From 7b212431df0bab3e3015653be2199738e039a0a3 Mon Sep 17 00:00:00 2001
From: Alex Vanin <alexey@nspcc.ru>
Date: Thu, 22 Oct 2020 12:18:07 +0300
Subject: [PATCH] [#179] sdk/token: Add function to return token issuer

With new neofs-api changes, token issuer will not be stored
in ownerID field of bearer token. We can identify owner by
public key that has been used in signature.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
---
 pkg/token/bearer.go      | 15 +++++++++++++++
 pkg/token/bearer_test.go | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 pkg/token/bearer_test.go

diff --git a/pkg/token/bearer.go b/pkg/token/bearer.go
index 579d055..87ecbc5 100644
--- a/pkg/token/bearer.go
+++ b/pkg/token/bearer.go
@@ -10,6 +10,7 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/v2/acl"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature"
+	crypto "github.com/nspcc-dev/neofs-crypto"
 )
 
 type BearerToken struct {
@@ -70,6 +71,20 @@ func (b *BearerToken) SignToken(key *ecdsa.PrivateKey) error {
 	})
 }
 
+// Issuer returns owner.ID associated with the key that signed bearer token.
+// To pass node validation it should be owner of requested container. Returns
+// nil if token is not signed.
+func (b *BearerToken) Issuer() *owner.ID {
+	pubKey := crypto.UnmarshalPublicKey(b.token.GetSignature().GetKey())
+
+	wallet, err := owner.NEO3WalletFromPublicKey(pubKey)
+	if err != nil {
+		return nil
+	}
+
+	return owner.NewIDFromNeo3Wallet(wallet)
+}
+
 func NewBearerToken() *BearerToken {
 	b := new(BearerToken)
 	b.token = acl.BearerToken{}
diff --git a/pkg/token/bearer_test.go b/pkg/token/bearer_test.go
new file mode 100644
index 0000000..a06510b
--- /dev/null
+++ b/pkg/token/bearer_test.go
@@ -0,0 +1,32 @@
+package token_test
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
+	"github.com/nspcc-dev/neofs-api-go/pkg/owner"
+	"github.com/nspcc-dev/neofs-api-go/pkg/token"
+	"github.com/nspcc-dev/neofs-crypto/test"
+	"github.com/stretchr/testify/require"
+)
+
+func TestBearerToken_Issuer(t *testing.T) {
+	bearerToken := token.NewBearerToken()
+
+	t.Run("non signed token", func(t *testing.T) {
+		require.Nil(t, bearerToken.Issuer())
+	})
+
+	t.Run("signed token", func(t *testing.T) {
+		key := test.DecodeKey(1)
+
+		wallet, err := owner.NEO3WalletFromPublicKey(&key.PublicKey)
+		require.NoError(t, err)
+
+		ownerID := owner.NewIDFromNeo3Wallet(wallet)
+
+		bearerToken.SetEACLTable(eacl.NewTable())
+		require.NoError(t, bearerToken.SignToken(key))
+		require.Equal(t, bearerToken.Issuer().String(), ownerID.String())
+	})
+}