[#317] morph/client: Return complete eACL signature from contract

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2021-01-14 19:00:10 +03:00 committed by Alex Vanin
parent c75a828adf
commit a89567a88d
4 changed files with 26 additions and 14 deletions

View file

@ -425,10 +425,10 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
for i := 0; i < awaitTimeout; i++ { for i := 0; i < awaitTimeout; i++ {
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
eaclSig, err := cli.GetEACLWithSignature(ctx, id, globalCallOptions()...) table, err := cli.GetEACL(ctx, id, globalCallOptions()...)
if err == nil { if err == nil {
// compare binary values because EACL could have been set already // compare binary values because EACL could have been set already
got, err := eaclSig.EACL().Marshal() got, err := table.Marshal()
if err != nil { if err != nil {
continue continue
} }

View file

@ -16,7 +16,9 @@ type EACLArgs struct {
type EACLValues struct { type EACLValues struct {
eacl []byte // extended ACL table eacl []byte // extended ACL table
signature []byte // signature of extended ACL table signature []byte // RFC-6979 signature of extended ACL table
publicKey []byte // public key of the extended ACL table signer
} }
// SetCID sets the container identifier // SetCID sets the container identifier
@ -31,10 +33,16 @@ func (g *EACLValues) EACL() []byte {
return g.eacl return g.eacl
} }
// Signature returns RFC-6979 signature of extended ACL table.
func (g *EACLValues) Signature() []byte { func (g *EACLValues) Signature() []byte {
return g.signature return g.signature
} }
// PublicKey of the signature.
func (g *EACLValues) PublicKey() []byte {
return g.publicKey
}
// EACL performs the test invoke of get eACL // EACL performs the test invoke of get eACL
// method of NeoFS Container contract. // method of NeoFS Container contract.
func (c *Client) EACL(args EACLArgs) (*EACLValues, error) { func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
@ -53,7 +61,7 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod) return nil, errors.Wrapf(err, "could not get item array of eACL (%s)", c.eaclMethod)
} }
if len(arr) != 2 { if len(arr) != 3 {
return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr)) return nil, errors.Errorf("unexpected eacl stack item count (%s): %d", c.eaclMethod, len(arr))
} }
@ -67,8 +75,14 @@ func (c *Client) EACL(args EACLArgs) (*EACLValues, error) {
return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod) return nil, errors.Wrapf(err, "could not get byte array of eACL signature (%s)", c.eaclMethod)
} }
pub, err := client.BytesFromStackItem(arr[2])
if err != nil {
return nil, errors.Wrapf(err, "could not get byte array of eACL public key (%s)", c.eaclMethod)
}
return &EACLValues{ return &EACLValues{
eacl: eacl, eacl: eacl,
signature: sig, signature: sig,
publicKey: pub,
}, nil }, nil
} }

View file

@ -1,6 +1,7 @@
package wrapper package wrapper
import ( import (
"github.com/nspcc-dev/neofs-api-go/pkg"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container" containerSDK "github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/core/container"
@ -10,7 +11,7 @@ import (
// GetEACL reads the extended ACL table from NeoFS system // GetEACL reads the extended ACL table from NeoFS system
// through Container contract call. // through Container contract call.
func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) { func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, *pkg.Signature, error) {
if cid == nil { if cid == nil {
return nil, nil, errNilArgument return nil, nil, errNilArgument
} }
@ -37,13 +38,17 @@ func (w *Wrapper) GetEACL(cid *containerSDK.ID) (*eacl.Table, []byte, error) {
return nil, nil, container.ErrEACLNotFound return nil, nil, container.ErrEACLNotFound
} }
tableSignature := pkg.NewSignature()
tableSignature.SetKey(rpcAnswer.PublicKey())
tableSignature.SetSign(sig)
table := eacl.NewTable() table := eacl.NewTable()
if err = table.Unmarshal(rpcAnswer.EACL()); err != nil { if err = table.Unmarshal(rpcAnswer.EACL()); err != nil {
// use other major version if there any // use other major version if there any
return nil, nil, err return nil, nil, err
} }
return table, sig, nil return table, tableSignature, nil
} }
// PutEACL saves the extended ACL table in NeoFS system // PutEACL saves the extended ACL table in NeoFS system

View file

@ -111,14 +111,7 @@ func (s *morphExecutor) GetExtendedACL(ctx context.Context, body *container.GetE
res := new(container.GetExtendedACLResponseBody) res := new(container.GetExtendedACLResponseBody)
res.SetEACL(table.ToV2()) res.SetEACL(table.ToV2())
res.SetSignature(signature.ToV2())
// Public key should be obtained by request sender, so we set up only
// the signature. Technically, node can make invocation to find container
// owner public key, but request sender cannot trust this info.
sig := new(refs.Signature)
sig.SetSign(signature)
res.SetSignature(sig)
return res, nil return res, nil
} }