the owner of the related container; - the intent must be signed with a session key; - the power of attorney must be signed by the owner of the container. Omitted checks (TBD): - session token should have container session context; - the verb of the context should correspond to the operation. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-27 12:07:39 +00:00			`err = table.Unmarshal(binTable)`
[#505] ir/container: Check key ownership during set eACL handling Use NeoFS ID contract client to check if public key from notification event is tied to the owner of the container for which the eACL is being changed. Approve changes coming from the owner of the container only. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:28:10 +00:00			`if err != nil {`
			`return fmt.Errorf("invalid binary table: %w", err)`
			`}`

			`// receive owner of the related container`
[#505] morph/container: Change get container API Make `Get` method of the wrapper over Container contract's client to accept binary container ID. Create `Get` function similar to the previous `Get` variation. Use this function in Container service server in the place where `Get` method was used. Additionally implement `AsContainerSource` function which allows to simply compose container Source interface from the wrapper. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 16:32:25 +00:00			`cnr, err := wrapper.Get(cp.cnrClient, table.CID())`
[#505] ir/container: Check key ownership during set eACL handling Use NeoFS ID contract client to check if public key from notification event is tied to the owner of the container for which the eACL is being changed. Approve changes coming from the owner of the container only. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:28:10 +00:00			`if err != nil {`
			`return fmt.Errorf("could not receive the container: %w", err)`
			`}`

[#525] ir/container: Verify operations with session token Session token can be presented `Put`, `Delete` and `SetEACL` notification events. IR should consider this case as issuing a power of attorney to a third party. Thus, checking the eligibility for an operation should be complicated: - token owner should be the owner of the related container; - the intent must be signed with a session key; - the power of attorney must be signed by the owner of the container. Omitted checks (TBD): - session token should have container session context; - the verb of the context should correspond to the operation. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-27 12:07:39 +00:00			`// unmarshal session token if presented`
			`tok, err := tokenFromEvent(e)`
			`if err != nil {`
			`return err`
			`}`

[#525] ir/container: Check session verb and container ID Token of the container session should be written out with container context. The context should have the verb corresponding to the operation. If an operation is performed on a fixed container, the session should be propagated to it or to all user containers Implement all described checks in validation of `Put` / `Delete` / `SetEACL` events. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-28 12:39:27 +00:00			`if tok != nil {`
			`// check token context`
			`err = checkTokenContextWithCID(tok, table.CID(), func(c *session.ContainerContext) bool {`
			`return c.IsForSetEACL()`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`}`
[#525] ir/container: Verify operations with session token Session token can be presented `Put`, `Delete` and `SetEACL` notification events. IR should consider this case as issuing a power of attorney to a third party. Thus, checking the eligibility for an operation should be complicated: - token owner should be the owner of the related container; - the intent must be signed with a session key; - the power of attorney must be signed by the owner of the container. Omitted checks (TBD): - session token should have container session context; - the verb of the context should correspond to the operation. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-27 12:07:39 +00:00
[#505] ir/container: Check key ownership during set eACL handling Use NeoFS ID contract client to check if public key from notification event is tied to the owner of the container for which the eACL is being changed. Approve changes coming from the owner of the container only. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:28:10 +00:00			`// check key ownership`
[#525] ir/container: Fix checks without session token In previous implementation verification of `SetEACL` events failed on events without session token. It was caused by redundant tries to verify `nil` session token. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-28 12:31:00 +00:00			`return cp.checkKeyOwnership(cnr, key)`
[#505] ir/container: Implement simplified handling of SetEACL event Implement `handleSetEACL` method similar to other handling methods in Container processor. To begin with, the validation logic is skipped, and all tables will be sent to the contract. In the future, the necessary checks will be implemented. Listening for events in the IR node will also be added. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:18:07 +00:00			`}`

			`func (cp *Processor) approveSetEACL(e container.SetEACL) {`
[#807] morph/event/container: Add `setEACL` notary support Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2021-09-08 08:20:11 +00:00			`var err error`

			`if nr := e.NotaryRequest(); nr != nil {`
			`// setEACL event was received via Notary service`
			`err = cp.cnrClient.Morph().NotarySignAndInvokeTX(nr.MainTransaction)`
			`} else {`
			`// setEACL event was received via notification service`
			`err = cp.cnrClient.PutEACL(e.Table(), e.PublicKey(), e.Signature(), e.SessionToken())`
			`}`
[#505] ir/container: Implement simplified handling of SetEACL event Implement `handleSetEACL` method similar to other handling methods in Container processor. To begin with, the validation logic is skipped, and all tables will be sent to the contract. In the future, the necessary checks will be implemented. Listening for events in the IR node will also be added. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2021-05-19 12:18:07 +00:00			`if err != nil {`
			`cp.log.Error("could not approve set EACL",`
			`zap.String("error", err.Error()),`
			`)`
			`}`
			`}`