From 50caa388b0467b9011650e38930167c7891093cd Mon Sep 17 00:00:00 2001
From: Anton Nikiforov <an.nikiforov@yadro.com>
Date: Thu, 1 Jun 2023 11:55:06 +0300
Subject: [PATCH] [#303] ir: Use pub key when validate container deletion

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
---
 pkg/core/container/delete.go                  | 46 ++++---------------
 .../processors/container/process_container.go |  1 +
 pkg/morph/client/container/delete.go          | 15 ++++--
 pkg/morph/event/container/delete.go           |  3 +-
 pkg/morph/event/container/delete_notary.go    |  5 ++
 pkg/services/container/morph/executor.go      |  8 ++--
 6 files changed, 31 insertions(+), 47 deletions(-)

diff --git a/pkg/core/container/delete.go b/pkg/core/container/delete.go
index e3379446..8e0aaebb 100644
--- a/pkg/core/container/delete.go
+++ b/pkg/core/container/delete.go
@@ -1,6 +1,7 @@
 package container
 
 import (
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 )
@@ -8,43 +9,14 @@ import (
 // RemovalWitness groups the information required
 // to prove and verify the removal of a container.
 type RemovalWitness struct {
-	cnr cid.ID
+	// ContainerID returns the identifier of the container
+	// to be removed.
+	ContainerID cid.ID
 
-	sig []byte
+	// Signature the signature of the container identifier.
+	Signature *refs.Signature
 
-	token *session.Container
-}
-
-// ContainerID returns the identifier of the container
-// to be removed.
-func (x RemovalWitness) ContainerID() cid.ID {
-	return x.cnr
-}
-
-// SetContainerID sets the identifier of the container
-// to be removed.
-func (x *RemovalWitness) SetContainerID(id cid.ID) {
-	x.cnr = id
-}
-
-// Signature returns the signature of the container identifier.
-func (x RemovalWitness) Signature() []byte {
-	return x.sig
-}
-
-// SetSignature sets a signature of the container identifier.
-func (x *RemovalWitness) SetSignature(sig []byte) {
-	x.sig = sig
-}
-
-// SessionToken returns the token of the session within
-// which the container was removed.
-func (x RemovalWitness) SessionToken() *session.Container {
-	return x.token
-}
-
-// SetSessionToken sets the token of the session within
-// which the container was removed.
-func (x *RemovalWitness) SetSessionToken(tok *session.Container) {
-	x.token = tok
+	// SessionToken the token of the session within
+	// which the container was removed.
+	SessionToken *session.Container
 }
diff --git a/pkg/innerring/processors/container/process_container.go b/pkg/innerring/processors/container/process_container.go
index 33ef9003..2629b9d2 100644
--- a/pkg/innerring/processors/container/process_container.go
+++ b/pkg/innerring/processors/container/process_container.go
@@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error {
 		binTokenSession: e.SessionToken(),
 		signature:       e.Signature(),
 		signedData:      binCnr,
+		binPublicKey:    e.PublicKeyValue,
 	})
 	if err != nil {
 		return fmt.Errorf("auth container removal: %w", err)
diff --git a/pkg/morph/client/container/delete.go b/pkg/morph/client/container/delete.go
index c9105a3c..5bc8fc18 100644
--- a/pkg/morph/client/container/delete.go
+++ b/pkg/morph/client/container/delete.go
@@ -14,14 +14,15 @@ import (
 // Returns error if container ID is nil.
 func Delete(c *Client, witness core.RemovalWitness) error {
 	binCnr := make([]byte, sha256.Size)
-	witness.ContainerID().Encode(binCnr)
+	witness.ContainerID.Encode(binCnr)
 
 	var prm DeletePrm
 
 	prm.SetCID(binCnr)
-	prm.SetSignature(witness.Signature())
+	prm.SetSignature(witness.Signature.GetSign())
+	prm.SetKey(witness.Signature.GetKey())
 
-	if tok := witness.SessionToken(); tok != nil {
+	if tok := witness.SessionToken; tok != nil {
 		prm.SetToken(tok.Marshal())
 	}
 
@@ -33,6 +34,7 @@ type DeletePrm struct {
 	cnr       []byte
 	signature []byte
 	token     []byte
+	key       []byte
 
 	client.InvokePrmOptional
 }
@@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) {
 	d.token = token
 }
 
+// SetKey sets public key.
+func (d *DeletePrm) SetKey(key []byte) {
+	d.key = key
+}
+
 // Delete removes the container from FrostFS system
 // through Container contract call.
 //
@@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error {
 
 	prm := client.InvokePrm{}
 	prm.SetMethod(deleteMethod)
-	prm.SetArgs(p.cnr, p.signature, p.token)
+	prm.SetArgs(p.cnr, p.signature, p.key, p.token)
 	prm.InvokePrmOptional = p.InvokePrmOptional
 
 	err := c.client.Invoke(prm)
diff --git a/pkg/morph/event/container/delete.go b/pkg/morph/event/container/delete.go
index 4926af27..a206307f 100644
--- a/pkg/morph/event/container/delete.go
+++ b/pkg/morph/event/container/delete.go
@@ -15,6 +15,7 @@ type Delete struct {
 	ContainerIDValue []byte
 	SignatureValue   []byte
 	TokenValue       []byte
+	PublicKeyValue   []byte
 
 	// For notary notifications only.
 	// Contains raw transactions of notary request.
@@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest {
 	return d.NotaryRequestValue
 }
 
-const expectedItemNumDelete = 3
+const expectedItemNumDelete = 4
 
 // DeleteSuccess structures notification event of successful container removal
 // thrown by Container contract.
diff --git a/pkg/morph/event/container/delete_notary.go b/pkg/morph/event/container/delete_notary.go
index 23f13acb..9711636e 100644
--- a/pkg/morph/event/container/delete_notary.go
+++ b/pkg/morph/event/container/delete_notary.go
@@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) {
 	}
 }
 
+func (d *Delete) setPublicKey(v []byte) {
+	d.PublicKeyValue = v
+}
+
 func (d *Delete) setToken(v []byte) {
 	if v != nil {
 		d.TokenValue = v
@@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) {
 var deleteFieldSetters = []func(*Delete, []byte){
 	// order on stack is reversed
 	(*Delete).setToken,
+	(*Delete).setPublicKey,
 	(*Delete).setSignature,
 	(*Delete).setContainerID,
 }
diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go
index 8e6b3085..ae37da52 100644
--- a/pkg/services/container/morph/executor.go
+++ b/pkg/services/container/morph/executor.go
@@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
 		return nil, fmt.Errorf("invalid container ID: %w", err)
 	}
 
-	sig := body.GetSignature().GetSign()
-
 	var tok *session.Container
 
 	if tokV2 != nil {
@@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
 
 	var rmWitness containercore.RemovalWitness
 
-	rmWitness.SetContainerID(id)
-	rmWitness.SetSignature(sig)
-	rmWitness.SetSessionToken(tok)
+	rmWitness.ContainerID = id
+	rmWitness.Signature = body.GetSignature()
+	rmWitness.SessionToken = tok
 
 	err = s.wrt.Delete(rmWitness)
 	if err != nil {