credential.go 2.3 KB
Newer Older
1
2
3
package irmaclient

import (
4
	"github.com/privacybydesign/gabi"
5
	"github.com/privacybydesign/irmago"
6
7
8
9
10
11
)

// credential represents an IRMA credential, whose zeroth attribute
// is always the secret key and the first attribute the metadata attribute.
type credential struct {
	*gabi.Credential
12
13
	*irma.MetadataAttribute
	attrs *irma.AttributeList
14
15
}

16
17
func newCredential(gabicred *gabi.Credential, conf *irma.Configuration) (*credential, error) {
	meta := irma.MetadataFromInt(gabicred.Attributes[1], conf)
18
19
20
21
	cred := &credential{
		Credential:        gabicred,
		MetadataAttribute: meta,
	}
22
23
24
25
26
27

	if cred.CredentialType() == nil {
		// Unknown credtype, populate Pk field later
		return cred, nil
	}

28
	var err error
29
	cred.Pk, err = conf.PublicKey(meta.CredentialType().IssuerIdentifier(), cred.KeyCounter())
30
31
32
33
34
35
	if err != nil {
		return nil, err
	}
	return cred, nil
}

36
func (cred *credential) AttributeList() *irma.AttributeList {
37
	if cred.attrs == nil {
38
		cred.attrs = irma.NewAttributeListFromInts(cred.Credential.Attributes[1:], cred.MetadataAttribute.Conf)
39
40
41
	}
	return cred.attrs
}
42
43
44
45
46
47
48
49
50
51
52
53

func (cred *credential) PrepareNonrevocation(conf *irma.Configuration, request irma.SessionRequest) (bool, error) {
	// If the requestor wants us to include a nonrevocation proof,
	// it will have sent us the latest revocation update messages
	m := request.Base().RevocationUpdates
	credtype := cred.CredentialType().Identifier()
	if len(m) == 0 || len(m[credtype]) == 0 {
		return false, nil
	}

	revupdates := m[credtype]
	nonrev := len(revupdates) > 0
54
	if updated, err := conf.RevocationStorage.UpdateWitness(cred.NonRevocationWitness, revupdates, credtype.IssuerIdentifier()); err != nil {
55
56
57
58
		return false, err
	} else if updated {
		cred.DiscardRevocationCache()
	}
59
60
61
62

	// TODO (in both branches): attach our newer updates to response
	if nonrev && cred.NonRevocationWitness.Index >= revupdates[len(revupdates)-1].EndIndex {
		return nonrev, nil
63
	}
64
65
66

	// nonrevocation witness is still out of date after applying the updates from the request,
	// i.e. we were too far behind. Update from revocation server.
67
	revupdates, err := conf.RevocationStorage.GetUpdates(credtype, cred.NonRevocationWitness.Index+1)
68
69
70
	if err != nil {
		return nonrev, err
	}
71
	_, err = conf.RevocationStorage.UpdateWitness(cred.NonRevocationWitness, revupdates, credtype.IssuerIdentifier())
72
	return nonrev, err
73
}