[#1371] bearer: Upgrade SDK package

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>

cmd/neofs-cli/internal/client/prm.go

@@ -3,11 +3,11 @@ package internal
 import (
 	"io"
 
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
 )
 
 // here are small structures with public setters to share between parameter structures
@@ -40,11 +40,11 @@ func (x *sessionTokenPrm) SetSessionToken(tok *session.Token) {
 }
 
 type bearerTokenPrm struct {
-	bearerToken *token.BearerToken
+	bearerToken *bearer.Token
 }
 
 // SetBearerToken sets the bearer token to be attached to the request.
-func (x *bearerTokenPrm) SetBearerToken(tok *token.BearerToken) {
+func (x *bearerTokenPrm) SetBearerToken(tok *bearer.Token) {
 	x.bearerToken = tok
 }
 

cmd/neofs-cli/modules/bearer/create.go

@@ -13,10 +13,10 @@ import (
 
 	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
 	"github.com/nspcc-dev/neofs-node/pkg/network"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
 	"github.com/spf13/cobra"
 )
 
@@ -101,9 +101,11 @@ func createToken(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't parse recipient: %w", err)
 	}
 
-	b := token.NewBearerToken()
+	var b bearer.Token
-	b.SetLifetime(exp, nvb, iat)
+	b.SetExpiration(exp)
-	b.SetOwner(ownerID)
+	b.SetNotBefore(nvb)
+	b.SetIssuedAt(iat)
+	b.SetOwnerID(*ownerID)
 
 	eaclPath, _ := cmd.Flags().GetString(eaclFlag)
 	if eaclPath != "" {
@@ -115,7 +117,7 @@ func createToken(cmd *cobra.Command, _ []string) error {
 		if err := json.Unmarshal(raw, table); err != nil {
 			return fmt.Errorf("can't parse extended ACL: %w", err)
 		}
-		b.SetEACLTable(table)
+		b.SetEACLTable(*table)
 	}
 
 	var data []byte
@@ -123,11 +125,11 @@ func createToken(cmd *cobra.Command, _ []string) error {
 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
 	if toJSON {
 		data, err = json.Marshal(b)
-	} else {
-		data, err = b.Marshal(nil)
-	}
 		if err != nil {
-		return fmt.Errorf("can't mashal token: %w", err)
+			return fmt.Errorf("can't mashal token to JSON: %w", err)
+		}
+	} else {
+		data = b.Marshal()
 	}
 
 	out, _ := cmd.Flags().GetString(outFlag)

cmd/neofs-cli/modules/object.go

@@ -18,6 +18,7 @@ import (
 	objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
 	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
 	sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/checksum"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
@@ -25,7 +26,6 @@ import (
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
 	"github.com/spf13/cobra"
 )
 
@@ -1056,7 +1056,7 @@ func marshalHeader(cmd *cobra.Command, hdr *object.Object) ([]byte, error) {
 	}
 }
 
-func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, error) {
+func getBearerToken(cmd *cobra.Command, flagname string) (*bearer.Token, error) {
 	path, err := cmd.Flags().GetString(flagname)
 	if err != nil || len(path) == 0 {
 		return nil, nil
@@ -1067,7 +1067,7 @@ func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, er
 		return nil, fmt.Errorf("can't read bearer token file: %w", err)
 	}
 
-	tok := token.NewBearerToken()
+	var tok bearer.Token
 	if err := tok.UnmarshalJSON(data); err != nil {
 		if err = tok.Unmarshal(data); err != nil {
 			return nil, fmt.Errorf("can't decode bearer token: %w", err)
@@ -1078,7 +1078,7 @@ func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, er
 		printVerbose("Using JSON encoded bearer token")
 	}
 
-	return tok, nil
+	return &tok, nil
 }
 
 func getObjectRange(cmd *cobra.Command, _ []string) {

cmd/neofs-cli/modules/root.go

@@ -17,10 +17,10 @@ import (
 	sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
 	"github.com/nspcc-dev/neofs-node/misc"
 	"github.com/nspcc-dev/neofs-node/pkg/network"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -217,7 +217,7 @@ func prepareAPIClientWithKey(cmd *cobra.Command, key *ecdsa.PrivateKey, dst ...c
 }
 
 type bearerPrm interface {
-	SetBearerToken(prm *token.BearerToken)
+	SetBearerToken(prm *bearer.Token)
 }
 
 func prepareBearerPrm(cmd *cobra.Command, prm bearerPrm) {

cmd/neofs-cli/modules/util.go

@@ -10,7 +10,6 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-node/pkg/util/keyer"
 	locodedb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db"
 	airportsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/airports"
@@ -18,8 +17,6 @@ import (
 	continentsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/continents/geojson"
 	csvlocode "github.com/nspcc-dev/neofs-node/pkg/util/locode/table/csv"
 	sdkstatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
-	"github.com/nspcc-dev/neofs-sdk-go/version"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -296,10 +293,7 @@ func signBearerToken(cmd *cobra.Command, _ []string) {
 	key, err := getKey()
 	exitOnErr(cmd, err)
 
-	err = completeBearerToken(btok)
+	err = btok.Sign(*key)
-	exitOnErr(cmd, err)
-
-	err = btok.SignToken(key)
 	exitOnErr(cmd, err)
 
 	to := cmd.Flag("to").Value.String()
@@ -310,8 +304,7 @@ func signBearerToken(cmd *cobra.Command, _ []string) {
 		data, err = btok.MarshalJSON()
 		exitOnErr(cmd, errf("can't JSON encode bearer token: %w", err))
 	} else {
-		data, err = btok.Marshal()
+		data = btok.Marshal()
-		exitOnErr(cmd, errf("can't binary encode bearer token: %w", err))
 	}
 
 	if len(to) == 0 {
@@ -424,22 +417,6 @@ func processKeyer(cmd *cobra.Command, args []string) {
 	result.PrettyPrint(uncompressed, useHex)
 }
 
-func completeBearerToken(btok *token.BearerToken) error {
-	if v2 := btok.ToV2(); v2 != nil {
-		// set eACL table version, because it usually omitted
-		table := v2.GetBody().GetEACL()
-
-		var ver refs.Version
-		version.Current().WriteToV2(&ver)
-
-		table.SetVersion(&ver)
-	} else {
-		return errors.New("unsupported bearer token version")
-	}
-
-	return nil
-}
-
 func prettyPrintJSON(cmd *cobra.Command, data []byte) {
 	buf := new(bytes.Buffer)
 	if err := json.Indent(buf, data, "", "  "); err != nil {

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
 	github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
 	github.com/nspcc-dev/neofs-contract v0.14.2
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413082415-24d6c2221f6b
 	github.com/nspcc-dev/tzhash v1.5.2
 	github.com/panjf2000/ants/v2 v2.4.0
 	github.com/paulmach/orb v0.2.2

pkg/services/object/acl/acl.go

@@ -13,10 +13,10 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
 	eaclV2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl/v2"
 	v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
+	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/bearer"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
 )
 
 // CheckerPrm groups parameters for Checker
@@ -143,21 +143,21 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
 		reqInfo.CleanBearer()
 	}
 
-	var (
+	var table eaclSDK.Table
-		table *eaclSDK.Table
-		err   error
-	)
 
-	if reqInfo.Bearer().Empty() {
+	bearerTok := reqInfo.Bearer()
-		table, err = c.eaclSrc.GetEACL(reqInfo.ContainerID())
+	if bearerTok == nil {
+		pTable, err := c.eaclSrc.GetEACL(reqInfo.ContainerID())
 		if err != nil {
 			if errors.Is(err, container.ErrEACLNotFound) {
 				return nil
 			}
 			return err
 		}
+
+		table = *pTable
 	} else {
-		table = reqInfo.Bearer().EACLTable()
+		table = bearerTok.EACLTable()
 	}
 
 	// if bearer token is not present, isValidBearer returns true
@@ -195,7 +195,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
 		WithHeaderSource(
 			eaclV2.NewMessageHeaderSource(hdrSrcOpts...),
 		).
-		WithEACLTable(table),
+		WithEACLTable(&table),
 	)
 
 	if action != eaclSDK.ActionAllow {
@@ -210,9 +210,8 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
 func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
 	token := reqInfo.Bearer()
 
-	// 0. Check if bearer token is present in reqInfo. It might be non nil
+	// 0. Check if bearer token is present in reqInfo.
-	// empty structure.
+	if token == nil {
-	if token == nil || token.Empty() {
 		return nil
 	}
 
@@ -227,32 +226,35 @@ func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
 	}
 
 	// 3. Then check if container owner signed this token.
-	tokenIssuerKey := unmarshalPublicKey(token.Signature().Key())
+	issuer, ok := token.Issuer()
-	if !isOwnerFromKey(reqInfo.ContainerOwner(), tokenIssuerKey) {
+	if !ok {
+		panic("unexpected false return from Issuer method on signed bearer token")
+	}
+
+	if !issuer.Equal(reqInfo.ContainerOwner()) {
 		// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
 		return errBearerNotSignedByOwner
 	}
 
 	// 4. Then check if request sender has rights to use this token.
-	tokenOwnerField := token.OwnerID()
+	tokenOwner := token.OwnerID()
-	if tokenOwnerField != nil { // see bearer token owner field description
 	requestSenderKey := unmarshalPublicKey(reqInfo.SenderKey())
-		if !isOwnerFromKey(tokenOwnerField, requestSenderKey) {
+
+	if !isOwnerFromKey(&tokenOwner, requestSenderKey) {
 		// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
 		return errBearerInvalidOwner
 	}
-	}
 
 	return nil
 }
 
-func isValidLifetime(t *bearerSDK.BearerToken, epoch uint64) bool {
+func isValidLifetime(t *bearerSDK.Token, epoch uint64) bool {
 	// The "exp" (expiration time) claim identifies the expiration time on
 	// or after which the JWT MUST NOT be accepted for processing.
 	// The "nbf" (not before) claim identifies the time before which the JWT
 	// MUST NOT be accepted for processing
 	// RFC 7519 sections 4.1.4, 4.1.5
-	return epoch >= t.NotBeforeTime() && epoch <= t.Expiration()
+	return epoch >= t.NotBefore() && epoch <= t.Expiration()
 }
 
 func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {

pkg/services/object/acl/v2/request.go

@@ -6,12 +6,12 @@ import (
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
-	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
 )
 
 // RequestInfo groups parsed version-independent (from SDK library)
@@ -29,7 +29,7 @@ type RequestInfo struct {
 
 	senderKey []byte
 
-	bearer *bearerSDK.BearerToken // bearer token of request
+	bearer *bearer.Token // bearer token of request
 
 	srcRequest interface{}
 }
@@ -72,7 +72,7 @@ func (r *RequestInfo) CleanBearer() {
 }
 
 // Bearer returns bearer token of the request.
-func (r RequestInfo) Bearer() *bearerSDK.BearerToken {
+func (r RequestInfo) Bearer() *bearer.Token {
 	return r.bearer
 }
 
@@ -106,7 +106,7 @@ func (r RequestInfo) RequestRole() eaclSDK.Role {
 type MetaWithToken struct {
 	vheader *sessionV2.RequestVerificationHeader
 	token   *sessionSDK.Token
-	bearer  *bearerSDK.BearerToken
+	bearer  *bearer.Token
 	src     interface{}
 }
 

pkg/services/object/acl/v2/util.go

@@ -10,13 +10,13 @@ import (
 	objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
 	refsV2 "github.com/nspcc-dev/neofs-api-go/v2/refs"
 	sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
 	"github.com/nspcc-dev/neofs-sdk-go/signature"
-	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
 )
 
 func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err error) {
@@ -47,12 +47,20 @@ func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err erro
 
 // originalBearerToken goes down to original request meta header and fetches
 // bearer token from there.
-func originalBearerToken(header *sessionV2.RequestMetaHeader) *bearerSDK.BearerToken {
+func originalBearerToken(header *sessionV2.RequestMetaHeader) *bearer.Token {
 	for header.GetOrigin() != nil {
 		header = header.GetOrigin()
 	}
 
-	return bearerSDK.NewBearerTokenFromV2(header.GetBearerToken())
+	tokV2 := header.GetBearerToken()
+	if tokV2 == nil {
+		return nil
+	}
+
+	var tok bearer.Token
+	tok.ReadFromV2(*tokV2)
+
+	return &tok
 }
 
 // originalSessionToken goes down to original request meta header and fetches

pkg/services/object/acl/v2/util_test.go

@@ -7,20 +7,23 @@ import (
 	acltest "github.com/nspcc-dev/neofs-api-go/v2/acl/test"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	sessiontest "github.com/nspcc-dev/neofs-api-go/v2/session/test"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
-	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
 	"github.com/stretchr/testify/require"
 )
 
 func TestOriginalTokens(t *testing.T) {
 	sToken := sessiontest.GenerateSessionToken(false)
-	bToken := acltest.GenerateBearerToken(false)
+	bTokenV2 := acltest.GenerateBearerToken(false)
+
+	var bToken bearer.Token
+	bToken.ReadFromV2(*bTokenV2)
 
 	for i := 0; i < 10; i++ {
-		metaHeaders := testGenerateMetaHeader(uint32(i), bToken, sToken)
+		metaHeaders := testGenerateMetaHeader(uint32(i), bTokenV2, sToken)
 		require.Equal(t, sessionSDK.NewTokenFromV2(sToken), originalSessionToken(metaHeaders), i)
-		require.Equal(t, bearerSDK.NewBearerTokenFromV2(bToken), originalBearerToken(metaHeaders), i)
+		require.Equal(t, &bToken, originalBearerToken(metaHeaders), i)
 	}
 }
 

pkg/services/object/internal/client/client.go

@@ -8,6 +8,7 @@ import (
 	"io"
 
 	coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	"github.com/nspcc-dev/neofs-sdk-go/client"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@@ -15,7 +16,6 @@ import (
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
 )
 
 type commonPrm struct {
@@ -27,7 +27,7 @@ type commonPrm struct {
 
 	tokenSession *session.Token
 
-	tokenBearer *token.BearerToken
+	tokenBearer *bearer.Token
 
 	local bool
 
@@ -65,7 +65,7 @@ func (x *commonPrm) SetSessionToken(tok *session.Token) {
 // SetBearerToken sets bearer token to be attached to the request.
 //
 // By default token is not attached to the request.
-func (x *commonPrm) SetBearerToken(tok *token.BearerToken) {
+func (x *commonPrm) SetBearerToken(tok *bearer.Token) {
 	x.tokenBearer = tok
 }
 

pkg/services/object/util/prm.go

@@ -4,8 +4,8 @@ import (
 	"strconv"
 
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
+	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/token"
 )
 
 // maxLocalTTL is maximum TTL for an operation to be considered local.
@@ -18,7 +18,7 @@ type CommonPrm struct {
 
 	token *sessionsdk.Token
 
-	bearer *token.BearerToken
+	bearer *bearer.Token
 
 	ttl uint32
 
@@ -67,7 +67,7 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Token {
 	return nil
 }
 
-func (p *CommonPrm) BearerToken() *token.BearerToken {
+func (p *CommonPrm) BearerToken() *bearer.Token {
 	if p != nil {
 		return p.bearer
 	}
@@ -116,7 +116,8 @@ func CommonPrmFromV2(req interface {
 	}
 
 	if tok := meta.GetBearerToken(); tok != nil {
-		prm.bearer = token.NewBearerTokenFromV2(tok)
+		prm.bearer = new(bearer.Token)
+		prm.bearer.ReadFromV2(*tok)
 	}
 
 	for i := range xHdrs {