[#202] object/eacl: Verify signature of eACL table

Since the contract started returning the table signature, it became
necessary to check its correctness.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-02-02 18:54:30 +03:00 committed by Alex Vanin
parent ffbf6b922f
commit ad348afcd6

View file

@ -3,18 +3,43 @@ package eacl
import ( import (
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-api-go/util/signature"
"github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper" "github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper"
"github.com/nspcc-dev/neofs-node/pkg/util/logger" "github.com/nspcc-dev/neofs-node/pkg/util/logger"
"github.com/pkg/errors"
) )
type morphStorage struct { type morphStorage struct {
w *wrapper.Wrapper w *wrapper.Wrapper
} }
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) { type signedEACLTable eacl.Table
table, _, err := s.w.GetEACL(cid)
return table, err func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) {
return (*eacl.Table)(s).Marshal(buf)
}
func (s *signedEACLTable) SignedDataSize() int {
// TODO: add eacl.Table.Size method
return (*eacl.Table)(s).ToV2().StableSize()
}
func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) {
table, sig, err := s.w.GetEACL(cid)
if err != nil {
return nil, err
}
if err := signature.VerifyDataWithSource(
(*signedEACLTable)(table),
func() ([]byte, []byte) {
return sig.Key(), sig.Sign()
},
); err != nil {
return nil, errors.Wrap(err, "incorrect signature")
}
return table, nil
} }
func WithLogger(v *logger.Logger) Option { func WithLogger(v *logger.Logger) Option {