diff --git a/session/container.go b/session/container.go index d11ed863..b1000afb 100644 --- a/session/container.go +++ b/session/container.go @@ -376,3 +376,25 @@ func (x Container) AssertAuthKey(key neofscrypto.PublicKey) bool { return bytes.Equal(bKey, x.body.GetSessionKey()) } + +// IssuedBy returns true if session token is signed +// and, therefore, owned by specified user. +// +// See also Sign. +func (x Container) IssuedBy(id user.ID) bool { + var ( + tokenOwner user.ID + v2TokenOwner = x.body.GetOwnerID() + ) + + if v2TokenOwner == nil { + return false + } + + err := tokenOwner.ReadFromV2(*v2TokenOwner) + if err != nil { + return false + } + + return tokenOwner.Equals(id) +} diff --git a/session/container_test.go b/session/container_test.go index 1b29038f..6a40212d 100644 --- a/session/container_test.go +++ b/session/container_test.go @@ -11,6 +11,7 @@ import ( cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test" "github.com/nspcc-dev/neofs-sdk-go/session" sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/stretchr/testify/require" ) @@ -285,3 +286,18 @@ func TestContainerSignature(t *testing.T) { require.True(t, x.VerifySignature()) } } + +func TestContainer_IssuedBy(t *testing.T) { + var ( + token session.Container + issuer user.ID + signer = randSigner() + ) + + user.IDFromKey(&issuer, signer.PublicKey) + + require.False(t, token.IssuedBy(issuer)) + + require.NoError(t, token.Sign(signer)) + require.True(t, token.IssuedBy(issuer)) +}