frostfs-node/pkg/morph/client/container/wrapper/eacl.go
Leonard Lyubich 1deb3f3d01 [#525] morph/container: Do not accept signature in PutEACL function
In previous implementation wrapper over the Container contract's client
accepted the signature of the eACL table in addition to itself. After recent
changes in API Go lib table carries its signature. Thus, it is redundant
to pass the eACL table signature separately.

Make `wrapper.PutEACL` method to accept `eacl.Table` only.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00

93 lines
2.3 KiB
Go

package wrapper
import (
"fmt"
"github.com/nspcc-dev/neofs-api-go/pkg"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id"
"github.com/nspcc-dev/neofs-node/pkg/core/container"
client "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
)
// GetEACL reads the extended ACL table from NeoFS system
// through Container contract call.
func (w *Wrapper) GetEACL(cid *cid.ID) (*eacl.Table, error) {
if cid == nil {
return nil, errNilArgument
}
args := client.EACLArgs{}
v2 := cid.ToV2()
if v2 == nil {
return nil, errUnsupported // use other major version if there any
}
args.SetCID(v2.GetValue())
rpcAnswer, err := w.client.EACL(args)
if err != nil {
return nil, err
}
// Client may not return errors if the table is missing, so check this case additionally.
// The absence of a signature in the response can be taken as an eACL absence criterion,
// since unsigned table cannot be approved in the storage by design.
sig := rpcAnswer.Signature()
if len(sig) == 0 {
return nil, container.ErrEACLNotFound
}
tableSignature := pkg.NewSignature()
tableSignature.SetKey(rpcAnswer.PublicKey())
tableSignature.SetSign(sig)
table := eacl.NewTable()
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
// use other major version if there any
return nil, err
}
table.SetSignature(tableSignature)
return table, nil
}
// PutEACL marshals table, and passes it to Wrapper's PutEACLBinary method
// along with sig.Key() and sig.Sign().
//
// Returns error if table is nil.
//
// If TryNotary is provided, calls notary contract.
func PutEACL(w *Wrapper, table *eacl.Table) error {
if table == nil {
return errNilArgument
}
data, err := table.Marshal()
if err != nil {
return fmt.Errorf("can't marshal eacl table: %w", err)
}
sig := table.Signature()
return w.PutEACL(data, sig.Key(), sig.Sign())
}
// PutEACL saves binary eACL table with its key and signature
// in NeoFS system through Container contract call.
//
// Returns any error encountered that caused the saving to interrupt.
func (w *Wrapper) PutEACL(table, key, sig []byte) error {
if len(sig) == 0 || len(key) == 0 {
return errNilArgument
}
args := client.SetEACLArgs{}
args.SetSignature(sig)
args.SetPublicKey(key)
args.SetEACL(table)
return w.client.SetEACL(args)
}