From 2bcc0051ab1cc073f0b5f4d81494c3c1a3ef9503 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@nspcc.ru>
Date: Wed, 25 May 2022 19:09:12 +0300
Subject: [PATCH] [#1423] session: Get session issuer from token structure

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
---
 go.mod                              |  2 +-
 go.sum                              |  4 ++--
 pkg/services/object/acl/v2/util.go  | 18 ++++------------
 pkg/services/object/delete/exec.go  | 16 ++++++++-------
 pkg/services/object/get/exec.go     |  4 +---
 pkg/services/object/put/remote.go   |  4 +---
 pkg/services/object/put/streamer.go |  4 +---
 pkg/services/object/search/util.go  |  4 +---
 pkg/services/object/util/prm.go     | 32 ++++-------------------------
 9 files changed, 24 insertions(+), 64 deletions(-)

diff --git a/go.mod b/go.mod
index b8794579c..78c1bf644 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
 	github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
 	github.com/nspcc-dev/neofs-contract v0.15.1
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9
 	github.com/nspcc-dev/tzhash v1.5.2
 	github.com/panjf2000/ants/v2 v2.4.0
 	github.com/paulmach/orb v0.2.2
diff --git a/go.sum b/go.sum
index 2f85e764b..20a826f66 100644
--- a/go.sum
+++ b/go.sum
@@ -407,8 +407,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB
 github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
 github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
 github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34 h1:s9+ckFRFDVJfYh/QezTUE4g1JP3pyU5NaNxBfUIyGh8=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9 h1:TV2/sp/2CY7h7R2MJfU7HYDvXjKGAcOMJvpmV/w4lFk=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho=
 github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
 github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
 github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
diff --git a/pkg/services/object/acl/v2/util.go b/pkg/services/object/acl/v2/util.go
index a8b1cae52..d679a3943 100644
--- a/pkg/services/object/acl/v2/util.go
+++ b/pkg/services/object/acl/v2/util.go
@@ -164,29 +164,19 @@ func ownerFromToken(token *sessionSDK.Object) (*user.ID, *keys.PublicKey, error)
 	var tokV2 sessionV2.Token
 	token.WriteToV2(&tokV2)
 
-	ownerSessionV2 := tokV2.GetBody().GetOwnerID()
-	if ownerSessionV2 == nil {
-		return nil, nil, errors.New("missing session owner")
-	}
-
-	var ownerSession user.ID
-
-	err := ownerSession.ReadFromV2(*ownerSessionV2)
-	if err != nil {
-		return nil, nil, fmt.Errorf("invalid session token: %w", err)
-	}
-
 	tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey())
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err)
 	}
 
-	if !isOwnerFromKey(&ownerSession, tokenIssuerKey) {
+	tokenIssuer := token.Issuer()
+
+	if !isOwnerFromKey(&tokenIssuer, tokenIssuerKey) {
 		// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
 		return nil, nil, fmt.Errorf("%w: invalid session token owner", ErrMalformedRequest)
 	}
 
-	return &ownerSession, tokenIssuerKey, nil
+	return &tokenIssuer, tokenIssuerKey, nil
 }
 
 func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signature {
diff --git a/pkg/services/object/delete/exec.go b/pkg/services/object/delete/exec.go
index 1acb3d854..cfefd8ada 100644
--- a/pkg/services/object/delete/exec.go
+++ b/pkg/services/object/delete/exec.go
@@ -243,18 +243,20 @@ func (exec *execCtx) initTombstoneObject() bool {
 		return false
 	}
 
-	tombOwnerID, ok := exec.commonParameters().SessionOwner()
-	if !ok {
-		// make local node a tombstone object owner
-		tombOwnerID = *exec.svc.netInfo.LocalNodeID()
-	}
-
 	exec.tombstoneObj = object.New()
 	exec.tombstoneObj.SetContainerID(*exec.containerID())
-	exec.tombstoneObj.SetOwnerID(&tombOwnerID)
 	exec.tombstoneObj.SetType(object.TypeTombstone)
 	exec.tombstoneObj.SetPayload(payload)
 
+	tokenSession := exec.commonParameters().SessionToken()
+	if tokenSession != nil {
+		issuer := tokenSession.Issuer()
+		exec.tombstoneObj.SetOwnerID(&issuer)
+	} else {
+		// make local node a tombstone object owner
+		exec.tombstoneObj.SetOwnerID(exec.svc.netInfo.LocalNodeID())
+	}
+
 	var a object.Attribute
 	a.SetKey(objectV2.SysAttributeExpEpoch)
 	a.SetValue(strconv.FormatUint(exec.tombstone.ExpirationEpoch(), 10))
diff --git a/pkg/services/object/get/exec.go b/pkg/services/object/get/exec.go
index 6a7c7afa6..1e4f20d11 100644
--- a/pkg/services/object/get/exec.go
+++ b/pkg/services/object/get/exec.go
@@ -109,11 +109,9 @@ func (exec execCtx) key() (*ecdsa.PrivateKey, error) {
 	var sessionInfo *util.SessionInfo
 
 	if tok := exec.prm.common.SessionToken(); tok != nil {
-		ownerSession, _ := exec.prm.common.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    tok.ID(),
-			Owner: ownerSession,
+			Owner: tok.Issuer(),
 		}
 	}
 
diff --git a/pkg/services/object/put/remote.go b/pkg/services/object/put/remote.go
index ce67034f2..e76ab3a1e 100644
--- a/pkg/services/object/put/remote.go
+++ b/pkg/services/object/put/remote.go
@@ -51,11 +51,9 @@ func (t *remoteTarget) Close() (*transformer.AccessIdentifiers, error) {
 	var sessionInfo *util.SessionInfo
 
 	if tok := t.commonPrm.SessionToken(); tok != nil {
-		ownerSession, _ := t.commonPrm.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    tok.ID(),
-			Owner: ownerSession,
+			Owner: tok.Issuer(),
 		}
 	}
 
diff --git a/pkg/services/object/put/streamer.go b/pkg/services/object/put/streamer.go
index c44843bb5..54ebd9993 100644
--- a/pkg/services/object/put/streamer.go
+++ b/pkg/services/object/put/streamer.go
@@ -87,11 +87,9 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error {
 	var sessionInfo *util.SessionInfo
 
 	if sToken != nil {
-		ownerSession, _ := prm.common.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    sToken.ID(),
-			Owner: ownerSession,
+			Owner: sToken.Issuer(),
 		}
 	}
 
diff --git a/pkg/services/object/search/util.go b/pkg/services/object/search/util.go
index eafa8f75e..5fb07f459 100644
--- a/pkg/services/object/search/util.go
+++ b/pkg/services/object/search/util.go
@@ -88,11 +88,9 @@ func (c *clientWrapper) searchObjects(exec *execCtx, info client.NodeInfo) ([]oi
 	var sessionInfo *util.SessionInfo
 
 	if tok := exec.prm.common.SessionToken(); tok != nil {
-		ownerSession, _ := exec.prm.common.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    tok.ID(),
-			Owner: ownerSession,
+			Owner: tok.Issuer(),
 		}
 	}
 
diff --git a/pkg/services/object/util/prm.go b/pkg/services/object/util/prm.go
index 46582578a..9b577c4d4 100644
--- a/pkg/services/object/util/prm.go
+++ b/pkg/services/object/util/prm.go
@@ -1,14 +1,12 @@
 package util
 
 import (
-	"errors"
 	"fmt"
 	"strconv"
 
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // maxLocalTTL is maximum TTL for an operation to be considered local.
@@ -26,8 +24,6 @@ type CommonPrm struct {
 	ttl uint32
 
 	xhdrs []string
-
-	ownerSession user.ID
 }
 
 // TTL returns TTL for new requests.
@@ -72,14 +68,6 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Object {
 	return nil
 }
 
-func (p *CommonPrm) SessionOwner() (user.ID, bool) {
-	if p != nil && p.token != nil {
-		return p.ownerSession, true
-	}
-
-	return user.ID{}, false
-}
-
 func (p *CommonPrm) BearerToken() *bearer.Token {
 	if p != nil {
 		return p.bearer
@@ -117,19 +105,8 @@ func CommonPrmFromV2(req interface {
 
 	var tokenSession *sessionsdk.Object
 	var err error
-	var ownerSession user.ID
 
 	if tokenSessionV2 := meta.GetSessionToken(); tokenSessionV2 != nil {
-		ownerSessionV2 := tokenSessionV2.GetBody().GetOwnerID()
-		if ownerSessionV2 == nil {
-			return nil, errors.New("missing session owner")
-		}
-
-		err = ownerSession.ReadFromV2(*ownerSessionV2)
-		if err != nil {
-			return nil, fmt.Errorf("invalid session token: %w", err)
-		}
-
 		tokenSession = new(sessionsdk.Object)
 
 		err = tokenSession.ReadFromV2(*tokenSessionV2)
@@ -142,11 +119,10 @@ func CommonPrmFromV2(req interface {
 	ttl := meta.GetTTL()
 
 	prm := &CommonPrm{
-		local:        ttl <= maxLocalTTL,
-		token:        tokenSession,
-		ttl:          ttl - 1, // decrease TTL for new requests
-		xhdrs:        make([]string, 0, 2*len(xHdrs)),
-		ownerSession: ownerSession,
+		local: ttl <= maxLocalTTL,
+		token: tokenSession,
+		ttl:   ttl - 1, // decrease TTL for new requests
+		xhdrs: make([]string, 0, 2*len(xHdrs)),
 	}
 
 	if tok := meta.GetBearerToken(); tok != nil {