*: Update SDK to the latest version

closes #806 Signed-off-by: Evgenii Baidakov <[email protected]>
nspcc-dev · Aug 3, 2023 · b404452 · b404452
1 parent 8381bbd
commit b404452
Show file tree

Hide file tree

Showing 16 changed files with 127 additions and 120 deletions.
diff --git a/api/handler/handlers_test.go b/api/handler/handlers_test.go
@@ -18,7 +18,6 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/data"
 	"github.com/nspcc-dev/neofs-s3-gw/api/layer"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
@@ -80,8 +79,8 @@ func prepareHandlerContext(t *testing.T) *handlerContext {
 
 	testResolver := &contResolver{layer: tp}
 
-	var owner user.ID
-	require.NoError(t, user.IDFromSigner(&owner, neofsecdsa.SignerRFC6979(key.PrivateKey)))
+	signer := user.NewSignerRFC6979(key.PrivateKey)
+	owner := signer.UserID()
 
 	layerCfg := &layer.Config{
 		Caches:      layer.DefaultCachesConfigs(zap.NewExample()),

diff --git a/api/handler/notifications.go b/api/handler/notifications.go
@@ -13,7 +13,6 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/data"
 	"github.com/nspcc-dev/neofs-s3-gw/api/layer"
 	"github.com/nspcc-dev/neofs-s3-gw/api/s3errors"
-	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 )
 
 type (
@@ -163,7 +162,7 @@ func (h *handler) sendNotifications(ctx context.Context, p *SendNotificationPara
 
 	box, err := layer.GetBoxData(ctx)
 	if err == nil && box.Gate.BearerToken != nil {
-		p.User = bearer.ResolveIssuer(*box.Gate.BearerToken).EncodeToString()
+		p.User = box.Gate.BearerToken.ResolveIssuer().EncodeToString()
 	}
 
 	p.Time = layer.TimeNow(ctx)

diff --git a/api/layer/container.go b/api/layer/container.go
@@ -159,7 +159,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *eacl.Table, sessionToken *session.Container) error {
 	table.SetCID(idCnr)
 
-	return n.neoFS.SetContainerEACL(ctx, *table, sessionToken)
+	return n.neoFS.SetContainerEACL(ctx, *table, sessionToken, n.gateSigner)
 }
 
 func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) {

diff --git a/api/layer/layer.go b/api/layer/layer.go
@@ -17,7 +17,6 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/layer/encryption"
 	"github.com/nspcc-dev/neofs-s3-gw/api/s3errors"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
-	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
@@ -47,6 +46,7 @@ type (
 		neoFS       NeoFS
 		log         *zap.Logger
 		gateKey     *keys.PrivateKey
+		gateSigner  user.Signer
 		resolver    BucketResolver
 		ncontroller EventListener
 		cache       *Cache
@@ -266,6 +266,7 @@ func NewLayer(log *zap.Logger, neoFS NeoFS, config *Config) Client {
 		neoFS:       neoFS,
 		log:         log,
 		gateKey:     config.GateKey,
+		gateSigner:  user.NewSignerRFC6979(config.GateKey.PrivateKey),
 		resolver:    config.Resolver,
 		cache:       NewCache(config.Caches),
 		treeService: config.TreeService,
@@ -307,26 +308,24 @@ func TimeNow(ctx context.Context) time.Time {
 // Owner returns owner id from BearerToken (context) or from client owner.
 func (n *layer) Owner(ctx context.Context) user.ID {
 	if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
-		return bearer.ResolveIssuer(*bd.Gate.BearerToken)
+		return bd.Gate.BearerToken.ResolveIssuer()
 	}
 
 	var ownerID user.ID
-	if err := user.IDFromKey(&ownerID, n.gateKey.PublicKey().Bytes()); err != nil {
-		panic(fmt.Errorf("id from key: %w", err))
-	}
+	ownerID.SetScriptHash(n.gateKey.PublicKey().GetScriptHash())
 
 	return ownerID
 }
 
 func (n *layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwner user.ID) {
+	prm.PrivateKey = &n.gateKey.PrivateKey
+
 	if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
-		if bktOwner.Equals(bearer.ResolveIssuer(*bd.Gate.BearerToken)) {
+		if bktOwner.Equals(bd.Gate.BearerToken.ResolveIssuer()) {
 			prm.BearerToken = bd.Gate.BearerToken
 			return
 		}
 	}
-
-	prm.PrivateKey = &n.gateKey.PrivateKey
 }
 
 // GetBucketInfo returns bucket info by name.
@@ -673,5 +672,5 @@ func (n *layer) DeleteBucket(ctx context.Context, p *DeleteBucketParams) error {
 	}
 
 	n.cache.DeleteBucket(p.BktInfo.Name)
-	return n.neoFS.DeleteContainer(ctx, p.BktInfo.CID, p.SessionToken)
+	return n.neoFS.DeleteContainer(ctx, p.BktInfo.CID, p.SessionToken, n.gateSigner)
 }
diff --git a/api/layer/neofs.go b/api/layer/neofs.go
@@ -159,7 +159,7 @@ type NeoFS interface {
 	// extended ACL is modified within session if session token is not nil.
 	//
 	// It returns any error encountered which prevented the eACL from being saved.
-	SetContainerEACL(context.Context, eacl.Table, *session.Container) error
+	SetContainerEACL(context.Context, eacl.Table, *session.Container, user.Signer) error
 
 	// ContainerEACL reads the container eACL from NeoFS by the container ID.
 	//
@@ -172,7 +172,7 @@ type NeoFS interface {
 	// Successful return does not guarantee actual removal.
 	//
 	// It returns any error encountered which prevented the removal request from being sent.
-	DeleteContainer(context.Context, cid.ID, *session.Container) error
+	DeleteContainer(context.Context, cid.ID, *session.Container, user.Signer) error
 
 	// ReadObject reads a part of the object from the NeoFS container by identifier.
 	// Exact part is returned according to the parameters:

diff --git a/api/layer/neofs_mock.go b/api/layer/neofs_mock.go
@@ -13,7 +13,6 @@ import (
 	objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object"
 	"github.com/nspcc-dev/neofs-s3-gw/api"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
-	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/checksum"
 	"github.com/nspcc-dev/neofs-sdk-go/container"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@@ -106,7 +105,7 @@ func (t *TestNeoFS) CreateContainer(_ context.Context, prm PrmContainerCreate) (
 	return id, nil
 }
 
-func (t *TestNeoFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *session.Container) error {
+func (t *TestNeoFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *session.Container, _ user.Signer) error {
 	delete(t.containers, cnrID.EncodeToString())
 
 	return nil
@@ -258,7 +257,7 @@ func (t *TestNeoFS) AllObjects(cnrID cid.ID) []oid.ID {
 	return result
 }
 
-func (t *TestNeoFS) SetContainerEACL(_ context.Context, table eacl.Table, _ *session.Container) error {
+func (t *TestNeoFS) SetContainerEACL(_ context.Context, table eacl.Table, _ *session.Container, _ user.Signer) error {
 	cnrID, ok := table.CID()
 	if !ok {
 		return errors.New("invalid cid")
@@ -284,7 +283,7 @@ func (t *TestNeoFS) ContainerEACL(_ context.Context, cnrID cid.ID) (*eacl.Table,
 
 func getOwner(ctx context.Context) user.ID {
 	if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
-		return bearer.ResolveIssuer(*bd.Gate.BearerToken)
+		return bd.Gate.BearerToken.ResolveIssuer()
 	}
 
 	return user.ID{}

diff --git a/api/layer/versioning_test.go b/api/layer/versioning_test.go
@@ -10,7 +10,6 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/data"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
 	bearertest "github.com/nspcc-dev/neofs-sdk-go/bearer/test"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
@@ -138,8 +137,10 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext {
 	key, err := keys.NewPrivateKey()
 	require.NoError(t, err)
 
+	signer := user.NewSignerRFC6979(key.PrivateKey)
+
 	bearerToken := bearertest.Token(t)
-	require.NoError(t, bearerToken.Sign(neofsecdsa.SignerRFC6979(key.PrivateKey)))
+	require.NoError(t, bearerToken.Sign(signer))
 
 	ctx := context.WithValue(context.Background(), api.BoxData, &accessbox.Box{
 		Gate: &accessbox.GateData{
@@ -160,8 +161,7 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext {
 		config = cachesConfig[0]
 	}
 
-	var owner user.ID
-	require.NoError(t, user.IDFromSigner(&owner, neofsecdsa.SignerRFC6979(key.PrivateKey)))
+	owner := signer.UserID()
 
 	layerCfg := &Config{
 		Caches:      config,

diff --git a/authmate/authmate.go b/authmate/authmate.go
@@ -229,10 +229,8 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 
 	box.ContainerPolicy = policies
 
-	var idOwner user.ID
-	if err = user.IDFromSigner(&idOwner, neofsecdsa.SignerRFC6979(options.NeoFSKey.PrivateKey)); err != nil {
-		return fmt.Errorf("id from signer: %w", err)
-	}
+	signer := user.NewSignerRFC6979(options.NeoFSKey.PrivateKey)
+	idOwner := signer.UserID()
 
 	a.log.Info("check container or create", zap.Stringer("cid", options.Container.ID),
 		zap.String("friendly_name", options.Container.FriendlyName),
@@ -346,10 +344,10 @@ func restrictedRecords() (records []*eacl.Record) {
 }
 
 func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*bearer.Token, error) {
+	signer := user.NewSignerRFC6979(key.PrivateKey)
+
 	var ownerID user.ID
-	if err := user.IDFromKey(&ownerID, gateKey.Bytes()); err != nil {
-		return nil, fmt.Errorf("id from key: %w", err)
-	}
+	ownerID.SetScriptHash(gateKey.GetScriptHash())
 
 	var bearerToken bearer.Token
 	bearerToken.SetEACLTable(*table)
@@ -358,7 +356,7 @@ func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetime
 	bearerToken.SetIat(lifetime.Iat)
 	bearerToken.SetNbf(lifetime.Iat)
 
-	err := bearerToken.Sign(neofsecdsa.SignerRFC6979(key.PrivateKey))
+	err := bearerToken.Sign(signer)
 	if err != nil {
 		return nil, fmt.Errorf("sign bearer token: %w", err)
 	}
@@ -390,7 +388,7 @@ func buildSessionToken(key *keys.PrivateKey, lifetime lifetimeOptions, ctx sessi
 	tok.SetNbf(lifetime.Iat)
 	tok.SetExp(lifetime.Exp)
 
-	return tok, tok.Sign(neofsecdsa.SignerRFC6979(key.PrivateKey))
+	return tok, tok.Sign(user.NewSignerRFC6979(key.PrivateKey))
 }
 
 func buildSessionTokens(key *keys.PrivateKey, lifetime lifetimeOptions, ctxs []sessionTokenContext, gatesKeys []*keys.PublicKey) ([][]*session.Container, error) {

diff --git a/cmd/s3-authmate/main.go b/cmd/s3-authmate/main.go
@@ -24,8 +24,8 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/internal/version"
 	"github.com/nspcc-dev/neofs-s3-gw/internal/wallet"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-sdk-go/pool"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/spf13/viper"
 	"github.com/urfave/cli/v2"
 	"go.uber.org/zap"
@@ -687,8 +687,10 @@ func obtainSecret() *cli.Command {
 func createNeoFS(ctx context.Context, log *zap.Logger, cfg PoolConfig) (authmate.NeoFS, error) {
 	log.Debug("prepare connection pool")
 
+	signer := user.NewSignerRFC6979(*cfg.Key)
+
 	var prm pool.InitParameters
-	prm.SetSigner(neofsecdsa.SignerRFC6979(*cfg.Key))
+	prm.SetSigner(signer)
 	prm.SetNodeDialTimeout(cfg.DialTimeout)
 	prm.SetHealthcheckTimeout(cfg.HealthcheckTimeout)
 	prm.SetNodeStreamTimeout(cfg.StreamTimeout)
@@ -704,5 +706,5 @@ func createNeoFS(ctx context.Context, log *zap.Logger, cfg PoolConfig) (authmate
 		return nil, fmt.Errorf("dial pool: %w", err)
 	}
 
-	return neofs.NewAuthmateNeoFS(p), nil
+	return neofs.NewAuthmateNeoFS(p, signer), nil
 }