From b99e4895b830d69f91f18a85d103c6e34145ca86 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@morphbits.io>
Date: Sat, 29 Jul 2023 14:03:08 +0400
Subject: [PATCH] session: Add getter of binary-encoded public key from
 signature

Signature is used for user authentication so access to public key is
required. Digital signature bytes may still be unexported because they
are only useful for `VerifySignature` method.

Add `IssuerPublicKeyBytes` method returning binary-encoded public key of
the session issuer.

Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
---
 session/common.go         | 11 +++++++++++
 session/container_test.go | 17 +++++++++++++++--
 session/object_test.go    |  2 ++
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/session/common.go b/session/common.go
index 75c90b6d..244d81bd 100644
--- a/session/common.go
+++ b/session/common.go
@@ -336,3 +336,14 @@ func (x commonData) Issuer() user.ID {
 
 	return user.ID{}
 }
+
+// IssuerPublicKeyBytes returns binary-encoded public key of the session issuer.
+//
+// IssuerPublicKeyBytes MUST NOT be called before ReadFromV2 or Sign methods.
+func (x *commonData) IssuerPublicKeyBytes() []byte {
+	if x.sigSet {
+		return x.sig.GetKey()
+	}
+
+	return nil
+}
diff --git a/session/container_test.go b/session/container_test.go
index 3ded50a7..444cdc5d 100644
--- a/session/container_test.go
+++ b/session/container_test.go
@@ -523,9 +523,9 @@ func TestIssuedBy(t *testing.T) {
 }
 
 func TestContainer_Issuer(t *testing.T) {
-	var token session.Container
-
 	t.Run("signer", func(t *testing.T) {
+		var token session.Container
+
 		signer := test.RandomSignerRFC6979(t)
 
 		require.Zero(t, token.Issuer())
@@ -536,12 +536,25 @@ func TestContainer_Issuer(t *testing.T) {
 	})
 
 	t.Run("external", func(t *testing.T) {
+		var token session.Container
+
 		signer := test.RandomSignerRFC6979(t)
 		issuer := signer.UserID()
 
 		token.SetIssuer(issuer)
 		require.True(t, token.Issuer().Equals(issuer))
 	})
+
+	t.Run("public key", func(t *testing.T) {
+		var token session.Container
+
+		signer := test.RandomSignerRFC6979(t)
+
+		require.Nil(t, token.IssuerPublicKeyBytes())
+		require.NoError(t, token.Sign(signer))
+
+		require.Equal(t, neofscrypto.PublicKeyBytes(signer.Public()), token.IssuerPublicKeyBytes())
+	})
 }
 
 func TestContainer_Sign(t *testing.T) {
diff --git a/session/object_test.go b/session/object_test.go
index c4400456..21524c4b 100644
--- a/session/object_test.go
+++ b/session/object_test.go
@@ -610,12 +610,14 @@ func TestObject_Issuer(t *testing.T) {
 	signer := test.RandomSignerRFC6979(t)
 
 	require.Zero(t, token.Issuer())
+	require.Nil(t, token.IssuerPublicKeyBytes())
 
 	require.NoError(t, token.Sign(signer))
 
 	issuer := signer.UserID()
 
 	require.True(t, token.Issuer().Equals(issuer))
+	require.Equal(t, neofscrypto.PublicKeyBytes(signer.Public()), token.IssuerPublicKeyBytes())
 }
 
 func TestObject_Sign(t *testing.T) {