From aed298daa9d3d482278581683049fa1df72cda0c Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 20 Jul 2023 18:38:04 +0400 Subject: [PATCH] Upgrade NeoFS SDK module to the latest revision Signed-off-by: Leonard Lyubich --- cmd/neofs-cli/internal/client/client.go | 96 ++--- cmd/neofs-cli/internal/client/prm.go | 21 + cmd/neofs-cli/internal/client/sdk.go | 22 +- cmd/neofs-cli/modules/accounting/balance.go | 6 +- cmd/neofs-cli/modules/container/create.go | 14 +- cmd/neofs-cli/modules/container/delete.go | 9 +- cmd/neofs-cli/modules/container/get.go | 16 +- cmd/neofs-cli/modules/container/get_eacl.go | 4 +- cmd/neofs-cli/modules/container/list.go | 6 +- .../modules/container/list_objects.go | 5 +- cmd/neofs-cli/modules/container/nodes.go | 12 +- cmd/neofs-cli/modules/container/set_eacl.go | 3 +- cmd/neofs-cli/modules/control/drop_objects.go | 2 +- .../modules/control/evacuate_shard.go | 2 +- cmd/neofs-cli/modules/control/flush_cache.go | 2 +- cmd/neofs-cli/modules/control/healthcheck.go | 2 +- .../modules/control/set_netmap_status.go | 2 +- cmd/neofs-cli/modules/control/shards_dump.go | 2 +- cmd/neofs-cli/modules/control/shards_list.go | 2 +- .../modules/control/shards_restore.go | 2 +- .../modules/control/shards_set_mode.go | 2 +- .../modules/control/synchronize_tree.go | 2 +- cmd/neofs-cli/modules/control/util.go | 4 +- cmd/neofs-cli/modules/netmap/get_epoch.go | 4 +- cmd/neofs-cli/modules/netmap/netinfo.go | 4 +- cmd/neofs-cli/modules/netmap/nodeinfo.go | 4 +- cmd/neofs-cli/modules/netmap/snapshot.go | 4 +- cmd/neofs-cli/modules/object/delete.go | 1 + cmd/neofs-cli/modules/object/get.go | 3 +- cmd/neofs-cli/modules/object/hash.go | 4 +- cmd/neofs-cli/modules/object/head.go | 13 +- cmd/neofs-cli/modules/object/lock.go | 6 +- cmd/neofs-cli/modules/object/put.go | 5 +- cmd/neofs-cli/modules/object/range.go | 3 +- cmd/neofs-cli/modules/object/search.go | 3 +- cmd/neofs-cli/modules/object/util.go | 18 +- cmd/neofs-cli/modules/session/create.go | 10 +- cmd/neofs-cli/modules/storagegroup/delete.go | 1 + cmd/neofs-cli/modules/storagegroup/get.go | 3 +- cmd/neofs-cli/modules/storagegroup/list.go | 3 +- cmd/neofs-cli/modules/storagegroup/put.go | 12 +- cmd/neofs-cli/modules/util/sign_session.go | 7 +- cmd/neofs-node/config.go | 5 +- cmd/neofs-node/object.go | 27 +- go.mod | 2 +- go.sum | 4 +- pkg/core/client/client.go | 17 +- pkg/core/object/fmt.go | 16 +- pkg/core/object/fmt_test.go | 26 +- pkg/innerring/internal/client/client.go | 24 +- pkg/innerring/processors/container/common.go | 7 +- .../processors/container/process_container.go | 4 +- .../processors/settlement/audit/calculate.go | 20 +- pkg/innerring/rpc.go | 2 +- pkg/innerring/settlement.go | 13 +- pkg/local_object_storage/engine/lock_test.go | 2 +- .../shard/control_test.go | 2 +- pkg/morph/client/container/eacl_set.go | 9 +- pkg/morph/client/container/put.go | 14 +- pkg/network/cache/client.go | 2 - pkg/network/cache/multi.go | 35 +- pkg/services/audit/auditor/por.go | 3 +- pkg/services/container/morph/executor_test.go | 4 +- pkg/services/control/ir/server/sign.go | 8 +- pkg/services/control/server/sign.go | 7 +- pkg/services/object/acl/acl.go | 16 +- pkg/services/object/acl/v2/request.go | 10 +- pkg/services/object/acl/v2/util.go | 14 +- pkg/services/object/acl/v2/util_test.go | 4 +- pkg/services/object/get/get_test.go | 4 +- pkg/services/object/internal/client/client.go | 47 +-- pkg/services/object/put/slice.go | 119 ++++++ pkg/services/object/put/streamer.go | 16 +- pkg/services/object/search/search_test.go | 4 +- .../object_manager/placement/traverser.go | 2 +- .../object_manager/transformer/transformer.go | 386 ------------------ pkg/services/tree/signature.go | 15 +- pkg/services/tree/signature_test.go | 3 +- 78 files changed, 436 insertions(+), 803 deletions(-) create mode 100644 pkg/services/object/put/slice.go delete mode 100644 pkg/services/object_manager/transformer/transformer.go diff --git a/cmd/neofs-cli/internal/client/client.go b/cmd/neofs-cli/internal/client/client.go index 4ba1da6d71..b3ac01e090 100644 --- a/cmd/neofs-cli/internal/client/client.go +++ b/cmd/neofs-cli/internal/client/client.go @@ -3,7 +3,6 @@ package internal import ( "bytes" "context" - "errors" "fmt" "io" @@ -79,6 +78,7 @@ func ListContainers(ctx context.Context, prm ListContainersPrm) (res ListContain // PutContainerPrm groups parameters of PutContainer operation. type PutContainerPrm struct { commonPrm + signerRFC6979Prm cnr containerSDK.Container client.PrmContainerPut @@ -108,7 +108,7 @@ func (x PutContainerRes) ID() cid.ID { // // Returns any error which prevented the operation from completing correctly in error return. func PutContainer(ctx context.Context, prm PutContainerPrm) (res PutContainerRes, err error) { - cliRes, err := prm.cli.ContainerPut(ctx, prm.cnr, prm.PrmContainerPut) + cliRes, err := prm.cli.ContainerPut(ctx, prm.cnr, prm.signer, prm.PrmContainerPut) if err == nil { res.cnr = cliRes } @@ -166,6 +166,7 @@ func IsACLExtendable(ctx context.Context, c *client.Client, cnr cid.ID) (bool, e // DeleteContainerPrm groups parameters of DeleteContainerPrm operation. type DeleteContainerPrm struct { commonPrm + signerRFC6979Prm cid cid.ID client.PrmContainerDelete @@ -188,7 +189,7 @@ type DeleteContainerRes struct{} // // Returns any error which prevented the operation from completing correctly in error return. func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteContainerRes, err error) { - err = prm.cli.ContainerDelete(ctx, prm.cid, prm.PrmContainerDelete) + err = prm.cli.ContainerDelete(ctx, prm.cid, prm.signer, prm.PrmContainerDelete) return } @@ -229,6 +230,7 @@ func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) { // SetEACLPrm groups parameters of SetEACL operation. type SetEACLPrm struct { commonPrm + signerRFC6979Prm table eacl.Table client.PrmContainerSetEACL @@ -251,7 +253,7 @@ type SetEACLRes struct{} // // Returns any error which prevented the operation from completing correctly in error return. func SetEACL(ctx context.Context, prm SetEACLPrm) (res SetEACLRes, err error) { - err = prm.cli.ContainerSetEACL(ctx, prm.table, prm.PrmContainerSetEACL) + err = prm.cli.ContainerSetEACL(ctx, prm.table, prm.signer, prm.PrmContainerSetEACL) return } @@ -337,6 +339,7 @@ func NetMapSnapshot(ctx context.Context, prm NetMapSnapshotPrm) (res NetMapSnaps // CreateSessionPrm groups parameters of CreateSession operation. type CreateSessionPrm struct { commonPrm + signerPrm client.PrmSessionCreate } @@ -359,7 +362,7 @@ func (x CreateSessionRes) SessionKey() []byte { // // Returns any error which prevented the operation from completing correctly in error return. func CreateSession(ctx context.Context, prm CreateSessionPrm) (res CreateSessionRes, err error) { - res.cliRes, err = prm.cli.SessionCreate(ctx, prm.PrmSessionCreate) + res.cliRes, err = prm.cli.SessionCreate(ctx, prm.signer, prm.PrmSessionCreate) return } @@ -421,64 +424,48 @@ func PutObject(ctx context.Context, prm PutObjectPrm) (*PutObjectRes, error) { putPrm.WithXHeaders(prm.xHeaders...) - wrt, err := prm.cli.ObjectPutInit(ctx, putPrm) + wrt, err := prm.cli.ObjectPutInit(ctx, *prm.hdr, prm.signer, putPrm) if err != nil { return nil, fmt.Errorf("init object writing: %w", err) } - if wrt.WriteHeader(*prm.hdr) { - if prm.headerCallback != nil { - prm.headerCallback(prm.hdr) - } - - sz := prm.hdr.PayloadSize() + if prm.headerCallback != nil { + prm.headerCallback(prm.hdr) + } - if data := prm.hdr.Payload(); len(data) > 0 { - if prm.rdr != nil { - prm.rdr = io.MultiReader(bytes.NewReader(data), prm.rdr) - } else { - prm.rdr = bytes.NewReader(data) - sz = uint64(len(data)) - } - } + sz := prm.hdr.PayloadSize() + if data := prm.hdr.Payload(); len(data) > 0 { if prm.rdr != nil { - const defaultBufferSizePut = 3 << 20 // Maximum chunk size is 3 MiB in the SDK. - - if sz == 0 || sz > defaultBufferSizePut { - sz = defaultBufferSizePut - } - - buf := make([]byte, sz) - - var n int + prm.rdr = io.MultiReader(bytes.NewReader(data), prm.rdr) + } else { + prm.rdr = bytes.NewReader(data) + sz = uint64(len(data)) + } + } - for { - n, err = prm.rdr.Read(buf) - if n > 0 { - if !wrt.WritePayloadChunk(buf[:n]) { - break - } + if prm.rdr != nil { + const defaultBufferSizePut = 3 << 20 // Maximum chunk size is 3 MiB in the SDK. - continue - } + if sz == 0 || sz > defaultBufferSizePut { + sz = defaultBufferSizePut + } - if errors.Is(err, io.EOF) { - break - } + buf := make([]byte, sz) - return nil, fmt.Errorf("read payload: %w", err) - } + _, err = io.CopyBuffer(wrt, prm.rdr, buf) + if err != nil { + return nil, fmt.Errorf("copy data into object stream: %w", err) } } - cliRes, err := wrt.Close() - if err != nil { // here err already carries both status and client errors - return nil, fmt.Errorf("client failure: %w", err) + err = wrt.Close() + if err != nil { + return nil, fmt.Errorf("finish object stream: %w", err) } return &PutObjectRes{ - id: cliRes.StoredObjectID(), + id: wrt.GetResult().StoredObjectID(), }, nil } @@ -514,7 +501,7 @@ func DeleteObject(ctx context.Context, prm DeleteObjectPrm) (*DeleteObjectRes, e delPrm.WithXHeaders(prm.xHeaders...) - cliRes, err := prm.cli.ObjectDelete(ctx, prm.objAddr.Container(), prm.objAddr.Object(), delPrm) + cliRes, err := prm.cli.ObjectDelete(ctx, prm.objAddr.Container(), prm.objAddr.Object(), prm.signer, delPrm) if err != nil { return nil, fmt.Errorf("remove object via client: %w", err) } @@ -576,16 +563,11 @@ func GetObject(ctx context.Context, prm GetObjectPrm) (*GetObjectRes, error) { getPrm.WithXHeaders(prm.xHeaders...) - rdr, err := prm.cli.ObjectGetInit(ctx, prm.objAddr.Container(), prm.objAddr.Object(), getPrm) + hdr, rdr, err := prm.cli.ObjectGetInit(ctx, prm.objAddr.Container(), prm.objAddr.Object(), prm.signer, getPrm) if err != nil { return nil, fmt.Errorf("init object reading on client: %w", err) } - var hdr object.Object - - if !rdr.ReadHeader(&hdr) { - return nil, fmt.Errorf("read object header: %w", rdr.Close()) - } if prm.headerCallback != nil { prm.headerCallback(&hdr) } @@ -649,7 +631,7 @@ func HeadObject(ctx context.Context, prm HeadObjectPrm) (*HeadObjectRes, error) cliPrm.WithXHeaders(prm.xHeaders...) - res, err := prm.cli.ObjectHead(ctx, prm.objAddr.Container(), prm.objAddr.Object(), cliPrm) + res, err := prm.cli.ObjectHead(ctx, prm.objAddr.Container(), prm.objAddr.Object(), prm.signer, cliPrm) if err != nil { return nil, fmt.Errorf("read object header via client: %w", err) } @@ -709,7 +691,7 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes cliPrm.WithXHeaders(prm.xHeaders...) - rdr, err := prm.cli.ObjectSearchInit(ctx, prm.cnrID, cliPrm) + rdr, err := prm.cli.ObjectSearchInit(ctx, prm.cnrID, prm.signer, cliPrm) if err != nil { return nil, fmt.Errorf("init object search: %w", err) } @@ -812,7 +794,7 @@ func HashPayloadRanges(ctx context.Context, prm HashPayloadRangesPrm) (*HashPayl cliPrm.WithXHeaders(prm.xHeaders...) - res, err := prm.cli.ObjectHash(ctx, prm.objAddr.Container(), prm.objAddr.Object(), cliPrm) + res, err := prm.cli.ObjectHash(ctx, prm.objAddr.Container(), prm.objAddr.Object(), prm.signer, cliPrm) if err != nil { return nil, fmt.Errorf("read payload hashes via client: %w", err) } @@ -867,7 +849,7 @@ func PayloadRange(ctx context.Context, prm PayloadRangePrm) (*PayloadRangeRes, e cliPrm.WithXHeaders(prm.xHeaders...) - rdr, err := prm.cli.ObjectRangeInit(ctx, prm.objAddr.Container(), prm.objAddr.Object(), prm.rng.GetOffset(), prm.rng.GetLength(), cliPrm) + rdr, err := prm.cli.ObjectRangeInit(ctx, prm.objAddr.Container(), prm.objAddr.Object(), prm.rng.GetOffset(), prm.rng.GetLength(), prm.signer, cliPrm) if err != nil { return nil, fmt.Errorf("init payload reading: %w", err) } diff --git a/cmd/neofs-cli/internal/client/prm.go b/cmd/neofs-cli/internal/client/prm.go index 90f585dbac..3ec0503411 100644 --- a/cmd/neofs-cli/internal/client/prm.go +++ b/cmd/neofs-cli/internal/client/prm.go @@ -1,6 +1,7 @@ package internal import ( + "crypto/ecdsa" "io" "github.com/nspcc-dev/neofs-sdk-go/bearer" @@ -8,6 +9,7 @@ import ( cid "github.com/nspcc-dev/neofs-sdk-go/container/id" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/user" ) // here are small structures with public setters to share between parameter structures @@ -68,6 +70,7 @@ func (x *payloadWriterPrm) SetPayloadWriter(wrt io.Writer) { type commonObjectPrm struct { commonPrm bearerTokenPrm + signerPrm sessionToken *session.Object @@ -90,3 +93,21 @@ func (x *commonObjectPrm) SetXHeaders(hs []string) { func (x *commonObjectPrm) SetSessionToken(tok *session.Object) { x.sessionToken = tok } + +type signerPrm struct { + signer user.Signer +} + +// SetPrivateKey sets ecdsa.PrivateKey to be used for the operation. +func (x *signerPrm) SetPrivateKey(key ecdsa.PrivateKey) { + x.signer = user.NewAutoIDSigner(key) +} + +type signerRFC6979Prm struct { + signer user.Signer +} + +// SetPrivateKey sets ecdsa.PrivateKey to be used for the operation. +func (p *signerRFC6979Prm) SetPrivateKey(key ecdsa.PrivateKey) { + p.signer = user.NewAutoIDSignerRFC6979(key) +} diff --git a/cmd/neofs-cli/internal/client/sdk.go b/cmd/neofs-cli/internal/client/sdk.go index b603bfa8c1..dfb42488db 100644 --- a/cmd/neofs-cli/internal/client/sdk.go +++ b/cmd/neofs-cli/internal/client/sdk.go @@ -2,9 +2,6 @@ package internal import ( "context" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" "errors" "fmt" "time" @@ -12,7 +9,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/pkg/network" "github.com/nspcc-dev/neofs-sdk-go/client" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -21,32 +17,31 @@ var errInvalidEndpoint = errors.New("provided RPC endpoint is incorrect") // GetSDKClientByFlag returns default neofs-sdk-go client using the specified flag for the address. // On error, outputs to stderr of cmd and exits with non-zero code. -func GetSDKClientByFlag(ctx context.Context, cmd *cobra.Command, key *ecdsa.PrivateKey, endpointFlag string) *client.Client { - cli, err := getSDKClientByFlag(ctx, cmd, key, endpointFlag) +func GetSDKClientByFlag(ctx context.Context, cmd *cobra.Command, endpointFlag string) *client.Client { + cli, err := getSDKClientByFlag(ctx, cmd, endpointFlag) if err != nil { common.ExitOnErr(cmd, "can't create API client: %w", err) } return cli } -func getSDKClientByFlag(ctx context.Context, cmd *cobra.Command, key *ecdsa.PrivateKey, endpointFlag string) (*client.Client, error) { +func getSDKClientByFlag(ctx context.Context, cmd *cobra.Command, endpointFlag string) (*client.Client, error) { var addr network.Address err := addr.FromString(viper.GetString(endpointFlag)) if err != nil { return nil, fmt.Errorf("%v: %w", errInvalidEndpoint, err) } - return GetSDKClient(ctx, cmd, key, addr) + return GetSDKClient(ctx, cmd, addr) } // GetSDKClient returns default neofs-sdk-go client. -func GetSDKClient(ctx context.Context, cmd *cobra.Command, key *ecdsa.PrivateKey, addr network.Address) (*client.Client, error) { +func GetSDKClient(ctx context.Context, cmd *cobra.Command, addr network.Address) (*client.Client, error) { var ( prmInit client.PrmInit prmDial client.PrmDial ) - prmInit.SetDefaultSigner(neofsecdsa.SignerRFC6979(*key)) prmDial.SetServerURI(addr.URIAddr()) prmDial.SetContext(ctx) @@ -81,12 +76,7 @@ func GetCurrentEpoch(ctx context.Context, cmd *cobra.Command, endpoint string) ( return 0, fmt.Errorf("can't parse RPC endpoint: %w", err) } - key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - return 0, fmt.Errorf("can't generate key to sign query: %w", err) - } - - c, err := GetSDKClient(ctx, cmd, key, addr) + c, err := GetSDKClient(ctx, cmd, addr) if err != nil { return 0, err } diff --git a/cmd/neofs-cli/modules/accounting/balance.go b/cmd/neofs-cli/modules/accounting/balance.go index 20bd6b0d61..bbf8aba8a4 100644 --- a/cmd/neofs-cli/modules/accounting/balance.go +++ b/cmd/neofs-cli/modules/accounting/balance.go @@ -11,7 +11,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/nspcc-dev/neofs-node/pkg/util/precision" "github.com/nspcc-dev/neofs-sdk-go/accounting" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -34,13 +33,12 @@ var accountingBalanceCmd = &cobra.Command{ balanceOwner, _ := cmd.Flags().GetString(ownerFlag) if balanceOwner == "" { - err := user.IDFromSigner(&idUser, neofsecdsa.SignerRFC6979(*pk)) - common.ExitOnErr(cmd, "decoding user from key", err) + idUser = user.ResolveFromECDSAPublicKey(pk.PublicKey) } else { common.ExitOnErr(cmd, "can't decode owner ID wallet address: %w", idUser.DecodeString(balanceOwner)) } - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.BalanceOfPrm prm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/container/create.go b/cmd/neofs-cli/modules/container/create.go index 52bb1422c8..5a1c0a7e9b 100644 --- a/cmd/neofs-cli/modules/container/create.go +++ b/cmd/neofs-cli/modules/container/create.go @@ -14,7 +14,6 @@ import ( "github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container/acl" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" @@ -43,7 +42,7 @@ It will be stored in sidechain when inner ring will accepts it.`, common.ExitOnErr(cmd, "", err) key := key.Get(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, key, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) if !force { var prm internalclient.NetMapSnapshotPrm @@ -84,11 +83,7 @@ It will be stored in sidechain when inner ring will accepts it.`, issuer := tok.Issuer() cnr.SetOwner(issuer) } else { - var idOwner user.ID - err = user.IDFromSigner(&idOwner, neofsecdsa.SignerRFC6979(*key)) - common.ExitOnErr(cmd, "decoding user from key", err) - - cnr.SetOwner(idOwner) + cnr.SetOwner(user.ResolveFromECDSAPublicKey(key.PublicKey)) } cnr.SetPlacementPolicy(*placementPolicy) @@ -104,6 +99,7 @@ It will be stored in sidechain when inner ring will accepts it.`, var putPrm internalclient.PutContainerPrm putPrm.SetClient(cli) putPrm.SetContainer(cnr) + putPrm.SetPrivateKey(*key) if tok != nil { putPrm.WithinSession(*tok) @@ -208,11 +204,11 @@ func parseAttributes(dst *container.Container, attributes []string) error { } if !containerNoTimestamp { - container.SetCreationTime(dst, time.Now()) + dst.SetCreationTime(time.Now()) } if containerName != "" { - container.SetName(dst, containerName) + dst.SetName(containerName) } return nil diff --git a/cmd/neofs-cli/modules/container/delete.go b/cmd/neofs-cli/modules/container/delete.go index 1e05737193..5ac6bd0bf7 100644 --- a/cmd/neofs-cli/modules/container/delete.go +++ b/cmd/neofs-cli/modules/container/delete.go @@ -8,7 +8,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" objectSDK "github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" @@ -28,7 +27,7 @@ Only owner of the container has a permission to remove container.`, tok := getSession(cmd) pk := key.Get(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) if force, _ := cmd.Flags().GetBool(commonflags.ForceFlag); !force { common.PrintVerbose(cmd, "Reading the container to check ownership...") @@ -51,9 +50,7 @@ Only owner of the container has a permission to remove container.`, } else { common.PrintVerbose(cmd, "Checking provided account...") - var acc user.ID - err = user.IDFromSigner(&acc, neofsecdsa.SignerRFC6979(*pk)) - common.ExitOnErr(cmd, "decoding user from key", err) + acc := user.ResolveFromECDSAPublicKey(pk.PublicKey) if !acc.Equals(owner) { common.ExitOnErr(cmd, "", fmt.Errorf("provided account differs with the container owner: expected %s, has %s", owner, acc)) @@ -70,6 +67,7 @@ Only owner of the container has a permission to remove container.`, var searchPrm internalclient.SearchObjectsPrm searchPrm.SetClient(cli) + searchPrm.SetPrivateKey(*pk) searchPrm.SetContainerID(id) searchPrm.SetFilters(fs) searchPrm.SetTTL(2) @@ -90,6 +88,7 @@ Only owner of the container has a permission to remove container.`, var delPrm internalclient.DeleteContainerPrm delPrm.SetClient(cli) delPrm.SetContainer(id) + delPrm.SetPrivateKey(*pk) if tok != nil { delPrm.WithinSession(*tok) diff --git a/cmd/neofs-cli/modules/container/get.go b/cmd/neofs-cli/modules/container/get.go index 9ea081844c..a37adeb384 100644 --- a/cmd/neofs-cli/modules/container/get.go +++ b/cmd/neofs-cli/modules/container/get.go @@ -2,13 +2,11 @@ package container import ( "context" - "crypto/ecdsa" "os" internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/util" "github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container/acl" @@ -36,7 +34,7 @@ var getContainerInfoCmd = &cobra.Command{ ctx, cancel := commonflags.GetCommandContext(cmd) defer cancel() - cnr, _ := getContainer(ctx, cmd) + cnr := getContainer(ctx, cmd) prettyPrintContainer(cmd, cnr, containerJSON) @@ -84,7 +82,7 @@ func prettyPrintContainer(cmd *cobra.Command, cnr container.Container, jsonEncod } var id cid.ID - container.CalculateID(&id, cnr) + cnr.CalculateID(&id) cmd.Println("container ID:", id) cmd.Println("owner ID:", cnr.Owner()) @@ -92,7 +90,7 @@ func prettyPrintContainer(cmd *cobra.Command, cnr container.Container, jsonEncod basicACL := cnr.BasicACL() prettyPrintBasicACL(cmd, basicACL) - cmd.Println("created:", container.CreatedAt(cnr)) + cmd.Println("created:", cnr.CreatedAt()) cmd.Println("attributes:") cnr.IterateAttributes(func(key, val string) { @@ -136,9 +134,8 @@ func prettyPrintBasicACL(cmd *cobra.Command, basicACL acl.Basic) { util.PrettyPrintTableBACL(cmd, &basicACL) } -func getContainer(ctx context.Context, cmd *cobra.Command) (container.Container, *ecdsa.PrivateKey) { +func getContainer(ctx context.Context, cmd *cobra.Command) container.Container { var cnr container.Container - var pk *ecdsa.PrivateKey if containerPathFrom != "" { data, err := os.ReadFile(containerPathFrom) common.ExitOnErr(cmd, "can't read file: %w", err) @@ -147,8 +144,7 @@ func getContainer(ctx context.Context, cmd *cobra.Command) (container.Container, common.ExitOnErr(cmd, "can't unmarshal container: %w", err) } else { id := parseContainerID(cmd) - pk = key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.GetContainerPrm prm.SetClient(cli) @@ -159,5 +155,5 @@ func getContainer(ctx context.Context, cmd *cobra.Command) (container.Container, cnr = res.Container() } - return cnr, pk + return cnr } diff --git a/cmd/neofs-cli/modules/container/get_eacl.go b/cmd/neofs-cli/modules/container/get_eacl.go index e3c4d19473..7d31ba145a 100644 --- a/cmd/neofs-cli/modules/container/get_eacl.go +++ b/cmd/neofs-cli/modules/container/get_eacl.go @@ -6,7 +6,6 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/spf13/cobra" ) @@ -19,8 +18,7 @@ var getExtendedACLCmd = &cobra.Command{ defer cancel() id := parseContainerID(cmd) - pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var eaclPrm internalclient.EACLPrm eaclPrm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/container/list.go b/cmd/neofs-cli/modules/container/list.go index 5cd55c081e..b6f199a1d8 100644 --- a/cmd/neofs-cli/modules/container/list.go +++ b/cmd/neofs-cli/modules/container/list.go @@ -8,7 +8,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" ) @@ -38,14 +37,13 @@ var listContainersCmd = &cobra.Command{ key := key.GetOrGenerate(cmd) if flagVarListContainerOwner == "" { - err := user.IDFromSigner(&idUser, neofsecdsa.SignerRFC6979(*key)) - common.ExitOnErr(cmd, "decoding user from key", err) + idUser = user.ResolveFromECDSAPublicKey(key.PublicKey) } else { err := idUser.DecodeString(flagVarListContainerOwner) common.ExitOnErr(cmd, "invalid user ID: %w", err) } - cli := internalclient.GetSDKClientByFlag(ctx, cmd, key, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.ListContainersPrm prm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/container/list_objects.go b/cmd/neofs-cli/modules/container/list_objects.go index 7dd0683208..4d99f2aa5c 100644 --- a/cmd/neofs-cli/modules/container/list_objects.go +++ b/cmd/neofs-cli/modules/container/list_objects.go @@ -37,7 +37,8 @@ var listContainerObjectsCmd = &cobra.Command{ filters := new(object.SearchFilters) filters.AddRootFilter() // search only user created objects - cli := internalclient.GetSDKClientByFlag(ctx, cmd, key.GetOrGenerate(cmd), commonflags.RPC) + pk := key.GetOrGenerate(cmd) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prmSearch internalclient.SearchObjectsPrm var prmHead internalclient.HeadObjectPrm @@ -46,11 +47,13 @@ var listContainerObjectsCmd = &cobra.Command{ if flagVarListObjectsPrintAttr { prmHead.SetClient(cli) + prmHead.SetPrivateKey(*pk) objectCli.Prepare(cmd, &prmSearch, &prmHead) } else { objectCli.Prepare(cmd, &prmSearch) } + prmSearch.SetPrivateKey(*pk) prmSearch.SetContainerID(id) prmSearch.SetFilters(*filters) diff --git a/cmd/neofs-cli/modules/container/nodes.go b/cmd/neofs-cli/modules/container/nodes.go index 08c3b4232b..1a6dd47d42 100644 --- a/cmd/neofs-cli/modules/container/nodes.go +++ b/cmd/neofs-cli/modules/container/nodes.go @@ -4,8 +4,6 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" - containerAPI "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" "github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/spf13/cobra" @@ -21,13 +19,9 @@ var containerNodesCmd = &cobra.Command{ ctx, cancel := commonflags.GetCommandContext(cmd) defer cancel() - var cnr, pkey = getContainer(ctx, cmd) + cnr := getContainer(ctx, cmd) - if pkey == nil { - pkey = key.GetOrGenerate(cmd) - } - - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pkey, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.NetMapSnapshotPrm prm.SetClient(cli) @@ -36,7 +30,7 @@ var containerNodesCmd = &cobra.Command{ common.ExitOnErr(cmd, "unable to get netmap snapshot", err) var id cid.ID - containerAPI.CalculateID(&id, cnr) + cnr.CalculateID(&id) policy := cnr.PlacementPolicy() diff --git a/cmd/neofs-cli/modules/container/set_eacl.go b/cmd/neofs-cli/modules/container/set_eacl.go index 446ce39f97..e0126fe4ec 100644 --- a/cmd/neofs-cli/modules/container/set_eacl.go +++ b/cmd/neofs-cli/modules/container/set_eacl.go @@ -36,7 +36,7 @@ Container ID in EACL table will be substituted with ID from the CLI.`, eaclTable.SetCID(id) pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) if !flagVarsSetEACL.noPreCheck { cmd.Println("Checking the ability to modify access rights in the container...") @@ -54,6 +54,7 @@ Container ID in EACL table will be substituted with ID from the CLI.`, var setEACLPrm internalclient.SetEACLPrm setEACLPrm.SetClient(cli) setEACLPrm.SetTable(*eaclTable) + setEACLPrm.SetPrivateKey(*pk) if tok != nil { setEACLPrm.WithinSession(*tok) diff --git a/cmd/neofs-cli/modules/control/drop_objects.go b/cmd/neofs-cli/modules/control/drop_objects.go index b91c56d3bd..db740ee8d7 100644 --- a/cmd/neofs-cli/modules/control/drop_objects.go +++ b/cmd/neofs-cli/modules/control/drop_objects.go @@ -36,7 +36,7 @@ var dropObjectsCmd = &cobra.Command{ signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.DropObjectsResponse var err error diff --git a/cmd/neofs-cli/modules/control/evacuate_shard.go b/cmd/neofs-cli/modules/control/evacuate_shard.go index 974f961421..abd11181d3 100644 --- a/cmd/neofs-cli/modules/control/evacuate_shard.go +++ b/cmd/neofs-cli/modules/control/evacuate_shard.go @@ -28,7 +28,7 @@ func evacuateShard(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.EvacuateShardResponse var err error diff --git a/cmd/neofs-cli/modules/control/flush_cache.go b/cmd/neofs-cli/modules/control/flush_cache.go index 73aeeb6f1a..d350f6ffe7 100644 --- a/cmd/neofs-cli/modules/control/flush_cache.go +++ b/cmd/neofs-cli/modules/control/flush_cache.go @@ -27,7 +27,7 @@ func flushCache(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.FlushCacheResponse var err error diff --git a/cmd/neofs-cli/modules/control/healthcheck.go b/cmd/neofs-cli/modules/control/healthcheck.go index 00de8fda7b..af39167b56 100644 --- a/cmd/neofs-cli/modules/control/healthcheck.go +++ b/cmd/neofs-cli/modules/control/healthcheck.go @@ -39,7 +39,7 @@ func healthCheck(cmd *cobra.Command, _ []string) { pk := key.Get(cmd) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) if isIR, _ := cmd.Flags().GetBool(healthcheckIRFlag); isIR { healthCheckIR(cmd, pk, cli) diff --git a/cmd/neofs-cli/modules/control/set_netmap_status.go b/cmd/neofs-cli/modules/control/set_netmap_status.go index 61eba58ef2..270166a436 100644 --- a/cmd/neofs-cli/modules/control/set_netmap_status.go +++ b/cmd/neofs-cli/modules/control/set_netmap_status.go @@ -81,7 +81,7 @@ func setNetmapStatus(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.SetNetmapStatusResponse var err error diff --git a/cmd/neofs-cli/modules/control/shards_dump.go b/cmd/neofs-cli/modules/control/shards_dump.go index 4c32a1fff9..3092241441 100644 --- a/cmd/neofs-cli/modules/control/shards_dump.go +++ b/cmd/neofs-cli/modules/control/shards_dump.go @@ -41,7 +41,7 @@ func dumpShard(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.DumpShardResponse var err error diff --git a/cmd/neofs-cli/modules/control/shards_list.go b/cmd/neofs-cli/modules/control/shards_list.go index af5473fa94..d61aa39d3e 100644 --- a/cmd/neofs-cli/modules/control/shards_list.go +++ b/cmd/neofs-cli/modules/control/shards_list.go @@ -40,7 +40,7 @@ func listShards(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.ListShardsResponse var err error diff --git a/cmd/neofs-cli/modules/control/shards_restore.go b/cmd/neofs-cli/modules/control/shards_restore.go index ff2870f706..8d454c5fc3 100644 --- a/cmd/neofs-cli/modules/control/shards_restore.go +++ b/cmd/neofs-cli/modules/control/shards_restore.go @@ -41,7 +41,7 @@ func restoreShard(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.RestoreShardResponse var err error diff --git a/cmd/neofs-cli/modules/control/shards_set_mode.go b/cmd/neofs-cli/modules/control/shards_set_mode.go index 951bfc6249..f2eae33243 100644 --- a/cmd/neofs-cli/modules/control/shards_set_mode.go +++ b/cmd/neofs-cli/modules/control/shards_set_mode.go @@ -125,7 +125,7 @@ func setShardMode(cmd *cobra.Command, _ []string) { signRequest(cmd, pk, req) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.SetShardModeResponse var err error diff --git a/cmd/neofs-cli/modules/control/synchronize_tree.go b/cmd/neofs-cli/modules/control/synchronize_tree.go index a83525cb61..369b29751e 100644 --- a/cmd/neofs-cli/modules/control/synchronize_tree.go +++ b/cmd/neofs-cli/modules/control/synchronize_tree.go @@ -66,7 +66,7 @@ func synchronizeTree(cmd *cobra.Command, _ []string) { err := controlSvc.SignMessage(pk, req) common.ExitOnErr(cmd, "could not sign request: %w", err) - cli := getClient(ctx, cmd, pk) + cli := getClient(ctx, cmd) var resp *control.SynchronizeTreeResponse err = cli.ExecRaw(func(client *rawclient.Client) error { diff --git a/cmd/neofs-cli/modules/control/util.go b/cmd/neofs-cli/modules/control/util.go index b1c29daf9f..bce3b45e47 100644 --- a/cmd/neofs-cli/modules/control/util.go +++ b/cmd/neofs-cli/modules/control/util.go @@ -55,6 +55,6 @@ func verifyResponse(cmd *cobra.Command, } } -func getClient(ctx context.Context, cmd *cobra.Command, pk *ecdsa.PrivateKey) *client.Client { - return internalclient.GetSDKClientByFlag(ctx, cmd, pk, controlRPC) +func getClient(ctx context.Context, cmd *cobra.Command) *client.Client { + return internalclient.GetSDKClientByFlag(ctx, cmd, controlRPC) } diff --git a/cmd/neofs-cli/modules/netmap/get_epoch.go b/cmd/neofs-cli/modules/netmap/get_epoch.go index eaf0091634..c10983d2ac 100644 --- a/cmd/neofs-cli/modules/netmap/get_epoch.go +++ b/cmd/neofs-cli/modules/netmap/get_epoch.go @@ -4,7 +4,6 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/spf13/cobra" ) @@ -16,8 +15,7 @@ var getEpochCmd = &cobra.Command{ ctx, cancel := commonflags.GetCommandContext(cmd) defer cancel() - p := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, p, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.NetworkInfoPrm prm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/netmap/netinfo.go b/cmd/neofs-cli/modules/netmap/netinfo.go index aea9077ed3..d7245f73ff 100644 --- a/cmd/neofs-cli/modules/netmap/netinfo.go +++ b/cmd/neofs-cli/modules/netmap/netinfo.go @@ -8,7 +8,6 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/spf13/cobra" ) @@ -20,8 +19,7 @@ var netInfoCmd = &cobra.Command{ ctx, cancel := commonflags.GetCommandContext(cmd) defer cancel() - p := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, p, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.NetworkInfoPrm prm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/netmap/nodeinfo.go b/cmd/neofs-cli/modules/netmap/nodeinfo.go index d2233e9862..80f2489963 100644 --- a/cmd/neofs-cli/modules/netmap/nodeinfo.go +++ b/cmd/neofs-cli/modules/netmap/nodeinfo.go @@ -6,7 +6,6 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/spf13/cobra" ) @@ -21,8 +20,7 @@ var nodeInfoCmd = &cobra.Command{ ctx, cancel := commonflags.GetCommandContext(cmd) defer cancel() - p := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, p, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.NodeInfoPrm prm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/netmap/snapshot.go b/cmd/neofs-cli/modules/netmap/snapshot.go index 92b26b8f4f..3c95f60c3c 100644 --- a/cmd/neofs-cli/modules/netmap/snapshot.go +++ b/cmd/neofs-cli/modules/netmap/snapshot.go @@ -4,7 +4,6 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" - "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/spf13/cobra" ) @@ -16,8 +15,7 @@ var snapshotCmd = &cobra.Command{ ctx, cancel := commonflags.GetCommandContext(cmd) defer cancel() - p := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, p, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.NetMapSnapshotPrm prm.SetClient(cli) diff --git a/cmd/neofs-cli/modules/object/delete.go b/cmd/neofs-cli/modules/object/delete.go index f5b8128d0e..a35365fe69 100644 --- a/cmd/neofs-cli/modules/object/delete.go +++ b/cmd/neofs-cli/modules/object/delete.go @@ -66,6 +66,7 @@ func deleteObject(cmd *cobra.Command, _ []string) { var prm internalclient.DeleteObjectPrm ReadOrOpenSession(ctx, cmd, &prm, pk, cnr, &obj) Prepare(cmd, &prm) + prm.SetPrivateKey(*pk) prm.SetAddress(objAddr) res, err := internalclient.DeleteObject(ctx, prm) diff --git a/cmd/neofs-cli/modules/object/get.go b/cmd/neofs-cli/modules/object/get.go index 97a97de334..eb3c5e65e7 100644 --- a/cmd/neofs-cli/modules/object/get.go +++ b/cmd/neofs-cli/modules/object/get.go @@ -68,10 +68,11 @@ func getObject(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.GetObjectPrm prm.SetClient(cli) + prm.SetPrivateKey(*pk) Prepare(cmd, &prm) readSession(cmd, &prm, pk, cnr, obj) diff --git a/cmd/neofs-cli/modules/object/hash.go b/cmd/neofs-cli/modules/object/hash.go index f45a79bc44..e0dd6e6eeb 100644 --- a/cmd/neofs-cli/modules/object/hash.go +++ b/cmd/neofs-cli/modules/object/hash.go @@ -67,12 +67,13 @@ func getObjectHash(cmd *cobra.Command, _ []string) { common.ExitOnErr(cmd, "could not decode salt: %w", err) pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) tz := typ == hashTz fullHash := len(ranges) == 0 if fullHash { var headPrm internalclient.HeadObjectPrm + headPrm.SetPrivateKey(*pk) headPrm.SetClient(cli) Prepare(cmd, &headPrm) headPrm.SetAddress(objAddr) @@ -101,6 +102,7 @@ func getObjectHash(cmd *cobra.Command, _ []string) { var hashPrm internalclient.HashPayloadRangesPrm hashPrm.SetClient(cli) + hashPrm.SetPrivateKey(*pk) Prepare(cmd, &hashPrm) readSession(cmd, &hashPrm, pk, cnr, obj) hashPrm.SetAddress(objAddr) diff --git a/cmd/neofs-cli/modules/object/head.go b/cmd/neofs-cli/modules/object/head.go index f4bc607fd0..9cafca6f29 100644 --- a/cmd/neofs-cli/modules/object/head.go +++ b/cmd/neofs-cli/modules/object/head.go @@ -6,7 +6,6 @@ import ( "fmt" "os" - "github.com/nspcc-dev/neofs-api-go/v2/refs" internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" @@ -55,10 +54,11 @@ func getObjectHeader(cmd *cobra.Command, _ []string) { mainOnly, _ := cmd.Flags().GetBool("main-only") pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.HeadObjectPrm prm.SetClient(cli) + prm.SetPrivateKey(*pk) Prepare(cmd, &prm) readSession(cmd, &prm, pk, cnr, obj) @@ -165,13 +165,8 @@ func printHeader(cmd *cobra.Command, obj *object.Object) error { if signature := obj.Signature(); signature != nil { cmd.Print("ID signature:\n") - - // TODO(@carpawell): #1387 implement and use another approach to avoid conversion - var sigV2 refs.Signature - signature.WriteToV2(&sigV2) - - cmd.Printf(" public key: %s\n", hex.EncodeToString(sigV2.GetKey())) - cmd.Printf(" signature: %s\n", hex.EncodeToString(sigV2.GetSign())) + cmd.Printf(" public key: %s\n", hex.EncodeToString(signature.PublicKeyBytes())) + cmd.Printf(" signature: %s\n", hex.EncodeToString(signature.Value())) } return printSplitHeader(cmd, obj) diff --git a/cmd/neofs-cli/modules/object/lock.go b/cmd/neofs-cli/modules/object/lock.go index 34652af7d1..6d471a5887 100644 --- a/cmd/neofs-cli/modules/object/lock.go +++ b/cmd/neofs-cli/modules/object/lock.go @@ -13,7 +13,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" objectSDK "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/user" @@ -46,9 +45,7 @@ var objectLockCmd = &cobra.Command{ key := key.GetOrGenerate(cmd) - var idOwner user.ID - err = user.IDFromSigner(&idOwner, neofsecdsa.SignerRFC6979(*key)) - common.ExitOnErr(cmd, "decoding user from key", err) + idOwner := user.ResolveFromECDSAPublicKey(key.PublicKey) var lock objectSDK.Lock lock.WriteMembers(lockList) @@ -85,6 +82,7 @@ var objectLockCmd = &cobra.Command{ obj.SetPayload(lock.Marshal()) var prm internalclient.PutObjectPrm + prm.SetPrivateKey(*key) ReadOrOpenSession(ctx, cmd, &prm, key, cnr, nil) Prepare(cmd, &prm) prm.SetHeader(obj) diff --git a/cmd/neofs-cli/modules/object/put.go b/cmd/neofs-cli/modules/object/put.go index 29ed6dc48e..38a875a162 100644 --- a/cmd/neofs-cli/modules/object/put.go +++ b/cmd/neofs-cli/modules/object/put.go @@ -17,7 +17,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" @@ -93,8 +92,7 @@ func putObject(cmd *cobra.Command, _ []string) { ownerID = *objTemp.OwnerID() } else { readCID(cmd, &cnr) - err = user.IDFromSigner(&ownerID, neofsecdsa.SignerRFC6979(*pk)) - common.ExitOnErr(cmd, "decoding user from key", err) + ownerID = user.ResolveFromECDSAPublicKey(pk.PublicKey) } attrs, err := parseObjectAttrs(cmd) @@ -133,6 +131,7 @@ func putObject(cmd *cobra.Command, _ []string) { } var prm internalclient.PutObjectPrm + prm.SetPrivateKey(*pk) ReadOrOpenSession(ctx, cmd, &prm, pk, cnr, nil) Prepare(cmd, &prm) prm.SetHeader(obj) diff --git a/cmd/neofs-cli/modules/object/range.go b/cmd/neofs-cli/modules/object/range.go index e51f35f45b..477c0c2326 100644 --- a/cmd/neofs-cli/modules/object/range.go +++ b/cmd/neofs-cli/modules/object/range.go @@ -77,10 +77,11 @@ func getObjectRange(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.PayloadRangePrm prm.SetClient(cli) + prm.SetPrivateKey(*pk) Prepare(cmd, &prm) readSession(cmd, &prm, pk, cnr, obj) diff --git a/cmd/neofs-cli/modules/object/search.go b/cmd/neofs-cli/modules/object/search.go index 30cfb93de4..bd8816642a 100644 --- a/cmd/neofs-cli/modules/object/search.go +++ b/cmd/neofs-cli/modules/object/search.go @@ -55,10 +55,11 @@ func searchObject(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.SearchObjectsPrm prm.SetClient(cli) + prm.SetPrivateKey(*pk) Prepare(cmd, &prm) readSessionGlobal(cmd, &prm, pk, cnr) prm.SetContainerID(cnr) diff --git a/cmd/neofs-cli/modules/object/util.go b/cmd/neofs-cli/modules/object/util.go index 96a9475b26..5aa9d418b4 100644 --- a/cmd/neofs-cli/modules/object/util.go +++ b/cmd/neofs-cli/modules/object/util.go @@ -19,6 +19,7 @@ import ( "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -208,7 +209,7 @@ func _readVerifiedSession(cmd *cobra.Command, dst SessionPrm, key *ecdsa.Private // ReadOrOpenSession opens client connection and calls ReadOrOpenSessionViaClient with it. func ReadOrOpenSession(ctx context.Context, cmd *cobra.Command, dst SessionPrm, key *ecdsa.PrivateKey, cnr cid.ID, obj *oid.ID) { - cli := internal.GetSDKClientByFlag(ctx, cmd, key, commonflags.RPC) + cli := internal.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) ReadOrOpenSessionViaClient(ctx, cmd, dst, cli, key, cnr, obj) } @@ -230,7 +231,7 @@ func ReadOrOpenSessionViaClient(ctx context.Context, cmd *cobra.Command, dst Ses if _, ok := dst.(*internal.DeleteObjectPrm); ok { common.PrintVerbose(cmd, "Collecting relatives of the removal object...") - objs = append(objs, collectObjectRelatives(ctx, cmd, cli, cnr, *obj)...) + objs = append(objs, collectObjectRelatives(ctx, cmd, cli, key, cnr, *obj)...) } } @@ -240,7 +241,7 @@ func ReadOrOpenSessionViaClient(ctx context.Context, cmd *cobra.Command, dst Ses // OpenSession opens client connection and calls OpenSessionViaClient with it. func OpenSession(ctx context.Context, cmd *cobra.Command, dst SessionPrm, key *ecdsa.PrivateKey, cnr cid.ID, obj *oid.ID) { - cli := internal.GetSDKClientByFlag(ctx, cmd, key, commonflags.RPC) + cli := internal.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) OpenSessionViaClient(ctx, cmd, dst, cli, key, cnr, obj) } @@ -262,7 +263,7 @@ func OpenSessionViaClient(ctx context.Context, cmd *cobra.Command, dst SessionPr if _, ok := dst.(*internal.DeleteObjectPrm); ok { common.PrintVerbose(cmd, "Collecting relatives of the removal object...") - rels := collectObjectRelatives(ctx, cmd, cli, cnr, *obj) + rels := collectObjectRelatives(ctx, cmd, cli, key, cnr, *obj) if len(rels) == 0 { objs = []oid.ID{*obj} @@ -278,7 +279,7 @@ func OpenSessionViaClient(ctx context.Context, cmd *cobra.Command, dst SessionPr common.PrintVerbose(cmd, "Opening remote session with the node...") - err := sessionCli.CreateSession(ctx, &tok, cli, neofsecdsa.SignerRFC6979(*key), sessionLifetime) + err := sessionCli.CreateSession(ctx, &tok, cli, *key, sessionLifetime) common.ExitOnErr(cmd, "open remote session: %w", err) common.PrintVerbose(cmd, "Session successfully opened.") @@ -321,7 +322,7 @@ func finalizeSession(cmd *cobra.Command, dst SessionPrm, tok *session.Object, ke common.PrintVerbose(cmd, "Signing session...") - err := tok.Sign(neofsecdsa.SignerRFC6979(*key)) + err := tok.Sign(user.NewAutoIDSigner(*key)) common.ExitOnErr(cmd, "sign session: %w", err) common.PrintVerbose(cmd, "Session token successfully formed and attached to the request.") @@ -339,7 +340,7 @@ func initFlagSession(cmd *cobra.Command, verb string) { // container. // // The object itself is not included in the result. -func collectObjectRelatives(ctx context.Context, cmd *cobra.Command, cli *client.Client, cnr cid.ID, obj oid.ID) []oid.ID { +func collectObjectRelatives(ctx context.Context, cmd *cobra.Command, cli *client.Client, key *ecdsa.PrivateKey, cnr cid.ID, obj oid.ID) []oid.ID { common.PrintVerbose(cmd, "Fetching raw object header...") // request raw header first @@ -349,6 +350,7 @@ func collectObjectRelatives(ctx context.Context, cmd *cobra.Command, cli *client var prmHead internal.HeadObjectPrm prmHead.SetClient(cli) + prmHead.SetPrivateKey(*key) prmHead.SetAddress(addrObj) prmHead.SetRawFlag(true) @@ -405,6 +407,7 @@ func collectObjectRelatives(ctx context.Context, cmd *cobra.Command, cli *client var prm internal.SearchObjectsPrm prm.SetContainerID(cnr) prm.SetClient(cli) + prm.SetPrivateKey(*key) prm.SetFilters(query) res, err := internal.SearchObjects(ctx, prm) @@ -460,6 +463,7 @@ func collectObjectRelatives(ctx context.Context, cmd *cobra.Command, cli *client var prmSearch internal.SearchObjectsPrm prmSearch.SetClient(cli) + prmSearch.SetPrivateKey(*key) prmSearch.SetContainerID(cnr) prmSearch.SetFilters(query) diff --git a/cmd/neofs-cli/modules/session/create.go b/cmd/neofs-cli/modules/session/create.go index f4414fd5be..9010108b61 100644 --- a/cmd/neofs-cli/modules/session/create.go +++ b/cmd/neofs-cli/modules/session/create.go @@ -2,6 +2,7 @@ package session import ( "context" + "crypto/ecdsa" "fmt" "os" @@ -12,7 +13,6 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" "github.com/nspcc-dev/neofs-node/pkg/network" "github.com/nspcc-dev/neofs-sdk-go/client" - neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/session" "github.com/spf13/cobra" @@ -58,7 +58,7 @@ func createSession(cmd *cobra.Command, _ []string) { addrStr, _ := cmd.Flags().GetString(commonflags.RPC) common.ExitOnErr(cmd, "can't parse endpoint: %w", netAddr.FromString(addrStr)) - c, err := internalclient.GetSDKClient(ctx, cmd, privKey, netAddr) + c, err := internalclient.GetSDKClient(ctx, cmd, netAddr) common.ExitOnErr(cmd, "can't create client: %w", err) lifetime := uint64(defaultLifetime) @@ -68,7 +68,7 @@ func createSession(cmd *cobra.Command, _ []string) { var tok session.Object - err = CreateSession(ctx, &tok, c, neofsecdsa.SignerRFC6979(*privKey), lifetime) + err = CreateSession(ctx, &tok, c, *privKey, lifetime) common.ExitOnErr(cmd, "can't create session: %w", err) var data []byte @@ -90,7 +90,7 @@ func createSession(cmd *cobra.Command, _ []string) { // number of epochs. // // Fills ID, lifetime and session key. -func CreateSession(ctx context.Context, dst *session.Object, c *client.Client, _signer neofscrypto.Signer, lifetime uint64) error { +func CreateSession(ctx context.Context, dst *session.Object, c *client.Client, key ecdsa.PrivateKey, lifetime uint64) error { var netInfoPrm internalclient.NetworkInfoPrm netInfoPrm.SetClient(c) @@ -105,7 +105,7 @@ func CreateSession(ctx context.Context, dst *session.Object, c *client.Client, _ var sessionPrm internalclient.CreateSessionPrm sessionPrm.SetClient(c) sessionPrm.SetExp(exp) - sessionPrm.UseSigner(_signer) + sessionPrm.SetPrivateKey(key) sessionRes, err := internalclient.CreateSession(ctx, sessionPrm) if err != nil { diff --git a/cmd/neofs-cli/modules/storagegroup/delete.go b/cmd/neofs-cli/modules/storagegroup/delete.go index 6c971ddfd9..ca0b8fe846 100644 --- a/cmd/neofs-cli/modules/storagegroup/delete.go +++ b/cmd/neofs-cli/modules/storagegroup/delete.go @@ -42,6 +42,7 @@ func delSG(cmd *cobra.Command, _ []string) { addr := readObjectAddress(cmd, &cnr, &obj) var prm internalclient.DeleteObjectPrm + prm.SetPrivateKey(*pk) objectCli.OpenSession(ctx, cmd, &prm, pk, cnr, &obj) objectCli.Prepare(cmd, &prm) prm.SetAddress(addr) diff --git a/cmd/neofs-cli/modules/storagegroup/get.go b/cmd/neofs-cli/modules/storagegroup/get.go index 5bc02e4125..60266e6620 100644 --- a/cmd/neofs-cli/modules/storagegroup/get.go +++ b/cmd/neofs-cli/modules/storagegroup/get.go @@ -48,11 +48,12 @@ func getSG(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) buf := bytes.NewBuffer(nil) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.GetObjectPrm objectCli.Prepare(cmd, &prm) prm.SetClient(cli) + prm.SetPrivateKey(*pk) raw, _ := cmd.Flags().GetBool(sgRawFlag) prm.SetRawFlag(raw) diff --git a/cmd/neofs-cli/modules/storagegroup/list.go b/cmd/neofs-cli/modules/storagegroup/list.go index c1a71a47bb..bd908071bb 100644 --- a/cmd/neofs-cli/modules/storagegroup/list.go +++ b/cmd/neofs-cli/modules/storagegroup/list.go @@ -34,11 +34,12 @@ func listSG(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) var prm internalclient.SearchObjectsPrm objectCli.Prepare(cmd, &prm) prm.SetClient(cli) + prm.SetPrivateKey(*pk) prm.SetContainerID(cnr) prm.SetFilters(storagegroup.SearchQuery()) diff --git a/cmd/neofs-cli/modules/storagegroup/put.go b/cmd/neofs-cli/modules/storagegroup/put.go index e0ae5a327f..50fdffd5b9 100644 --- a/cmd/neofs-cli/modules/storagegroup/put.go +++ b/cmd/neofs-cli/modules/storagegroup/put.go @@ -12,9 +12,7 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" objectCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/object" "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/storagegroup" - "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" storagegroupSDK "github.com/nspcc-dev/neofs-sdk-go/storagegroup" @@ -54,9 +52,7 @@ func putSG(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) - var ownerID user.ID - err := user.IDFromSigner(&ownerID, neofsecdsa.SignerRFC6979(*pk)) - common.ExitOnErr(cmd, "decoding user from key", err) + ownerID := user.ResolveFromECDSAPublicKey(pk.PublicKey) var cnr cid.ID readCID(cmd, &cnr) @@ -81,7 +77,7 @@ func putSG(cmd *cobra.Command, _ []string) { getCnrPrm internalclient.GetContainerPrm ) - cli := internalclient.GetSDKClientByFlag(ctx, cmd, pk, commonflags.RPC) + cli := internalclient.GetSDKClientByFlag(ctx, cmd, commonflags.RPC) getCnrPrm.SetClient(cli) getCnrPrm.SetContainer(cnr) @@ -93,6 +89,7 @@ func putSG(cmd *cobra.Command, _ []string) { headPrm.SetRawFlag(true) headPrm.SetClient(cli) + headPrm.SetPrivateKey(*pk) sg, err := storagegroup.CollectMembers(sgHeadReceiver{ ctx: ctx, @@ -100,7 +97,7 @@ func putSG(cmd *cobra.Command, _ []string) { key: pk, ownerID: &ownerID, prm: headPrm, - }, cnr, members, !container.IsHomomorphicHashingDisabled(resGetCnr.Container())) + }, cnr, members, !resGetCnr.Container().IsHomomorphicHashingDisabled()) common.ExitOnErr(cmd, "could not collect storage group members: %w", err) var netInfoPrm internalclient.NetworkInfoPrm @@ -118,6 +115,7 @@ func putSG(cmd *cobra.Command, _ []string) { storagegroupSDK.WriteToObject(*sg, obj) + putPrm.SetPrivateKey(*pk) putPrm.SetHeader(obj) res, err := internalclient.PutObject(ctx, putPrm) diff --git a/cmd/neofs-cli/modules/util/sign_session.go b/cmd/neofs-cli/modules/util/sign_session.go index 9fa5103247..59d746d432 100644 --- a/cmd/neofs-cli/modules/util/sign_session.go +++ b/cmd/neofs-cli/modules/util/sign_session.go @@ -9,9 +9,8 @@ import ( "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags" "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key" - neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/cobra" ) @@ -44,7 +43,7 @@ func signSessionToken(cmd *cobra.Command, _ []string) { type iTokenSession interface { json.Marshaler common.BinaryOrJSON - Sign(neofscrypto.Signer) error + Sign(user.Signer) error } var errLast error var stok iTokenSession @@ -64,7 +63,7 @@ func signSessionToken(cmd *cobra.Command, _ []string) { pk := key.GetOrGenerate(cmd) - err = stok.Sign(neofsecdsa.SignerRFC6979(*pk)) + err = stok.Sign(user.NewAutoIDSignerRFC6979(*pk)) common.ExitOnErr(cmd, "can't sign token: %w", err) data, err := stok.MarshalJSON() diff --git a/cmd/neofs-node/config.go b/cmd/neofs-node/config.go index 63463892f2..4391ae0e20 100644 --- a/cmd/neofs-node/config.go +++ b/cmd/neofs-node/config.go @@ -61,7 +61,6 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/util/response" "github.com/nspcc-dev/neofs-node/pkg/util" "github.com/nspcc-dev/neofs-node/pkg/util/state" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/netmap" objectSDK "github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/user" @@ -589,7 +588,6 @@ func initCfg(appCfg *config.Config) *cfg { cacheOpts := cache.ClientCacheOpts{ DialTimeout: apiclientconfig.DialTimeout(appCfg), StreamTimeout: apiclientconfig.StreamTimeout(appCfg), - Key: &key.PrivateKey, AllowExternal: apiclientconfig.AllowExternal(appCfg), ReconnectTimeout: apiclientconfig.ReconnectTimeout(appCfg), } @@ -633,8 +631,7 @@ func initCfg(appCfg *config.Config) *cfg { workerPool: reputationWorkerPool, } - err = user.IDFromSigner(&c.ownerIDFromKey, neofsecdsa.SignerRFC6979(key.PrivateKey)) - fatalOnErr(err) + c.ownerIDFromKey = user.ResolveFromECDSAPublicKey(key.PrivateKey.PublicKey) if metricsconfig.Enabled(c.appCfg) { c.metricsCollector = metrics.NewNodeMetrics(misc.Version) diff --git a/cmd/neofs-node/object.go b/cmd/neofs-node/object.go index 18c694e9a7..a4cf5d9d63 100644 --- a/cmd/neofs-node/object.go +++ b/cmd/neofs-node/object.go @@ -37,6 +37,7 @@ import ( truststorage "github.com/nspcc-dev/neofs-node/pkg/services/reputation/local/storage" "github.com/nspcc-dev/neofs-sdk-go/client" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" + neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" objectSDK "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" @@ -432,8 +433,8 @@ func (c *reputationClient) submitResult(err error) { c.cons.trustStorage.Update(prm) } -func (c *reputationClient) ObjectPutInit(ctx context.Context, prm client.PrmObjectPutInit) (*client.ObjectWriter, error) { - res, err := c.MultiAddressClient.ObjectPutInit(ctx, prm) +func (c *reputationClient) ObjectPutInit(ctx context.Context, hdr objectSDK.Object, signer user.Signer, prm client.PrmObjectPutInit) (client.ObjectWriter, error) { + res, err := c.MultiAddressClient.ObjectPutInit(ctx, hdr, signer, prm) // FIXME: (neofs-node#1193) here we submit only initialization errors, writing errors are not processed c.submitResult(err) @@ -441,8 +442,8 @@ func (c *reputationClient) ObjectPutInit(ctx context.Context, prm client.PrmObje return res, err } -func (c *reputationClient) ObjectDelete(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectDelete) (oid.ID, error) { - res, err := c.MultiAddressClient.ObjectDelete(ctx, containerID, objectID, prm) +func (c *reputationClient) ObjectDelete(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectDelete) (oid.ID, error) { + res, err := c.MultiAddressClient.ObjectDelete(ctx, containerID, objectID, signer, prm) if err != nil { c.submitResult(err) } @@ -450,33 +451,33 @@ func (c *reputationClient) ObjectDelete(ctx context.Context, containerID cid.ID, return res, err } -func (c *reputationClient) GetObjectInit(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectGet) (*client.ObjectReader, error) { - res, err := c.MultiAddressClient.ObjectGetInit(ctx, containerID, objectID, prm) +func (c *reputationClient) GetObjectInit(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectGet) (objectSDK.Object, *client.PayloadReader, error) { + hdr, rdr, err := c.MultiAddressClient.ObjectGetInit(ctx, containerID, objectID, signer, prm) // FIXME: (neofs-node#1193) here we submit only initialization errors, reading errors are not processed c.submitResult(err) - return res, err + return hdr, rdr, err } -func (c *reputationClient) ObjectHead(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectHead) (*client.ResObjectHead, error) { - res, err := c.MultiAddressClient.ObjectHead(ctx, containerID, objectID, prm) +func (c *reputationClient) ObjectHead(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectHead) (*client.ResObjectHead, error) { + res, err := c.MultiAddressClient.ObjectHead(ctx, containerID, objectID, signer, prm) c.submitResult(err) return res, err } -func (c *reputationClient) ObjectHash(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectHash) ([][]byte, error) { - res, err := c.MultiAddressClient.ObjectHash(ctx, containerID, objectID, prm) +func (c *reputationClient) ObjectHash(ctx context.Context, containerID cid.ID, objectID oid.ID, signer neofscrypto.Signer, prm client.PrmObjectHash) ([][]byte, error) { + res, err := c.MultiAddressClient.ObjectHash(ctx, containerID, objectID, signer, prm) c.submitResult(err) return res, err } -func (c *reputationClient) ObjectSearchInit(ctx context.Context, containerID cid.ID, prm client.PrmObjectSearch) (*client.ObjectListReader, error) { - res, err := c.MultiAddressClient.ObjectSearchInit(ctx, containerID, prm) +func (c *reputationClient) ObjectSearchInit(ctx context.Context, containerID cid.ID, signer user.Signer, prm client.PrmObjectSearch) (*client.ObjectListReader, error) { + res, err := c.MultiAddressClient.ObjectSearchInit(ctx, containerID, signer, prm) // FIXME: (neofs-node#1193) here we submit only initialization errors, reading errors are not processed c.submitResult(err) diff --git a/go.mod b/go.mod index 783aeb0f34..089d951a17 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/nspcc-dev/neo-go v0.101.1 github.com/nspcc-dev/neofs-api-go/v2 v2.14.0 github.com/nspcc-dev/neofs-contract v0.16.0 - github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9 + github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230804111400-cfc9facd871b github.com/nspcc-dev/tzhash v1.7.0 github.com/olekukonko/tablewriter v0.0.5 github.com/panjf2000/ants/v2 v2.4.0 diff --git a/go.sum b/go.sum index 0e6ae1e750..2f01f329d6 100644 --- a/go.sum +++ b/go.sum @@ -367,8 +367,8 @@ github.com/nspcc-dev/neofs-crypto v0.4.0 h1:5LlrUAM5O0k1+sH/sktBtrgfWtq1pgpDs09f github.com/nspcc-dev/neofs-crypto v0.4.0/go.mod h1:6XJ8kbXgOfevbI2WMruOtI+qUJXNwSGM/E9eClXxPHs= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40= -github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9 h1:uIQlWUUo5n/e8rLFGm14zIValcpXU1HWuwaoXUAHt5Q= -github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9/go.mod h1:fTsdTU/M9rvv/f9jlp7vHOm3DRp+NSfjfTv9NohrKTE= +github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230804111400-cfc9facd871b h1:o24pyvguZKBqNtL5BFedWahbxoCBxv/cvarXOKrTehY= +github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230804111400-cfc9facd871b/go.mod h1:fTsdTU/M9rvv/f9jlp7vHOm3DRp+NSfjfTv9NohrKTE= github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= diff --git a/pkg/core/client/client.go b/pkg/core/client/client.go index 074da14f48..13901fd338 100644 --- a/pkg/core/client/client.go +++ b/pkg/core/client/client.go @@ -8,21 +8,24 @@ import ( "github.com/nspcc-dev/neofs-sdk-go/client" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" + neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" + "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" reputationSDK "github.com/nspcc-dev/neofs-sdk-go/reputation" + "github.com/nspcc-dev/neofs-sdk-go/user" ) // Client is an interface of NeoFS storage // node's client. type Client interface { ContainerAnnounceUsedSpace(ctx context.Context, announcements []container.SizeEstimation, prm client.PrmAnnounceSpace) error - ObjectPutInit(ctx context.Context, prm client.PrmObjectPutInit) (*client.ObjectWriter, error) - ObjectDelete(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectDelete) (oid.ID, error) - ObjectGetInit(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectGet) (*client.ObjectReader, error) - ObjectHead(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectHead) (*client.ResObjectHead, error) - ObjectSearchInit(ctx context.Context, containerID cid.ID, prm client.PrmObjectSearch) (*client.ObjectListReader, error) - ObjectRangeInit(ctx context.Context, containerID cid.ID, objectID oid.ID, offset, length uint64, prm client.PrmObjectRange) (*client.ObjectRangeReader, error) - ObjectHash(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectHash) ([][]byte, error) + ObjectPutInit(ctx context.Context, header object.Object, signer user.Signer, prm client.PrmObjectPutInit) (client.ObjectWriter, error) + ObjectDelete(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectDelete) (oid.ID, error) + ObjectGetInit(ctx context.Context, containerID cid.ID, objectID oid.ID, signer neofscrypto.Signer, prm client.PrmObjectGet) (object.Object, *client.PayloadReader, error) + ObjectHead(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectHead) (*client.ResObjectHead, error) + ObjectSearchInit(ctx context.Context, containerID cid.ID, signer user.Signer, prm client.PrmObjectSearch) (*client.ObjectListReader, error) + ObjectRangeInit(ctx context.Context, containerID cid.ID, objectID oid.ID, offset, length uint64, signer neofscrypto.Signer, prm client.PrmObjectRange) (*client.ObjectRangeReader, error) + ObjectHash(ctx context.Context, containerID cid.ID, objectID oid.ID, signer neofscrypto.Signer, prm client.PrmObjectHash) ([][]byte, error) AnnounceLocalTrust(ctx context.Context, epoch uint64, trusts []reputationSDK.Trust, prm client.PrmAnnounceLocalTrust) error AnnounceIntermediateTrust(ctx context.Context, epoch uint64, trust reputationSDK.PeerToPeerTrust, prm client.PrmAnnounceIntermediateTrust) error ExecRaw(f func(client *rawclient.Client) error) error diff --git a/pkg/core/object/fmt.go b/pkg/core/object/fmt.go index 6e6e90e170..27d7e9fae7 100644 --- a/pkg/core/object/fmt.go +++ b/pkg/core/object/fmt.go @@ -6,10 +6,8 @@ import ( "strconv" objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" - "github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-node/pkg/core/netmap" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/storagegroup" @@ -112,7 +110,7 @@ func (v *FormatValidator) Validate(obj *object.Object, unprepared bool) error { return fmt.Errorf("object did not pass expiration check: %w", err) } - if err := object.CheckHeaderVerificationFields(obj); err != nil { + if err := obj.CheckHeaderVerificationFields(); err != nil { return fmt.Errorf("(%T) could not validate header fields: %w", v, err) } } @@ -133,18 +131,6 @@ func (v *FormatValidator) validateSignatureKey(obj *object.Object) error { return errors.New("missing signature") } - var sigV2 refs.Signature - sig.WriteToV2(&sigV2) - - binKey := sigV2.GetKey() - - var key neofsecdsa.PublicKey - - err := key.Decode(binKey) - if err != nil { - return fmt.Errorf("decode public key: %w", err) - } - // FIXME: #1159 perform token verification return nil diff --git a/pkg/core/object/fmt_test.go b/pkg/core/object/fmt_test.go index dfe7ce996f..ee1d44f8cb 100644 --- a/pkg/core/object/fmt_test.go +++ b/pkg/core/object/fmt_test.go @@ -7,8 +7,6 @@ import ( "github.com/nspcc-dev/neo-go/pkg/crypto/keys" objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" - neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test" @@ -19,12 +17,8 @@ import ( "github.com/stretchr/testify/require" ) -func blankValidObject(signer neofscrypto.Signer) *object.Object { - var idOwner user.ID - err := user.IDFromSigner(&idOwner, signer) - if err != nil { - panic(err) - } +func blankValidObject(signer user.Signer) *object.Object { + idOwner := signer.UserID() obj := object.New() obj.SetContainerID(cidtest.ID()) @@ -79,23 +73,23 @@ func TestFormatValidator_Validate(t *testing.T) { }) t.Run("correct w/ session token", func(t *testing.T) { - signer := neofsecdsa.SignerRFC6979(ownerKey.PrivateKey) + signer := user.NewAutoIDSignerRFC6979(ownerKey.PrivateKey) obj := object.New() obj.SetContainerID(cidtest.ID()) obj.SetSessionToken(sessiontest.ObjectSigned(signer)) obj.SetOwnerID(usertest.ID(t)) - require.NoError(t, object.SetIDWithSignature(signer, obj)) + require.NoError(t, obj.SetIDWithSignature(signer)) require.NoError(t, v.Validate(obj, false)) }) t.Run("correct w/o session token", func(t *testing.T) { - signer := neofsecdsa.SignerRFC6979(ownerKey.PrivateKey) + signer := user.NewAutoIDSigner(ownerKey.PrivateKey) obj := blankValidObject(signer) - require.NoError(t, object.SetIDWithSignature(signer, obj)) + require.NoError(t, obj.SetIDWithSignature(signer)) require.NoError(t, v.Validate(obj, false)) }) @@ -209,7 +203,7 @@ func TestFormatValidator_Validate(t *testing.T) { t.Run("expiration", func(t *testing.T) { fn := func(val string) *object.Object { - signer := neofsecdsa.SignerRFC6979(ownerKey.PrivateKey) + signer := user.NewAutoIDSigner(ownerKey.PrivateKey) obj := blankValidObject(signer) var a object.Attribute @@ -218,7 +212,7 @@ func TestFormatValidator_Validate(t *testing.T) { obj.SetAttributes(a) - require.NoError(t, object.SetIDWithSignature(signer, obj)) + require.NoError(t, obj.SetIDWithSignature(signer)) return obj } @@ -244,7 +238,7 @@ func TestFormatValidator_Validate(t *testing.T) { t.Run("attributes", func(t *testing.T) { t.Run("duplication", func(t *testing.T) { - signer := neofsecdsa.SignerRFC6979(ownerKey.PrivateKey) + signer := user.NewAutoIDSigner(ownerKey.PrivateKey) obj := blankValidObject(signer) var a1 object.Attribute @@ -268,7 +262,7 @@ func TestFormatValidator_Validate(t *testing.T) { }) t.Run("empty value", func(t *testing.T) { - signer := neofsecdsa.SignerRFC6979(ownerKey.PrivateKey) + signer := user.NewAutoIDSigner(ownerKey.PrivateKey) obj := blankValidObject(signer) var a object.Attribute diff --git a/pkg/innerring/internal/client/client.go b/pkg/innerring/internal/client/client.go index 70b561af1a..e219ede565 100644 --- a/pkg/innerring/internal/client/client.go +++ b/pkg/innerring/internal/client/client.go @@ -11,14 +11,14 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/storagegroup" "github.com/nspcc-dev/neofs-sdk-go/client" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" + "github.com/nspcc-dev/neofs-sdk-go/user" ) // Client represents NeoFS API client cut down to the needs of a purely IR application. type Client struct { - key *ecdsa.PrivateKey + signer user.Signer c clientcore.Client } @@ -30,7 +30,7 @@ func (x *Client) WrapBasicClient(c clientcore.Client) { // SetPrivateKey sets a private key to sign RPC requests. func (x *Client) SetPrivateKey(key *ecdsa.PrivateKey) { - x.key = key + x.signer = user.NewAutoIDSigner(*key) } // SearchSGPrm groups parameters of SearchSG operation. @@ -63,9 +63,8 @@ var sgFilter = storagegroup.SearchQuery() func (x Client) SearchSG(prm SearchSGPrm) (*SearchSGRes, error) { var cliPrm client.PrmObjectSearch cliPrm.SetFilters(sgFilter) - cliPrm.UseSigner(neofsecdsa.SignerRFC6979(*x.key)) - rdr, err := x.c.ObjectSearchInit(prm.ctx, prm.cnrID, cliPrm) + rdr, err := x.c.ObjectSearchInit(prm.ctx, prm.cnrID, x.signer, cliPrm) if err != nil { return nil, fmt.Errorf("init object search: %w", err) } @@ -115,19 +114,12 @@ func (x GetObjectRes) Object() *object.Object { // Returns any error which prevented the operation from completing correctly in error return. func (x Client) GetObject(prm GetObjectPrm) (*GetObjectRes, error) { var cliPrm client.PrmObjectGet - cliPrm.UseSigner(neofsecdsa.SignerRFC6979(*x.key)) - rdr, err := x.c.ObjectGetInit(prm.ctx, prm.objAddr.Container(), prm.objAddr.Object(), cliPrm) + obj, rdr, err := x.c.ObjectGetInit(prm.ctx, prm.objAddr.Container(), prm.objAddr.Object(), x.signer, cliPrm) if err != nil { return nil, fmt.Errorf("init object search: %w", err) } - var obj object.Object - - if !rdr.ReadHeader(&obj) { - return nil, fmt.Errorf("read object header: %w", rdr.Close()) - } - buf := make([]byte, obj.PayloadSize()) _, err = rdr.Read(buf) @@ -186,9 +178,7 @@ func (x Client) HeadObject(prm HeadObjectPrm) (*HeadObjectRes, error) { cliPrm.MarkLocal() } - cliPrm.UseSigner(neofsecdsa.SignerRFC6979(*x.key)) - - cliRes, err := x.c.ObjectHead(prm.ctx, prm.objAddr.Container(), prm.objAddr.Object(), cliPrm) + cliRes, err := x.c.ObjectHead(prm.ctx, prm.objAddr.Container(), prm.objAddr.Object(), x.signer, cliPrm) if err != nil { return nil, fmt.Errorf("read object header from NeoFS: %w", err) } @@ -282,7 +272,7 @@ func (x Client) HashPayloadRange(prm HashPayloadRangePrm) (res HashPayloadRangeR cliPrm.SetRangeList(prm.rng.GetOffset(), prm.rng.GetLength()) cliPrm.TillichZemorAlgo() - hs, err := x.c.ObjectHash(prm.ctx, prm.objAddr.Container(), prm.objAddr.Object(), cliPrm) + hs, err := x.c.ObjectHash(prm.ctx, prm.objAddr.Container(), prm.objAddr.Object(), x.signer, cliPrm) if err == nil { if ln := len(hs); ln != 1 { err = fmt.Errorf("wrong number of checksums %d", ln) diff --git a/pkg/innerring/processors/container/common.go b/pkg/innerring/processors/container/common.go index c4179a8f10..076fd13ad3 100644 --- a/pkg/innerring/processors/container/common.go +++ b/pkg/innerring/processors/container/common.go @@ -1,6 +1,7 @@ package container import ( + "crypto/ecdsa" "errors" "fmt" @@ -101,11 +102,7 @@ func (cp *Processor) verifySignature(v signatureVerificationData) error { if keyProvided { // TODO(@cthulhu-rider): #1387 use another approach after neofs-sdk-go#233 - var idFromKey user.ID - err = user.IDFromKey(&idFromKey, v.binPublicKey) - if err != nil { - return fmt.Errorf("") - } + idFromKey := user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(key)) if v.ownerContainer.Equals(idFromKey) { if key.Verify(v.signedData, v.signature) { diff --git a/pkg/innerring/processors/container/process_container.go b/pkg/innerring/processors/container/process_container.go index 98767f1eea..408505af3b 100644 --- a/pkg/innerring/processors/container/process_container.go +++ b/pkg/innerring/processors/container/process_container.go @@ -186,7 +186,7 @@ func (cp *Processor) approveDeleteContainer(e *containerEvent.Delete) { func checkNNS(ctx *putContainerContext, cnr containerSDK.Container) error { // fetch domain info - ctx.d = containerSDK.ReadDomain(cnr) + ctx.d = cnr.ReadDomain() // if PutNamed event => check if values in container correspond to args if named, ok := ctx.e.(interface { @@ -211,7 +211,7 @@ func checkHomomorphicHashing(ns NetworkState, cnr containerSDK.Container) error return fmt.Errorf("could not get setting in contract: %w", err) } - if cnrSetting := containerSDK.IsHomomorphicHashingDisabled(cnr); netSetting != cnrSetting { + if cnrSetting := cnr.IsHomomorphicHashingDisabled(); netSetting != cnrSetting { return fmt.Errorf("network setting: %t, container setting: %t", netSetting, cnrSetting) } diff --git a/pkg/innerring/processors/settlement/audit/calculate.go b/pkg/innerring/processors/settlement/audit/calculate.go index 07c94726ad..058f96a742 100644 --- a/pkg/innerring/processors/settlement/audit/calculate.go +++ b/pkg/innerring/processors/settlement/audit/calculate.go @@ -2,9 +2,12 @@ package audit import ( "bytes" + "crypto/ecdsa" + "crypto/elliptic" "encoding/hex" "math/big" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neofs-node/pkg/innerring/processors/settlement/common" "github.com/nspcc-dev/neofs-sdk-go/audit" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -285,7 +288,7 @@ func (c *Calculator) fillTransferTable(ctx *singleResultCtx) bool { } // add txs to pay inner ring node for audit result - auditIR, err := ownerFromKey(ctx.auditResult.AuditorKey()) + auditorKey, err := keys.NewPublicKeyFromBytes(ctx.auditResult.AuditorKey(), elliptic.P256()) if err != nil { ctx.log.Error("could not parse public key of the inner ring node", zap.String("error", err.Error()), @@ -295,11 +298,13 @@ func (c *Calculator) fillTransferTable(ctx *singleResultCtx) bool { return false } - ctx.txTable.Transfer(&common.TransferTx{ + transferTx := &common.TransferTx{ From: cnrOwner, - To: *auditIR, Amount: ctx.auditFee, - }) + } + transferTx.To = user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*auditorKey)) + + ctx.txTable.Transfer(transferTx) return false } @@ -316,10 +321,3 @@ func (c *singleResultCtx) auditEpoch() uint64 { return c.eAudit } - -func ownerFromKey(key []byte) (*user.ID, error) { - var id user.ID - err := user.IDFromKey(&id, key) - - return &id, err -} diff --git a/pkg/innerring/rpc.go b/pkg/innerring/rpc.go index 8b6d6f3da8..4f229e26be 100644 --- a/pkg/innerring/rpc.go +++ b/pkg/innerring/rpc.go @@ -46,7 +46,7 @@ type ( func newClientCache(p *clientCacheParams) *ClientCache { return &ClientCache{ log: p.Log, - cache: cache.NewSDKClientCache(cache.ClientCacheOpts{AllowExternal: p.AllowExternal, Key: p.Key}), + cache: cache.NewSDKClientCache(cache.ClientCacheOpts{AllowExternal: p.AllowExternal}), key: p.Key, sgTimeout: p.SGTimeout, headTimeout: p.HeadTimeout, diff --git a/pkg/innerring/settlement.go b/pkg/innerring/settlement.go index 7a7188bc3d..6ceb7c584e 100644 --- a/pkg/innerring/settlement.go +++ b/pkg/innerring/settlement.go @@ -2,10 +2,13 @@ package innerring import ( "context" + "crypto/ecdsa" + "crypto/elliptic" "encoding/hex" "fmt" "math/big" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/core/netmap" "github.com/nspcc-dev/neofs-node/pkg/innerring/processors/settlement/audit" @@ -191,10 +194,14 @@ func (s settlementDeps) SGInfo(addr oid.Address) (audit.SGInfo, error) { } func (s settlementDeps) ResolveKey(ni common.NodeInfo) (*user.ID, error) { - var id user.ID - err := user.IDFromKey(&id, ni.PublicKey()) + pubKey, err := keys.NewPublicKeyFromBytes(ni.PublicKey(), elliptic.P256()) + if err != nil { + return nil, fmt.Errorf("decode public key: %w", err) + } + + id := user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*pubKey)) - return &id, err + return &id, nil } func (s settlementDeps) Transfer(sender, recipient user.ID, amount *big.Int, details []byte) { diff --git a/pkg/local_object_storage/engine/lock_test.go b/pkg/local_object_storage/engine/lock_test.go index d0fa53b549..a12c291167 100644 --- a/pkg/local_object_storage/engine/lock_test.go +++ b/pkg/local_object_storage/engine/lock_test.go @@ -99,7 +99,7 @@ func TestLockUserScenario(t *testing.T) { // 2. var locker object.Lock locker.WriteMembers([]oid.ID{id}) - object.WriteLock(lockerObj, locker) + lockerObj.WriteLock(locker) err = Put(e, lockerObj) require.NoError(t, err) diff --git a/pkg/local_object_storage/shard/control_test.go b/pkg/local_object_storage/shard/control_test.go index 3538c034c2..879a574c96 100644 --- a/pkg/local_object_storage/shard/control_test.go +++ b/pkg/local_object_storage/shard/control_test.go @@ -232,7 +232,7 @@ func TestRefillMetabase(t *testing.T) { lockObj := objecttest.Object(t) lockObj.SetContainerID(cnrLocked) - objectSDK.WriteLock(lockObj, lock) + lockObj.WriteLock(lock) putPrm.SetObject(lockObj) _, err = sh.Put(putPrm) diff --git a/pkg/morph/client/container/eacl_set.go b/pkg/morph/client/container/eacl_set.go index 7f7e05b096..d41fd901b9 100644 --- a/pkg/morph/client/container/eacl_set.go +++ b/pkg/morph/client/container/eacl_set.go @@ -3,7 +3,6 @@ package container import ( "fmt" - "github.com/nspcc-dev/neofs-api-go/v2/refs" containercore "github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/morph/client" ) @@ -29,12 +28,8 @@ func PutEACL(c *Client, eaclInfo containercore.EACL) error { prm.SetToken(eaclInfo.Session.Marshal()) } - // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion - var sigV2 refs.Signature - eaclInfo.Signature.WriteToV2(&sigV2) - - prm.SetKey(sigV2.GetKey()) - prm.SetSignature(sigV2.GetSign()) + prm.SetKey(eaclInfo.Signature.PublicKeyBytes()) + prm.SetSignature(eaclInfo.Signature.Value()) return c.PutEACL(prm) } diff --git a/pkg/morph/client/container/put.go b/pkg/morph/client/container/put.go index 687d1de5c5..c2b15d4ff4 100644 --- a/pkg/morph/client/container/put.go +++ b/pkg/morph/client/container/put.go @@ -3,10 +3,8 @@ package container import ( "fmt" - "github.com/nspcc-dev/neofs-api-go/v2/refs" containercore "github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/morph/client" - "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" ) @@ -17,7 +15,7 @@ import ( func Put(c *Client, cnr containercore.Container) (*cid.ID, error) { data := cnr.Value.Marshal() - d := container.ReadDomain(cnr.Value) + d := cnr.Value.ReadDomain() var prm PutPrm prm.SetContainer(data) @@ -28,12 +26,8 @@ func Put(c *Client, cnr containercore.Container) (*cid.ID, error) { prm.SetToken(cnr.Session.Marshal()) } - // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion - var sigV2 refs.Signature - cnr.Signature.WriteToV2(&sigV2) - - prm.SetKey(sigV2.GetKey()) - prm.SetSignature(sigV2.GetSign()) + prm.SetKey(cnr.Signature.PublicKeyBytes()) + prm.SetSignature(cnr.Signature.Value()) err := c.Put(prm) if err != nil { @@ -41,7 +35,7 @@ func Put(c *Client, cnr containercore.Container) (*cid.ID, error) { } var id cid.ID - container.CalculateIDFromBinary(&id, data) + id.FromBinary(data) return &id, nil } diff --git a/pkg/network/cache/client.go b/pkg/network/cache/client.go index 985a32599f..1e45670eb7 100644 --- a/pkg/network/cache/client.go +++ b/pkg/network/cache/client.go @@ -1,7 +1,6 @@ package cache import ( - "crypto/ecdsa" "sync" "time" @@ -22,7 +21,6 @@ type ( DialTimeout time.Duration StreamTimeout time.Duration ReconnectTimeout time.Duration - Key *ecdsa.PrivateKey ResponseCallback func(client.ResponseMetaInfo) error AllowExternal bool } diff --git a/pkg/network/cache/multi.go b/pkg/network/cache/multi.go index 6ab4d17ce7..8045d63db3 100644 --- a/pkg/network/cache/multi.go +++ b/pkg/network/cache/multi.go @@ -13,10 +13,11 @@ import ( "github.com/nspcc-dev/neofs-sdk-go/client" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" + neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" objectSDK "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" reputationSDK "github.com/nspcc-dev/neofs-sdk-go/reputation" + "github.com/nspcc-dev/neofs-sdk-go/user" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -60,10 +61,6 @@ func (x *multiClient) createForAddress(addr network.Address) (clientcore.Client, prmDial.SetServerURI(addr.URIAddr()) - if x.opts.Key != nil { - prmInit.SetDefaultSigner(neofsecdsa.SignerRFC6979(*x.opts.Key)) - } - if x.opts.DialTimeout > 0 { prmDial.SetTimeout(x.opts.DialTimeout) } @@ -213,9 +210,9 @@ func (s *singleClient) invalidate() { s.Unlock() } -func (x *multiClient) ObjectPutInit(ctx context.Context, p client.PrmObjectPutInit) (res *client.ObjectWriter, err error) { +func (x *multiClient) ObjectPutInit(ctx context.Context, header objectSDK.Object, signer user.Signer, p client.PrmObjectPutInit) (res client.ObjectWriter, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - res, err = c.ObjectPutInit(ctx, p) + res, err = c.ObjectPutInit(ctx, header, signer, p) return err }) @@ -228,54 +225,54 @@ func (x *multiClient) ContainerAnnounceUsedSpace(ctx context.Context, announceme }) } -func (x *multiClient) ObjectDelete(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectDelete) (tombID oid.ID, err error) { +func (x *multiClient) ObjectDelete(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectDelete) (tombID oid.ID, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - tombID, err = c.ObjectDelete(ctx, containerID, objectID, prm) + tombID, err = c.ObjectDelete(ctx, containerID, objectID, signer, prm) return err }) return } -func (x *multiClient) ObjectGetInit(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectGet) (res *client.ObjectReader, err error) { +func (x *multiClient) ObjectGetInit(ctx context.Context, containerID cid.ID, objectID oid.ID, signer neofscrypto.Signer, prm client.PrmObjectGet) (hdr objectSDK.Object, rdr *client.PayloadReader, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - res, err = c.ObjectGetInit(ctx, containerID, objectID, prm) + hdr, rdr, err = c.ObjectGetInit(ctx, containerID, objectID, signer, prm) return err }) return } -func (x *multiClient) ObjectRangeInit(ctx context.Context, containerID cid.ID, objectID oid.ID, offset, length uint64, prm client.PrmObjectRange) (res *client.ObjectRangeReader, err error) { +func (x *multiClient) ObjectRangeInit(ctx context.Context, containerID cid.ID, objectID oid.ID, offset, length uint64, signer neofscrypto.Signer, prm client.PrmObjectRange) (res *client.ObjectRangeReader, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - res, err = c.ObjectRangeInit(ctx, containerID, objectID, offset, length, prm) + res, err = c.ObjectRangeInit(ctx, containerID, objectID, offset, length, signer, prm) return err }) return } -func (x *multiClient) ObjectHead(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectHead) (res *client.ResObjectHead, err error) { +func (x *multiClient) ObjectHead(ctx context.Context, containerID cid.ID, objectID oid.ID, signer user.Signer, prm client.PrmObjectHead) (res *client.ResObjectHead, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - res, err = c.ObjectHead(ctx, containerID, objectID, prm) + res, err = c.ObjectHead(ctx, containerID, objectID, signer, prm) return err }) return } -func (x *multiClient) ObjectHash(ctx context.Context, containerID cid.ID, objectID oid.ID, prm client.PrmObjectHash) (res [][]byte, err error) { +func (x *multiClient) ObjectHash(ctx context.Context, containerID cid.ID, objectID oid.ID, signer neofscrypto.Signer, prm client.PrmObjectHash) (res [][]byte, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - res, err = c.ObjectHash(ctx, containerID, objectID, prm) + res, err = c.ObjectHash(ctx, containerID, objectID, signer, prm) return err }) return } -func (x *multiClient) ObjectSearchInit(ctx context.Context, containerID cid.ID, prm client.PrmObjectSearch) (res *client.ObjectListReader, err error) { +func (x *multiClient) ObjectSearchInit(ctx context.Context, containerID cid.ID, signer user.Signer, prm client.PrmObjectSearch) (res *client.ObjectListReader, err error) { err = x.iterateClients(ctx, func(c clientcore.Client) error { - res, err = c.ObjectSearchInit(ctx, containerID, prm) + res, err = c.ObjectSearchInit(ctx, containerID, signer, prm) return err }) diff --git a/pkg/services/audit/auditor/por.go b/pkg/services/audit/auditor/por.go index cdde8cd787..a7e6c693e3 100644 --- a/pkg/services/audit/auditor/por.go +++ b/pkg/services/audit/auditor/por.go @@ -6,7 +6,6 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/placement" "github.com/nspcc-dev/neofs-node/pkg/util/rand" - containerSDK "github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/netmap" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" storagegroupSDK "github.com/nspcc-dev/neofs-sdk-go/storagegroup" @@ -51,7 +50,7 @@ func (c *Context) checkStorageGroupPoR(sgID oid.ID, sg storagegroupSDK.StorageGr getHeaderPrm.CID = c.task.ContainerID() getHeaderPrm.NodeIsRelay = true - homomorphicHashingEnabled := !containerSDK.IsHomomorphicHashingDisabled(c.task.ContainerStructure()) + homomorphicHashingEnabled := !c.task.ContainerStructure().IsHomomorphicHashingDisabled() for i := range members { objectPlacement, err := c.buildPlacement(members[i]) diff --git a/pkg/services/container/morph/executor_test.go b/pkg/services/container/morph/executor_test.go index 4d06f29b0e..8d256f8c86 100644 --- a/pkg/services/container/morph/executor_test.go +++ b/pkg/services/container/morph/executor_test.go @@ -15,8 +15,8 @@ import ( cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" containertest "github.com/nspcc-dev/neofs-sdk-go/container/test" neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/stretchr/testify/require" ) @@ -48,7 +48,7 @@ func TestInvalidToken(t *testing.T) { priv, err := keys.NewPrivateKey() require.NoError(t, err) - signer := neofsecdsa.Signer(priv.PrivateKey) + signer := user.NewAutoIDSigner(priv.PrivateKey) sign := func(reqBody interface { StableMarshal([]byte) []byte diff --git a/pkg/services/control/ir/server/sign.go b/pkg/services/control/ir/server/sign.go index ad2b18e9ec..ef4c99fbdf 100644 --- a/pkg/services/control/ir/server/sign.go +++ b/pkg/services/control/ir/server/sign.go @@ -83,13 +83,9 @@ func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error { return fmt.Errorf("calculate signature: %w", err) } - // TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion - var sigV2 refs.Signature - sig.WriteToV2(&sigV2) - var sigControl control.Signature - sigControl.SetKey(sigV2.GetKey()) - sigControl.SetSign(sigV2.GetSign()) + sigControl.SetKey(sig.PublicKeyBytes()) + sigControl.SetSign(sig.Value()) msg.SetSignature(&sigControl) diff --git a/pkg/services/control/server/sign.go b/pkg/services/control/server/sign.go index b6e36b244b..a599fd5994 100644 --- a/pkg/services/control/server/sign.go +++ b/pkg/services/control/server/sign.go @@ -84,12 +84,9 @@ func SignMessage(key *ecdsa.PrivateKey, msg SignedMessage) error { } // TODO(@cthulhu-rider): #1387 use Signature message from NeoFS API to avoid conversion - var sigV2 refs.Signature - sig.WriteToV2(&sigV2) - var sigControl control.Signature - sigControl.SetKey(sigV2.GetKey()) - sigControl.SetSign(sigV2.GetSign()) + sigControl.SetKey(sig.PublicKeyBytes()) + sigControl.SetSign(sig.Value()) msg.SetSignature(&sigControl) diff --git a/pkg/services/object/acl/acl.go b/pkg/services/object/acl/acl.go index 83b6ac21db..5360b06228 100644 --- a/pkg/services/object/acl/acl.go +++ b/pkg/services/object/acl/acl.go @@ -1,15 +1,17 @@ package acl import ( + "crypto/ecdsa" + "crypto/elliptic" "errors" "fmt" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-node/pkg/core/netmap" "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine" eaclV2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl/v2" v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2" - bearerSDK "github.com/nspcc-dev/neofs-sdk-go/bearer" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" "github.com/nspcc-dev/neofs-sdk-go/container/acl" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" @@ -227,18 +229,19 @@ func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error { } // 4. Then check if container owner signed this token. - if !bearerSDK.ResolveIssuer(*token).Equals(ownerCnr) { + if !token.ResolveIssuer().Equals(ownerCnr) { // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again return errBearerNotSignedByOwner } // 5. Then check if request sender has rights to use this token. - var usrSender user.ID - err := user.IDFromKey(&usrSender, reqInfo.SenderKey()) + pubKey, err := keys.NewPublicKeyFromBytes(reqInfo.SenderKey(), elliptic.P256()) if err != nil { return fmt.Errorf("decode sender public key: %w", err) } + usrSender := user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*pubKey)) + if !token.AssertUser(usrSender) { // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again return errBearerInvalidOwner @@ -252,11 +255,10 @@ func isOwnerFromKey(id user.ID, key []byte) bool { return false } - var id2 user.ID - err := user.IDFromKey(&id2, key) + pubKey, err := keys.NewPublicKeyFromBytes(key, elliptic.P256()) if err != nil { return false } - return id.Equals(id2) + return id.Equals(user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*pubKey))) } diff --git a/pkg/services/object/acl/v2/request.go b/pkg/services/object/acl/v2/request.go index e4155d18cd..16985a83e6 100644 --- a/pkg/services/object/acl/v2/request.go +++ b/pkg/services/object/acl/v2/request.go @@ -1,8 +1,11 @@ package v2 import ( + "crypto/ecdsa" + "crypto/elliptic" "fmt" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/container/acl" @@ -125,11 +128,12 @@ func (r MetaWithToken) RequestOwner() (*user.ID, []byte, error) { key := bodySignature.GetKey() - var idSender user.ID - err := user.IDFromKey(&idSender, key) + pubKey, err := keys.NewPublicKeyFromBytes(key, elliptic.P256()) if err != nil { - return nil, nil, fmt.Errorf("invalid key in body signature: %w", err) + return nil, nil, fmt.Errorf("decode public key: %w", err) } + idSender := user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*pubKey)) + return &idSender, key, nil } diff --git a/pkg/services/object/acl/v2/util.go b/pkg/services/object/acl/v2/util.go index 3f6ad3f6d6..bb5641bbc5 100644 --- a/pkg/services/object/acl/v2/util.go +++ b/pkg/services/object/acl/v2/util.go @@ -1,9 +1,12 @@ package v2 import ( + "crypto/ecdsa" + "crypto/elliptic" "errors" "fmt" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" refsV2 "github.com/nspcc-dev/neofs-api-go/v2/refs" sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session" @@ -115,12 +118,8 @@ func ownerFromToken(token *sessionSDK.Object) (*user.ID, []byte, error) { } // 2. Then check if session token owner issued the session token - // TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion - var tokV2 sessionV2.Token - token.WriteToV2(&tokV2) - tokenIssuer := token.Issuer() - key := tokV2.GetSignature().GetKey() + key := token.IssuerPublicKeyBytes() if !isOwnerFromKey(tokenIssuer, key) { // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again @@ -147,13 +146,12 @@ func isOwnerFromKey(id user.ID, key []byte) bool { return false } - var id2 user.ID - err := user.IDFromKey(&id2, key) + pubKey, err := keys.NewPublicKeyFromBytes(key, elliptic.P256()) if err != nil { return false } - return id2.Equals(id) + return id.Equals(user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*pubKey))) } // assertVerb checks that token verb corresponds to op. diff --git a/pkg/services/object/acl/v2/util_test.go b/pkg/services/object/acl/v2/util_test.go index 7eea310bfe..fc01e72e86 100644 --- a/pkg/services/object/acl/v2/util_test.go +++ b/pkg/services/object/acl/v2/util_test.go @@ -11,16 +11,16 @@ import ( bearertest "github.com/nspcc-dev/neofs-sdk-go/bearer/test" aclsdk "github.com/nspcc-dev/neofs-sdk-go/container/acl" cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test" sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/stretchr/testify/require" ) func TestOriginalTokens(t *testing.T) { pk, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - signer := neofsecdsa.SignerRFC6979(*pk) + signer := user.NewAutoIDSigner(*pk) sToken := sessiontest.ObjectSigned(signer) bToken := bearertest.Token(t) diff --git a/pkg/services/object/get/get_test.go b/pkg/services/object/get/get_test.go index 904c5283d9..5c456bba78 100644 --- a/pkg/services/object/get/get_test.go +++ b/pkg/services/object/get/get_test.go @@ -470,7 +470,7 @@ func TestGetRemoteSmall(t *testing.T) { cnr.SetPlacementPolicy(netmaptest.PlacementPolicy()) var idCnr cid.ID - container.CalculateID(&idCnr, cnr) + cnr.CalculateID(&idCnr) newSvc := func(b *testPlacementBuilder, c *testClientCache) *Service { svc := &Service{cfg: new(cfg)} @@ -1125,7 +1125,7 @@ func TestGetFromPastEpoch(t *testing.T) { cnr.SetPlacementPolicy(netmaptest.PlacementPolicy()) var idCnr cid.ID - container.CalculateID(&idCnr, cnr) + cnr.CalculateID(&idCnr) addr := oidtest.Address() addr.SetContainer(idCnr) diff --git a/pkg/services/object/internal/client/client.go b/pkg/services/object/internal/client/client.go index 5366262378..35e1cbb7dd 100644 --- a/pkg/services/object/internal/client/client.go +++ b/pkg/services/object/internal/client/client.go @@ -13,10 +13,10 @@ import ( "github.com/nspcc-dev/neofs-sdk-go/client" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/user" ) type commonPrm struct { @@ -24,7 +24,7 @@ type commonPrm struct { ctx context.Context - key *ecdsa.PrivateKey + signer user.Signer tokenSession *session.Object @@ -53,7 +53,7 @@ func (x *commonPrm) SetContext(ctx context.Context) { // // Required parameter. func (x *commonPrm) SetPrivateKey(key *ecdsa.PrivateKey) { - x.key = key + x.signer = user.NewAutoIDSigner(*key) } // SetSessionToken sets token of the session within which request should be sent. @@ -155,24 +155,12 @@ func GetObject(prm GetObjectPrm) (*GetObjectRes, error) { } prm.cliPrm.WithXHeaders(prm.xHeaders...) - if prm.key != nil { - prm.cliPrm.UseSigner(neofsecdsa.SignerRFC6979(*prm.key)) - } - rdr, err := prm.cli.ObjectGetInit(prm.ctx, prm.cnr, prm.obj, prm.cliPrm) + obj, rdr, err := prm.cli.ObjectGetInit(prm.ctx, prm.cnr, prm.obj, prm.signer, prm.cliPrm) if err != nil { return nil, fmt.Errorf("init object reading: %w", err) } - var obj object.Object - - if !rdr.ReadHeader(&obj) { - err = rdr.Close() - ReportError(prm.cli, err) - - return nil, fmt.Errorf("read object header: %w", err) - } - buf := make([]byte, obj.PayloadSize()) _, err = rdr.Read(buf) @@ -249,7 +237,7 @@ func HeadObject(prm HeadObjectPrm) (*HeadObjectRes, error) { prm.cliPrm.WithXHeaders(prm.xHeaders...) - cliRes, err := prm.cli.ObjectHead(prm.ctx, prm.cnr, prm.obj, prm.cliPrm) + cliRes, err := prm.cli.ObjectHead(prm.ctx, prm.cnr, prm.obj, prm.signer, prm.cliPrm) if err != nil { return nil, fmt.Errorf("read object header from NeoFS: %w", err) } @@ -343,7 +331,7 @@ func PayloadRange(prm PayloadRangePrm) (*PayloadRangeRes, error) { prm.cliPrm.WithXHeaders(prm.xHeaders...) - rdr, err := prm.cli.ObjectRangeInit(prm.ctx, prm.cnr, prm.obj, prm.offset, prm.ln, prm.cliPrm) + rdr, err := prm.cli.ObjectRangeInit(prm.ctx, prm.cnr, prm.obj, prm.offset, prm.ln, prm.signer, prm.cliPrm) if err != nil { return nil, fmt.Errorf("init payload reading: %w", err) } @@ -405,10 +393,6 @@ func PutObject(prm PutObjectPrm) (*PutObjectRes, error) { prmCli.MarkLocal() - if prm.key != nil { - prmCli.UseSigner(neofsecdsa.SignerRFC6979(*prm.key)) - } - if prm.tokenSession != nil { prmCli.WithinSession(*prm.tokenSession) } @@ -419,23 +403,24 @@ func PutObject(prm PutObjectPrm) (*PutObjectRes, error) { prmCli.WithXHeaders(prm.xHeaders...) - w, err := prm.cli.ObjectPutInit(prm.ctx, prmCli) + w, err := prm.cli.ObjectPutInit(prm.ctx, *prm.obj, prm.signer, prmCli) if err != nil { return nil, fmt.Errorf("init object writing on client: %w", err) } - if w.WriteHeader(*prm.obj) { - w.WritePayloadChunk(prm.obj.Payload()) + _, err = w.Write(prm.obj.Payload()) + if err != nil { + return nil, fmt.Errorf("write object payload into stream: %w", err) } - cliRes, err := w.Close() + err = w.Close() if err != nil { ReportError(prm.cli, err) - return nil, fmt.Errorf("write object via client: %w", err) + return nil, fmt.Errorf("finish object stream: %w", err) } return &PutObjectRes{ - id: cliRes.StoredObjectID(), + id: w.GetResult().StoredObjectID(), }, nil } @@ -487,11 +472,7 @@ func SearchObjects(prm SearchObjectsPrm) (*SearchObjectsRes, error) { prm.cliPrm.WithXHeaders(prm.xHeaders...) - if prm.key != nil { - prm.cliPrm.UseSigner(neofsecdsa.SignerRFC6979(*prm.key)) - } - - rdr, err := prm.cli.ObjectSearchInit(prm.ctx, prm.cid, prm.cliPrm) + rdr, err := prm.cli.ObjectSearchInit(prm.ctx, prm.cid, prm.signer, prm.cliPrm) if err != nil { return nil, fmt.Errorf("init object searching in client: %w", err) } diff --git a/pkg/services/object/put/slice.go b/pkg/services/object/put/slice.go new file mode 100644 index 0000000000..c2922e2fdb --- /dev/null +++ b/pkg/services/object/put/slice.go @@ -0,0 +1,119 @@ +package putsvc + +import ( + "context" + "fmt" + + "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/transformer" + "github.com/nspcc-dev/neofs-sdk-go/client" + "github.com/nspcc-dev/neofs-sdk-go/object" + "github.com/nspcc-dev/neofs-sdk-go/object/slicer" + "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/user" +) + +type slicingTarget struct { + ctx context.Context + signer user.Signer + sessionToken *session.Object + currentEpoch uint64 + maxObjSize uint64 + homoHashDisabled bool + + initNextTarget transformer.TargetInitializer + + payloadWriter *slicer.PayloadWriter +} + +// returns transformer.ObjectTarget for raw root object streamed by the client +// with payload slicing and child objects' formatting. Each ready child object +// is written into destination target constructed via the given transformer.TargetInitializer. +func newSlicingTarget( + ctx context.Context, + maxObjSize uint64, + homoHashDisabled bool, + signer user.Signer, + sessionToken *session.Object, + curEpoch uint64, + initNextTarget transformer.TargetInitializer, +) transformer.ObjectTarget { + return &slicingTarget{ + ctx: ctx, + signer: signer, + sessionToken: sessionToken, + currentEpoch: curEpoch, + maxObjSize: maxObjSize, + homoHashDisabled: homoHashDisabled, + initNextTarget: initNextTarget, + } +} + +func (x *slicingTarget) WriteHeader(hdr *object.Object) error { + var opts slicer.Options + opts.SetObjectPayloadLimit(x.maxObjSize) + opts.SetCurrentNeoFSEpoch(x.currentEpoch) + if x.sessionToken != nil { + opts.SetSession(*x.sessionToken) + } + + var err error + x.payloadWriter, err = slicer.InitPut(x.ctx, &readyObjectWriter{ + initNextTarget: x.initNextTarget, + }, *hdr, x.signer, opts) + if err != nil { + return fmt.Errorf("init object slicer: %w", err) + } + + return nil +} + +func (x *slicingTarget) Write(p []byte) (n int, err error) { + return x.payloadWriter.Write(p) +} + +func (x *slicingTarget) Close() (*transformer.AccessIdentifiers, error) { + err := x.payloadWriter.Close() + if err != nil { + return nil, fmt.Errorf("finish object slicing: %w", err) + } + + return new(transformer.AccessIdentifiers).WithSelfID(x.payloadWriter.ID()), nil +} + +// implements slicer.ObjectWriter for ready child objects. +type readyObjectWriter struct { + initNextTarget transformer.TargetInitializer +} + +func (x *readyObjectWriter) ObjectPutInit(_ context.Context, hdr object.Object, _ user.Signer, _ client.PrmObjectPutInit) (client.ObjectWriter, error) { + tgt := x.initNextTarget() + + err := tgt.WriteHeader(&hdr) + if err != nil { + return nil, err + } + + return &readyObjectPayloadWriter{ + target: tgt, + }, nil +} + +// implements client.ObjectWriter for ready child objects. +type readyObjectPayloadWriter struct { + target transformer.ObjectTarget +} + +func (x *readyObjectPayloadWriter) Write(p []byte) (int, error) { + return x.target.Write(p) +} + +func (x *readyObjectPayloadWriter) Close() error { + _, err := x.target.Close() + return err +} + +func (x *readyObjectPayloadWriter) GetResult() (res client.ResObjectPut) { + // FIXME: client.ResObjectPut is private, at the same time, slicer doesn't call + // this method (now) + return client.ResObjectPut{} +} diff --git a/pkg/services/object/put/streamer.go b/pkg/services/object/put/streamer.go index fbff560b5f..d54d7d65fe 100644 --- a/pkg/services/object/put/streamer.go +++ b/pkg/services/object/put/streamer.go @@ -10,7 +10,6 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/object/util" "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/placement" "github.com/nspcc-dev/neofs-node/pkg/services/object_manager/transformer" - containerSDK "github.com/nspcc-dev/neofs-sdk-go/container" neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/user" @@ -110,11 +109,7 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error { return errors.New("missing object owner") } - var ownerSession user.ID - err = user.IDFromSigner(&ownerSession, signer) - if err != nil { - return fmt.Errorf("could not user from key: %w", err) - } + ownerSession := user.ResolveFromECDSAPublicKey(signer.PublicKey) if !ownerObj.Equals(ownerSession) { return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p) @@ -124,12 +119,13 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error { p.target = &validatingTarget{ fmt: p.fmtValidator, unpreparedObject: true, - nextTarget: transformer.NewPayloadSizeLimiter( + nextTarget: newSlicingTarget( + p.ctx, p.maxPayloadSz, - containerSDK.IsHomomorphicHashingDisabled(prm.cnr), - signer, + prm.cnr.IsHomomorphicHashingDisabled(), + user.NewAutoIDSigner(*sessionKey), sToken, - p.networkState, + p.networkState.CurrentEpoch(), func() transformer.ObjectTarget { return p.newCommonTarget(prm) }, diff --git a/pkg/services/object/search/search_test.go b/pkg/services/object/search/search_test.go index a498a63919..4d6333d46a 100644 --- a/pkg/services/object/search/search_test.go +++ b/pkg/services/object/search/search_test.go @@ -245,7 +245,7 @@ func TestGetRemoteSmall(t *testing.T) { cnr.SetPlacementPolicy(pp) var id cid.ID - container.CalculateID(&id, cnr) + cnr.CalculateID(&id) newSvc := func(b *testPlacementBuilder, c *testClientCache) *Service { svc := &Service{cfg: new(cfg)} @@ -334,7 +334,7 @@ func TestGetFromPastEpoch(t *testing.T) { cnr.SetPlacementPolicy(pp) var idCnr cid.ID - container.CalculateID(&idCnr, cnr) + cnr.CalculateID(&idCnr) var addr oid.Address addr.SetContainer(idCnr) diff --git a/pkg/services/object_manager/placement/traverser.go b/pkg/services/object_manager/placement/traverser.go index 5e7290926f..f62ad791da 100644 --- a/pkg/services/object_manager/placement/traverser.go +++ b/pkg/services/object_manager/placement/traverser.go @@ -237,7 +237,7 @@ func ForContainer(cnr container.Container) Option { return func(c *cfg) { c.policy = cnr.PlacementPolicy() c.policySet = true - container.CalculateID(&c.cnr, cnr) + cnr.CalculateID(&c.cnr) } } diff --git a/pkg/services/object_manager/transformer/transformer.go b/pkg/services/object_manager/transformer/transformer.go deleted file mode 100644 index 5e4982263d..0000000000 --- a/pkg/services/object_manager/transformer/transformer.go +++ /dev/null @@ -1,386 +0,0 @@ -package transformer - -import ( - "crypto/sha256" - "errors" - "fmt" - "io" - - "github.com/nspcc-dev/neofs-node/pkg/core/netmap" - "github.com/nspcc-dev/neofs-sdk-go/checksum" - neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto" - "github.com/nspcc-dev/neofs-sdk-go/object" - oid "github.com/nspcc-dev/neofs-sdk-go/object/id" - slicerSDK "github.com/nspcc-dev/neofs-sdk-go/object/slicer" - "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/tzhash/tz" -) - -type payloadSizeLimiter struct { - maxSize uint64 - withoutHomomorphicHash bool - signer neofscrypto.Signer - sessionToken *session.Object - networkState netmap.State - - stream *slicerSDK.PayloadWriter - objSlicer *slicerSDK.Slicer - targetInit TargetInitializer - - _changedParentID *oid.ID - _objectStreamInitializer *objStreamInitializer -} - -// objStreamInitializer implements [slicerSDK.ObjectWriter]. -type objStreamInitializer struct { - targetInit TargetInitializer - - _psl *payloadSizeLimiter - _signer neofscrypto.Signer - _objType object.Type - _objBuf *object.Object - _splitID *object.SplitID - _childIDs []oid.ID - _prev *oid.ID -} - -var ( - _emptyPayloadSHA256Sum = sha256.Sum256(nil) - _emptyPayloadTZSum = tz.Sum(nil) -) - -func (o *objStreamInitializer) InitDataStream(header object.Object) (io.Writer, error) { - linkObj := len(header.Children()) > 0 - - // v1.0.0-rc.8 has a bug that does not allow any non-regular objects - // to be split, thus that check, see https://github.com/nspcc-dev/neofs-sdk-go/issues/442. - if o._objType != object.TypeRegular { - if header.SplitID() != nil { - // non-regular object has been split; - // needed to make it carefully and add - // original object type to the parent - // header only - if par := header.Parent(); par != nil { - par.SetType(o._objType) - err := _healHeader(o._signer, par) - if err != nil { - return nil, fmt.Errorf("broken non-regular object (parent): %w", err) - } - - newID, _ := par.ID() - o._psl._changedParentID = &newID - - header.SetParent(par) - - // linking objects will be healed - // below anyway - if !linkObj { - err = _healHeader(o._signer, &header) - if err != nil { - return nil, fmt.Errorf("broken non-regular object (child): %w", err) - } - } - } - } else { - // non-regular object has not been split - // so just restore its type - header.SetType(o._objType) - err := _healHeader(o._signer, &header) - if err != nil { - return nil, fmt.Errorf("broken non-regular object: %w", err) - } - - newID, _ := header.ID() - o._psl._changedParentID = &newID - } - } - - // v1.0.0-rc.8 has a bug that relates linking objects, thus that - // check, see https://github.com/nspcc-dev/neofs-sdk-go/pull/427. - if linkObj { - header.SetPayloadSize(0) - header.SetChildren(o._childIDs...) - - var cs checksum.Checksum - cs.SetSHA256(_emptyPayloadSHA256Sum) - - header.SetPayloadChecksum(cs) - - _, set := header.PayloadHomomorphicHash() - if set { - cs.SetTillichZemor(_emptyPayloadTZSum) - header.SetPayloadHomomorphicHash(cs) - } - - err := _healHeader(o._signer, &header) - if err != nil { - return nil, fmt.Errorf("broken linking object: %w", err) - } - } - - // v1.0.0-rc.8 has a bug that breaks split field for the first child object, - // thus that check, see https://github.com/nspcc-dev/neofs-sdk-go/issues/448. - if o._objBuf == nil { - if o._splitID == nil { - // the first object, it is impossible to say - // if there will be any others so cache it now - // and generate split id for a potential object - // chain - o._objBuf = &header - o._splitID = object.NewSplitID() - - return &_memoryObjStream{objInit: o}, nil - } - - // not the first object, attach the missing split ID - // and heal its header the second time; it is non-optimal - // but the code here is already hard to read, and it - // is full of kludges so let it be as stupid as possible - - header.SetSplitID(o._splitID) - header.SetPreviousID(*o._prev) - err := _healHeader(o._signer, &header) - if err != nil { - return nil, fmt.Errorf("broken intermediate object: %w", err) - } - - id, _ := header.ID() - o._childIDs = append(o._childIDs, id) - o._prev = &id - - stream := o.targetInit() - err = stream.WriteHeader(&header) - if err != nil { - return nil, fmt.Errorf("broken intermediate object: streaming header: %w", err) - } - - return &objStream{target: stream, _linkObj: linkObj}, nil - } - - // more objects are here it _is_ an object chain, - // stream the cached one and continue chain handling - - // cached object streaming (`o._objBuf`) - - pl := o._objBuf.Payload() - hdr := o._objBuf.CutPayload() - hdr.SetSplitID(o._splitID) - - err := _healHeader(o._signer, hdr) - if err != nil { - return nil, fmt.Errorf("broken first child: %w", err) - } - - id, _ := hdr.ID() - o._childIDs = append(o._childIDs, id) - - stream := o.targetInit() - - err = stream.WriteHeader(hdr) - if err != nil { - return nil, fmt.Errorf("broken first child: cached header streaming: %w", err) - } - - _, err = stream.Write(pl) - if err != nil { - return nil, fmt.Errorf("broken first child: cached payload streaming: %w", err) - } - - _, err = stream.Close() - if err != nil { - return nil, fmt.Errorf("broken first child: stream for cached object closing: %w", err) - } - - // mark the cached object as handled - o._objBuf = nil - - // new object streaming (`header`) - - header.SetSplitID(o._splitID) - header.SetPreviousID(id) - err = _healHeader(o._signer, &header) - if err != nil { - return nil, fmt.Errorf("broken second child: %w", err) - } - - id, _ = header.ID() - o._childIDs = append(o._childIDs, id) - o._prev = &id - - stream = o.targetInit() - err = stream.WriteHeader(&header) - if err != nil { - return nil, err - } - - return &objStream{target: stream, _linkObj: linkObj}, nil -} - -// _healHeader recalculates all signature related fields that are -// broken after any setter call. -func _healHeader(signer neofscrypto.Signer, header *object.Object) error { - err := object.CalculateAndSetID(header) - if err != nil { - return fmt.Errorf("id recalculation: %w", err) - } - - err = object.CalculateAndSetSignature(signer, header) - if err != nil { - return fmt.Errorf("signature recalculation: %w", err) - } - - return nil -} - -// objStream implements [io.Writer] and [io.Closer]. -type objStream struct { - target ObjectTarget - - _linkObj bool -} - -func (o *objStream) Write(p []byte) (n int, err error) { - emptyPayload := len(p) == 0 - if emptyPayload { - return 0, nil - } - - if o._linkObj && !emptyPayload { - return 0, errors.New("linking object with payload") - } - - return o.target.Write(p) -} - -func (o *objStream) Close() error { - _, err := o.target.Close() - return err -} - -type _memoryObjStream struct { - objInit *objStreamInitializer -} - -func (m *_memoryObjStream) Write(p []byte) (n int, err error) { - m.objInit._objBuf.SetPayload(append(m.objInit._objBuf.Payload(), p...)) - return len(p), nil -} - -func (m *_memoryObjStream) Close() error { - return nil -} - -// NewPayloadSizeLimiter returns ObjectTarget instance that restricts payload length -// of the writing object and writes generated objects to targets from initializer. -// -// Calculates and adds homomorphic hash to resulting objects only if withoutHomomorphicHash -// is false. -// -// Objects w/ payload size less or equal than max size remain untouched. -func NewPayloadSizeLimiter(maxSize uint64, withoutHomomorphicHash bool, signer neofscrypto.Signer, - sToken *session.Object, nState netmap.State, nextTargetInit TargetInitializer) ObjectTarget { - return &payloadSizeLimiter{ - maxSize: maxSize, - withoutHomomorphicHash: withoutHomomorphicHash, - signer: signer, - sessionToken: sToken, - networkState: nState, - targetInit: nextTargetInit, - } -} - -func (s *payloadSizeLimiter) WriteHeader(hdr *object.Object) error { - var opts slicerSDK.Options - opts.SetObjectPayloadLimit(s.maxSize) - opts.SetCurrentNeoFSEpoch(s.networkState.CurrentEpoch()) - if !s.withoutHomomorphicHash { - opts.CalculateHomomorphicChecksum() - } - - cid, _ := hdr.ContainerID() - streamInitializer := &objStreamInitializer{ - targetInit: s.targetInit, - _psl: s, - _signer: s.signer, - _objType: hdr.Type(), - } - - if s.sessionToken == nil { - s.objSlicer = slicerSDK.New(s.signer, cid, *hdr.OwnerID(), streamInitializer, opts) - } else { - s.objSlicer = slicerSDK.NewSession(s.signer, cid, *s.sessionToken, streamInitializer, opts) - } - - var attrs []string - if oAttrs := hdr.Attributes(); len(oAttrs) > 0 { - attrs = make([]string, 0, len(oAttrs)*2) - - for _, a := range oAttrs { - attrs = append(attrs, a.Key(), a.Value()) - } - } - - var err error - s.stream, err = s.objSlicer.InitPayloadStream(attrs...) - if err != nil { - return fmt.Errorf("initializing payload stream: %w", err) - } - - s._objectStreamInitializer = streamInitializer - - return nil -} - -func (s *payloadSizeLimiter) Write(p []byte) (int, error) { - return s.stream.Write(p) -} - -func (s *payloadSizeLimiter) Close() (*AccessIdentifiers, error) { - err := s.stream.Close() - if err != nil { - return nil, err - } - - if singleObj := s._objectStreamInitializer._objBuf; singleObj != nil { - // we cached a single object (payload length has not exceeded - // the limit) so stream it now without any changes - - stream := s.targetInit() - pl := singleObj.Payload() - hdr := singleObj.CutPayload() - id, _ := hdr.ID() - - err = stream.WriteHeader(hdr) - if err != nil { - return nil, fmt.Errorf("single object: cached header streaming: %w", err) - } - - _, err = stream.Write(pl) - if err != nil { - return nil, fmt.Errorf("single object: cached payload streaming: %w", err) - } - - _, err = stream.Close() - if err != nil { - return nil, fmt.Errorf("single object: stream for cached object closing: %w", err) - } - - ids := new(AccessIdentifiers) - ids.WithSelfID(id) - - return ids, nil - } - - id := s.stream.ID() - - ids := new(AccessIdentifiers) - ids.WithSelfID(id) - - // object's header has been changed therefore SDK `Slicer` - // returned the broken ID, let's help it and correct the ID - if s._changedParentID != nil { - ids.WithSelfID(*s._changedParentID) - } - - return ids, nil -} diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go index d0c39ed33c..4b470c85bb 100644 --- a/pkg/services/tree/signature.go +++ b/pkg/services/tree/signature.go @@ -3,9 +3,11 @@ package tree import ( "bytes" "crypto/ecdsa" + "crypto/elliptic" "errors" "fmt" + "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neofs-api-go/v2/refs" core "github.com/nspcc-dev/neofs-node/pkg/core/container" "github.com/nspcc-dev/neofs-sdk-go/bearer" @@ -89,7 +91,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op if err = bt.Unmarshal(rawBearer); err != nil { return eACLErr(eaclOp, fmt.Errorf("invalid bearer token: %w", err)) } - if !bearer.ResolveIssuer(bt).Equals(cnr.Value.Owner()) { + if !bt.ResolveIssuer().Equals(cnr.Value.Owner()) { return eACLErr(eaclOp, errBearerWrongOwner) } if !bt.AssertContainer(cid) { @@ -156,10 +158,8 @@ func SignMessage(m message, key *ecdsa.PrivateKey) error { return err } - rawPub := make([]byte, keySDK.Public().MaxEncodedSize()) - rawPub = rawPub[:keySDK.Public().Encode(rawPub)] m.SetSignature(&Signature{ - Key: rawPub, + Key: neofscrypto.PublicKeyBytes(keySDK.Public()), Sign: data, }) @@ -170,12 +170,13 @@ func roleFromReq(cnr *core.Container, req message) (acl.Role, error) { role := acl.RoleOthers owner := cnr.Value.Owner() - var reqSigner user.ID - err := user.IDFromKey(&reqSigner, req.GetSignature().GetKey()) + pubKey, err := keys.NewPublicKeyFromBytes(req.GetSignature().GetKey(), elliptic.P256()) if err != nil { - return role, fmt.Errorf("invalid public key: %w", err) + return role, fmt.Errorf("decode public key from signature: %w", err) } + reqSigner := user.ResolveFromECDSAPublicKey(ecdsa.PublicKey(*pubKey)) + if reqSigner.Equals(owner) { role = acl.RoleOwner } diff --git a/pkg/services/tree/signature_test.go b/pkg/services/tree/signature_test.go index 128be3ee59..20cd0bea47 100644 --- a/pkg/services/tree/signature_test.go +++ b/pkg/services/tree/signature_test.go @@ -79,8 +79,7 @@ func TestMessageSign(t *testing.T) { signer := neofsecdsa.SignerRFC6979(privs[0].PrivateKey) - var ownerID user.ID - require.NoError(t, user.IDFromSigner(&ownerID, signer)) + ownerID := user.ResolveFromECDSAPublicKey(privs[0].PrivateKey.PublicKey) cnr := &containercore.Container{ Value: testContainer(ownerID),