[#1400] owner: Upgrade SDK package

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>

pkg/services/accounting/morph/executor.go

@@ -2,11 +2,13 @@ package accounting
 
 import (
 	"context"
+	"errors"
+	"fmt"
 
 	"github.com/nspcc-dev/neofs-api-go/v2/accounting"
 	"github.com/nspcc-dev/neofs-node/pkg/morph/client/balance"
 	accountingSvc "github.com/nspcc-dev/neofs-node/pkg/services/accounting"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type morphExecutor struct {
@@ -20,7 +22,19 @@ func NewExecutor(client *balance.Client) accountingSvc.ServiceExecutor {
 }
 
 func (s *morphExecutor) Balance(ctx context.Context, body *accounting.BalanceRequestBody) (*accounting.BalanceResponseBody, error) {
-	amount, err := s.client.BalanceOf(owner.NewIDFromV2(body.GetOwnerID()))
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, errors.New("missing account")
+	}
+
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
+	if err != nil {
+		return nil, fmt.Errorf("invalid account: %w", err)
+	}
+
+	amount, err := s.client.BalanceOf(&id)
 	if err != nil {
 		return nil, err
 	}

pkg/services/container/morph/executor.go

@@ -14,8 +14,8 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type morphExecutor struct {
@@ -29,9 +29,9 @@ type Reader interface {
 	eacl.Source
 
 	// List returns a list of container identifiers belonging
-	// to the specified owner of NeoFS system. Returns the identifiers
+	// to the specified user of NeoFS system. Returns the identifiers
 	// of all NeoFS containers if pointer to owner identifier is nil.
-	List(*owner.ID) ([]*cid.ID, error)
+	List(*user.ID) ([]*cid.ID, error)
 }
 
 // Writer is an interface of container storage updater.
@@ -158,9 +158,19 @@ func (s *morphExecutor) Get(ctx context.Context, body *container.GetRequestBody)
 }
 
 func (s *morphExecutor) List(ctx context.Context, body *container.ListRequestBody) (*container.ListResponseBody, error) {
-	oid := owner.NewIDFromV2(body.GetOwnerID())
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, fmt.Errorf("missing user ID")
+	}
 
-	cnrs, err := s.rdr.List(oid)
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
+	if err != nil {
+		return nil, fmt.Errorf("invalid user ID: %w", err)
+	}
+
+	cnrs, err := s.rdr.List(&id)
 	if err != nil {
 		return nil, err
 	}

pkg/services/container/morph/executor_test.go

@@ -14,11 +14,12 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/stretchr/testify/require"
 )
 
-type mock struct{}
+type mock struct {
+	containerSvcMorph.Reader
+}
 
 func (m mock) Put(_ *containerSDK.Container) (*cid.ID, error) {
 	return new(cid.ID), nil
@@ -32,18 +33,6 @@ func (m mock) PutEACL(_ *eacl.Table) error {
 	return nil
 }
 
-func (m mock) Get(_ *cid.ID) (*containerSDK.Container, error) {
-	panic("implement me")
-}
-
-func (m mock) GetEACL(_ *cid.ID) (*eacl.Table, error) {
-	panic("implement me")
-}
-
-func (m mock) List(_ *owner.ID) ([]*cid.ID, error) {
-	panic("implement me")
-}
-
 func TestInvalidToken(t *testing.T) {
 	m := mock{}
 	e := containerSvcMorph.NewExecutor(m, m)

pkg/services/object/acl/acl.go

@@ -16,7 +16,7 @@ import (
 	bearerSDK "github.com/nspcc-dev/neofs-sdk-go/bearer"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // CheckerPrm groups parameters for Checker
@@ -112,7 +112,7 @@ func (c *Checker) CheckBasicACL(info v2.RequestInfo) bool {
 }
 
 // StickyBitCheck validates owner field in the request if sticky bit is enabled.
-func (c *Checker) StickyBitCheck(info v2.RequestInfo, owner *owner.ID) bool {
+func (c *Checker) StickyBitCheck(info v2.RequestInfo, owner *user.ID) bool {
 	// According to NeoFS specification sticky bit has no effect on system nodes
 	// for correct intra-container work with objects (in particular, replication).
 	if info.RequestRole() == eaclSDK.RoleSystem {
@@ -211,6 +211,11 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
 // entity. This method might be defined on whole ACL service because it will
 // require fetching current epoch to check lifetime.
 func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
+	ownerCnr := reqInfo.ContainerOwner()
+	if ownerCnr == nil {
+		return errors.New("missing container owner")
+	}
+
 	token := reqInfo.Bearer()
 
 	// 0. Check if bearer token is present in reqInfo.
@@ -234,7 +239,7 @@ func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
 		panic("unexpected false return from Issuer method on signed bearer token")
 	}
 
-	if !issuer.Equal(reqInfo.ContainerOwner()) {
+	if !issuer.Equals(*ownerCnr) {
 		// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
 		return errBearerNotSignedByOwner
 	}
@@ -260,12 +265,15 @@ func isValidLifetime(t *bearerSDK.Token, epoch uint64) bool {
 	return epoch >= t.NotBefore() && epoch <= t.Expiration()
 }
 
-func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
+func isOwnerFromKey(id *user.ID, key *keys.PublicKey) bool {
 	if id == nil || key == nil {
 		return false
 	}
 
-	return id.Equal(owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)))
+	var id2 user.ID
+	user.IDFromKey(&id2, (ecdsa.PublicKey)(*key))
+
+	return id.Equals(id2)
 }
 
 func unmarshalPublicKey(bs []byte) *keys.PublicKey {

pkg/services/object/acl/acl_test.go

@@ -7,8 +7,8 @@ import (
 	v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
 	cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
-	ownertest "github.com/nspcc-dev/neofs-sdk-go/owner/test"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 )
 
@@ -40,11 +40,11 @@ func TestStickyCheck(t *testing.T) {
 
 		setSticky(&info, true)
 
-		require.True(t, checker.StickyBitCheck(info, ownertest.ID()))
+		require.True(t, checker.StickyBitCheck(info, usertest.ID()))
 
 		setSticky(&info, false)
 
-		require.True(t, checker.StickyBitCheck(info, ownertest.ID()))
+		require.True(t, checker.StickyBitCheck(info, usertest.ID()))
 	})
 
 	t.Run("owner ID and/or public key emptiness", func(t *testing.T) {
@@ -65,10 +65,10 @@ func TestStickyCheck(t *testing.T) {
 				info.SetSenderKey(nil)
 			}
 
-			var ownerID *owner.ID
+			var ownerID *user.ID
 
 			if withOwner {
-				ownerID = ownertest.ID()
+				ownerID = usertest.ID()
 			}
 
 			require.Equal(t, expected, checker.StickyBitCheck(info, ownerID))

pkg/services/object/acl/eacl/v2/headers.go

@@ -13,7 +13,7 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	objectSDKAddress "github.com/nspcc-dev/neofs-sdk-go/object/address"
 	objectSDKID "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type Option func(*cfg)
@@ -216,7 +216,7 @@ func oidHeader(oid objectSDKID.ID) sysObjHdr {
 	}
 }
 
-func ownerIDHeader(ownerID *owner.ID) sysObjHdr {
+func ownerIDHeader(ownerID user.ID) sysObjHdr {
 	return sysObjHdr{
 		k: acl.FilterObjectOwnerID,
 		v: ownerID.String(),

pkg/services/object/acl/eacl/v2/object.go

@@ -38,8 +38,6 @@ func headersFromObject(obj *object.Object, addr *objectSDKAddress.Address) []eac
 
 		res = append(res,
 			cidHeader(cnr),
-			// owner ID
-			ownerIDHeader(obj.OwnerID()),
 			// creation epoch
 			sysObjHdr{
 				k: acl.FilterObjectCreationEpoch,
@@ -63,6 +61,10 @@ func headersFromObject(obj *object.Object, addr *objectSDKAddress.Address) []eac
 			},
 		)
 
+		if idOwner := obj.OwnerID(); idOwner != nil {
+			res = append(res, ownerIDHeader(*idOwner))
+		}
+
 		cs, ok := obj.PayloadChecksum()
 		if ok {
 			res = append(res, sysObjHdr{

pkg/services/object/acl/v2/classifier.go

@@ -35,6 +35,11 @@ func (c senderClassifier) classify(
 		return nil, errContainerIDNotSet
 	}
 
+	ownerCnr := cnr.OwnerID()
+	if ownerCnr == nil {
+		return nil, errors.New("missing container owner")
+	}
+
 	ownerID, ownerKey, err := req.RequestOwner()
 	if err != nil {
 		return nil, err
@@ -45,7 +50,7 @@ func (c senderClassifier) classify(
 	// TODO: #767 get owner from neofs.id if present
 
 	// if request owner is the same as container owner, return RoleUser
-	if ownerID.Equal(cnr.OwnerID()) {
+	if ownerID.Equals(*ownerCnr) {
 		return &classifyResult{
 			role: eaclSDK.RoleUser,
 			isIR: false,

pkg/services/object/acl/v2/request.go

@@ -10,8 +10,8 @@ import (
 	containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // RequestInfo groups parsed version-independent (from SDK library)
@@ -21,7 +21,7 @@ type RequestInfo struct {
 	requestRole eaclSDK.Role
 	isInnerRing bool
 	operation   eaclSDK.Operation // put, get, head, etc.
-	cnrOwner    *owner.ID         // container owner
+	cnrOwner    *user.ID          // container owner
 
 	idCnr *containerIDSDK.ID
 
@@ -52,7 +52,7 @@ func (r RequestInfo) Request() interface{} {
 }
 
 // ContainerOwner returns owner if the container.
-func (r RequestInfo) ContainerOwner() *owner.ID {
+func (r RequestInfo) ContainerOwner() *user.ID {
 	return r.cnrOwner
 }
 
@@ -112,7 +112,7 @@ type MetaWithToken struct {
 
 // RequestOwner returns ownerID and its public key
 // according to internal meta information.
-func (r MetaWithToken) RequestOwner() (*owner.ID, *keys.PublicKey, error) {
+func (r MetaWithToken) RequestOwner() (*user.ID, *keys.PublicKey, error) {
 	if r.vheader == nil {
 		return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest)
 	}
@@ -129,7 +129,13 @@ func (r MetaWithToken) RequestOwner() (*owner.ID, *keys.PublicKey, error) {
 		return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest)
 	}
 
-	key := unmarshalPublicKey(bodySignature.GetKey())
+	key, err := unmarshalPublicKey(bodySignature.GetKey())
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid key in body signature: %w", err)
+	}
 
-	return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)), key, nil
+	var idSender user.ID
+	user.IDFromKey(&idSender, (ecdsa.PublicKey)(*key))
+
+	return &idSender, key, nil
 }

pkg/services/object/acl/v2/service.go

@@ -12,6 +12,7 @@ import (
 	cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -366,9 +367,16 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error {
 			return err
 		}
 
-		ownerID, err := getObjectOwnerFromMessage(request)
+		idV2 := part.GetHeader().GetOwnerID()
+		if idV2 == nil {
+			return errors.New("missing object owner")
+		}
+
+		var idOwner user.ID
+
+		err = idOwner.ReadFromV2(*idV2)
 		if err != nil {
-			return err
+			return fmt.Errorf("invalid object owner: %w", err)
 		}
 
 		sTok := sessionSDK.NewTokenFromV2(request.GetMetaHeader().GetSessionToken())
@@ -392,7 +400,7 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error {
 
 		useObjectIDFromSession(&reqInfo, sTok)
 
-		if !p.source.checker.CheckBasicACL(reqInfo) || !p.source.checker.StickyBitCheck(reqInfo, ownerID) {
+		if !p.source.checker.CheckBasicACL(reqInfo) || !p.source.checker.StickyBitCheck(reqInfo, &idOwner) {
 			return basicACLErr(reqInfo)
 		} else if err := p.source.checker.CheckEACL(request, reqInfo); err != nil {
 			return eACLErr(reqInfo, err)

pkg/services/object/acl/v2/types.go

@@ -1,7 +1,7 @@
 package v2
 
 import (
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // ACLChecker is an interface that must provide
@@ -16,7 +16,7 @@ type ACLChecker interface {
 	// StickyBitCheck must return true only if sticky bit
 	// is disabled or enabled but request contains correct
 	// owner field.
-	StickyBitCheck(RequestInfo, *owner.ID) bool
+	StickyBitCheck(RequestInfo, *user.ID) bool
 }
 
 // InnerRingFetcher is an interface that must provide

pkg/services/object/acl/v2/util.go

@@ -14,8 +14,8 @@ import (
 	containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 var errMissingContainerID = errors.New("missing container ID")
@@ -113,27 +113,6 @@ func getObjectIDFromRequestBody(body interface{}) (*oidSDK.ID, error) {
 	return &id, nil
 }
 
-func getObjectOwnerFromMessage(req interface{}) (id *owner.ID, err error) {
-	switch v := req.(type) {
-	case *objectV2.PutRequest:
-		objPart := v.GetBody().GetObjectPart()
-		if part, ok := objPart.(*objectV2.PutObjectPartInit); ok {
-			return owner.NewIDFromV2(part.GetHeader().GetOwnerID()), nil
-		}
-
-		return nil, errors.New("can't get container ID in chunk")
-	case *objectV2.GetResponse:
-		objPart := v.GetBody().GetObjectPart()
-		if part, ok := objPart.(*objectV2.GetObjectPartInit); ok {
-			return owner.NewIDFromV2(part.GetHeader().GetOwnerID()), nil
-		}
-
-		return nil, errors.New("can't get container ID in chunk")
-	default:
-		return nil, errors.New("unsupported request type")
-	}
-}
-
 // sourceVerbOfRequest looks for verb in session token and if it is not found,
 // returns reqVerb. Second return value is true if operation is unknown.
 func sourceVerbOfRequest(tok *sessionSDK.Token, reqVerb eaclSDK.Operation) (eaclSDK.Operation, bool) {
@@ -185,7 +164,7 @@ func tokenVerbToOperation(ctx *sessionSDK.ObjectContext) eaclSDK.Operation {
 	}
 }
 
-func ownerFromToken(token *sessionSDK.Token) (*owner.ID, *keys.PublicKey, error) {
+func ownerFromToken(token *sessionSDK.Token) (*user.ID, *keys.PublicKey, error) {
 	// 1. First check signature of session token.
 	if !token.VerifySignature() {
 		return nil, nil, fmt.Errorf("%w: invalid session token signature", ErrMalformedRequest)
@@ -195,7 +174,11 @@ func ownerFromToken(token *sessionSDK.Token) (*owner.ID, *keys.PublicKey, error)
 	// TODO(@cthulhu-rider): #1387 implement and use another approach to avoid conversion
 	tokV2 := token.ToV2()
 
-	tokenIssuerKey := unmarshalPublicKey(tokV2.GetSignature().GetKey())
+	tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey())
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err)
+	}
+
 	tokenOwner := token.OwnerID()
 
 	if !isOwnerFromKey(tokenOwner, tokenIssuerKey) {
@@ -218,20 +201,19 @@ func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signa
 	return v.GetBodySignature()
 }
 
-func unmarshalPublicKey(bs []byte) *keys.PublicKey {
-	pub, err := keys.NewPublicKeyFromBytes(bs, elliptic.P256())
-	if err != nil {
-		return nil
-	}
-	return pub
+func unmarshalPublicKey(bs []byte) (*keys.PublicKey, error) {
+	return keys.NewPublicKeyFromBytes(bs, elliptic.P256())
 }
 
-func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
+func isOwnerFromKey(id *user.ID, key *keys.PublicKey) bool {
 	if id == nil || key == nil {
 		return false
 	}
 
-	return id.Equal(owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)))
+	var id2 user.ID
+	user.IDFromKey(&id2, (ecdsa.PublicKey)(*key))
+
+	return id2.Equals(*id)
 }
 
 // isVerbCompatible checks that tokenVerb operation can create auxiliary op operation.

pkg/services/object/delete/service.go

@@ -8,7 +8,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/util/logger"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.uber.org/zap"
 )
 
@@ -30,7 +30,7 @@ type NetworkInfo interface {
 
 	// Returns user ID of the local storage node. Result must not be nil.
 	// New tombstone objects will have the result as an owner ID if removal is executed w/o a session.
-	LocalNodeID() *owner.ID
+	LocalNodeID() *user.ID
 }
 
 type cfg struct {

pkg/services/object/put/streamer.go

@@ -11,7 +11,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/services/object_manager/placement"
 	"github.com/nspcc-dev/neofs-node/pkg/services/object_manager/transformer"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type Streamer struct {
@@ -91,9 +91,20 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error {
 
 	// In case session token is missing, the line above returns the default key.
 	// If it isn't owner key, replication attempts will fail, thus this check.
-	if sToken == nil && !prm.hdr.OwnerID().Equal(owner.NewIDFromPublicKey(&sessionKey.PublicKey)) {
-		return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
+	if sToken == nil {
+		ownerObj := prm.hdr.OwnerID()
+		if ownerObj == nil {
+			return errors.New("missing object owner")
+		}
+
+		var ownerSession user.ID
+		user.IDFromKey(&ownerSession, sessionKey.PublicKey)
+
+		if !ownerObj.Equals(ownerSession) {
+			return fmt.Errorf("(%T) session token is missing but object owner id is different from the default key", p)
+		}
 	}
+
 	p.target = &validatingTarget{
 		fmt:              p.fmtValidator,
 		unpreparedObject: true,

pkg/services/object/util/key.go

@@ -6,8 +6,8 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 // SessionSource is an interface tha provides
@@ -19,7 +19,7 @@ type SessionSource interface {
 	// token has not been created, has been expired
 	// of it is impossible to get information about the
 	// token Get must return nil.
-	Get(owner *owner.ID, tokenID []byte) *storage.PrivateToken
+	Get(owner *user.ID, tokenID []byte) *storage.PrivateToken
 }
 
 // KeyStorage represents private key storage of the local node.

pkg/services/object/util/key_test.go

@@ -7,10 +7,12 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/object/util"
 	tokenStorage "github.com/nspcc-dev/neofs-node/pkg/services/session/storage/temporary"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 )
 
@@ -62,13 +64,19 @@ func generateToken(t *testing.T) *session.Token {
 	tok := session.NewToken()
 	tok.SetSessionKey(pubKey)
 	tok.SetID(id)
+	tok.SetOwnerID(usertest.ID())
 
 	return tok
 }
 
 func createToken(t *testing.T, store *tokenStorage.TokenStore, exp uint64) *session.Token {
+	owner := usertest.ID()
+
+	var ownerV2 refs.OwnerID
+	owner.WriteToV2(&ownerV2)
+
 	req := new(sessionV2.CreateRequestBody)
-	req.SetOwnerID(nil)
+	req.SetOwnerID(&ownerV2)
 	req.SetExpiration(exp)
 
 	resp, err := store.Create(context.Background(), req)
@@ -77,6 +85,7 @@ func createToken(t *testing.T, store *tokenStorage.TokenStore, exp uint64) *sess
 	tok := session.NewToken()
 	tok.SetSessionKey(resp.GetSessionKey())
 	tok.SetID(resp.GetID())
+	tok.SetOwnerID(owner)
 
 	return tok
 }

pkg/services/session/storage/persistent/executor.go

@@ -2,13 +2,13 @@ package persistent
 
 import (
 	"context"
-	"encoding/hex"
+	"errors"
 	"fmt"
 
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.etcd.io/bbolt"
 )
 
@@ -18,9 +18,16 @@ import (
 // Returns response that is filled with just created token's
 // ID and public key for it.
 func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
-	ownerBytes, err := owner.NewIDFromV2(body.GetOwnerID()).Marshal()
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, errors.New("missing owner")
+	}
+
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
 	if err != nil {
-		panic(err)
+		return nil, fmt.Errorf("invalid owner: %w", err)
 	}
 
 	uidBytes, err := storage.NewTokenID()
@@ -41,21 +48,15 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
 	err = s.db.Update(func(tx *bbolt.Tx) error {
 		rootBucket := tx.Bucket(sessionsBucket)
 
-		ownerBucket, err := rootBucket.CreateBucketIfNotExists(ownerBytes)
+		ownerBucket, err := rootBucket.CreateBucketIfNotExists(id.WalletBytes())
 		if err != nil {
 			return fmt.Errorf(
-				"could not get/create %s owner bucket: %w",
-				hex.EncodeToString(ownerBytes),
-				err,
-			)
+				"could not get/create %s owner bucket: %w", id, err)
 		}
 
 		err = ownerBucket.Put(uidBytes, value)
 		if err != nil {
-			return fmt.Errorf("could not put session token for %s oid: %w",
-				hex.EncodeToString(ownerBytes),
-				err,
-			)
+			return fmt.Errorf("could not put session token for %s oid: %w", id, err)
 		}
 
 		return nil

pkg/services/session/storage/persistent/executor_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
-	ownerSDK "github.com/nspcc-dev/neofs-sdk-go/owner"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 	"go.etcd.io/bbolt"
 )
@@ -22,11 +22,13 @@ func TestTokenStore(t *testing.T) {
 
 	defer ts.Close()
 
-	owner := new(refs.OwnerID)
-	owner.SetValue([]byte{0, 1, 2, 3, 4, 5})
+	owner := usertest.ID()
+
+	var ownerV2 refs.OwnerID
+	owner.WriteToV2(&ownerV2)
 
 	req := new(session.CreateRequestBody)
-	req.SetOwnerID(owner)
+	req.SetOwnerID(&ownerV2)
 
 	const tokenNumber = 5
 
@@ -50,7 +52,7 @@ func TestTokenStore(t *testing.T) {
 	}
 
 	for i, token := range tokens {
-		savedToken := ts.Get(ownerSDK.NewIDFromV2(owner), token.id)
+		savedToken := ts.Get(owner, token.id)
 
 		require.Equal(t, uint64(i), savedToken.ExpiredAt())
 
@@ -64,13 +66,15 @@ func TestTokenStore_Persistent(t *testing.T) {
 	ts, err := NewTokenStore(path)
 	require.NoError(t, err)
 
-	owner := new(refs.OwnerID)
-	owner.SetValue([]byte{0, 1, 2, 3, 4, 5})
+	idOwner := usertest.ID()
+
+	var idOwnerV2 refs.OwnerID
+	idOwner.WriteToV2(&idOwnerV2)
 
 	const exp = 12345
 
 	req := new(session.CreateRequestBody)
-	req.SetOwnerID(owner)
+	req.SetOwnerID(&idOwnerV2)
 	req.SetExpiration(exp)
 
 	res, err := ts.Create(context.Background(), req)
@@ -88,7 +92,7 @@ func TestTokenStore_Persistent(t *testing.T) {
 
 	defer ts.Close()
 
-	savedToken := ts.Get(ownerSDK.NewIDFromV2(owner), id)
+	savedToken := ts.Get(idOwner, id)
 
 	equalKeys(t, pubKey, savedToken.SessionKey())
 }
@@ -123,11 +127,13 @@ func TestTokenStore_RemoveOld(t *testing.T) {
 
 	defer ts.Close()
 
-	owner := new(refs.OwnerID)
-	owner.SetValue([]byte{0, 1, 2, 3, 4, 5})
+	owner := usertest.ID()
+
+	var ownerV2 refs.OwnerID
+	owner.WriteToV2(&ownerV2)
 
 	req := new(session.CreateRequestBody)
-	req.SetOwnerID(owner)
+	req.SetOwnerID(&ownerV2)
 
 	for _, test := range tests {
 		req.SetExpiration(test.epoch)
@@ -144,7 +150,7 @@ func TestTokenStore_RemoveOld(t *testing.T) {
 	ts.RemoveOld(currEpoch)
 
 	for _, test := range tests {
-		token := ts.Get(ownerSDK.NewIDFromV2(owner), test.id)
+		token := ts.Get(owner, test.id)
 
 		if test.epoch <= currEpoch {
 			require.Nil(t, token)

pkg/services/session/storage/persistent/storage.go

@@ -7,7 +7,7 @@ import (
 	"fmt"
 
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	ownerSDK "github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"go.etcd.io/bbolt"
 	"go.uber.org/zap"
 )
@@ -83,16 +83,11 @@ func NewTokenStore(path string, opts ...Option) (*TokenStore, error) {
 // Get returns private token corresponding to the given identifiers.
 //
 // Returns nil is there is no element in storage.
-func (s *TokenStore) Get(ownerID *ownerSDK.ID, tokenID []byte) (t *storage.PrivateToken) {
-	ownerBytes, err := ownerID.Marshal()
-	if err != nil {
-		panic(err)
-	}
-
-	err = s.db.View(func(tx *bbolt.Tx) error {
+func (s *TokenStore) Get(ownerID *user.ID, tokenID []byte) (t *storage.PrivateToken) {
+	err := s.db.View(func(tx *bbolt.Tx) error {
 		rootBucket := tx.Bucket(sessionsBucket)
 
-		ownerBucket := rootBucket.Bucket(ownerBytes)
+		ownerBucket := rootBucket.Bucket(ownerID.WalletBytes())
 		if ownerBucket == nil {
 			return nil
 		}
@@ -102,6 +97,8 @@ func (s *TokenStore) Get(ownerID *ownerSDK.ID, tokenID []byte) (t *storage.Priva
 			return nil
 		}
 
+		var err error
+
 		t, err = s.unpackToken(rawToken)
 		if err != nil {
 			return err

pkg/services/session/storage/temporary/executor.go

@@ -2,19 +2,27 @@ package temporary
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/mr-tron/base58"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody) (*session.CreateResponseBody, error) {
-	ownerBytes, err := owner.NewIDFromV2(body.GetOwnerID()).Marshal()
+	idV2 := body.GetOwnerID()
+	if idV2 == nil {
+		return nil, errors.New("missing owner")
+	}
+
+	var id user.ID
+
+	err := id.ReadFromV2(*idV2)
 	if err != nil {
-		panic(err)
+		return nil, fmt.Errorf("invalid owner: %w", err)
 	}
 
 	uidBytes, err := storage.NewTokenID()
@@ -30,7 +38,7 @@ func (s *TokenStore) Create(ctx context.Context, body *session.CreateRequestBody
 	s.mtx.Lock()
 	s.tokens[key{
 		tokenID: base58.Encode(uidBytes),
-		ownerID: base58.Encode(ownerBytes),
+		ownerID: base58.Encode(id.WalletBytes()),
 	}] = storage.NewPrivateToken(&sk.PrivateKey, body.GetExpiration())
 	s.mtx.Unlock()
 

pkg/services/session/storage/temporary/storage.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/mr-tron/base58"
 	"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
-	"github.com/nspcc-dev/neofs-sdk-go/owner"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 )
 
 type key struct {
@@ -36,16 +36,11 @@ func NewTokenStore() *TokenStore {
 // Get returns private token corresponding to the given identifiers.
 //
 // Returns nil is there is no element in storage.
-func (s *TokenStore) Get(ownerID *owner.ID, tokenID []byte) *storage.PrivateToken {
-	ownerBytes, err := ownerID.Marshal()
-	if err != nil {
-		panic(err)
-	}
-
+func (s *TokenStore) Get(ownerID *user.ID, tokenID []byte) *storage.PrivateToken {
 	s.mtx.RLock()
 	t := s.tokens[key{
 		tokenID: base58.Encode(tokenID),
-		ownerID: base58.Encode(ownerBytes),
+		ownerID: base58.Encode(ownerID.WalletBytes()),
 	}]
 	s.mtx.RUnlock()