forked from TrueCloudLab/frostfs-node
[#317] morph/client: Return complete eACL signature from contract
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
c75a828adf
commit
a89567a88d
4 changed files with 26 additions and 14 deletions
|
@ -425,10 +425,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
|
||||||
for i := 0; i < awaitTimeout; i++ {
|
for i := 0; i < awaitTimeout; i++ {
|
||||||
time.Sleep(1 * time.Second)
|
time.Sleep(1 * time.Second)
|
||||||
|
|
||||||
eaclSig, err := cli.GetEACLWithSignature(ctx, id, globalCallOptions()...)
|
table, err := cli.GetEACL(ctx, id, globalCallOptions()...)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
// compare binary values because EACL could have been set already
|
// compare binary values because EACL could have been set already
|
||||||
got, err := eaclSig.EACL().Marshal()
|
got, err := table.Marshal()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,9 @@ type EACLArgs struct {
|
||||||
type EACLValues struct {
|
type EACLValues struct {
|
||||||
eacl []byte // extended ACL table
|
eacl []byte // extended ACL table
|
||||||
|
|
||||||
signature []byte // signature of extended ACL table
|
signature []byte // RFC-6979 signature of extended ACL table
|
||||||
|
|
||||||
|
publicKey []byte // public key of the extended ACL table signer
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetCID sets the container identifier
|
// SetCID sets the container identifier
|
||||||
|
@ -31,10 +33,16 @@ func (g *EACLValues) EACL() []byte {
|
||||||
return g.eacl
|
return g.eacl
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Signature returns RFC-6979 signature of extended ACL table.
|
||||||
func (g *EACLValues) Signature() []byte {
|
func (g *EACLValues) Signature() []byte {
|
||||||
return g.signature
|
return g.signature
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PublicKey of the signature.
|
||||||
|
func (g *EACLValues) PublicKey() []byte {
|
||||||
|
return g.publicKey
|
||||||
|
}
|
||||||
|
|
||||||
// EACL performs the test invoke of get eACL
|
// EACL performs the test invoke of get eACL
|
||||||
// method of NeoFS Container contract.
|
// method of NeoFS Container contract.
|
||||||
func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
||||||
|
@ -53,7 +61,7 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
||||||
return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod)
|
return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(arr) != 2 {
|
if len(arr) != 3 {
|
||||||
return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr))
|
return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -67,8 +75,14 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
|
||||||
return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod)
|
return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub, err := client.BytesFromStackItem(arr[2])
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrapf(err, "could not get byte array of eACL public key (%s)", c.eaclMethod)
|
||||||
|
}
|
||||||
|
|
||||||
return &EACLValues{
|
return &EACLValues{
|
||||||
eacl: eacl,
|
eacl: eacl,
|
||||||
signature: sig,
|
signature: sig,
|
||||||
|
publicKey: pub,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package wrapper
|
package wrapper
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/nspcc-dev/neofs-api-go/pkg"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||||
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
|
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
"github.com/nspcc-dev/neofs-node/pkg/core/container"
|
||||||
|
@ -10,7 +11,7 @@ import (
|
||||||
|
|
||||||
// GetEACL reads the extended ACL table from NeoFS system
|
// GetEACL reads the extended ACL table from NeoFS system
|
||||||
// through Container contract call.
|
// through Container contract call.
|
||||||
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
|
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, error) {
|
||||||
if cid == nil {
|
if cid == nil {
|
||||||
return nil, nil, errNilArgument
|
return nil, nil, errNilArgument
|
||||||
}
|
}
|
||||||
|
@ -37,13 +38,17 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
|
||||||
return nil, nil, container.ErrEACLNotFound
|
return nil, nil, container.ErrEACLNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tableSignature := pkg.NewSignature()
|
||||||
|
tableSignature.SetKey(rpcAnswer.PublicKey())
|
||||||
|
tableSignature.SetSign(sig)
|
||||||
|
|
||||||
table := eacl.NewTable()
|
table := eacl.NewTable()
|
||||||
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
|
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
|
||||||
// use other major version if there any
|
// use other major version if there any
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return table, sig, nil
|
return table, tableSignature, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// PutEACL saves the extended ACL table in NeoFS system
|
// PutEACL saves the extended ACL table in NeoFS system
|
||||||
|
|
|
@ -111,14 +111,7 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
|
||||||
|
|
||||||
res := new(container.GetExtendedACLResponseBody)
|
res := new(container.GetExtendedACLResponseBody)
|
||||||
res.SetEACL(table.ToV2())
|
res.SetEACL(table.ToV2())
|
||||||
|
res.SetSignature(signature.ToV2())
|
||||||
// Public key should be obtained by request sender, so we set up only
|
|
||||||
// the signature. Technically, node can make invocation to find container
|
|
||||||
// owner public key, but request sender cannot trust this info.
|
|
||||||
sig := new(refs.Signature)
|
|
||||||
sig.SetSign(signature)
|
|
||||||
|
|
||||||
res.SetSignature(sig)
|
|
||||||
|
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue