Commit graph

355 commits

Author SHA1 Message Date
Leonard Lyubich
8efea6e066 [#792] ir: Support multiple notification endpoints
Accept notification endpoints as string slice from config. Work with the
first successfully initialized WSClient.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-28 18:47:06 +03:00
Pavel Karpy
057d3ac06b [#846] innerring: Reuse original TX nonce from SN's NR
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-27 11:10:15 +03:00
Pavel Karpy
5702349cb2 [#846] innerring: Use epoch as nonce in cleanup netmap process
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-27 11:10:15 +03:00
Pavel Karpy
e3c0288e50 [#846] morph/notary: Add nonce parameter to notary invocation method
This prevents notary requests collisions
for TXs that contains equals hashable fields.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-27 11:10:15 +03:00
Leonard Lyubich
264ab489bb [#848] ir/container: Prevent potential NPE in key conversion
Set `Curve` field in `ecdsa.PublicKey` instance from `keys.PublicKey` one in
`checkKeyOwnership` method of container processor.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-24 18:57:00 +03:00
Alex Vanin
b6dfa6c118 [#786] pkg/innerring: Use NNS to find contract script hashes missing in config
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-13 14:51:35 +03:00
Alex Vanin
dc26a09ec3 [#812] pkg/innerring: Support notary notifications in reputation processor
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-13 14:51:07 +03:00
Pavel Karpy
b303e49408 [#815] morph/event/netmap: Add updateState notary notification support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-13 14:50:52 +03:00
Pavel Karpy
00caed8d3d [#815] morph/event/netmap: Add addPeer notary notification support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-13 14:50:52 +03:00
Pavel Karpy
ba77bb44e4 [#807] ir: Merge ContractProcessor and NotaryContractProcessor interfaces
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Pavel Karpy
539da27ccb [#807] morph/event/container: Add setEACL notary support
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Pavel Karpy
e03b44ffc1 [#807] morph/event/container: Add delete notary support
Includes:
- `delete` container notary notification;
- refactor in processor bindings;
- fixed conflicts in `put` notifications.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 18:37:45 +03:00
Pavel Karpy
d0160b23e5 [#801] linter: Fix errcheck warning
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 14:07:57 +03:00
Pavel Karpy
425c02b0ec [#801] morph/netmap: Add wrapper options
Add constructor options on wrapper level
of `netmap` contract.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-09 14:07:57 +03:00
Alex Vanin
1edf40f4d6 [#798] morph/subscriber: Remove RPC Init timeout
More convenient way is to fail straight away and
expect external restart.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-07 17:22:25 +03:00
Alex Vanin
005f54e61e [#798] pkg/innerring: Save latest processed block number
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-07 17:22:25 +03:00
Alex Vanin
2bcf22ad79 [#798] pkg/innerring: Store withoutMainNet flag in server
withoutMainNet flag will be reused in runtime server start
to enable main chain block number state saver.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-09-07 17:22:25 +03:00
Pavel Karpy
13f1273e82 [#770] ir/container: Support notary Put
Implement `NotaryContractProcessor` by IR
container processor. Add support for notary
`put` container operation. Do not parse `put`
non-notary notifications in notary enabled
environment.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Pavel Karpy
f4a521cfd8 [#770] pkg/innerring: Make all morph wrappers Alphabet
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Pavel Karpy
4e5618aecb [#770] pkg/innerring: Add NotaryContractProcessor interface
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Pavel Karpy
8d1f2e66e6 [#770] pkg/innerring: Fix commentary to bind functions
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Pavel Karpy
d252aa4a3e [#770] pkg/morph: Rename all parsers and handlers structs/interfaces
Prepare all listening structures for notary events:
rename(add prefix/suffix 'notification') all
notification specific handlers/parsers.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Pavel Karpy
3400a071f9 [#770] ir: Reuse read notary config
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-09-07 12:55:01 +03:00
Leonard Lyubich
ba234699cd [#794] ir/neofs: Print tx IDs in LE on Withdraw and Deposit events
IDs come from NeoFS contract in big endian, but it is customary to write in
the node logs in little endian.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-06 18:11:38 +03:00
Leonard Lyubich
ad7ad12a0c [#746] morph: Implement and use multi-client
There is a need to work with a set of Neo RPC nodes in order not to depend
on the failure of some nodes while others are active.

Support "multi-client" mode of morph `Client` entity. If instance is not
"multi-client", it works as before. Constructor `New` creates multi-client,
and each method performs iterating over the fixed set of endpoints until
success. Opened client connections are cached (without eviction for now).

Storage (as earlier) and IR (from now) nodes can be configured with multiple
Neo endpoints. As above, `New` creates multi-client instance, so we don't
need initialization changes on app-side.

`Wait` and `GetDesignateHash` methods of `Client` return an error from now
to detect connection errors. `NotaryEnabled` method is removed as unused.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-09-02 11:04:38 +03:00
Alex Vanin
cadd94f08f [#766] Fix stylecheck import linter error
Remove redundant imports

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-08-26 17:57:15 +03:00
Pavel Karpy
85a4682c0c [#759] pkg/innerring: Log notary status on startup
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-08-23 15:26:10 +03:00
Alex Vanin
300d8879a6 [#751] innerring: Use CalledByEntry scope in main chain invocations
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-08-06 17:29:27 +03:00
Pavel Karpy
7a52bb31f1 [#740] innerring/notary: Fix reading notary config
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-08-03 21:00:57 +03:00
Pavel Karpy
896c749b92 [#720] pkg/innerring: Check Notary availability automatically
Do not read `without_notary` config value from env.
Make morph client constructor return client without
notary support. Enabling notary support should be done
with public `EnableNotarySupport` method separately.

Notary availability is deducted with client. Further,
if notary is presented on chain its support is
enabled at the corresponding client.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-08-03 09:30:11 +03:00
Pavel Karpy
c41ec2e2e9 [#718] ir: Do not require processing hash in main notary disabled mode
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-23 10:59:45 +03:00
Alex Vanin
62efa3f098 [#708] innerring: Synchronize initial epoch tick
When Inner Ring node starts, it should sync nearest epoch tick
event based on the block of the latest epoch. Otherwise epoch
ticking can be stopped, because ballots or notary transactions
are valid for limited period of time.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-22 15:20:34 +03:00
Pavel Karpy
dfbde0004e [#705] innerring/governance: Delete useless sort
Do not sort slice that is already sorted.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
c8d58d56b9 [#705] innerring/governance: Hide fetching ir keys behind interface
Add to governance processor IRFetcher interface.
Implementation must deduct if notary enabled or not.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
73ba35b379 [#705] pkg/innerring: Fix disable notary mode
Get innerring list and committee in innerring
indexer from interfaces, not from structs.
Passing IR fetcher to indexer constructor depends
on having Notary contract in sidechain(use NeoFS
role or netmap contract).

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
8e66c67a74 [#705] pkg/innerring: Add IR keys fetchers
Add `IrFetcherWithNotary` and `IrFetcherWithoutNotary`
that can fetch IR keys with and without usage of
notary contract.
Both can be hidden behind
`InnerRingKeys() (keys.PublicKeys, error)` interface.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
8ea5744326 [#705] pkg/morph/netmap: Fix updateInnerRing method
Add initialization of `updateInnerRing` method name
in config on startup.
Rename var `setInnerRing` => `updateInnerRing`.
Rename method `SetInnerRing` => `UpdateInnerRing`

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-22 15:12:06 +03:00
Pavel Karpy
795c49d16b [#706] ir: Do not require proxy hash in notary disabled mode
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-21 15:32:17 +03:00
Alex Vanin
96da7ceb4f [#697] governance: Make best effort traversing main chain list of keys
We should go through every key in main chain list to merget lists
as fast as possible. Previously we drop main chain traversing as
soon as we have no more new keys to add. Instead we should try
to go for old keys in the list and add it as more as we can.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-15 10:49:21 +03:00
Alex Vanin
8112f73023 [#689] innerring: Remove debug output
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-13 13:11:29 +03:00
Pavel Karpy
c20eb15bd5 [#688] pkg/ir/governance: Add unsorted test case
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 18:46:09 +03:00
Pavel Karpy
bb3f16d487 [#688] pkg/ir/governance: Add public key sorting
Add sorting of passed public keys in `newAlphabetList`
function before Alphabet list merge to make returned
results more expected.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 18:46:09 +03:00
Pavel Karpy
361bff216a [#688] pkg/ir/governance: Check err type in tests
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 18:46:09 +03:00
Pavel Karpy
9da777ac8c [#681] ir: Do not require MainNet attributes
If `WITHOUT_MAINNET` environmental variable is
`true`:
- Do not read `NeoFS` and `processing`
script-hashes from envs;
- Do not init Governance processor;
- Do not init NeoFS processor.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-12 15:35:35 +03:00
Alex Vanin
24d1725cc8 [#666] innerring: Make GlagoliticLetter enum public for re-use
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-08 14:37:38 +03:00
Pavel Karpy
0bcc505682 [#668] pkg/audit: Skip audit for containers without SG
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-07-06 21:19:18 +03:00
Alex Vanin
c90f054f35 [#658] morph/neofs: Add TryNotary() option
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-02 09:53:34 +03:00
Alex Vanin
c0093b2b79 [#658] morph/neofsid: Add TryNotary() option
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-02 09:53:34 +03:00
Alex Vanin
92451c08af [#658] innerring: Do not use notary in audit client
Audit client is used to send audit results and they should be
signed by inner ring node itself on order to be saved in
smart contract.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-07-02 09:53:34 +03:00
Leonard Lyubich
43eff09944 [#607] *: Do not use deprecated elements of code
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
f7b42a1525 [#607] ir: Work with AddressGroup instead of single Address
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Leonard Lyubich
e11f50ec8e [#607] network: Make ClientCache to accept AddressGroup
Change type of the `ClientCache.Get` method's parameter to `AddressGroup`.
Use `GroupFromAddress` to call the method from the wrappers in order to no
change their interface.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-28 15:52:50 +03:00
Pavel Karpy
48827f42d3 [#643] pkg: Sync method names and commentaries to them
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-24 16:10:44 +03:00
Pavel Karpy
8ddea8a5ee [#622] pkg/innerring: Change NodeValidator interface description
Make changes of the `NodeInfo` by implementations
of the `NodeValidator` interface optional.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
7b3897253c [#622] pkg/innerring: Add multiaddress validation
Start using multiaddress validation in netmap
processor.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
1cd0352bab [#622] pkg/innerring: Add composite validator
Add `CompositeValidator` that wraps
`netmap.NodeValidator`s and implements
`NodeValidator` interface itself.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Pavel Karpy
53b7e05b65 [#622] pkg/innerring: Add multiaddress validator
Add multiaddress validator that calls
`network.VerifyAddress`.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-22 12:12:45 +03:00
Evgenii Stratonikov
16e9e726ff [#496] morph/client: add wrapper for neofs contract
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
458fc4f5ae [#496] morph/client: provide notary options on client creation
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
7cf0093012 [#496] pkg/innerring: remove unused processor parameters
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Evgenii Stratonikov
8a2b7f4501 [#496] pkg/innerring: provide wrappers to processors
The only thing we need hashes for is to process notifications.
Balance contract if left for now, as it has some initialization.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-21 15:16:42 +03:00
Leonard Lyubich
adbbad0beb [#607] network: Do not work with Address pointers
`network.Address` structure in most cases created once and used read-only.

Replace `AddressFromString` function with `Address.FromString` method with
the same purpose and implementation. Make all libraries to work with value.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Leonard Lyubich
e5504c7130 [#607] network: Do not use Address.String for address comparison
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-18 18:09:50 +03:00
Pavel Karpy
68c7f6ce8a [#613] pkg/innerring/reputation: Add FIXME to ToV2 usage
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Pavel Karpy
ed9a5e44b6 [#613] pkg/innerring: Add sanity check of GlobalTrust
Add sanity checks of GlobalTrust value:
check if "got manager" is real manager for
peer with building managers for peer.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-17 18:30:06 +03:00
Leonard Lyubich
455fd952dd [#414] ir: Serve ControlService
Serve `ControlService` instance on configured endpoint (do not serve if not
specified). Read allowed keys from config.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Leonard Lyubich
4001ba2967 [#414] ir: Switch health status on application state transitions
Set health status to

  * `UNDEFINED` during Server construction;
  * `STARTING` on `Server.Start` call;
  * `READY` after successful `Server.Start` call;
  * `SHUTTING_DOWN` on `Server.Stop` call.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Leonard Lyubich
567421a9b5 [#414] ir: Implement HealthChecker on Server
`HealthChecker` interface is required to construct `ControlServiceServer`.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-15 15:21:52 +03:00
Evgenii Stratonikov
5cab0026c3 [#562] pkg/morph: remove neofs-crypto uses
Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-15 14:49:59 +03:00
Evgenii Stratonikov
1553967328 [#562] cmd/neofs-ir: use NEP-6 wallet for keys
Also remove neofs-crypto uses from `pkg/innerring`.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2021-06-15 14:49:59 +03:00
Alex Vanin
e50abeab0c [#598] innerring/config: Override global config only in debug build
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-09 16:20:37 +03:00
Leonard Lyubich
68e85e4b33 [#412] ir/locode: Disallow explicit setting of LOCODE-derived attributes
Make `Validator.VerifyAndUpdate` method to return an error if at least one
of LOCODE-derived attributes is set explicitly. Thus, IR will not confirm
the candidates for the network map who independently set these attributes.

Cover `Validator.VerifyAndUpdate` method with unit tests.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 15:08:12 +03:00
Leonard Lyubich
75d6702d2e [#412] ir/locode: Fix docs of the VerifyAndUpdate method
`Validator.VerifyAndUpdate` method does not add location code attribute.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 15:08:12 +03:00
Leonard Lyubich
2f38fef31a [#589] ir/container: Verify session token lifetime
Session tokens have limited lifetime in NeoFS. Container processor should
verify lifetime of the incoming tokens.

Define `NetworkState` interface with `Epoch` method to get number of the
current epoch. Use Netmap contract client's wrapper as `NetworkState` of
Container `Processor`. Check values of token lifetime, and deny if:

  * NBF value is gt the current epoch;
  * IAT is gt the current epoch;
  * EXP is le the current epoch.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-09 10:17:49 +03:00
Alex Vanin
e1ac2fe2e5 [#588] Fix go fmt linter errors
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-06-03 18:59:07 +03:00
Pavel Karpy
752efc6f8c [#584] pkg/innerring: Delete using deprecated methods
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-03 13:59:59 +03:00
Pavel Karpy
057ebf9d51 [#584] pkg/innerring: Stop using deprecated methods
Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-06-03 13:59:59 +03:00
Leonard Lyubich
ed80f704d0 [#556] innerring/neofs: Process Bind/Unbind events
Make IR processor of NeoFS contract to handle `Bind`/`Unbind` notification
events. The processor verifies the format of wallet script hash and public
keys, and call NeoFS ID client wrapper in order to approve adding/removing
keys from NeoFS account.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-06-02 10:50:44 +03:00
Leonard Lyubich
3e1463cc76 [#570] *: Use generator of test container IDs from API Go lib
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
3dd10b6795 [#570] *: Remove usage of deprecated elements from API Go library
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
70a7354e9d [#570] *: Use new Equal method of owner.ID type
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 20:45:15 +03:00
Leonard Lyubich
49a42b1d3e [#567] innerring: Close cached clients on shutdown
Register `CloseAll` method to be called on IR application shutdown.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 13:11:37 +03:00
Leonard Lyubich
9359f28161 [#525] ir/container: Compare owner IDs via Equal method
In recent change of API Go library `owner.ID.Equal` signature was
implemented.

Replace the comparison of string representations with `Equal` method call
and remove related TODOs.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
937171911a [#525] ir/container: Simplify the approach to verify token signature
In recent change of API Go library `Token.Verify` signature was implemented.

Replace previous version-casting approach with new method call in token
signature check stage.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
23c5277014 [#525] ir/container: Check session verb and container ID
Token of the container session should be written out with container context.
The context should have the verb corresponding to the operation. If an
operation is performed on a fixed container, the session should be
propagated to it or to all user containers

Implement all described checks in validation of `Put` / `Delete` / `SetEACL`
events.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
b73c0c67a2 [#525] ir/container: Fix checks without session token
In previous implementation verification of `SetEACL` events failed on events
without session token. It was caused by redundant tries to verify `nil`
session token.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-31 11:53:06 +03:00
Leonard Lyubich
ead4513feb [#525] ir/container: Verify operations with session token
Session token can be presented `Put`, `Delete` and `SetEACL` notification
events. IR should consider this case as issuing a power of attorney to a
third party. Thus, checking the eligibility for an operation should be
complicated:

 - token owner should be the owner of the related container;
 - the intent must be signed with a session key;
 - the power of attorney must be signed by the owner of the container.

Omitted checks (TBD):

 - session token should have container session context;
 - the verb of the context should correspond to the operation.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 17:07:20 +03:00
Pavel Karpy
33bef46f31 [#549] network/cache: Change Get signature
Make network cache's `Get` method accept
`network.Address` argument instead of
string.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-27 17:07:04 +03:00
Leonard Lyubich
5a3a27ba9f [#525] ir/container: Remove no longer needed FIXME
In latest design of `Container` contract key binding is removed.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
e1fbc28851 [#525] ir/container: Remove resolved FIXME about notary call
From `017fb6abed9455c7c99631adcb0bb04d42741f87` used container client is
constructed with enabled notary mode.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
40c796bd7e [#525] ir/container: Write session token on delete approval
Approved removed container ID should be stored in sidechain along with
related session token.

Forward session token from `Delete` event to `Wrapper.Delete` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
631d7b0e07 [#525] morph/container: Accept container session token in Delete
`Delete` method of latest `Container` contract accepts binary session token
as an argument.

Provide `DeleteArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session
token from `RemovalWitness` in `wrapper.Delete` function and pass it to the
method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
4ef369732a [#525] ir/container: Write session token on eACL table approval
Approved eACL table should be stored in sidechain along with related session
token.

Forward session token from `SetEACL` event to `Wrapper.PutEACL` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
959610080a [#525] morph/container: Accept container session token in PutEACL
`SetEACL` method of latest `Container` contract accepts binary session token
as an argument.

Provide `SetEACLArgs.SetSessionToken` method. Accept session token as a
`[]byte` in `Wrapper.PutEACL` method and attach it to `SetEACLArgs`. Marshal
session token from container in `wrapper.PutEACL` function and pass it to
the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
461fcfcf19 [#525] ir/container: Write session token on container approval
Approved container should be stored in sidechain along with related session
token.

Forward session token from `Put` event to `Wrapper.Put` method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
db67a117f0 [#525] morph/container: Accept container session token in Put
`Put` method of latest `Container` contract accepts binary session token as
an argument.

Provide `PutArgs.SetSessionToken` method. Accept session token as a `[]byte`
in `Wrapper.Put` method and attach it to `PutArgs`. Marshal session token
from container in `wrapper.Put` function and pass it to the method.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-27 12:03:49 +03:00
Leonard Lyubich
62281b91f4 [#505] morph/container: Rename PutEACLBinary to PutEACl in wrapper
There is no need to concretize the type of arguments in the method name.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 18:58:25 +03:00
Leonard Lyubich
017fb6abed [#505] ir/container: Use client wrapper with enabled notary calls
Construct wrapper over the Container contract client with `TryNotary` option
since it is required to perform invocations of notary contract.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
ac2d347884 [#505] ir/container: Check key-to-owner mapping in key ownership check
Owner identifier can be calculated from public key. If it matches, no
additional verification of key ownership is required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00
Leonard Lyubich
369c12b702 [#505] morph/container: Verify signature of deleting container ID
Get all owner keys and verify container ID signature until first success. If
none of the keys match, then prohibit deletion. Thus, the delete operation
is only allowed to the owner of the container. With this approach, a
separate check for key ownership is not required.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2021-05-25 16:35:52 +03:00