diff --git a/pkg/token/bearer.go b/pkg/token/bearer.go index 579d0552..87ecbc52 100644 --- a/pkg/token/bearer.go +++ b/pkg/token/bearer.go @@ -10,6 +10,7 @@ import ( "github.com/nspcc-dev/neofs-api-go/v2/acl" "github.com/nspcc-dev/neofs-api-go/v2/refs" v2signature "github.com/nspcc-dev/neofs-api-go/v2/signature" + crypto "github.com/nspcc-dev/neofs-crypto" ) type BearerToken struct { @@ -70,6 +71,20 @@ func (b *BearerToken) SignToken(key *ecdsa.PrivateKey) error { }) } +// Issuer returns owner.ID associated with the key that signed bearer token. +// To pass node validation it should be owner of requested container. Returns +// nil if token is not signed. +func (b *BearerToken) Issuer() *owner.ID { + pubKey := crypto.UnmarshalPublicKey(b.token.GetSignature().GetKey()) + + wallet, err := owner.NEO3WalletFromPublicKey(pubKey) + if err != nil { + return nil + } + + return owner.NewIDFromNeo3Wallet(wallet) +} + func NewBearerToken() *BearerToken { b := new(BearerToken) b.token = acl.BearerToken{} diff --git a/pkg/token/bearer_test.go b/pkg/token/bearer_test.go new file mode 100644 index 00000000..a06510bd --- /dev/null +++ b/pkg/token/bearer_test.go @@ -0,0 +1,32 @@ +package token_test + +import ( + "testing" + + "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" + "github.com/nspcc-dev/neofs-api-go/pkg/owner" + "github.com/nspcc-dev/neofs-api-go/pkg/token" + "github.com/nspcc-dev/neofs-crypto/test" + "github.com/stretchr/testify/require" +) + +func TestBearerToken_Issuer(t *testing.T) { + bearerToken := token.NewBearerToken() + + t.Run("non signed token", func(t *testing.T) { + require.Nil(t, bearerToken.Issuer()) + }) + + t.Run("signed token", func(t *testing.T) { + key := test.DecodeKey(1) + + wallet, err := owner.NEO3WalletFromPublicKey(&key.PublicKey) + require.NoError(t, err) + + ownerID := owner.NewIDFromNeo3Wallet(wallet) + + bearerToken.SetEACLTable(eacl.NewTable()) + require.NoError(t, bearerToken.SignToken(key)) + require.Equal(t, bearerToken.Issuer().String(), ownerID.String()) + }) +}