From 46fa07b7ccab7405b0a2cd9ac2144d4dad0c8012 Mon Sep 17 00:00:00 2001
From: Alex Vanin <alexey@nspcc.ru>
Date: Mon, 25 Oct 2021 15:10:13 +0300
Subject: [PATCH] [#943] service/object: Return error if requested session
 token is not available

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
---
 pkg/services/object/util/key.go      |  5 ++
 pkg/services/object/util/key_test.go | 76 ++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 pkg/services/object/util/key_test.go

diff --git a/pkg/services/object/util/key.go b/pkg/services/object/util/key.go
index 0ad6a70f0..ae389d08f 100644
--- a/pkg/services/object/util/key.go
+++ b/pkg/services/object/util/key.go
@@ -2,11 +2,15 @@ package util
 
 import (
 	"crypto/ecdsa"
+	"errors"
 
 	"github.com/nspcc-dev/neofs-api-go/pkg/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
 )
 
+// todo(alexvanin): should be a part of status API
+var errNoSessionToken = errors.New("session token does not exist")
+
 // KeyStorage represents private key storage of the local node.
 type KeyStorage struct {
 	key *ecdsa.PrivateKey
@@ -32,6 +36,7 @@ func (s *KeyStorage) GetKey(token *session.Token) (*ecdsa.PrivateKey, error) {
 		if pToken != nil {
 			return pToken.SessionKey(), nil
 		}
+		return nil, errNoSessionToken
 	}
 
 	return s.key, nil
diff --git a/pkg/services/object/util/key_test.go b/pkg/services/object/util/key_test.go
new file mode 100644
index 000000000..31585508a
--- /dev/null
+++ b/pkg/services/object/util/key_test.go
@@ -0,0 +1,76 @@
+package util_test
+
+import (
+	"context"
+	"crypto/elliptic"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neofs-api-go/pkg/session"
+	sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
+	"github.com/nspcc-dev/neofs-node/pkg/services/object/util"
+	tokenStorage "github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewKeyStorage(t *testing.T) {
+	nodeKey, err := keys.NewPrivateKey()
+	require.NoError(t, err)
+
+	tokenStor := tokenStorage.New()
+	stor := util.NewKeyStorage(&nodeKey.PrivateKey, tokenStor)
+
+	t.Run("node key", func(t *testing.T) {
+		key, err := stor.GetKey(nil)
+		require.NoError(t, err)
+		require.Equal(t, nodeKey.PrivateKey, *key)
+	})
+
+	t.Run("unknown token", func(t *testing.T) {
+		tok := generateToken(t)
+		_, err = stor.GetKey(tok)
+		require.Error(t, err)
+	})
+
+	t.Run("known token", func(t *testing.T) {
+		tok := createToken(t, tokenStor, 100)
+		pubKey, err := keys.NewPublicKeyFromBytes(tok.SessionKey(), elliptic.P256())
+		require.NoError(t, err)
+
+		key, err := stor.GetKey(tok)
+		require.NoError(t, err)
+		require.Equal(t, pubKey.X, key.PublicKey.X)
+		require.Equal(t, pubKey.Y, key.PublicKey.Y)
+	})
+}
+
+func generateToken(t *testing.T) *session.Token {
+	key, err := keys.NewPrivateKey()
+	require.NoError(t, err)
+
+	pubKey := key.PublicKey().Bytes()
+	id, err := uuid.New().MarshalBinary()
+	require.NoError(t, err)
+
+	tok := session.NewToken()
+	tok.SetSessionKey(pubKey)
+	tok.SetID(id)
+
+	return tok
+}
+
+func createToken(t *testing.T, store *tokenStorage.TokenStore, exp uint64) *session.Token {
+	req := new(sessionV2.CreateRequestBody)
+	req.SetOwnerID(nil)
+	req.SetExpiration(exp)
+
+	resp, err := store.Create(context.Background(), req)
+	require.NoError(t, err)
+
+	tok := session.NewToken()
+	tok.SetSessionKey(resp.GetSessionKey())
+	tok.SetID(resp.GetID())
+
+	return tok
+}