From b3187fe9bd923a7e151699b16aeaacb6240d364c Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@morphbits.io>
Date: Sat, 29 Jul 2023 14:03:08 +0400
Subject: [PATCH] session: Add getter of binary-encoded public key from
 signature

Signature is used for user authentication so access to public key is
required. Digital signature bytes may still be unexported because they
are only useful for `VerifySignature` method.

Add `IssuerPublicKeyBytes` method returning binary-encoded public key of
the session issuer.

Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
---
 session/common.go         | 11 +++++++++++
 session/container_test.go | 17 +++++++++++++++--
 session/object_test.go    |  2 ++
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/session/common.go b/session/common.go
index 75c90b6d..244d81bd 100644
--- a/session/common.go
+++ b/session/common.go
@@ -336,3 +336,14 @@ func (x commonData) Issuer() user.ID {
 
 	return user.ID{}
 }
+
+// IssuerPublicKeyBytes returns binary-encoded public key of the session issuer.
+//
+// IssuerPublicKeyBytes MUST NOT be called before ReadFromV2 or Sign methods.
+func (x *commonData) IssuerPublicKeyBytes() []byte {
+	if x.sigSet {
+		return x.sig.GetKey()
+	}
+
+	return nil
+}
diff --git a/session/container_test.go b/session/container_test.go
index 3ded50a7..444cdc5d 100644
--- a/session/container_test.go
+++ b/session/container_test.go
@@ -523,9 +523,9 @@ func TestIssuedBy(t *testing.T) {
 }
 
 func TestContainer_Issuer(t *testing.T) {
-	var token session.Container
-
 	t.Run("signer", func(t *testing.T) {
+		var token session.Container
+
 		signer := test.RandomSignerRFC6979(t)
 
 		require.Zero(t, token.Issuer())
@@ -536,12 +536,25 @@ func TestContainer_Issuer(t *testing.T) {
 	})
 
 	t.Run("external", func(t *testing.T) {
+		var token session.Container
+
 		signer := test.RandomSignerRFC6979(t)
 		issuer := signer.UserID()
 
 		token.SetIssuer(issuer)
 		require.True(t, token.Issuer().Equals(issuer))
 	})
+
+	t.Run("public key", func(t *testing.T) {
+		var token session.Container
+
+		signer := test.RandomSignerRFC6979(t)
+
+		require.Nil(t, token.IssuerPublicKeyBytes())
+		require.NoError(t, token.Sign(signer))
+
+		require.Equal(t, neofscrypto.PublicKeyBytes(signer.Public()), token.IssuerPublicKeyBytes())
+	})
 }
 
 func TestContainer_Sign(t *testing.T) {
diff --git a/session/object_test.go b/session/object_test.go
index c4400456..21524c4b 100644
--- a/session/object_test.go
+++ b/session/object_test.go
@@ -610,12 +610,14 @@ func TestObject_Issuer(t *testing.T) {
 	signer := test.RandomSignerRFC6979(t)
 
 	require.Zero(t, token.Issuer())
+	require.Nil(t, token.IssuerPublicKeyBytes())
 
 	require.NoError(t, token.Sign(signer))
 
 	issuer := signer.UserID()
 
 	require.True(t, token.Issuer().Equals(issuer))
+	require.Equal(t, neofscrypto.PublicKeyBytes(signer.Public()), token.IssuerPublicKeyBytes())
 }
 
 func TestObject_Sign(t *testing.T) {