[#409] Update SDK

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-04-25 12:57:58 +03:00 · 2022-04-25 12:57:58 +03:00 · e3c16a32dd
commit e3c16a32dd
parent 6e91074b50
33 changed files with 332 additions and 263 deletions
--- a/api/cache/objects.go
+++ b/api/cache/objects.go
@ -48,7 +48,9 @@ func (o *ObjectsCache) Get(address *address.Address) *object.Object {
 // Put puts an object to cache.
 func (o *ObjectsCache) Put(obj object.Object) error {
-	return o.cache.Set(obj.ContainerID().String()+"/"+obj.ID().String(), obj)
+	cnrID, _ := obj.ContainerID()
 	objID, _ := obj.ID()
 	return o.cache.Set(cnrID.String()+"/"+objID.String(), obj)
 }
 // Delete deletes an object from cache.
--- a/api/cache/objects_test.go
+++ b/api/cache/objects_test.go
@ -18,9 +18,11 @@ func getTestConfig() *Config {
 func TestCache(t *testing.T) {
 	obj := objecttest.Object()
 	objID, _ := obj.ID()
 	cnrID, _ := obj.ContainerID()
 	addr := address.NewAddress()
-	addr.SetContainerID(obj.ContainerID())
+	addr.SetContainerID(cnrID)
-	addr.SetObjectID(obj.ID())
+	addr.SetObjectID(objID)
 	t.Run("check get", func(t *testing.T) {
 		cache := New(getTestConfig())
--- a/api/cache/objectslist_test.go
+++ b/api/cache/objectslist_test.go
@ -22,10 +22,10 @@ func getTestObjectsListConfig() *Config {
 }
 func randID(t *testing.T) *oid.ID {
-	id := oid.NewID()
+	var id oid.ID
 	id.SetSHA256(randSHA256Checksum(t))
-	return id
+	return &id
 }
 func randSHA256Checksum(t *testing.T) (cs [sha256.Size]byte) {
@ -140,7 +140,7 @@ func TestObjectsListCache(t *testing.T) {
 func TestCleanCacheEntriesChangedWithPutObject(t *testing.T) {
 	var (
-		id   = cid.New()
+		id   cid.ID
 		oids = []oid.ID{*randID(t)}
 		keys []ObjectsListKey
 	)
@ -157,7 +157,7 @@ func TestCleanCacheEntriesChangedWithPutObject(t *testing.T) {
 			err := cache.Put(k, oids)
 			require.NoError(t, err)
 		}
-		cache.CleanCacheEntriesContainingObject("obj1", id)
+		cache.CleanCacheEntriesContainingObject("obj1", &id)
 		for _, k := range keys {
 			list := cache.Get(k)
 			if k.prefix == "" {
@ -176,7 +176,7 @@ func TestCleanCacheEntriesChangedWithPutObject(t *testing.T) {
 			err := cache.Put(k, oids)
 			require.NoError(t, err)
 		}
-		cache.CleanCacheEntriesContainingObject("dir/obj", id)
+		cache.CleanCacheEntriesContainingObject("dir/obj", &id)
 		for _, k := range keys {
 			list := cache.Get(k)
 			if k.prefix == "" || k.prefix == "dir/" {
@ -195,7 +195,7 @@ func TestCleanCacheEntriesChangedWithPutObject(t *testing.T) {
 			err := cache.Put(k, oids)
 			require.NoError(t, err)
 		}
-		cache.CleanCacheEntriesContainingObject("dir/lol/obj", id)
+		cache.CleanCacheEntriesContainingObject("dir/lol/obj", &id)
 		for _, k := range keys {
 			list := cache.Get(k)
 			require.Nil(t, list)
--- a/api/data/info.go
+++ b/api/data/info.go
@ -7,7 +7,7 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 const (
@ -21,7 +21,7 @@ type (
 	BucketInfo struct {
 		Name               string
 		CID                *cid.ID
-		Owner              *owner.ID
+		Owner              *user.ID
 		Created            time.Time
 		BasicACL           uint32
 		LocationConstraint string
@ -41,7 +41,7 @@ type (
 		Created       time.Time
 		CreationEpoch uint64
 		HashSum       string
-		Owner         *owner.ID
+		Owner         *user.ID
 		Headers       map[string]string
 	}
@ -96,8 +96,8 @@ func (o *ObjectInfo) NiceName() string { return o.Bucket + "/" + o.Name }
 // Address returns object address.
 func (o *ObjectInfo) Address() *address.Address {
 	addr := address.NewAddress()
-	addr.SetContainerID(o.CID)
+	addr.SetContainerID(*o.CID)
-	addr.SetObjectID(o.ID)
+	addr.SetObjectID(*o.ID)
 	return addr
 }
--- a/api/handler/acl.go
+++ b/api/handler/acl.go
@ -153,7 +153,10 @@ func (h *handler) bearerTokenIssuerKey(ctx context.Context) (*keys.PublicKey, er
 		return nil, err
 	}
-	key, err := keys.NewPublicKeyFromBytes(box.Gate.BearerToken.Signature().Key(), elliptic.P256())
+	var btoken v2acl.BearerToken
 	box.Gate.BearerToken.WriteToV2(&btoken)
 	key, err := keys.NewPublicKeyFromBytes(btoken.GetSignature().GetKey(), elliptic.P256())
 	if err != nil {
 		return nil, err
 	}
@ -791,8 +794,8 @@ func formRecords(operations []*astOperation, resource *astResource) ([]*eacl.Rec
 		}
 		if len(resource.Object) != 0 {
 			if len(resource.Version) != 0 {
-				id := oid.NewID()
+				var id oid.ID
-				if err := id.Parse(resource.Version); err != nil {
+				if err := id.DecodeString(resource.Version); err != nil {
 					return nil, err
 				}
 				record.AddObjectIDFilter(eacl.MatchStringEqual, id)
--- a/api/handler/acl_test.go
+++ b/api/handler/acl_test.go
@ -21,7 +21,7 @@ func TestTableToAst(t *testing.T) {
 	b := make([]byte, 32)
 	_, err := io.ReadFull(rand.Reader, b)
 	require.NoError(t, err)
-	id := oid.NewID()
+	var id oid.ID
 	id.SetSHA256(sha256.Sum256(b))
 	key, err := keys.NewPrivateKey()
@ -740,7 +740,7 @@ func TestObjectAclToAst(t *testing.T) {
 	b := make([]byte, 32)
 	_, err := io.ReadFull(rand.Reader, b)
 	require.NoError(t, err)
-	objID := oid.NewID()
+	var objID oid.ID
 	objID.SetSHA256(sha256.Sum256(b))
 	key, err := keys.NewPrivateKey()
@ -809,7 +809,7 @@ func TestBucketAclToAst(t *testing.T) {
 	b := make([]byte, 32)
 	_, err := io.ReadFull(rand.Reader, b)
 	require.NoError(t, err)
-	objID := oid.NewID()
+	var objID oid.ID
 	objID.SetSHA256(sha256.Sum256(b))
 	key, err := keys.NewPrivateKey()
--- a/api/handler/delete.go
+++ b/api/handler/delete.go
@ -110,9 +110,9 @@ func (h *handler) DeleteObjectHandler(w http.ResponseWriter, r *http.Request) {
 			ReqInfo: reqInfo,
 		}
 	} else {
-		oid := oid.NewID()
+		var objID oid.ID
 		if len(versionID) != 0 {
-			if err := oid.Parse(versionID); err != nil {
+			if err = objID.DecodeString(versionID); err != nil {
 				h.log.Error("couldn't send notification: %w", zap.Error(err))
 			}
 		}
@ -121,7 +121,7 @@ func (h *handler) DeleteObjectHandler(w http.ResponseWriter, r *http.Request) {
 			Event: layer.EventObjectRemovedDelete,
 			ObjInfo: &data.ObjectInfo{
 				Name: reqInfo.ObjectName,
-				ID:   oid,
+				ID:   &objID,
 			},
 			BktInfo: bktInfo,
 			ReqInfo: reqInfo,
--- a/api/handler/handlers_test.go
+++ b/api/handler/handlers_test.go
@ -17,7 +17,7 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/resolver"
 	"github.com/nspcc-dev/neofs-s3-gw/internal/neofstest"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 )
@ -83,11 +83,13 @@ func createTestBucketWithLock(ctx context.Context, t *testing.T, h *handlerConte
 	})
 	require.NoError(t, err)
 	var ownerID user.ID
 	bktInfo := &data.BucketInfo{
 		CID:               cnrID,
 		Name:              bktName,
 		ObjectLockEnabled: true,
-		Owner:             owner.NewID(),
+		Owner:             &ownerID,
 	}
 	sp := &layer.PutSettingsParams{
--- a/api/handler/list.go
+++ b/api/handler/list.go
@ -5,7 +5,7 @@ import (
 	"time"
 	"github.com/nspcc-dev/neofs-s3-gw/api"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 const maxObjectList = 1000 // Limit number of objects in a listObjectsResponse/listObjectsVersionsResponse.
@ -13,7 +13,7 @@ const maxObjectList = 1000 // Limit number of objects in a listObjectsResponse/l
 // ListBucketsHandler handles bucket listing requests.
 func (h *handler) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
 	var (
-		own     = owner.NewID()
+		own     user.ID
 		res     *ListBucketsResponse
 		reqInfo = api.GetReqInfo(r.Context())
 	)
@ -25,7 +25,7 @@ func (h *handler) ListBucketsHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	if len(list) > 0 {
-		own = list[0].Owner
+		own = *list[0].Owner
 	}
 	res = &ListBucketsResponse{
--- a/api/handler/object_list.go
+++ b/api/handler/object_list.go
@ -165,7 +165,8 @@ func parseListObjectArgs(reqInfo *api.ReqInfo) (*layer.ListObjectsParamsCommon,
 func parseContinuationToken(queryValues url.Values) (string, error) {
 	if val, ok := queryValues["continuation-token"]; ok {
-		if err := oid.NewID().Parse(val[0]); err != nil {
+		var objID oid.ID
 		if err := objID.DecodeString(val[0]); err != nil {
 			return "", errors.GetAPIError(errors.ErrIncorrectContinuationToken)
 		}
 		return val[0], nil
--- a/api/layer/container.go
+++ b/api/layer/container.go
@ -96,7 +96,7 @@ func (n *layer) containerList(ctx context.Context) ([]*data.BucketInfo, error) {
 		res []cid.ID
 		rid = api.GetRequestID(ctx)
 	)
-	res, err = n.neoFS.UserContainers(ctx, *own)
+	res, err = n.neoFS.UserContainers(ctx, own)
 	if err != nil {
 		n.log.Error("could not list user containers",
 			zap.String("request_id", rid),
@ -122,9 +122,10 @@ func (n *layer) containerList(ctx context.Context) ([]*data.BucketInfo, error) {
 func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*data.BucketInfo, error) {
 	var err error
 	ownerID := n.Owner(ctx)
 	bktInfo := &data.BucketInfo{
 		Name:               p.Name,
-		Owner:              n.Owner(ctx),
+		Owner:              &ownerID,
 		Created:            time.Now(), // this can be a little incorrect since the real time is set later
 		BasicACL:           p.ACL,
 		LocationConstraint: p.LocationConstraint,
@ -171,7 +172,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 }
 func (n *layer) setContainerEACLTable(ctx context.Context, idCnr *cid.ID, table *eacl.Table) error {
-	table.SetCID(idCnr)
+	table.SetCID(*idCnr)
 	boxData, err := GetBoxData(ctx)
 	if err == nil {
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@ -22,8 +22,8 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
@ -314,12 +314,16 @@ func IsAuthenticatedRequest(ctx context.Context) bool {
 }
 // Owner returns owner id from BearerToken (context) or from client owner.
-func (n *layer) Owner(ctx context.Context) *owner.ID {
+func (n *layer) Owner(ctx context.Context) user.ID {
 	if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil {
-		return bd.Gate.BearerToken.Issuer()
+		ownerID, _ := bd.Gate.BearerToken.Issuer()
 		return ownerID
 	}
-	return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(n.EphemeralKey()))
+	var ownerID user.ID
 	user.IDFromKey(&ownerID, (ecdsa.PublicKey)(*n.EphemeralKey()))
 	return ownerID
 }
 func (n *layer) prepareAuthParameters(ctx context.Context, prm *neofs.PrmAuth) {
@ -627,7 +631,7 @@ func (n *layer) CreateBucket(ctx context.Context, p *CreateBucketParams) (*data.
 		return nil, err
 	}
-	if p.SessionToken != nil && bktInfo.Owner.Equal(p.SessionToken.OwnerID()) {
+	if p.SessionToken != nil && bktInfo.Owner.Equals(*p.SessionToken.OwnerID()) {
 		return nil, errors.GetAPIError(errors.ErrBucketAlreadyOwnedByYou)
 	}
@ -635,12 +639,12 @@ func (n *layer) CreateBucket(ctx context.Context, p *CreateBucketParams) (*data.
 }
 func (n *layer) ResolveBucket(ctx context.Context, name string) (*cid.ID, error) {
-	cnrID := cid.New()
+	var cnrID cid.ID
-	if err := cnrID.Parse(name); err != nil {
+	if err := cnrID.DecodeString(name); err != nil {
 		return n.resolver.Resolve(ctx, name)
 	}
-	return cnrID, nil
+	return &cnrID, nil
 }
 func (n *layer) DeleteBucket(ctx context.Context, p *DeleteBucketParams) error {
--- a/api/layer/multipart_upload.go
+++ b/api/layer/multipart_upload.go
@ -14,7 +14,7 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/data"
 	"github.com/nspcc-dev/neofs-s3-gw/api/errors"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
@ -89,7 +89,7 @@ type (
 	ListPartsInfo struct {
 		Parts                []*Part
-		Owner                *owner.ID
+		Owner                *user.ID
 		NextPartNumberMarker int
 		IsTruncated          bool
 	}
@ -105,7 +105,7 @@ type (
 		IsDir    bool
 		Key      string
 		UploadID string
-		Owner    *owner.ID
+		Owner    *user.ID
 		Created  time.Time
 	}
 )
@ -352,7 +352,7 @@ func (n *layer) ListMultipartUploads(ctx context.Context, p *ListMultipartUpload
 	uniqDirs := make(map[string]struct{})
 	for i := range ids {
-		meta, err := n.objectHead(ctx, p.Bkt.CID, &ids[i])
+		meta, err := n.objectHead(ctx, p.Bkt.CID, ids[i])
 		if err != nil {
 			n.log.Warn("couldn't head object",
 				zap.Stringer("object id", &ids[i]),
@ -496,7 +496,7 @@ func (n *layer) getUploadParts(ctx context.Context, p *UploadInfoParams) (map[in
 	res := make(map[int]*data.ObjectInfo)
 	for i := range ids {
-		meta, err := n.objectHead(ctx, p.Bkt.CID, &ids[i])
+		meta, err := n.objectHead(ctx, p.Bkt.CID, ids[i])
 		if err != nil {
 			n.log.Warn("couldn't head a part of upload",
 				zap.Stringer("object id", &ids[i]),
--- a/api/layer/neofs/neofs.go
+++ b/api/layer/neofs/neofs.go
@ -8,21 +8,21 @@ import (
 	"time"
 	"github.com/nspcc-dev/neofs-sdk-go/acl"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/container"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 // PrmContainerCreate groups parameters of NeoFS.CreateContainer operation.
 type PrmContainerCreate struct {
 	// NeoFS identifier of the container creator.
-	Creator owner.ID
+	Creator user.ID
 	// Container placement policy.
 	Policy netmap.PlacementPolicy
@ -43,7 +43,7 @@ type PrmContainerCreate struct {
 // PrmAuth groups authentication parameters for the NeoFS operation.
 type PrmAuth struct {
 	// Bearer token to be used for the operation. Overlaps PrivateKey. Optional.
-	BearerToken *token.BearerToken
+	BearerToken *bearer.Token
 	// Private key used for the operation if BearerToken is missing (in this case non-nil).
 	PrivateKey *ecdsa.PrivateKey
@ -105,7 +105,7 @@ type PrmObjectCreate struct {
 	Container cid.ID
 	// NeoFS identifier of the object creator.
-	Creator owner.ID
+	Creator user.ID
 	// Key-value object attributes.
 	Attributes [][2]string
@ -158,7 +158,7 @@ type NeoFS interface {
 	//
 	// It returns exactly one non-nil value. It returns any error encountered which
 	// prevented the containers from being listed.
-	UserContainers(context.Context, owner.ID) ([]cid.ID, error)
+	UserContainers(context.Context, user.ID) ([]cid.ID, error)
 	// SetContainerEACL saves the eACL table of the container in NeoFS.
 	//
--- a/api/layer/notifications.go
+++ b/api/layer/notifications.go
@ -178,8 +178,9 @@ func (n *layer) getNotificationConf(ctx context.Context, bkt *data.BucketInfo, s
 	}
 	if err = n.systemCache.PutNotificationConfiguration(systemObjectKey(bkt, sysName), conf); err != nil {
 		objID, _ := obj.ID()
 		n.log.Warn("couldn't put system meta to objects cache",
-			zap.Stringer("object id", obj.ID()),
+			zap.Stringer("object id", &objID),
 			zap.Stringer("bucket id", bkt.CID),
 			zap.Error(err))
 	}
--- a/api/layer/object.go
+++ b/api/layer/object.go
@ -90,7 +90,7 @@ func (n *layer) objectSearch(ctx context.Context, p *findParams) ([]oid.ID, erro
 	return res, n.transformNeofsError(ctx, err)
 }
-func newAddress(cid *cid.ID, oid *oid.ID) *address.Address {
+func newAddress(cid cid.ID, oid oid.ID) *address.Address {
 	addr := address.NewAddress()
 	addr.SetContainerID(cid)
 	addr.SetObjectID(oid)
@ -98,10 +98,10 @@ func newAddress(cid *cid.ID, oid *oid.ID) *address.Address {
 }
 // objectHead returns all object's headers.
-func (n *layer) objectHead(ctx context.Context, idCnr *cid.ID, idObj *oid.ID) (*object.Object, error) {
+func (n *layer) objectHead(ctx context.Context, idCnr *cid.ID, idObj oid.ID) (*object.Object, error) {
 	prm := neofs.PrmObjectRead{
 		Container:  *idCnr,
-		Object:     *idObj,
+		Object:     idObj,
 		WithHeader: true,
 	}
@ -137,9 +137,11 @@ func (n *layer) initObjectPayloadReader(ctx context.Context, p getParams) (io.Re
 // objectGet returns an object with payload in the object.
 func (n *layer) objectGet(ctx context.Context, addr *address.Address) (*object.Object, error) {
 	cnrID, _ := addr.ContainerID()
 	objID, _ := addr.ObjectID()
 	prm := neofs.PrmObjectRead{
-		Container:   *addr.ContainerID(),
+		Container:   cnrID,
-		Object:      *addr.ObjectID(),
+		Object:      objID,
 		WithHeader:  true,
 		WithPayload: true,
 	}
@ -178,7 +180,7 @@ func (n *layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Object
 	prm := neofs.PrmObjectCreate{
 		Container:   *p.BktInfo.CID,
-		Creator:     *own,
+		Creator:     own,
 		PayloadSize: uint64(p.Size),
 		Filename:    p.Object,
 		Payload:     r,
@ -216,7 +218,7 @@ func (n *layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Object
 		}
 	}
-	meta, err := n.objectHead(ctx, p.BktInfo.CID, id)
+	meta, err := n.objectHead(ctx, p.BktInfo.CID, *id)
 	if err != nil {
 		return nil, err
 	}
@ -244,11 +246,13 @@ func (n *layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Object
 		}
 	}
 	payloadChecksum, _ := meta.PayloadChecksum()
 	return &data.ObjectInfo{
 		ID:  id,
 		CID: p.BktInfo.CID,
-		Owner:         own,
+		Owner:         &own,
 		Bucket:        p.BktInfo.Name,
 		Name:          p.Object,
 		Size:          p.Size,
@ -256,7 +260,7 @@ func (n *layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Object
 		CreationEpoch: meta.CreationEpoch(),
 		Headers:       p.Header,
 		ContentType:   p.Header[api.ContentType],
-		HashSum:       meta.PayloadChecksum().String(),
+		HashSum:       payloadChecksum.String(),
 	}, nil
 }
@ -366,7 +370,7 @@ func (n *layer) headVersions(ctx context.Context, bkt *data.BucketInfo, objectNa
 	}
 	for i := range ids {
-		meta, err := n.objectHead(ctx, bkt.CID, &ids[i])
+		meta, err := n.objectHead(ctx, bkt.CID, ids[i])
 		if err != nil {
 			n.log.Warn("couldn't head object",
 				zap.Stringer("object id", &ids[i]),
@ -406,12 +410,12 @@ func (n *layer) headVersion(ctx context.Context, bkt *data.BucketInfo, p *HeadOb
 		return objInfo, nil
 	}
-	id := oid.NewID()
+	var id oid.ID
-	if err := id.Parse(p.VersionID); err != nil {
+	if err := id.DecodeString(p.VersionID); err != nil {
 		return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidVersion)
 	}
-	if headInfo := n.objCache.Get(newAddress(bkt.CID, id)); headInfo != nil {
+	if headInfo := n.objCache.Get(newAddress(*bkt.CID, id)); headInfo != nil {
 		return objInfoFromMeta(bkt, headInfo), nil
 	}
@ -445,7 +449,7 @@ func (n *layer) objectDelete(ctx context.Context, idCnr *cid.ID, idObj *oid.ID)
 	n.prepareAuthParameters(ctx, &prm.PrmAuth)
-	n.objCache.Delete(newAddress(idCnr, idObj))
+	n.objCache.Delete(newAddress(*idCnr, *idObj))
 	return n.transformNeofsError(ctx, n.neoFS.DeleteObject(ctx, prm))
 }
@ -679,10 +683,10 @@ func (n *layer) isVersioningEnabled(ctx context.Context, bktInfo *data.BucketInf
 func (n *layer) objectFromObjectsCacheOrNeoFS(ctx context.Context, cid *cid.ID, oid *oid.ID) *object.Object {
 	var (
 		err  error
-		meta = n.objCache.Get(newAddress(cid, oid))
+		meta = n.objCache.Get(newAddress(*cid, *oid))
 	)
 	if meta == nil {
-		meta, err = n.objectHead(ctx, cid, oid)
+		meta, err = n.objectHead(ctx, cid, *oid)
 		if err != nil {
 			n.log.Warn("could not fetch object meta", zap.Error(err))
 			return nil
--- a/api/layer/object_test.go
+++ b/api/layer/object_test.go
@ -11,10 +11,10 @@ import (
 )
 func randID(t *testing.T) *oid.ID {
-	id := oid.NewID()
+	var id oid.ID
 	id.SetSHA256(randSHA256Checksum(t))
-	return id
+	return &id
 }
 func randSHA256Checksum(t *testing.T) (cs [sha256.Size]byte) {
--- a/api/layer/system_object.go
+++ b/api/layer/system_object.go
@ -122,7 +122,7 @@ func (n *layer) putSystemObjectIntoNeoFS(ctx context.Context, p *PutSystemObject
 		return nil, err
 	}
-	meta, err := n.objectHead(ctx, p.BktInfo.CID, id)
+	meta, err := n.objectHead(ctx, p.BktInfo.CID, *id)
 	if err != nil {
 		return nil, err
 	}
@ -149,8 +149,8 @@ func (n *layer) getSystemObjectFromNeoFS(ctx context.Context, bkt *data.BucketIn
 	var addr address.Address
-	addr.SetContainerID(bkt.CID)
+	addr.SetContainerID(*bkt.CID)
-	addr.SetObjectID(objInfo.ID)
+	addr.SetObjectID(*objInfo.ID)
 	obj, err := n.objectGet(ctx, &addr)
 	if err != nil {
@ -180,8 +180,9 @@ func (n *layer) getCORS(ctx context.Context, bkt *data.BucketInfo, sysName strin
 	}
 	if err = n.systemCache.PutCORS(systemObjectKey(bkt, sysName), cors); err != nil {
 		objID, _ := obj.ID()
 		n.log.Warn("couldn't put system meta to objects cache",
-			zap.Stringer("object id", obj.ID()),
+			zap.Stringer("object id", &objID),
 			zap.Stringer("bucket id", bkt.CID),
 			zap.Error(err))
 	}
@ -201,7 +202,7 @@ func (n *layer) headSystemVersions(ctx context.Context, bkt *data.BucketInfo, sy
 	versions := newObjectVersions(sysName)
 	for i := range ids {
-		meta, err := n.objectHead(ctx, bkt.CID, &ids[i])
+		meta, err := n.objectHead(ctx, bkt.CID, ids[i])
 		if err != nil {
 			n.log.Warn("couldn't head object",
 				zap.Stringer("object id", &ids[i]),
@ -251,8 +252,9 @@ func (n *layer) GetBucketSettings(ctx context.Context, bktInfo *data.BucketInfo)
 	}
 	if err = n.systemCache.PutSettings(systemKey, settings); err != nil {
 		objID, _ := obj.ID()
 		n.log.Warn("couldn't put system meta to objects cache",
-			zap.Stringer("object id", obj.ID()),
+			zap.Stringer("object id", &objID),
 			zap.Stringer("bucket id", bktInfo.CID),
 			zap.Error(err))
 	}
--- a/api/layer/util.go
+++ b/api/layer/util.go
@ -111,8 +111,10 @@ func objectInfoFromMeta(bkt *data.BucketInfo, meta *object.Object, prefix, delim
 		size = int64(meta.PayloadSize())
 	}
 	objID, _ := meta.ID()
 	payloadChecksum, _ := meta.PayloadChecksum()
 	return &data.ObjectInfo{
-		ID:    meta.ID(),
+		ID:    &objID,
 		CID:   bkt.CID,
 		IsDir: isDir,
@ -124,18 +126,18 @@ func objectInfoFromMeta(bkt *data.BucketInfo, meta *object.Object, prefix, delim
 		Headers:       userHeaders,
 		Owner:         meta.OwnerID(),
 		Size:          size,
-		HashSum:       meta.PayloadChecksum().String(),
+		HashSum:       payloadChecksum.String(),
 	}
 }
 func filenameFromObject(o *object.Object) string {
 	var name = o.ID().String()
 	for _, attr := range o.Attributes() {
 		if attr.Key() == object.AttributeFileName {
 			return attr.Value()
 		}
 	}
-	return name
+	objID, _ := o.ID()
 	return objID.String()
 }
 // NameFromString splits name into a base file name and a directory path.
--- a/api/layer/util_test.go
+++ b/api/layer/util_test.go
@ -7,10 +7,11 @@ import (
 	"time"
 	"github.com/nspcc-dev/neofs-s3-gw/api/data"
 	"github.com/nspcc-dev/neofs-sdk-go/checksum"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/stretchr/testify/require"
 )
@ -35,9 +36,9 @@ func newTestObject(id *oid.ID, bkt *data.BucketInfo, name string) *object.Object
 	contentType.SetValue(defaultTestContentType)
 	obj := object.New()
-	obj.SetID(id)
+	obj.SetID(*id)
 	obj.SetOwnerID(bkt.Owner)
-	obj.SetContainerID(bkt.CID)
+	obj.SetContainerID(*bkt.CID)
 	obj.SetPayload(defaultTestPayload)
 	obj.SetAttributes(*filename, *created, *contentType)
 	obj.SetPayloadSize(uint64(defaultTestPayloadLength))
@ -46,6 +47,7 @@ func newTestObject(id *oid.ID, bkt *data.BucketInfo, name string) *object.Object
 }
 func newTestInfo(oid *oid.ID, bkt *data.BucketInfo, name string, isDir bool) *data.ObjectInfo {
 	var hashSum checksum.Checksum
 	info := &data.ObjectInfo{
 		ID:          oid,
 		Name:        name,
@ -56,6 +58,7 @@ func newTestInfo(oid *oid.ID, bkt *data.BucketInfo, name string, isDir bool) *da
 		Created:     time.Unix(defaultTestCreated.Unix(), 0),
 		Owner:       bkt.Owner,
 		Headers:     make(map[string]string),
 		HashSum:     hashSum.String(),
 	}
 	if isDir {
@ -69,14 +72,14 @@ func newTestInfo(oid *oid.ID, bkt *data.BucketInfo, name string, isDir bool) *da
 }
 func Test_objectInfoFromMeta(t *testing.T) {
-	uid := owner.NewID()
+	var uid user.ID
-	id := oid.NewID()
+	var id oid.ID
-	containerID := cid.New()
+	var containerID cid.ID
 	bkt := &data.BucketInfo{
 		Name:    "test-container",
-		CID:     containerID,
+		CID:     &containerID,
-		Owner:   uid,
+		Owner:   &uid,
 		Created: time.Now(),
 	}
@ -89,66 +92,66 @@ func Test_objectInfoFromMeta(t *testing.T) {
 	}{
 		{
 			name:   "small.jpg",
-			result: newTestInfo(id, bkt, "small.jpg", false),
+			result: newTestInfo(&id, bkt, "small.jpg", false),
-			object: newTestObject(id, bkt, "small.jpg"),
+			object: newTestObject(&id, bkt, "small.jpg"),
 		},
 		{
 			name:   "small.jpg not matched prefix",
 			prefix: "big",
 			result: nil,
-			object: newTestObject(id, bkt, "small.jpg"),
+			object: newTestObject(&id, bkt, "small.jpg"),
 		},
 		{
 			name:      "small.jpg delimiter",
 			delimiter: "/",
-			result:    newTestInfo(id, bkt, "small.jpg", false),
+			result:    newTestInfo(&id, bkt, "small.jpg", false),
-			object:    newTestObject(id, bkt, "small.jpg"),
+			object:    newTestObject(&id, bkt, "small.jpg"),
 		},
 		{
 			name:   "test/small.jpg",
-			result: newTestInfo(id, bkt, "test/small.jpg", false),
+			result: newTestInfo(&id, bkt, "test/small.jpg", false),
-			object: newTestObject(id, bkt, "test/small.jpg"),
+			object: newTestObject(&id, bkt, "test/small.jpg"),
 		},
 		{
 			name:      "test/small.jpg with prefix and delimiter",
 			prefix:    "test/",
 			delimiter: "/",
-			result:    newTestInfo(id, bkt, "test/small.jpg", false),
+			result:    newTestInfo(&id, bkt, "test/small.jpg", false),
-			object:    newTestObject(id, bkt, "test/small.jpg"),
+			object:    newTestObject(&id, bkt, "test/small.jpg"),
 		},
 		{
 			name:   "a/b/small.jpg",
 			prefix: "a",
-			result: newTestInfo(id, bkt, "a/b/small.jpg", false),
+			result: newTestInfo(&id, bkt, "a/b/small.jpg", false),
-			object: newTestObject(id, bkt, "a/b/small.jpg"),
+			object: newTestObject(&id, bkt, "a/b/small.jpg"),
 		},
 		{
 			name:      "a/b/small.jpg",
 			prefix:    "a/",
 			delimiter: "/",
-			result:    newTestInfo(id, bkt, "a/b/", true),
+			result:    newTestInfo(&id, bkt, "a/b/", true),
-			object:    newTestObject(id, bkt, "a/b/small.jpg"),
+			object:    newTestObject(&id, bkt, "a/b/small.jpg"),
 		},
 		{
 			name:      "a/b/c/small.jpg",
 			prefix:    "a/",
 			delimiter: "/",
-			result:    newTestInfo(id, bkt, "a/b/", true),
+			result:    newTestInfo(&id, bkt, "a/b/", true),
-			object:    newTestObject(id, bkt, "a/b/c/small.jpg"),
+			object:    newTestObject(&id, bkt, "a/b/c/small.jpg"),
 		},
 		{
 			name:      "a/b/c/small.jpg",
 			prefix:    "a/b/c/s",
 			delimiter: "/",
-			result:    newTestInfo(id, bkt, "a/b/c/small.jpg", false),
+			result:    newTestInfo(&id, bkt, "a/b/c/small.jpg", false),
-			object:    newTestObject(id, bkt, "a/b/c/small.jpg"),
+			object:    newTestObject(&id, bkt, "a/b/c/small.jpg"),
 		},
 		{
 			name:      "a/b/c/big.jpg",
 			prefix:    "a/b/",
 			delimiter: "/",
-			result:    newTestInfo(id, bkt, "a/b/c/", true),
+			result:    newTestInfo(&id, bkt, "a/b/c/", true),
-			object:    newTestObject(id, bkt, "a/b/c/big.jpg"),
+			object:    newTestObject(&id, bkt, "a/b/c/big.jpg"),
 		},
 	}
--- a/api/layer/versioning.go
+++ b/api/layer/versioning.go
@ -393,11 +393,11 @@ func (n *layer) checkVersionsExist(ctx context.Context, bkt *data.BucketInfo, ob
 	if obj.VersionID == unversionedObjectVersionID {
 		version = versions.getLast(FromUnversioned())
 	} else {
-		id := oid.NewID()
+		var id oid.ID
-		if err := id.Parse(obj.VersionID); err != nil {
+		if err = id.DecodeString(obj.VersionID); err != nil {
 			return nil, errors.GetAPIError(errors.ErrInvalidVersion)
 		}
-		version = versions.getVersion(id)
+		version = versions.getVersion(&id)
 	}
 	if version == nil {
--- a/api/layer/versioning_test.go
+++ b/api/layer/versioning_test.go
@ -13,11 +13,11 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/layer/neofs"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
 	"github.com/nspcc-dev/neofs-s3-gw/internal/neofstest"
 	bearertest "github.com/nspcc-dev/neofs-sdk-go/bearer/test"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	"github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	tokentest "github.com/nspcc-dev/neofs-sdk-go/token/test"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 )
@ -142,12 +142,12 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext {
 	key, err := keys.NewPrivateKey()
 	require.NoError(t, err)
-	bearerToken := tokentest.BearerToken()
+	bearerToken := bearertest.Token()
-	require.NoError(t, bearerToken.SignToken(&key.PrivateKey))
+	require.NoError(t, bearerToken.Sign(key.PrivateKey))
 	ctx := context.WithValue(context.Background(), api.BoxData, &accessbox.Box{
 		Gate: &accessbox.GateData{
-			BearerToken: bearerToken,
+			BearerToken: &bearerToken,
 			GateKey:     key.PublicKey(),
 		},
 	})
@ -174,7 +174,7 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext {
 		layer: NewLayer(zap.NewNop(), tp, layerCfg),
 		bktInfo: &data.BucketInfo{
 			Name:  bktName,
-			Owner: owner.NewID(),
+			Owner: usertest.ID(),
 			CID:   bktID,
 		},
 		obj:       "obj1",
@ -482,9 +482,10 @@ func joinVers(objs ...*data.ObjectInfo) string {
 func getOID(id byte) *oid.ID {
 	b := [32]byte{}
 	b[31] = id
-	idObj := oid.NewID()
+
 	var idObj oid.ID
 	idObj.SetSHA256(b)
-	return idObj
+	return &idObj
 }
 func getTestObjectInfo(id byte, addAttr, delAttr, delMarkAttr string) *data.ObjectInfo {
@ -628,9 +629,11 @@ func TestSystemObjectsVersioning(t *testing.T) {
 	})
 	require.NoError(t, err)
 	cnrID, _ := objMeta.ContainerID()
 	objID, _ := objMeta.ID()
 	addr := address.NewAddress()
-	addr.SetContainerID(objMeta.ContainerID())
+	addr.SetContainerID(cnrID)
-	addr.SetObjectID(objMeta.ID())
+	addr.SetObjectID(objID)
 	// simulate failed deletion
 	tc.testNeoFS.AddObject(addr.String(), objMeta)
@ -660,7 +663,9 @@ func TestDeleteSystemObjectsVersioning(t *testing.T) {
 	require.NoError(t, err)
 	// simulate failed deletion
-	tc.testNeoFS.AddObject(newAddress(objMeta.ContainerID(), objMeta.ID()).String(), objMeta)
+	cnrID, _ := objMeta.ContainerID()
 	objID, _ := objMeta.ID()
 	tc.testNeoFS.AddObject(newAddress(cnrID, objID).String(), objMeta)
 	tagging, err := tc.layer.GetBucketTagging(tc.ctx, tc.bktInfo)
 	require.NoError(t, err)
--- a/api/resolver/resolver.go
+++ b/api/resolver/resolver.go
@ -4,9 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/resolver"
+	"github.com/nspcc-dev/neofs-sdk-go/ns"
 )
 const (
@ -25,7 +24,7 @@ type NeoFS interface {
 type Config struct {
 	NeoFS      NeoFS
-	RPC   *client.Client
+	RPCAddress string
 }
 type BucketResolver struct {
@ -78,7 +77,7 @@ func newResolver(name string, cfg *Config, next *BucketResolver) (*BucketResolve
 	case DNSResolver:
 		return NewDNSResolver(cfg.NeoFS, next)
 	case NNSResolver:
-		return NewNNSResolver(cfg.RPC, next)
+		return NewNNSResolver(cfg.RPCAddress, next)
 	default:
 		return nil, fmt.Errorf("unknown resolver: %s", name)
 	}
@ -89,6 +88,8 @@ func NewDNSResolver(neoFS NeoFS, next *BucketResolver) (*BucketResolver, error)
 		return nil, fmt.Errorf("pool must not be nil for DNS resolver")
 	}
 	var dns ns.DNS
 	resolveFunc := func(ctx context.Context, name string) (*cid.ID, error) {
 		domain, err := neoFS.SystemDNS(ctx)
 		if err != nil {
@ -96,11 +97,11 @@ func NewDNSResolver(neoFS NeoFS, next *BucketResolver) (*BucketResolver, error)
 		}
 		domain = name + "." + domain
-		cnrID, err := resolver.ResolveContainerDomainName(domain)
+		cnrID, err := dns.ResolveContainerName(domain)
 		if err != nil {
 			return nil, fmt.Errorf("couldn't resolve container '%s' as '%s': %w", name, domain, err)
 		}
-		return cnrID, nil
+		return &cnrID, nil
 	}
 	return &BucketResolver{
@ -111,22 +112,23 @@ func NewDNSResolver(neoFS NeoFS, next *BucketResolver) (*BucketResolver, error)
 	}, nil
 }
-func NewNNSResolver(rpc *client.Client, next *BucketResolver) (*BucketResolver, error) {
+func NewNNSResolver(address string, next *BucketResolver) (*BucketResolver, error) {
-	if rpc == nil {
+	if address == "" {
-		return nil, fmt.Errorf("rpc client must not be nil for NNS resolver")
+		return nil, fmt.Errorf("rpc address must not be empty for NNS resolver")
 	}
-	nnsRPCResolver, err := resolver.NewNNSResolver(rpc)
+	var nns ns.NNS
-	if err != nil {
+
-		return nil, err
+	if err := nns.Dial(address); err != nil {
 		return nil, fmt.Errorf("dial %s: %w", address, err)
 	}
 	resolveFunc := func(_ context.Context, name string) (*cid.ID, error) {
-		cnrID, err := nnsRPCResolver.ResolveContainerName(name)
+		cnrID, err := nns.ResolveContainerName(name)
 		if err != nil {
 			return nil, fmt.Errorf("couldn't resolve container '%s': %w", name, err)
 		}
-		return cnrID, nil
+		return &cnrID, nil
 	}
 	return &BucketResolver{
--- a/authmate/authmate.go
+++ b/authmate/authmate.go
@ -15,21 +15,21 @@ import (
 	"github.com/nspcc-dev/neofs-s3-gw/api/cache"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
 	"github.com/nspcc-dev/neofs-s3-gw/creds/tokens"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/nspcc-dev/neofs-sdk-go/object/address"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/policy"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 // PrmContainerCreate groups parameters of containers created by authmate.
 type PrmContainerCreate struct {
 	// NeoFS identifier of the container creator.
-	Owner owner.ID
+	Owner user.ID
 	// Container placement policy.
 	Policy netmap.PlacementPolicy
@ -134,12 +134,12 @@ type (
 	}
 	obtainingResult struct {
-		BearerToken     *token.BearerToken `json:"-"`
+		BearerToken     *bearer.Token `json:"-"`
 		SecretAccessKey string        `json:"secret_access_key"`
 	}
 )
-func (a *Agent) checkContainer(ctx context.Context, opts ContainerOptions, idOwner *owner.ID) (*cid.ID, error) {
+func (a *Agent) checkContainer(ctx context.Context, opts ContainerOptions, idOwner user.ID) (*cid.ID, error) {
 	if opts.ID != nil {
 		// check that the container exists
 		return opts.ID, a.neoFS.ContainerExists(ctx, *opts.ID)
@ -151,7 +151,7 @@ func (a *Agent) checkContainer(ctx context.Context, opts ContainerOptions, idOwn
 	}
 	cnrID, err := a.neoFS.CreateContainer(ctx, PrmContainerCreate{
-		Owner:        *idOwner,
+		Owner:        idOwner,
 		Policy:       *pp,
 		FriendlyName: opts.FriendlyName,
 	})
@ -232,7 +232,8 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 	box.ContainerPolicy = policies
-	idOwner := owner.NewIDFromPublicKey(&options.NeoFSKey.PrivateKey.PublicKey)
+	var idOwner user.ID
 	user.IDFromKey(&idOwner, options.NeoFSKey.PrivateKey.PublicKey)
 	a.log.Info("check container or create", zap.Stringer("cid", options.Container.ID),
 		zap.String("friendly_name", options.Container.FriendlyName),
@ -251,7 +252,9 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 		return fmt.Errorf("failed to put bearer token: %w", err)
 	}
-	accessKeyID := addr.ContainerID().String() + "0" + addr.ObjectID().String()
+	cnrID, _ := addr.ContainerID()
 	objID, _ := addr.ObjectID()
 	accessKeyID := cnrID.EncodeToString() + "0" + objID.EncodeToString()
 	ir := &issuingResult{
 		AccessKeyID:     accessKeyID,
@ -267,7 +270,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 	}
 	if options.AwsCliCredentialsFile != "" {
-		profileName := "authmate_cred_" + addr.ObjectID().String()
+		profileName := "authmate_cred_" + objID.EncodeToString()
 		if _, err = os.Stat(options.AwsCliCredentialsFile); os.IsNotExist(err) {
 			profileName = "default"
 		}
@ -369,19 +372,22 @@ func buildContext(rules []byte) ([]*session.ContainerContext, error) {
 	return []*session.ContainerContext{sessionCtxPut, sessionCtxDelete, sessionCtxEACL}, nil
 }
-func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*token.BearerToken, error) {
+func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*bearer.Token, error) {
-	oid := owner.NewIDFromPublicKey((*ecdsa.PublicKey)(gateKey))
+	var ownerID user.ID
 	user.IDFromKey(&ownerID, (ecdsa.PublicKey)(*gateKey))
-	bearerToken := token.NewBearerToken()
+	var bearerToken bearer.Token
-	bearerToken.SetEACLTable(table)
+	bearerToken.SetEACLTable(*table)
-	bearerToken.SetOwner(oid)
+	bearerToken.SetOwnerID(ownerID)
-	bearerToken.SetLifetime(lifetime.Exp, lifetime.Iat, lifetime.Iat)
+	bearerToken.SetExpiration(lifetime.Exp)
 	bearerToken.SetIssuedAt(lifetime.Iat)
 	bearerToken.SetNotBefore(lifetime.Iat)
-	return bearerToken, bearerToken.SignToken(&key.PrivateKey)
+	return &bearerToken, bearerToken.Sign(key.PrivateKey)
 }
-func buildBearerTokens(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gatesKeys []*keys.PublicKey) ([]*token.BearerToken, error) {
+func buildBearerTokens(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gatesKeys []*keys.PublicKey) ([]*bearer.Token, error) {
-	bearerTokens := make([]*token.BearerToken, 0, len(gatesKeys))
+	bearerTokens := make([]*bearer.Token, 0, len(gatesKeys))
 	for _, gateKey := range gatesKeys {
 		tkn, err := buildBearerToken(key, table, lifetime, gateKey)
 		if err != nil {
@ -392,7 +398,7 @@ func buildBearerTokens(key *keys.PrivateKey, table *eacl.Table, lifetime lifetim
 	return bearerTokens, nil
 }
-func buildSessionToken(key *keys.PrivateKey, oid *owner.ID, lifetime lifetimeOptions, ctx *session.ContainerContext, gateKey *keys.PublicKey) (*session.Token, error) {
+func buildSessionToken(key *keys.PrivateKey, oid *user.ID, lifetime lifetimeOptions, ctx *session.ContainerContext, gateKey *keys.PublicKey) (*session.Token, error) {
 	tok := session.NewToken()
 	tok.SetContext(ctx)
 	uid, err := uuid.New().MarshalBinary()
@ -410,7 +416,7 @@ func buildSessionToken(key *keys.PrivateKey, oid *owner.ID, lifetime lifetimeOpt
 	return tok, tok.Sign(&key.PrivateKey)
 }
-func buildSessionTokens(key *keys.PrivateKey, oid *owner.ID, lifetime lifetimeOptions, ctxs []*session.ContainerContext, gatesKeys []*keys.PublicKey) ([][]*session.Token, error) {
+func buildSessionTokens(key *keys.PrivateKey, oid *user.ID, lifetime lifetimeOptions, ctxs []*session.ContainerContext, gatesKeys []*keys.PublicKey) ([][]*session.Token, error) {
 	sessionTokens := make([][]*session.Token, 0, len(gatesKeys))
 	for _, gateKey := range gatesKeys {
 		tkns := make([]*session.Token, len(ctxs))
@ -447,8 +453,10 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions) ([]*acc
 			return nil, fmt.Errorf("failed to build context for session token: %w", err)
 		}
-		oid := owner.NewIDFromPublicKey(&options.NeoFSKey.PrivateKey.PublicKey)
+		var ownerID user.ID
-		sessionTokens, err := buildSessionTokens(options.NeoFSKey, oid, lifetime, sessionRules, options.GatesPublicKeys)
+		user.IDFromKey(&ownerID, options.NeoFSKey.PrivateKey.PublicKey)
 		sessionTokens, err := buildSessionTokens(options.NeoFSKey, &ownerID, lifetime, sessionRules, options.GatesPublicKeys)
 		if err != nil {
 			return nil, fmt.Errorf("failed to biuild session token: %w", err)
 		}
--- a/cmd/authmate/main.go
+++ b/cmd/authmate/main.go
@ -245,10 +245,9 @@ It will be ceil rounded to the nearest amount of epoch.`,
 			}
 			agent := authmate.New(log, neoFS)
-			var containerID *cid.ID
+			var containerID cid.ID
 			if len(containerIDFlag) > 0 {
-				containerID = cid.New()
+				if err = containerID.DecodeString(containerIDFlag); err != nil {
 				if err := containerID.Parse(containerIDFlag); err != nil {
 					return cli.Exit(fmt.Sprintf("failed to parse auth container id: %s", err), 3)
 				}
 			}
@ -283,7 +282,7 @@ It will be ceil rounded to the nearest amount of epoch.`,
 			issueSecretOptions := &authmate.IssueSecretOptions{
 				Container: authmate.ContainerOptions{
-					ID:              containerID,
+					ID:              &containerID,
 					FriendlyName:    containerFriendlyName,
 					PlacementPolicy: containerPlacementPolicy,
 				},
--- a/cmd/s3-gw/app.go
+++ b/cmd/s3-gw/app.go
@ -3,13 +3,13 @@ package main
 import (
 	"context"
 	"encoding/hex"
 	"fmt"
 	"net"
 	"net/http"
 	"strconv"
 	"time"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
 	"github.com/nspcc-dev/neofs-s3-gw/api"
 	"github.com/nspcc-dev/neofs-s3-gw/api/auth"
 	"github.com/nspcc-dev/neofs-s3-gw/api/cache"
@ -129,19 +129,15 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
 	resolveCfg := &resolver.Config{
 		NeoFS:      neofs.NewResolverNeoFS(conns),
-	}
+		RPCAddress: v.GetString(cfgRPCEndpoint),
 	if rpcEndpoint := v.GetString(cfgRPCEndpoint); rpcEndpoint != "" {
 		rpc, err := client.New(ctx, rpcEndpoint, client.Options{})
 		if err != nil {
 			l.Fatal("couldn't create rpc client", zap.String("endpoint", rpcEndpoint), zap.Error(err))
 		} else if err = rpc.Init(); err != nil {
 			l.Fatal("couldn't init rpc client", zap.String("endpoint", rpcEndpoint), zap.Error(err))
 		}
 		resolveCfg.RPC = rpc
 	}
 	order := v.GetStringSlice(cfgResolveOrder)
 	if resolveCfg.RPCAddress == "" {
 		order = remove(order, resolver.NNSResolver)
 		l.Warn(fmt.Sprintf("resolver '%s' won't be used since '%s' isn't provided", resolver.NNSResolver, cfgRPCEndpoint))
 	}
 	bucketResolver, err := resolver.NewResolver(order, resolveCfg)
 	if err != nil {
 		l.Fatal("failed to form resolver", zap.Error(err))
@ -194,6 +190,15 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
 	}
 }
 func remove(list []string, element string) []string {
 	for i, item := range list {
 		if item == element {
 			return append(list[:i], list[i+1:]...)
 		}
 	}
 	return list
 }
 // Wait waits for an application to finish.
 //
 // Pre-logs a message about the launch of the application mentioning its
--- a/creds/accessbox/accessbox.go
+++ b/creds/accessbox/accessbox.go
@ -12,9 +12,9 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	apisession "github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	"github.com/nspcc-dev/neofs-sdk-go/token"
 	"golang.org/x/crypto/chacha20poly1305"
 	"golang.org/x/crypto/hkdf"
 	"google.golang.org/protobuf/proto"
@ -35,13 +35,13 @@ type ContainerPolicy struct {
 // GateData represents gate tokens in AccessBox.
 type GateData struct {
 	AccessKey     string
-	BearerToken   *token.BearerToken
+	BearerToken   *bearer.Token
 	SessionTokens []*session.Token
 	GateKey       *keys.PublicKey
 }
 // NewGateData returns GateData from the provided bearer token and the public gate key.
-func NewGateData(gateKey *keys.PublicKey, bearerTkn *token.BearerToken) *GateData {
+func NewGateData(gateKey *keys.PublicKey, bearerTkn *bearer.Token) *GateData {
 	return &GateData{GateKey: gateKey, BearerToken: bearerTkn}
 }
@ -175,12 +175,8 @@ func (x *AccessBox) GetBox(owner *keys.PrivateKey) (*Box, error) {
 }
 func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateKey, secret []byte) error {
-	for i, gate := range gatesData {
+	for _, gate := range gatesData {
-		encBearer, err := gate.BearerToken.Marshal()
+		encBearer := gate.BearerToken.Marshal()
 		if err != nil {
 			return fmt.Errorf("%w, sender = %d", err, i)
 		}
 		encSessions := make([][]byte, len(gate.SessionTokens))
 		for i, sessionToken := range gate.SessionTokens {
 			encSession, err := sessionToken.Marshal()
@ -231,8 +227,8 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi
 		return nil, err
 	}
-	bearerTkn := token.NewBearerToken()
+	var bearerTkn bearer.Token
-	if err := bearerTkn.Unmarshal(tokens.BearerToken); err != nil {
+	if err = bearerTkn.Unmarshal(tokens.BearerToken); err != nil {
 		return nil, err
 	}
@ -245,7 +241,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi
 		sessionTkns[i] = sessionTkn
 	}
-	gateData := NewGateData(owner.PublicKey(), bearerTkn)
+	gateData := NewGateData(owner.PublicKey(), &bearerTkn)
 	gateData.SessionTokens = sessionTkns
 	gateData.AccessKey = hex.EncodeToString(tokens.AccessKey)
 	return gateData, nil
--- a/creds/accessbox/bearer_token_test.go
+++ b/creds/accessbox/bearer_token_test.go
@ -5,16 +5,16 @@ import (
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	"github.com/nspcc-dev/neofs-sdk-go/token"
 	"github.com/stretchr/testify/require"
 )
 func Test_tokens_encrypt_decrypt(t *testing.T) {
 	var (
-		tkn  = token.NewBearerToken()
+		tkn  bearer.Token
-		tkn2 = token.NewBearerToken()
+		tkn2 bearer.Token
 	)
 	sec, err := keys.NewPrivateKey()
 	require.NoError(t, err)
@ -22,13 +22,10 @@ func Test_tokens_encrypt_decrypt(t *testing.T) {
 	cred, err := keys.NewPrivateKey()
 	require.NoError(t, err)
-	tkn.SetEACLTable(eacl.NewTable())
+	tkn.SetEACLTable(*eacl.NewTable())
-	require.NoError(t, tkn.SignToken(&sec.PrivateKey))
+	require.NoError(t, tkn.Sign(sec.PrivateKey))
-	rawTkn, err := tkn.Marshal()
+	data, err := encrypt(cred, cred.PublicKey(), tkn.Marshal())
 	require.NoError(t, err)
 	data, err := encrypt(cred, cred.PublicKey(), rawTkn)
 	require.NoError(t, err)
 	rawTkn2, err := decrypt(cred, cred.PublicKey(), data)
@ -44,7 +41,7 @@ func Test_bearer_token_in_access_box(t *testing.T) {
 	var (
 		box  *AccessBox
 		box2 AccessBox
-		tkn  = token.NewBearerToken()
+		tkn  bearer.Token
 	)
 	sec, err := keys.NewPrivateKey()
@ -53,10 +50,10 @@ func Test_bearer_token_in_access_box(t *testing.T) {
 	cred, err := keys.NewPrivateKey()
 	require.NoError(t, err)
-	tkn.SetEACLTable(eacl.NewTable())
+	tkn.SetEACLTable(*eacl.NewTable())
-	require.NoError(t, tkn.SignToken(&sec.PrivateKey))
+	require.NoError(t, tkn.Sign(sec.PrivateKey))
-	gate := NewGateData(cred.PublicKey(), tkn)
+	gate := NewGateData(cred.PublicKey(), &tkn)
 	box, _, err = PackTokens([]*GateData{gate})
 	require.NoError(t, err)
@ -69,7 +66,7 @@ func Test_bearer_token_in_access_box(t *testing.T) {
 	tkns, err := box2.GetTokens(cred)
 	require.NoError(t, err)
-	require.Equal(t, tkn, tkns.BearerToken)
+	require.Equal(t, &tkn, tkns.BearerToken)
 }
 func Test_session_token_in_access_box(t *testing.T) {
@ -93,7 +90,8 @@ func Test_session_token_in_access_box(t *testing.T) {
 	tok.SetSessionKey(sec.PublicKey().Bytes())
 	require.NoError(t, tkn.Sign(&sec.PrivateKey))
-	gate := NewGateData(cred.PublicKey(), token.NewBearerToken())
+	var newTkn bearer.Token
 	gate := NewGateData(cred.PublicKey(), &newTkn)
 	gate.SessionTokens = []*session.Token{tkn}
 	box, _, err = PackTokens([]*GateData{gate})
 	require.NoError(t, err)
@ -113,14 +111,14 @@ func Test_session_token_in_access_box(t *testing.T) {
 func Test_accessbox_multiple_keys(t *testing.T) {
 	var (
 		box *AccessBox
-		tkn = token.NewBearerToken()
+		tkn bearer.Token
 	)
 	sec, err := keys.NewPrivateKey()
 	require.NoError(t, err)
-	tkn.SetEACLTable(eacl.NewTable())
+	tkn.SetEACLTable(*eacl.NewTable())
-	require.NoError(t, tkn.SignToken(&sec.PrivateKey))
+	require.NoError(t, tkn.Sign(sec.PrivateKey))
 	count := 10
 	gates := make([]*GateData, 0, count)
@ -130,7 +128,7 @@ func Test_accessbox_multiple_keys(t *testing.T) {
 			cred, err := keys.NewPrivateKey()
 			require.NoError(t, err)
-			gates = append(gates, NewGateData(cred.PublicKey(), tkn))
+			gates = append(gates, NewGateData(cred.PublicKey(), &tkn))
 			privateKeys = append(privateKeys, cred)
 		}
 	}
@ -141,14 +139,14 @@ func Test_accessbox_multiple_keys(t *testing.T) {
 	for i, k := range privateKeys {
 		tkns, err := box.GetTokens(k)
 		require.NoError(t, err, "key #%d: %s failed", i, k)
-		require.Equal(t, tkns.BearerToken, tkn)
+		require.Equal(t, *tkns.BearerToken, tkn)
 	}
 }
 func Test_unknown_key(t *testing.T) {
 	var (
 		box *AccessBox
-		tkn = token.NewBearerToken()
+		tkn bearer.Token
 	)
 	sec, err := keys.NewPrivateKey()
@ -160,10 +158,10 @@ func Test_unknown_key(t *testing.T) {
 	wrongCred, err := keys.NewPrivateKey()
 	require.NoError(t, err)
-	tkn.SetEACLTable(eacl.NewTable())
+	tkn.SetEACLTable(*eacl.NewTable())
-	require.NoError(t, tkn.SignToken(&sec.PrivateKey))
+	require.NoError(t, tkn.Sign(sec.PrivateKey))
-	gate := NewGateData(cred.PublicKey(), tkn)
+	gate := NewGateData(cred.PublicKey(), &tkn)
 	box, _, err = PackTokens([]*GateData{gate})
 	require.NoError(t, err)
--- a/creds/tokens/credentials.go
+++ b/creds/tokens/credentials.go
@ -13,14 +13,14 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 type (
 	// Credentials is a bearer token get/put interface.
 	Credentials interface {
 		GetBox(context.Context, *address.Address) (*accessbox.Box, error)
-		Put(context.Context, *cid.ID, *owner.ID, *accessbox.AccessBox, uint64, ...*keys.PublicKey) (*address.Address, error)
+		Put(context.Context, *cid.ID, user.ID, *accessbox.AccessBox, uint64, ...*keys.PublicKey) (*address.Address, error)
 	}
 	cred struct {
@ -33,7 +33,7 @@ type (
 // PrmObjectCreate groups parameters of objects created by credential tool.
 type PrmObjectCreate struct {
 	// NeoFS identifier of the object creator.
-	Creator owner.ID
+	Creator user.ID
 	// NeoFS container to store the object.
 	Container cid.ID
@ -118,7 +118,7 @@ func (c *cred) getAccessBox(ctx context.Context, addr *address.Address) (*access
 	return &box, nil
 }
-func (c *cred) Put(ctx context.Context, idCnr *cid.ID, issuer *owner.ID, box *accessbox.AccessBox, expiration uint64, keys ...*keys.PublicKey) (*address.Address, error) {
+func (c *cred) Put(ctx context.Context, idCnr *cid.ID, issuer user.ID, box *accessbox.AccessBox, expiration uint64, keys ...*keys.PublicKey) (*address.Address, error) {
 	if len(keys) == 0 {
 		return nil, ErrEmptyPublicKeys
 	} else if box == nil {
@ -130,7 +130,7 @@ func (c *cred) Put(ctx context.Context, idCnr *cid.ID, issuer *owner.ID, box *ac
 	}
 	idObj, err := c.neoFS.CreateObject(ctx, PrmObjectCreate{
-		Creator:         *issuer,
+		Creator:         issuer,
 		Container:       *idCnr,
 		Filename:        strconv.FormatInt(time.Now().Unix(), 10) + "_access.box",
 		ExpirationEpoch: expiration,
@ -141,7 +141,7 @@ func (c *cred) Put(ctx context.Context, idCnr *cid.ID, issuer *owner.ID, box *ac
 	}
 	addr := address.NewAddress()
-	addr.SetObjectID(idObj)
+	addr.SetObjectID(*idObj)
-	addr.SetContainerID(idCnr)
+	addr.SetContainerID(*idCnr)
 	return addr, nil
 }
--- a/go.mod
+++ b/go.mod
@ -11,9 +11,9 @@ require (
 	github.com/gorilla/mux v1.8.0
 	github.com/nats-io/nats-server/v2 v2.7.1 // indirect
 	github.com/nats-io/nats.go v1.13.1-0.20220121202836-972a071d373d
-	github.com/nspcc-dev/neo-go v0.98.0
+	github.com/nspcc-dev/neo-go v0.98.2
 	github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220407103316-e50e6d28280d
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220424111116-497053c785f5
 	github.com/prometheus/client_golang v1.11.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.7.1
--- a/go.sum
+++ b/go.sum
@ -199,7 +199,6 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/holiman/uint256 v1.2.0 h1:gpSYcPLWGv4sG43I2mVLiDZCNDh/EpGjSk8tmtxitHM=
 github.com/holiman/uint256 v1.2.0/go.mod h1:y4ga/t+u+Xwd7CpDgZESaRcWy0I7XMlTMA25ApIH5Jw=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@ -220,6 +219,7 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
@ -283,26 +283,36 @@ github.com/nspcc-dev/dbft v0.0.0-20191209120240-0d6b7568d9ae/go.mod h1:3FjXOoHmA
 github.com/nspcc-dev/dbft v0.0.0-20200117124306-478e5cfbf03a/go.mod h1:/YFK+XOxxg0Bfm6P92lY5eDSLYfp06XOdL8KAVgXjVk=
 github.com/nspcc-dev/dbft v0.0.0-20200219114139-199d286ed6c1/go.mod h1:O0qtn62prQSqizzoagHmuuKoz8QMkU3SzBoKdEvm3aQ=
 github.com/nspcc-dev/dbft v0.0.0-20210721160347-1b03241391ac/go.mod h1:U8MSnEShH+o5hexfWJdze6uMFJteP0ko7J2frO7Yu1Y=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20210915112629-e1b6cce73d02 h1:JgRx27vfGw5WV5QbaNDy0iy2WD1XJO964wwAapaYKLg=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20210915112629-e1b6cce73d02/go.mod h1:79bEUDEviBHJMFV6Iq6in57FEOCMcRhfQnfaf0ETA5U=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 h1:n4ZaFCKt1pQJd7PXoMJabZWK9ejjbLOVrkl/lOUmshg=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22/go.mod h1:79bEUDEviBHJMFV6Iq6in57FEOCMcRhfQnfaf0ETA5U=
 github.com/nspcc-dev/hrw v1.0.9 h1:17VcAuTtrstmFppBjfRiia4K2wA/ukXZhLFS8Y8rz5Y=
 github.com/nspcc-dev/hrw v1.0.9/go.mod h1:l/W2vx83vMQo6aStyx2AuZrJ+07lGv2JQGlVkPG06MU=
 github.com/nspcc-dev/neo-go v0.73.1-pre.0.20200303142215-f5a1b928ce09/go.mod h1:pPYwPZ2ks+uMnlRLUyXOpLieaDQSEaf4NM3zHVbRjmg=
 github.com/nspcc-dev/neo-go v0.98.0 h1:yyW4sgY88/pLf0949qmgfkQXzRKC3CI/WyhqXNnwMd8=
 github.com/nspcc-dev/neo-go v0.98.0/go.mod h1:E3cc1x6RXSXrJb2nDWXTXjnXk3rIqVN8YdFyWv+FrqM=
 github.com/nspcc-dev/neo-go v0.98.2 h1:aNTQR0BjkojCVXv17/dh1sD88a0A1L+7GNympylTKig=
 github.com/nspcc-dev/neo-go v0.98.2/go.mod h1:KXKqJwfTyVJzDarSCDqFaKrVbg/qz0ZBk2c3AtzqS5M=
 github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321113211-526c423a6152 h1:JK6tUTDL389aO5/0ZQDin+1MQ8uM35Oph7wUnf8mS+4=
 github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321113211-526c423a6152/go.mod h1:QBE0I30F2kOAISNpT5oks82yF4wkkUq3SCfI3Hqgx/Y=
 github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
 github.com/nspcc-dev/neofs-api-go/v2 v2.11.1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
 github.com/nspcc-dev/neofs-api-go/v2 v2.12.1 h1:PVU2rLlG9S0jDe5eKyaUs4nKo/la+mN5pvz32Gib3qM=
 github.com/nspcc-dev/neofs-api-go/v2 v2.12.1/go.mod h1:73j09Xa7I2zQbM3HCvAHnDHPYiiWnEHa1d6Z6RDMBLU=
 github.com/nspcc-dev/neofs-contract v0.15.1 h1:1r27t4SGKF7W1PRPOIfircEXHvALThNYNagT+SIabcA=
 github.com/nspcc-dev/neofs-contract v0.15.1/go.mod h1:kxO5ZTqdzFnRM5RMvM+Fhd+3GGrJo6AmG2ZyA9OCqqQ=
 github.com/nspcc-dev/neofs-crypto v0.2.0/go.mod h1:F/96fUzPM3wR+UGsPi3faVNmFlA9KAEAUQR7dMxZmNA=
 github.com/nspcc-dev/neofs-crypto v0.2.3/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
 github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnBg0L4ifM=
 github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
 github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220407103316-e50e6d28280d h1:OHyq8+zyQtARFWj3quRPabcfQWJZEiU7HYp6QGCSjaM=
+github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220407103316-e50e6d28280d/go.mod h1:Hl7a1l0ntZ4b1ZABpGX6fuAuFS3c6+hyMCUNVvZv/w4=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220424111116-497053c785f5 h1:upiT6iVOy81tiY2x593E8+mxpb9BuW3fsvKFdqdXenk=
 github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220424111116-497053c785f5/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho=
 github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
 github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
 github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
 github.com/nspcc-dev/tzhash v1.5.2 h1:GuIQPOY2xpl5ZE1pbUbz+QdKXVOTyzbbxSVv0nBfa98=
 github.com/nspcc-dev/tzhash v1.5.2/go.mod h1:gwAx6mcsbkfY+JVp+PovoP2Gvw6y57W8dj7zDHKOhzI=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
@ -414,6 +424,7 @@ github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/gopher-lua v0.0.0-20190514113301-1cd887cd7036/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
 github.com/yuin/gopher-lua v0.0.0-20191128022950-c6266f4fe8d7/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@ -472,6 +483,7 @@ golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKG
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -497,6 +509,7 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -554,8 +567,10 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220111092808-5a964db01320 h1:0jf+tOCoZ3LyutmCOWpVni1chK4VfFLhRsDK7MhqGRY=
+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210429154555-c04ba851c2a4 h1:UPou2i3GzKgi6igR+/0C5XyHKBngHxBp/CL5CQ0p3Zk=
 golang.org/x/term v0.0.0-20210429154555-c04ba851c2a4/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@ -563,8 +578,9 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
@ -592,8 +608,9 @@ golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.1 h1:wGiQel/hW0NnEkJUk8lbzkX2gFJU6PFxf1v5OlCfuOs=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/internal/neofs/neofs.go
+++ b/internal/neofs/neofs.go
@ -23,9 +23,9 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	"github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/pool"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 // NeoFS represents virtual connection to the NeoFS network.
@ -143,7 +143,7 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm neofs.PrmContainerCreat
 }
 // UserContainers implements neofs.NeoFS interface method.
-func (x *NeoFS) UserContainers(ctx context.Context, id owner.ID) ([]cid.ID, error) {
+func (x *NeoFS) UserContainers(ctx context.Context, id user.ID) ([]cid.ID, error) {
 	var prm pool.PrmContainerList
 	prm.SetOwnerID(id)
@ -226,7 +226,7 @@ func (x *NeoFS) CreateObject(ctx context.Context, prm neofs.PrmObjectCreate) (*o
 	}
 	obj := object.New()
-	obj.SetContainerID(&prm.Container)
+	obj.SetContainerID(prm.Container)
 	obj.SetOwnerID(&prm.Creator)
 	obj.SetAttributes(attrs...)
 	obj.SetPayloadSize(prm.PayloadSize)
@ -242,7 +242,7 @@ func (x *NeoFS) CreateObject(ctx context.Context, prm neofs.PrmObjectCreate) (*o
 	prmPut.SetPayload(prm.Payload)
 	if prm.BearerToken != nil {
-		prmPut.UseBearer(prm.BearerToken)
+		prmPut.UseBearer(*prm.BearerToken)
 	} else {
 		prmPut.UseKey(prm.PrivateKey)
 	}
@ -273,7 +273,7 @@ func (x *NeoFS) SelectObjects(ctx context.Context, prm neofs.PrmObjectSelect) ([
 	prmSearch.SetFilters(filters)
 	if prm.BearerToken != nil {
-		prmSearch.UseBearer(prm.BearerToken)
+		prmSearch.UseBearer(*prm.BearerToken)
 	} else {
 		prmSearch.UseKey(prm.PrivateKey)
 	}
@ -322,14 +322,14 @@ func (x payloadReader) Read(p []byte) (int, error) {
 // ReadObject implements neofs.NeoFS interface method.
 func (x *NeoFS) ReadObject(ctx context.Context, prm neofs.PrmObjectRead) (*neofs.ObjectPart, error) {
 	var addr address.Address
-	addr.SetContainerID(&prm.Container)
+	addr.SetContainerID(prm.Container)
-	addr.SetObjectID(&prm.Object)
+	addr.SetObjectID(prm.Object)
 	var prmGet pool.PrmObjectGet
 	prmGet.SetAddress(addr)
 	if prm.BearerToken != nil {
-		prmGet.UseBearer(prm.BearerToken)
+		prmGet.UseBearer(*prm.BearerToken)
 	} else {
 		prmGet.UseKey(prm.PrivateKey)
 	}
@ -363,7 +363,7 @@ func (x *NeoFS) ReadObject(ctx context.Context, prm neofs.PrmObjectRead) (*neofs
 		prmHead.SetAddress(addr)
 		if prm.BearerToken != nil {
-			prmHead.UseBearer(prm.BearerToken)
+			prmHead.UseBearer(*prm.BearerToken)
 		} else {
 			prmHead.UseKey(prm.PrivateKey)
 		}
@ -401,7 +401,7 @@ func (x *NeoFS) ReadObject(ctx context.Context, prm neofs.PrmObjectRead) (*neofs
 	prmRange.SetLength(prm.PayloadRange[1])
 	if prm.BearerToken != nil {
-		prmRange.UseBearer(prm.BearerToken)
+		prmRange.UseBearer(*prm.BearerToken)
 	} else {
 		prmRange.UseKey(prm.PrivateKey)
 	}
@ -423,14 +423,14 @@ func (x *NeoFS) ReadObject(ctx context.Context, prm neofs.PrmObjectRead) (*neofs
 // DeleteObject implements neofs.NeoFS interface method.
 func (x *NeoFS) DeleteObject(ctx context.Context, prm neofs.PrmObjectDelete) error {
 	var addr address.Address
-	addr.SetContainerID(&prm.Container)
+	addr.SetContainerID(prm.Container)
-	addr.SetObjectID(&prm.Object)
+	addr.SetObjectID(prm.Object)
 	var prmDelete pool.PrmObjectDelete
 	prmDelete.SetAddress(addr)
 	if prm.BearerToken != nil {
-		prmDelete.UseBearer(prm.BearerToken)
+		prmDelete.UseBearer(*prm.BearerToken)
 	} else {
 		prmDelete.UseKey(prm.PrivateKey)
 	}
@ -531,9 +531,12 @@ func (x *AuthmateNeoFS) CreateContainer(ctx context.Context, prm authmate.PrmCon
 // ReadObjectPayload implements authmate.NeoFS interface method.
 func (x *AuthmateNeoFS) ReadObjectPayload(ctx context.Context, addr address.Address) ([]byte, error) {
 	cnrID, _ := addr.ContainerID()
 	objID, _ := addr.ObjectID()
 	res, err := x.neoFS.ReadObject(ctx, neofs.PrmObjectRead{
-		Container:   *addr.ContainerID(),
+		Container:   cnrID,
-		Object:      *addr.ObjectID(),
+		Object:      objID,
 		WithPayload: true,
 	})
 	if err != nil {
--- a/internal/neofstest/neofs_mock.go
+++ b/internal/neofstest/neofs_mock.go
@ -18,8 +18,7 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	"github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/object/id/test"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 )
 const objectSystemAttributeName = "S3-System-name"
@ -61,8 +60,8 @@ func (t *TestNeoFS) ContainerID(name string) (*cid.ID, error) {
 	for id, cnr := range t.containers {
 		for _, attr := range cnr.Attributes() {
 			if attr.Key() == container.AttributeName && attr.Value() == name {
-				cnrID := cid.New()
+				var cnrID cid.ID
-				return cnrID, cnrID.Parse(id)
+				return &cnrID, cnrID.DecodeString(id)
 			}
 		}
 	}
@ -97,11 +96,11 @@ func (t *TestNeoFS) CreateContainer(_ context.Context, prm neofs.PrmContainerCre
 		return nil, err
 	}
-	id := cid.New()
+	var id cid.ID
 	id.SetSHA256(sha256.Sum256(b))
 	t.containers[id.String()] = cnr
-	return id, nil
+	return &id, nil
 }
 func (t *TestNeoFS) Container(_ context.Context, id cid.ID) (*container.Container, error) {
@ -114,11 +113,11 @@ func (t *TestNeoFS) Container(_ context.Context, id cid.ID) (*container.Containe
 	return nil, fmt.Errorf("container not found " + id.String())
 }
-func (t *TestNeoFS) UserContainers(_ context.Context, _ owner.ID) ([]cid.ID, error) {
+func (t *TestNeoFS) UserContainers(_ context.Context, _ user.ID) ([]cid.ID, error) {
 	var res []cid.ID
 	for k := range t.containers {
 		var idCnr cid.ID
-		if err := idCnr.Parse(k); err != nil {
+		if err := idCnr.DecodeString(k); err != nil {
 			return nil, err
 		}
 		res = append(res, idCnr)
@ -146,7 +145,8 @@ func (t *TestNeoFS) SelectObjects(_ context.Context, prm neofs.PrmObjectSelect)
 	if len(filters) == 1 {
 		for k, v := range t.objects {
 			if strings.Contains(k, cidStr) {
-				res = append(res, *v.ID())
+				id, _ := v.ID()
 				res = append(res, id)
 			}
 		}
 		return res, nil
@ -160,7 +160,8 @@ func (t *TestNeoFS) SelectObjects(_ context.Context, prm neofs.PrmObjectSelect)
 	for k, v := range t.objects {
 		if strings.Contains(k, cidStr) && isMatched(v.Attributes(), filter) {
-			res = append(res, *v.ID())
+			id, _ := v.ID()
 			res = append(res, id)
 		}
 	}
@ -169,8 +170,8 @@ func (t *TestNeoFS) SelectObjects(_ context.Context, prm neofs.PrmObjectSelect)
 func (t *TestNeoFS) ReadObject(_ context.Context, prm neofs.PrmObjectRead) (*neofs.ObjectPart, error) {
 	var addr address.Address
-	addr.SetContainerID(&prm.Container)
+	addr.SetContainerID(prm.Container)
-	addr.SetObjectID(&prm.Object)
+	addr.SetObjectID(prm.Object)
 	sAddr := addr.String()
@ -185,7 +186,12 @@ func (t *TestNeoFS) ReadObject(_ context.Context, prm neofs.PrmObjectRead) (*neo
 }
 func (t *TestNeoFS) CreateObject(_ context.Context, prm neofs.PrmObjectCreate) (*oid.ID, error) {
-	id := test.ID()
+	b := make([]byte, 32)
 	if _, err := io.ReadFull(rand.Reader, b); err != nil {
 		return nil, err
 	}
 	var id oid.ID
 	id.SetSHA256(sha256.Sum256(b))
 	attrs := make([]object.Attribute, 0)
@ -204,7 +210,7 @@ func (t *TestNeoFS) CreateObject(_ context.Context, prm neofs.PrmObjectCreate) (
 	}
 	obj := object.New()
-	obj.SetContainerID(&prm.Container)
+	obj.SetContainerID(prm.Container)
 	obj.SetID(id)
 	obj.SetPayloadSize(prm.PayloadSize)
 	obj.SetAttributes(attrs...)
@ -226,22 +232,25 @@ func (t *TestNeoFS) CreateObject(_ context.Context, prm neofs.PrmObjectCreate) (
 		obj.SetPayloadSize(uint64(len(all)))
 	}
-	addr := newAddress(obj.ContainerID(), obj.ID())
+	cnrID, _ := obj.ContainerID()
 	objID, _ := obj.ID()
 	addr := newAddress(cnrID, objID)
 	t.objects[addr.String()] = obj
-	return obj.ID(), nil
+	return &objID, nil
 }
 func (t *TestNeoFS) DeleteObject(_ context.Context, prm neofs.PrmObjectDelete) error {
 	var addr address.Address
-	addr.SetContainerID(&prm.Container)
+	addr.SetContainerID(prm.Container)
-	addr.SetObjectID(&prm.Object)
+	addr.SetObjectID(prm.Object)
 	delete(t.objects, addr.String())
 	return nil
 }
-func (t *TestNeoFS) TimeToEpoch(ctx context.Context, futureTime time.Time) (uint64, uint64, error) {
+func (t *TestNeoFS) TimeToEpoch(_ context.Context, futureTime time.Time) (uint64, uint64, error) {
 	return t.currentEpoch, t.currentEpoch + uint64(futureTime.Second()), nil
 }
@ -255,7 +264,7 @@ func isMatched(attributes []object.Attribute, filter object.SearchFilter) bool {
 	return false
 }
-func newAddress(cid *cid.ID, oid *oid.ID) *address.Address {
+func newAddress(cid cid.ID, oid oid.ID) *address.Address {
 	addr := address.NewAddress()
 	addr.SetContainerID(cid)
 	addr.SetObjectID(oid)