2020-09-29 12:37:19 +00:00
|
|
|
package object
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2021-05-31 08:55:40 +00:00
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
2021-05-18 08:12:51 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2021-02-15 08:28:42 +00:00
|
|
|
"strconv"
|
2020-09-29 12:37:19 +00:00
|
|
|
|
2021-05-31 08:55:40 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
2020-09-29 12:37:19 +00:00
|
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/object"
|
|
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
2020-12-17 16:54:38 +00:00
|
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
|
2021-02-15 08:28:42 +00:00
|
|
|
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
|
|
|
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
|
2020-09-29 12:37:19 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// FormatValidator represents object format validator.
|
2020-10-03 10:14:09 +00:00
|
|
|
type FormatValidator struct {
|
|
|
|
*cfg
|
|
|
|
}
|
|
|
|
|
|
|
|
// FormatValidatorOption represents FormatValidator constructor option.
|
|
|
|
type FormatValidatorOption func(*cfg)
|
|
|
|
|
|
|
|
type cfg struct {
|
|
|
|
deleteHandler DeleteHandler
|
2021-02-15 08:28:42 +00:00
|
|
|
|
|
|
|
netState netmap.State
|
2020-10-03 10:14:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteHandler is an interface of delete queue processor.
|
|
|
|
type DeleteHandler interface {
|
2020-12-01 11:23:28 +00:00
|
|
|
DeleteObjects(*object.Address, ...*object.Address)
|
2020-10-03 10:14:09 +00:00
|
|
|
}
|
2020-09-29 12:37:19 +00:00
|
|
|
|
|
|
|
var errNilObject = errors.New("object is nil")
|
|
|
|
|
|
|
|
var errNilID = errors.New("missing identifier")
|
|
|
|
|
|
|
|
var errNilCID = errors.New("missing container identifier")
|
|
|
|
|
2021-02-19 09:29:42 +00:00
|
|
|
var errNoExpirationEpoch = errors.New("missing expiration epoch attribute")
|
|
|
|
|
|
|
|
var errTombstoneExpiration = errors.New("tombstone body and header contain different expiration values")
|
|
|
|
|
2020-10-03 10:14:09 +00:00
|
|
|
func defaultCfg() *cfg {
|
|
|
|
return new(cfg)
|
|
|
|
}
|
|
|
|
|
2020-09-29 12:37:19 +00:00
|
|
|
// NewFormatValidator creates, initializes and returns FormatValidator instance.
|
2020-10-03 10:14:09 +00:00
|
|
|
func NewFormatValidator(opts ...FormatValidatorOption) *FormatValidator {
|
|
|
|
cfg := defaultCfg()
|
|
|
|
|
|
|
|
for i := range opts {
|
|
|
|
opts[i](cfg)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &FormatValidator{
|
|
|
|
cfg: cfg,
|
|
|
|
}
|
2020-09-29 12:37:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Validate validates object format.
|
|
|
|
//
|
2020-09-30 17:53:12 +00:00
|
|
|
// Does not validate payload checksum and content.
|
|
|
|
//
|
2020-09-29 12:37:19 +00:00
|
|
|
// Returns nil error if object has valid structure.
|
|
|
|
func (v *FormatValidator) Validate(obj *Object) error {
|
|
|
|
if obj == nil {
|
|
|
|
return errNilObject
|
2020-11-16 09:43:52 +00:00
|
|
|
} else if obj.ID() == nil {
|
2020-09-29 12:37:19 +00:00
|
|
|
return errNilID
|
2020-11-16 09:43:52 +00:00
|
|
|
} else if obj.ContainerID() == nil {
|
2020-09-29 12:37:19 +00:00
|
|
|
return errNilCID
|
|
|
|
}
|
|
|
|
|
2020-10-01 11:42:17 +00:00
|
|
|
for ; obj != nil; obj = obj.GetParent() {
|
|
|
|
if err := v.validateSignatureKey(obj); err != nil {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) could not validate signature key: %w", v, err)
|
2020-10-01 11:42:17 +00:00
|
|
|
}
|
|
|
|
|
2021-02-15 08:28:42 +00:00
|
|
|
// TODO: combine small checks
|
|
|
|
if err := v.checkExpiration(obj); err != nil {
|
2021-05-19 15:36:03 +00:00
|
|
|
return fmt.Errorf("object did not pass expiration check: %w", err)
|
2021-02-15 08:28:42 +00:00
|
|
|
}
|
|
|
|
|
2020-10-01 11:42:17 +00:00
|
|
|
if err := object.CheckHeaderVerificationFields(obj.SDK()); err != nil {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) could not validate header fields: %w", v, err)
|
2020-10-01 11:42:17 +00:00
|
|
|
}
|
2020-09-29 12:37:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *FormatValidator) validateSignatureKey(obj *Object) error {
|
2020-11-16 09:43:52 +00:00
|
|
|
token := obj.SessionToken()
|
|
|
|
key := obj.Signature().Key()
|
2020-09-29 12:37:19 +00:00
|
|
|
|
|
|
|
if token == nil || !bytes.Equal(token.SessionKey(), key) {
|
2020-11-16 09:43:52 +00:00
|
|
|
return v.checkOwnerKey(obj.OwnerID(), obj.Signature().Key())
|
2020-09-29 12:37:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// FIXME: perform token verification
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *FormatValidator) checkOwnerKey(id *owner.ID, key []byte) error {
|
2021-05-31 08:55:40 +00:00
|
|
|
pub, err := keys.NewPublicKeyFromBytes(key, elliptic.P256())
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(pub))
|
2020-09-29 12:37:19 +00:00
|
|
|
if err != nil {
|
|
|
|
// TODO: check via NeoFSID
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
id2 := owner.NewID()
|
|
|
|
id2.SetNeo3Wallet(wallet)
|
|
|
|
|
2021-05-31 10:30:59 +00:00
|
|
|
if !id.Equal(id2) {
|
|
|
|
return fmt.Errorf("(%T) different owner identifiers %s/%s", v, id, id2)
|
2020-09-29 12:37:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2020-09-30 11:07:28 +00:00
|
|
|
|
2020-09-30 17:53:12 +00:00
|
|
|
// ValidateContent validates payload content according to object type.
|
2020-12-11 08:03:27 +00:00
|
|
|
func (v *FormatValidator) ValidateContent(o *Object) error {
|
2020-12-01 11:23:28 +00:00
|
|
|
switch o.Type() {
|
2020-09-30 11:07:28 +00:00
|
|
|
case object.TypeTombstone:
|
2020-12-01 11:23:28 +00:00
|
|
|
if len(o.Payload()) == 0 {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) empty payload in tombstone", v)
|
2020-09-30 11:07:28 +00:00
|
|
|
}
|
|
|
|
|
2020-12-11 08:03:27 +00:00
|
|
|
tombstone := object.NewTombstone()
|
|
|
|
|
|
|
|
if err := tombstone.Unmarshal(o.Payload()); err != nil {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) could not unmarshal tombstone content: %w", v, err)
|
2020-09-30 11:07:28 +00:00
|
|
|
}
|
|
|
|
|
2021-02-19 09:29:42 +00:00
|
|
|
// check if tombstone has the same expiration in body and header
|
|
|
|
exp, err := expirationEpochAttribute(o)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if exp != tombstone.ExpirationEpoch() {
|
|
|
|
return errTombstoneExpiration
|
|
|
|
}
|
|
|
|
|
|
|
|
// mark all objects from tombstone body as removed in storage engine
|
2020-12-11 08:03:27 +00:00
|
|
|
cid := o.ContainerID()
|
|
|
|
idList := tombstone.Members()
|
|
|
|
addrList := make([]*object.Address, 0, len(idList))
|
2020-10-03 10:14:09 +00:00
|
|
|
|
2020-12-11 08:03:27 +00:00
|
|
|
for _, id := range idList {
|
|
|
|
if id == nil {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) empty member in tombstone", v)
|
2020-10-01 17:14:10 +00:00
|
|
|
}
|
2020-10-03 10:14:09 +00:00
|
|
|
|
2020-12-11 08:03:27 +00:00
|
|
|
a := object.NewAddress()
|
|
|
|
a.SetContainerID(cid)
|
|
|
|
a.SetObjectID(id)
|
|
|
|
|
|
|
|
addrList = append(addrList, a)
|
|
|
|
}
|
2020-12-01 11:23:28 +00:00
|
|
|
|
2020-10-03 10:14:09 +00:00
|
|
|
if v.deleteHandler != nil {
|
2020-12-11 08:03:27 +00:00
|
|
|
v.deleteHandler.DeleteObjects(o.Address(), addrList...)
|
2020-10-03 10:14:09 +00:00
|
|
|
}
|
2020-12-17 16:54:38 +00:00
|
|
|
case object.TypeStorageGroup:
|
|
|
|
if len(o.Payload()) == 0 {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) empty payload in SG", v)
|
2020-12-17 16:54:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
sg := storagegroup.New()
|
|
|
|
|
|
|
|
if err := sg.Unmarshal(o.Payload()); err != nil {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) could not unmarshal SG content: %w", v, err)
|
2020-12-17 16:54:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, id := range sg.Members() {
|
|
|
|
if id == nil {
|
2021-05-18 08:12:51 +00:00
|
|
|
return fmt.Errorf("(%T) empty member in SG", v)
|
2020-12-17 16:54:38 +00:00
|
|
|
}
|
|
|
|
}
|
2021-01-11 15:15:16 +00:00
|
|
|
default:
|
2021-01-15 12:45:42 +00:00
|
|
|
// ignore all other object types, they do not need payload formatting
|
2020-09-30 11:07:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2020-10-03 10:14:09 +00:00
|
|
|
|
2021-02-15 08:28:42 +00:00
|
|
|
var errExpired = errors.New("object has expired")
|
|
|
|
|
|
|
|
func (v *FormatValidator) checkExpiration(obj *Object) error {
|
2021-02-19 09:29:42 +00:00
|
|
|
exp, err := expirationEpochAttribute(obj)
|
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, errNoExpirationEpoch) {
|
|
|
|
return nil // objects without expiration attribute are valid
|
2021-02-15 08:28:42 +00:00
|
|
|
}
|
|
|
|
|
2021-02-19 09:29:42 +00:00
|
|
|
return err
|
|
|
|
}
|
2021-02-15 08:28:42 +00:00
|
|
|
|
2021-02-19 09:29:42 +00:00
|
|
|
if exp < v.netState.CurrentEpoch() {
|
|
|
|
return errExpired
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func expirationEpochAttribute(obj *Object) (uint64, error) {
|
|
|
|
for _, a := range obj.Attributes() {
|
|
|
|
if a.Key() != objectV2.SysAttributeExpEpoch {
|
|
|
|
continue
|
2021-02-15 08:28:42 +00:00
|
|
|
}
|
|
|
|
|
2021-02-19 09:29:42 +00:00
|
|
|
return strconv.ParseUint(a.Value(), 10, 64)
|
2021-02-15 08:28:42 +00:00
|
|
|
}
|
|
|
|
|
2021-02-19 09:29:42 +00:00
|
|
|
return 0, errNoExpirationEpoch
|
2021-02-15 08:28:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// WithNetState returns options to set network state interface.
|
|
|
|
//
|
|
|
|
// FIXME: network state is a required parameter.
|
|
|
|
func WithNetState(netState netmap.State) FormatValidatorOption {
|
|
|
|
return func(c *cfg) {
|
|
|
|
c.netState = netState
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-03 10:14:09 +00:00
|
|
|
// WithDeleteHandler returns option to set delete queue processor.
|
|
|
|
func WithDeleteHandler(v DeleteHandler) FormatValidatorOption {
|
|
|
|
return func(c *cfg) {
|
|
|
|
c.deleteHandler = v
|
|
|
|
}
|
|
|
|
}
|