wallet: respect user-locked accounts, don't sign with them

NEP-6 has a notion of locked acccounts and SignTx must respect this user's
choice. For some reason this setting was inappropriately used by our RPC
client tests (probably a different kind of lock was meant).

pkg/services/rpcsrv/client_test.go

@@ -850,7 +850,6 @@ func TestSignAndPushInvocationTx(t *testing.T) {
 			Parameters: []wallet.ContractParam{},
 			Deployed:   true,
 		},
-		Locked:  true,
 		Default: false,
 	}
 
@@ -866,7 +865,6 @@ func TestSignAndPushInvocationTx(t *testing.T) {
 			},
 			Deployed: true,
 		},
-		Locked:  true,
 		Default: false,
 	}
 

pkg/wallet/account.go

@@ -90,6 +90,9 @@ func (a *Account) SignTx(net netmode.Magic, t *transaction.Transaction) error {
 		accHash util.Uint160
 		err     error
 	)
+	if a.Locked {
+		return errors.New("account is locked")
+	}
 	if a.Contract == nil {
 		return errors.New("account has no contract")
 	}
@@ -119,7 +122,7 @@ func (a *Account) SignTx(net netmode.Magic, t *transaction.Transaction) error {
 		return nil
 	}
 	if a.privateKey == nil {
-		return errors.New("account is not unlocked")
+		return errors.New("account key is not available (need to decrypt?)")
 	}
 	sign := a.privateKey.SignHashable(uint32(net), t)
 

pkg/wallet/account_test.go

@@ -134,6 +134,10 @@ func TestContractSignTx(t *testing.T) {
 	require.Equal(t, 1, len(tx.Scripts))
 	require.Equal(t, 66, len(tx.Scripts[0].InvocationScript))
 
+	acc2.Locked = true
+	require.Error(t, acc2.SignTx(0, tx)) // Locked account.
+
+	acc2.Locked = false
 	acc2.privateKey = nil
 	require.Error(t, acc2.SignTx(0, tx)) // No private key.