forked from TrueCloudLab/frostfs-node
[#303] ir: Use pub key when validate container deletion
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
This commit is contained in:
parent
69df0d21c2
commit
50caa388b0
6 changed files with 31 additions and 47 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package container
|
||||
|
||||
import (
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
||||
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
|
||||
)
|
||||
|
|
@ -8,43 +9,14 @@ import (
|
|||
// RemovalWitness groups the information required
|
||||
// to prove and verify the removal of a container.
|
||||
type RemovalWitness struct {
|
||||
cnr cid.ID
|
||||
|
||||
sig []byte
|
||||
|
||||
token *session.Container
|
||||
}
|
||||
|
||||
// ContainerID returns the identifier of the container
|
||||
// to be removed.
|
||||
func (x RemovalWitness) ContainerID() cid.ID {
|
||||
return x.cnr
|
||||
}
|
||||
ContainerID cid.ID
|
||||
|
||||
// SetContainerID sets the identifier of the container
|
||||
// to be removed.
|
||||
func (x *RemovalWitness) SetContainerID(id cid.ID) {
|
||||
x.cnr = id
|
||||
}
|
||||
// Signature the signature of the container identifier.
|
||||
Signature *refs.Signature
|
||||
|
||||
// Signature returns the signature of the container identifier.
|
||||
func (x RemovalWitness) Signature() []byte {
|
||||
return x.sig
|
||||
}
|
||||
|
||||
// SetSignature sets a signature of the container identifier.
|
||||
func (x *RemovalWitness) SetSignature(sig []byte) {
|
||||
x.sig = sig
|
||||
}
|
||||
|
||||
// SessionToken returns the token of the session within
|
||||
// SessionToken the token of the session within
|
||||
// which the container was removed.
|
||||
func (x RemovalWitness) SessionToken() *session.Container {
|
||||
return x.token
|
||||
}
|
||||
|
||||
// SetSessionToken sets the token of the session within
|
||||
// which the container was removed.
|
||||
func (x *RemovalWitness) SetSessionToken(tok *session.Container) {
|
||||
x.token = tok
|
||||
SessionToken *session.Container
|
||||
}
|
||||
|
|
|
|||
|
|
@ -148,6 +148,7 @@ func (cp *Processor) checkDeleteContainer(e containerEvent.Delete) error {
|
|||
binTokenSession: e.SessionToken(),
|
||||
signature: e.Signature(),
|
||||
signedData: binCnr,
|
||||
binPublicKey: e.PublicKeyValue,
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("auth container removal: %w", err)
|
||||
|
|
|
|||
|
|
@ -14,14 +14,15 @@ import (
|
|||
// Returns error if container ID is nil.
|
||||
func Delete(c *Client, witness core.RemovalWitness) error {
|
||||
binCnr := make([]byte, sha256.Size)
|
||||
witness.ContainerID().Encode(binCnr)
|
||||
witness.ContainerID.Encode(binCnr)
|
||||
|
||||
var prm DeletePrm
|
||||
|
||||
prm.SetCID(binCnr)
|
||||
prm.SetSignature(witness.Signature())
|
||||
prm.SetSignature(witness.Signature.GetSign())
|
||||
prm.SetKey(witness.Signature.GetKey())
|
||||
|
||||
if tok := witness.SessionToken(); tok != nil {
|
||||
if tok := witness.SessionToken; tok != nil {
|
||||
prm.SetToken(tok.Marshal())
|
||||
}
|
||||
|
||||
|
|
@ -33,6 +34,7 @@ type DeletePrm struct {
|
|||
cnr []byte
|
||||
signature []byte
|
||||
token []byte
|
||||
key []byte
|
||||
|
||||
client.InvokePrmOptional
|
||||
}
|
||||
|
|
@ -52,6 +54,11 @@ func (d *DeletePrm) SetToken(token []byte) {
|
|||
d.token = token
|
||||
}
|
||||
|
||||
// SetKey sets public key.
|
||||
func (d *DeletePrm) SetKey(key []byte) {
|
||||
d.key = key
|
||||
}
|
||||
|
||||
// Delete removes the container from FrostFS system
|
||||
// through Container contract call.
|
||||
//
|
||||
|
|
@ -66,7 +73,7 @@ func (c *Client) Delete(p DeletePrm) error {
|
|||
|
||||
prm := client.InvokePrm{}
|
||||
prm.SetMethod(deleteMethod)
|
||||
prm.SetArgs(p.cnr, p.signature, p.token)
|
||||
prm.SetArgs(p.cnr, p.signature, p.key, p.token)
|
||||
prm.InvokePrmOptional = p.InvokePrmOptional
|
||||
|
||||
err := c.client.Invoke(prm)
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ type Delete struct {
|
|||
ContainerIDValue []byte
|
||||
SignatureValue []byte
|
||||
TokenValue []byte
|
||||
PublicKeyValue []byte
|
||||
|
||||
// For notary notifications only.
|
||||
// Contains raw transactions of notary request.
|
||||
|
|
@ -42,7 +43,7 @@ func (d Delete) NotaryRequest() *payload.P2PNotaryRequest {
|
|||
return d.NotaryRequestValue
|
||||
}
|
||||
|
||||
const expectedItemNumDelete = 3
|
||||
const expectedItemNumDelete = 4
|
||||
|
||||
// DeleteSuccess structures notification event of successful container removal
|
||||
// thrown by Container contract.
|
||||
|
|
|
|||
|
|
@ -17,6 +17,10 @@ func (d *Delete) setSignature(v []byte) {
|
|||
}
|
||||
}
|
||||
|
||||
func (d *Delete) setPublicKey(v []byte) {
|
||||
d.PublicKeyValue = v
|
||||
}
|
||||
|
||||
func (d *Delete) setToken(v []byte) {
|
||||
if v != nil {
|
||||
d.TokenValue = v
|
||||
|
|
@ -26,6 +30,7 @@ func (d *Delete) setToken(v []byte) {
|
|||
var deleteFieldSetters = []func(*Delete, []byte){
|
||||
// order on stack is reversed
|
||||
(*Delete).setToken,
|
||||
(*Delete).setPublicKey,
|
||||
(*Delete).setSignature,
|
||||
(*Delete).setContainerID,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -109,8 +109,6 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
|
|||
return nil, fmt.Errorf("invalid container ID: %w", err)
|
||||
}
|
||||
|
||||
sig := body.GetSignature().GetSign()
|
||||
|
||||
var tok *session.Container
|
||||
|
||||
if tokV2 != nil {
|
||||
|
|
@ -124,9 +122,9 @@ func (s *morphExecutor) Delete(_ context.Context, tokV2 *sessionV2.Token, body *
|
|||
|
||||
var rmWitness containercore.RemovalWitness
|
||||
|
||||
rmWitness.SetContainerID(id)
|
||||
rmWitness.SetSignature(sig)
|
||||
rmWitness.SetSessionToken(tok)
|
||||
rmWitness.ContainerID = id
|
||||
rmWitness.Signature = body.GetSignature()
|
||||
rmWitness.SessionToken = tok
|
||||
|
||||
err = s.wrt.Delete(rmWitness)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue