From 5287c194e57e2a4748951fbd3bf18ff3f3f9b3e0 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Wed, 19 May 2021 19:14:00 +0300 Subject: [PATCH] [#505] ir/container: Replace key ownership check into a separate method Method of key ownership verification is going to be reused by the handlers of the other events. Signed-off-by: Leonard Lyubich --- pkg/innerring/processors/container/common.go | 27 +++++++++++++++++++ .../processors/container/process_eacl.go | 15 +---------- 2 files changed, 28 insertions(+), 14 deletions(-) create mode 100644 pkg/innerring/processors/container/common.go diff --git a/pkg/innerring/processors/container/common.go b/pkg/innerring/processors/container/common.go new file mode 100644 index 000000000..46c044a97 --- /dev/null +++ b/pkg/innerring/processors/container/common.go @@ -0,0 +1,27 @@ +package container + +import ( + "fmt" + + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neofs-api-go/pkg/owner" +) + +type ownerIDSource interface { + OwnerID() *owner.ID +} + +func (cp *Processor) checkKeyOwnership(ownerIDSrc ownerIDSource, key *keys.PublicKey) error { + ownerKeys, err := cp.idClient.AccountKeys(ownerIDSrc.OwnerID()) + if err != nil { + return fmt.Errorf("could not received owner keys %s: %w", ownerIDSrc.OwnerID(), err) + } + + for _, ownerKey := range ownerKeys { + if ownerKey.Equal(key) { + return nil + } + } + + return fmt.Errorf("key %s is not tied to the owner of the container", key) +} diff --git a/pkg/innerring/processors/container/process_eacl.go b/pkg/innerring/processors/container/process_eacl.go index b5b2e5509..5b3c797d1 100644 --- a/pkg/innerring/processors/container/process_eacl.go +++ b/pkg/innerring/processors/container/process_eacl.go @@ -63,21 +63,8 @@ func (cp *Processor) checkEACLOwnership(binTable []byte, key *keys.PublicKey) er return fmt.Errorf("could not receive the container: %w", err) } - ownerID := cnr.OwnerID() - // check key ownership - ownerKeys, err := cp.idClient.AccountKeys(ownerID) - if err != nil { - return fmt.Errorf("could not received owner keys %s: %w", ownerID, err) - } - - for _, ownerKey := range ownerKeys { - if ownerKey.Equal(key) { - return nil - } - } - - return fmt.Errorf("key %s is not tied to the owner of the container", key) + return cp.checkKeyOwnership(cnr, key) } func (cp *Processor) approveSetEACL(e container.SetEACL) {