From 50caa388b0467b9011650e38930167c7891093cd Mon Sep 17 00:00:00 2001 From: Anton Nikiforov Date: Thu, 1 Jun 2023 11:55:06 +0300 Subject: [PATCH] [#303] ir: Use pub key when validate container deletion Signed-off-by: Anton Nikiforov --- pkg/core/container/delete.go | 46 ++++--------------- .../processors/container/process_container.go | 1 + pkg/morph/client/container/delete.go | 15 ++++-- pkg/morph/event/container/delete.go | 3 +- pkg/morph/event/container/delete_notary.go | 5 ++ pkg/services/container/morph/executor.go | 8 ++-- 6 files changed, 31 insertions(+), 47 deletions(-) diff --git a/pkg/core/container/delete.go b/pkg/core/container/delete.go index e3379446..8e0aaebb 100644 --- a/pkg/core/container/delete.go +++ b/pkg/core/container/delete.go @@ -1,6 +1,7 @@ package container import ( + "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs" cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id" "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session" ) @@ -8,43 +9,14 @@ import ( // RemovalWitness groups the information required // to prove and verify the removal of a container. type RemovalWitness struct { - cnr cid.ID + // ContainerID returns the identifier of the container + // to be removed. + ContainerID cid.ID - sig []byte + // Signature the signature of the container identifier. + Signature *refs.Signature - token *session.Container -} - -// ContainerID returns the identifier of the container -// to be removed. -func (x RemovalWitness) ContainerID() cid.ID { - return x.cnr -} - -// SetContainerID sets the identifier of the container -// to be removed. -func (x *RemovalWitness) SetContainerID(id cid.ID) { - x.cnr = id -} - -// Signature returns the signature of the container identifier. -func (x RemovalWitness) Signature() []byte { - return x.sig -} - -// SetSignature sets a signature of the container identifier. -func (x *RemovalWitness) SetSignature(sig []byte) { - x.sig = sig -} - -// SessionToken returns the token of the session within -// which the container was removed. -func (x RemovalWitness) SessionToken() *session.Container { - return x.token -} - -// SetSessionToken sets the token of the session within -// which the container was removed. -func (x *RemovalWitness) SetSessionToken(tok *session.Container) { - x.token = tok + // SessionToken the token of the session within + // which the container was removed. + SessionToken *session.Container } diff --git a/pkg/innerring/processors/container/process_container.go b/pkg/innerring/processors/container/process_container.go index 33ef9003..2629b9d2 100644 --- a/pkg/innerring/processors/container/process_container.go +++ b/pkg/innerring/processors/container/process_container.go @@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error { binTokenSession: e.SessionToken(), signature: e.Signature(), signedData: binCnr, + binPublicKey: e.PublicKeyValue, }) if err != nil { return fmt.Errorf("auth container removal: %w", err) diff --git a/pkg/morph/client/container/delete.go b/pkg/morph/client/container/delete.go index c9105a3c..5bc8fc18 100644 --- a/pkg/morph/client/container/delete.go +++ b/pkg/morph/client/container/delete.go @@ -14,14 +14,15 @@ import ( // Returns error if container ID is nil. func Delete(c *Client, witness core.RemovalWitness) error { binCnr := make([]byte, sha256.Size) - witness.ContainerID().Encode(binCnr) + witness.ContainerID.Encode(binCnr) var prm DeletePrm prm.SetCID(binCnr) - prm.SetSignature(witness.Signature()) + prm.SetSignature(witness.Signature.GetSign()) + prm.SetKey(witness.Signature.GetKey()) - if tok := witness.SessionToken(); tok != nil { + if tok := witness.SessionToken; tok != nil { prm.SetToken(tok.Marshal()) } @@ -33,6 +34,7 @@ type DeletePrm struct { cnr []byte signature []byte token []byte + key []byte client.InvokePrmOptional } @@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) { d.token = token } +// SetKey sets public key. +func (d *DeletePrm) SetKey(key []byte) { + d.key = key +} + // Delete removes the container from FrostFS system // through Container contract call. // @@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error { prm := client.InvokePrm{} prm.SetMethod(deleteMethod) - prm.SetArgs(p.cnr, p.signature, p.token) + prm.SetArgs(p.cnr, p.signature, p.key, p.token) prm.InvokePrmOptional = p.InvokePrmOptional err := c.client.Invoke(prm) diff --git a/pkg/morph/event/container/delete.go b/pkg/morph/event/container/delete.go index 4926af27..a206307f 100644 --- a/pkg/morph/event/container/delete.go +++ b/pkg/morph/event/container/delete.go @@ -15,6 +15,7 @@ type Delete struct { ContainerIDValue []byte SignatureValue []byte TokenValue []byte + PublicKeyValue []byte // For notary notifications only. // Contains raw transactions of notary request. @@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest { return d.NotaryRequestValue } -const expectedItemNumDelete = 3 +const expectedItemNumDelete = 4 // DeleteSuccess structures notification event of successful container removal // thrown by Container contract. diff --git a/pkg/morph/event/container/delete_notary.go b/pkg/morph/event/container/delete_notary.go index 23f13acb..9711636e 100644 --- a/pkg/morph/event/container/delete_notary.go +++ b/pkg/morph/event/container/delete_notary.go @@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) { } } +func (d *Delete) setPublicKey(v []byte) { + d.PublicKeyValue = v +} + func (d *Delete) setToken(v []byte) { if v != nil { d.TokenValue = v @@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) { var deleteFieldSetters = []func(*Delete, []byte){ // order on stack is reversed (*Delete).setToken, + (*Delete).setPublicKey, (*Delete).setSignature, (*Delete).setContainerID, } diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go index 8e6b3085..ae37da52 100644 --- a/pkg/services/container/morph/executor.go +++ b/pkg/services/container/morph/executor.go @@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body * return nil, fmt.Errorf("invalid container ID: %w", err) } - sig := body.GetSignature().GetSign() - var tok *session.Container if tokV2 != nil { @@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body * var rmWitness containercore.RemovalWitness - rmWitness.SetContainerID(id) - rmWitness.SetSignature(sig) - rmWitness.SetSessionToken(tok) + rmWitness.ContainerID = id + rmWitness.Signature = body.GetSignature() + rmWitness.SessionToken = tok err = s.wrt.Delete(rmWitness) if err != nil {