node/object: Check signature and ID separately

Previously, we checked signature itself, then ID, then signature agains
the session token.

Signed-off-by: Leonard Lyubich <[email protected]>

Author: cthulhu-rider

pkg/core/object/fmt.go

@@ -161,14 +161,15 @@ func (v *FormatValidator) Validate(obj *object.Object, unprepared bool) error {
 		if !obj.VerifySignature() {
 			return errors.New("could not validate header fields: invalid signature")
 		}
-		if err := obj.VerifyID(); err != nil {
-			return fmt.Errorf("could not validate header fields: invalid identifier: %w", err)
-		}
 
 		if err := validateSignatureKey(obj); err != nil {
 			return fmt.Errorf("could not validate signature key: %w", err)
 		}
 
+		if err := obj.VerifyID(); err != nil {
+			return fmt.Errorf("invalid identifier: %w", err)
+		}
+
 		if err := v.checkExpiration(*obj); err != nil {
 			return fmt.Errorf("object did not pass expiration check: %w", err)
 		}

pkg/core/object/fmt_test.go

@@ -97,7 +97,7 @@ func TestFormatValidator_Validate(t *testing.T) {
 			require.ErrorIs(t, v.Validate(&obj, false), errNilID)
 		})
 		t.Run("wrong", func(t *testing.T) {
-			require.EqualError(t, v.Validate(&wrongIDECDSASHA512, false), "could not validate header fields: invalid identifier: incorrect object identifier")
+			require.EqualError(t, v.Validate(&wrongIDECDSASHA512, false), "invalid identifier: incorrect object identifier")
 		})
 	})