forked from TrueCloudLab/frostfs-api-go
[#207] sdk/client: Implement GetEACLWithSignature method
GetEACL method of Client receives eACL table with signature, verifies the signature and return the table. In some cases we need to receive table and signature regardless of their correctness. New method GetEACLWithSignature provides such an opportunity. Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
3ebfef9f94
commit
8c99d9d54c
1 changed files with 55 additions and 16 deletions
|
@ -3,6 +3,7 @@ package client
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neofs-api-go/pkg"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
"github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
|
@ -18,6 +19,13 @@ type delContainerSignWrapper struct {
|
||||||
body *v2container.DeleteRequestBody
|
body *v2container.DeleteRequestBody
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EACLWithSignature represents eACL table/signature pair.
|
||||||
|
type EACLWithSignature struct {
|
||||||
|
table *eacl.Table
|
||||||
|
|
||||||
|
sig *pkg.Signature
|
||||||
|
}
|
||||||
|
|
||||||
var errNilReponseBody = errors.New("response body is nil")
|
var errNilReponseBody = errors.New("response body is nil")
|
||||||
|
|
||||||
func (c delContainerSignWrapper) ReadSignedData(bytes []byte) ([]byte, error) {
|
func (c delContainerSignWrapper) ReadSignedData(bytes []byte) ([]byte, error) {
|
||||||
|
@ -28,6 +36,16 @@ func (c delContainerSignWrapper) SignedDataSize() int {
|
||||||
return len(c.body.GetContainerID().GetValue())
|
return len(c.body.GetContainerID().GetValue())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EACL returns eACL table.
|
||||||
|
func (e EACLWithSignature) EACL() *eacl.Table {
|
||||||
|
return e.table
|
||||||
|
}
|
||||||
|
|
||||||
|
// Signature returns table signature.
|
||||||
|
func (e EACLWithSignature) Signature() *pkg.Signature {
|
||||||
|
return e.sig
|
||||||
|
}
|
||||||
|
|
||||||
func (c Client) PutContainer(ctx context.Context, cnr *container.Container, opts ...CallOption) (*container.ID, error) {
|
func (c Client) PutContainer(ctx context.Context, cnr *container.Container, opts ...CallOption) (*container.ID, error) {
|
||||||
switch c.remoteNode.Version.Major() {
|
switch c.remoteNode.Version.Major() {
|
||||||
case 2:
|
case 2:
|
||||||
|
@ -77,9 +95,30 @@ func (c Client) DeleteContainer(ctx context.Context, id *container.ID, opts ...C
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) GetEACL(ctx context.Context, id *container.ID, opts ...CallOption) (*eacl.Table, error) {
|
func (c Client) GetEACL(ctx context.Context, id *container.ID, opts ...CallOption) (*eacl.Table, error) {
|
||||||
|
v, err := c.getEACL(ctx, id, true, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return v.table, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Client) GetEACLWithSignature(ctx context.Context, id *container.ID, opts ...CallOption) (*EACLWithSignature, error) {
|
||||||
|
return c.getEACL(ctx, id, false, opts...)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Client) getEACL(ctx context.Context, id *container.ID, verify bool, opts ...CallOption) (*EACLWithSignature, error) {
|
||||||
switch c.remoteNode.Version.Major() {
|
switch c.remoteNode.Version.Major() {
|
||||||
case 2:
|
case 2:
|
||||||
return c.getEACLV2(ctx, id, opts...)
|
resp, err := c.getEACLV2(ctx, id, verify, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &EACLWithSignature{
|
||||||
|
table: eacl.NewTableFromV2(resp.GetEACL()),
|
||||||
|
sig: pkg.NewSignatureFromV2(resp.GetSignature()),
|
||||||
|
}, nil
|
||||||
default:
|
default:
|
||||||
return nil, errUnsupportedProtocol
|
return nil, errUnsupportedProtocol
|
||||||
}
|
}
|
||||||
|
@ -316,7 +355,7 @@ func (c Client) delContainerV2(ctx context.Context, id *container.ID, opts ...Ca
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) getEACLV2(ctx context.Context, id *container.ID, opts ...CallOption) (*eacl.Table, error) {
|
func (c Client) getEACLV2(ctx context.Context, id *container.ID, verify bool, opts ...CallOption) (*v2container.GetExtendedACLResponseBody, error) {
|
||||||
// apply all available options
|
// apply all available options
|
||||||
callOptions := c.defaultCallOptions()
|
callOptions := c.defaultCallOptions()
|
||||||
|
|
||||||
|
@ -358,23 +397,23 @@ func (c Client) getEACLV2(ctx context.Context, id *container.ID, opts ...CallOpt
|
||||||
return nil, errNilReponseBody
|
return nil, errNilReponseBody
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := signature.VerifyDataWithSource(
|
if verify {
|
||||||
v2signature.StableMarshalerWrapper{
|
if err := signature.VerifyDataWithSource(
|
||||||
SM: body.GetEACL(),
|
v2signature.StableMarshalerWrapper{
|
||||||
},
|
SM: body.GetEACL(),
|
||||||
func() (key, sig []byte) {
|
},
|
||||||
s := body.GetSignature()
|
func() (key, sig []byte) {
|
||||||
|
s := body.GetSignature()
|
||||||
|
|
||||||
return s.GetKey(), s.GetSign()
|
return s.GetKey(), s.GetSign()
|
||||||
},
|
},
|
||||||
signature.SignWithRFC6979(),
|
signature.SignWithRFC6979(),
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return nil, errors.Wrap(err, "incorrect signature")
|
return nil, errors.Wrap(err, "incorrect signature")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
result := eacl.NewTableFromV2(body.GetEACL())
|
return body, nil
|
||||||
|
|
||||||
return result, nil
|
|
||||||
default:
|
default:
|
||||||
return nil, errUnsupportedProtocol
|
return nil, errUnsupportedProtocol
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue