Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TestNet replication fails #2288

Closed
cthulhu-rider opened this issue Mar 20, 2023 · 1 comment · Fixed by #2287
Closed

TestNet replication fails #2288

cthulhu-rider opened this issue Mar 20, 2023 · 1 comment · Fixed by #2287
Assignees
@cthulhu-rider
Labels
bug Something isn't working neofs-storage Storage node application issues
Milestone
v0.36.0

Comments

@cthulhu-rider
Copy link
Contributor

cthulhu-rider commented Mar 20, 2023
edited
Loading

TestNet nodes couldn't replicate following object from public container:

`error replicator/process.go:62 could not replicate object {"component": "Object Replicator", "node": "03000a222431891c481f2fbce61297547e816e164750f5ea94e2831c219bbe3504", "object": "GqNR1XtkucMcxE86FtALjVUSFVREa9ZMF2fbmeXEffJV/JDbZcmiZWCXRocjHU6i9ZHqJZzTDrhk2HEET33vxJJ6s", "error": "(*putsvc.RemoteSender) could not send object: (*putsvc.remoteTarget) could not put object to [/dns4/st4.t5.fs.neo.org/tcp/8080]: write object via client: status: code = 1024 message = (*object.FormatValidator) different owner identifiers NfFA5g92e32YvraVmipA9oY8AjvbdgFdjY/NTBbJxp2PrPXS7XyhKVqroifvsp1QCttif"}`

Object header

{
 "objectID": {
  "value": "/9C6LFl8idDEXZkO2IqLNF/N0vu2BA4E+G99G9+CN3A="
 },
 "signature": {
  "key": "A+qfZG1VP/zKSoVnaIB/NsOai41YqytrClLhzlf6pwRE",
  "signature": "BLq0vchZwYe2DCpv0sGimobdCDEkeD0QdnShYNBznuz3TEZ3UU8HmFAUolJq39XUcOarMpDtymJ1fP4k/JrEzOw=",
  "scheme": "ECDSA_SHA512"
 },
 "header": {
  "version": {
   "major": 2,
   "minor": 13
  },
  "containerID": {
   "value": "60NlQ51V5mQDv/0DZMHekhnpD0N2yjq+ReUZP7djEw4="
  },
  "ownerID": {
   "value": "NdQLY1OAj6haumXulx75g8U8AHCrgcyB0w=="
  },
  "creationEpoch": "3957",
  "payloadLength": "934",
  "payloadHash": {
   "type": "SHA256",
   "sum": "OYaobpuA4NsULlr/f5QlVehg5yGzYYT/Zo4ZCFORvwo="
  },
  "objectType": "REGULAR",
  "homomorphicHash": {
   "type": "TZ",
   "sum": "OJUz8c7ztGq7b3Pdjrr9lB9AW/ABOFDAVX9YQ5Td7NJI5wE7MzU0qIsg/1dsv4ikatApgTwLXRC0K6dSDJK6og=="
  },
  "sessionToken": {
   "body": {
    "id": "AOSylokkRlSYavM5g73COQ==",
    "ownerID": {
     "value": "NdQLY1OAj6haumXulx75g8U8AHCrgcyB0w=="
    },
    "lifetime": {
     "exp": "18446744073709551615",
     "nbf": "1",
     "iat": "1"
    },
    "sessionKey": "AzddiSt+TksLbrFOf51nuliAiqacHYeFQVM2rzvbu0ew",
    "object": {
     "verb": "PUT",
     "target": {
      "container": {
       "value": "60NlQ51V5mQDv/0DZMHekhnpD0N2yjq+ReUZP7djEw4="
      },
      "objects": []
     }
    }
   },
   "signature": {
    "key": "AzddiSt+TksLbrFOf51nuliAiqacHYeFQVM2rzvbu0ew",
    "signature": "BPUjuTlmySAAis9eeARiZfjmiCBGiHiHNuB4A69N7ojjWc39NRcuuUYVOBPNsS6BJ/V5HNSPgCIBeuLAA9a7sS8=",
    "scheme": "ECDSA_SHA512"
   }
  },
  "attributes": [
   {
    "key": "FileName",
    "value": "./test_file"
   },
   {
    "key": "Timestamp",
    "value": "1675349616"
   }
  ],
  "split": null
 },
 "payload": ""
}
@cthulhu-rider cthulhu-rider added bug Something isn't working neofs-storage Storage node application issues labels Mar 20, 2023
@cthulhu-rider cthulhu-rider self-assigned this Mar 20, 2023
@cthulhu-rider cthulhu-rider mentioned this issue Mar 20, 2023
Merged
@roman-khimov
Copy link
Member

roman-khimov commented Mar 20, 2023
edited
Loading

So we have a container owned by NfFA5g92e32YvraVmipA9oY8AjvbdgFdjY and an object signed by

"key": "A+qfZG1VP/zKSoVnaIB/NsOai41YqytrClLhzlf6pwRE",

which is NTBbJxp2PrPXS7XyhKVqroifvsp1QCttif. Then we have a session token with

"sessionKey": "AzddiSt+TksLbrFOf51nuliAiqacHYeFQVM2rzvbu0ew",

in the token signed by

"key": "AzddiSt+TksLbrFOf51nuliAiqacHYeFQVM2rzvbu0ew",

Both correspond to NfFA5g92e32YvraVmipA9oY8AjvbdgFdjY address. A container owner signed a token for himself, it's attached to the object, but the key that signed the object is different (not a part of a token, nor a container owner key). When I was looking at #2226 I had an impression that the object is in fact signed by the same (NfFA5g92e32YvraVmipA9oY8AjvbdgFdjY in out case) key, but it's different. If we have it in the store this likely means that it can be created because of basic/extended ACL rules that allow this to happen, right? Which then means that it should be able to replicate.

@roman-khimov roman-khimov added this to the v0.36.0 milestone Apr 11, 2023
roman-khimov added a commit that referenced this issue Apr 11, 2023
@roman-khimov
object: Allow self-signed session tokens (#2287)
f45dd95 
* related #2226
* closes #2288

This should fix TestNet replication problem.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cthulhu-rider cthulhu-rider

Labels
bug Something isn't working neofs-storage Storage node application issues
Projects
None yet
Milestone
v0.36.0
Development

Successfully merging a pull request may close this issue.

object: Allow self-signed session tokens cthulhu-rider/neofs-node
2 participants
@roman-khimov @cthulhu-rider