api.go 16.2 KB
Newer Older
Sietse Ringers's avatar
Sietse Ringers committed
1
// Package servercore is the core of the IRMA server library, allowing IRMA verifiers, issuers
2 3
// or attribute-based signature applications to perform IRMA sessions with irmaclient instances
// (i.e. the IRMA app). It exposes a small interface to expose to other programming languages
Sietse Ringers's avatar
Sietse Ringers committed
4
// through cgo. It is used by the irmaserver package but otherwise not meant for use in Go.
5
package servercore
6 7 8

import (
	"encoding/json"
9
	"io/ioutil"
10
	"net/http"
11
	"path/filepath"
12
	"regexp"
13
	"strings"
14
	"time"
15 16

	"github.com/go-errors/errors"
17
	"github.com/jasonlvhit/gocron"
18 19
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
20
	"github.com/privacybydesign/irmago"
21
	"github.com/privacybydesign/irmago/internal/fs"
Sietse Ringers's avatar
Sietse Ringers committed
22
	"github.com/privacybydesign/irmago/server"
23
	"github.com/sirupsen/logrus"
24 25
)

26
type Server struct {
27 28 29 30
	conf          *server.Configuration
	sessions      sessionStore
	scheduler     *gocron.Scheduler
	stopScheduler chan bool
31 32 33 34 35 36 37
}

func New(conf *server.Configuration) (*Server, error) {
	s := &Server{
		conf:      conf,
		scheduler: gocron.NewScheduler(),
		sessions: &memorySessionStore{
38 39 40
			requestor: make(map[string]*session),
			client:    make(map[string]*session),
			conf:      conf,
41 42 43 44 45
		},
	}
	s.scheduler.Every(10).Seconds().Do(func() {
		s.sessions.deleteExpired()
	})
46
	s.stopScheduler = s.scheduler.Start()
47 48 49

	return s, s.verifyConfiguration(s.conf)
}
50

51
func (s *Server) Stop() {
52 53 54
	if err := s.conf.IrmaConfiguration.Close(); err != nil {
		_ = server.LogWarning(err)
	}
55 56 57 58
	s.stopScheduler <- true
	s.sessions.stop()
}

59
func (s *Server) verifyIrmaConf(configuration *server.Configuration) error {
60
	if s.conf.IrmaConfiguration == nil {
61 62 63 64 65
		var (
			err    error
			exists bool
		)
		if s.conf.SchemesPath == "" {
66
			s.conf.SchemesPath = irma.DefaultSchemesPath() // Returns an existing path
67 68 69 70 71
		}
		if exists, err = fs.PathExists(s.conf.SchemesPath); err != nil {
			return server.LogError(err)
		}
		if !exists {
72
			return server.LogError(errors.Errorf("Nonexisting schemes_path provided: %s", s.conf.SchemesPath))
73
		}
74
		s.conf.Logger.WithField("schemes_path", s.conf.SchemesPath).Info("Determined schemes path")
75 76
		if s.conf.SchemesAssetsPath == "" {
			s.conf.IrmaConfiguration, err = irma.NewConfiguration(s.conf.SchemesPath)
77
		} else {
78
			s.conf.IrmaConfiguration, err = irma.NewConfigurationFromAssets(s.conf.SchemesPath, s.conf.SchemesAssetsPath)
79
		}
80
		if err != nil {
81
			return server.LogError(err)
82
		}
83
		if err = s.conf.IrmaConfiguration.ParseFolder(); err != nil {
84
			return server.LogError(err)
85
		}
86 87 88 89
		if err = fs.EnsureDirectoryExists(s.conf.RevocationPath); err != nil {
			return server.LogError(err)
		}
		s.conf.IrmaConfiguration.RevocationPath = s.conf.RevocationPath
90 91
	}

92
	if len(s.conf.IrmaConfiguration.SchemeManagers) == 0 {
93 94 95
		s.conf.Logger.Infof("No schemes found in %s, downloading default (irma-demo and pbdf)", s.conf.SchemesPath)
		if err := s.conf.IrmaConfiguration.DownloadDefaultSchemes(); err != nil {
			return server.LogError(err)
96
		}
97
	}
98

99
	if !s.conf.DisableSchemesUpdate {
100 101 102
		if s.conf.SchemesUpdateInterval == 0 {
			s.conf.SchemesUpdateInterval = 60
		}
103
		s.conf.IrmaConfiguration.AutoUpdateSchemes(uint(s.conf.SchemesUpdateInterval))
104 105
	} else {
		s.conf.SchemesUpdateInterval = 0
Sietse Ringers's avatar
Sietse Ringers committed
106 107
	}

108 109 110 111
	return nil
}

func (s *Server) verifyPrivateKeys(configuration *server.Configuration) error {
112 113
	if s.conf.IssuerPrivateKeys == nil {
		s.conf.IssuerPrivateKeys = make(map[irma.IssuerIdentifier]*gabi.PrivateKey)
114
	}
115 116
	if s.conf.IssuerPrivateKeysPath != "" {
		files, err := ioutil.ReadDir(s.conf.IssuerPrivateKeysPath)
117
		if err != nil {
118
			return server.LogError(err)
119 120 121
		}
		for _, file := range files {
			filename := file.Name()
122 123
			if filepath.Ext(filename) != ".xml" || filename[0] == '.' || strings.Count(filename, ".") != 2 {
				s.conf.Logger.WithField("file", filename).Infof("Skipping non-private key file encountered in private keys path")
124 125
				continue
			}
126
			issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
127
			if _, ok := s.conf.IrmaConfiguration.Issuers[issid]; !ok {
128
				return server.LogError(errors.Errorf("Private key %s belongs to an unknown issuer", filename))
129
			}
130
			sk, err := gabi.NewPrivateKeyFromFile(filepath.Join(s.conf.IssuerPrivateKeysPath, filename))
131
			if err != nil {
132
				return server.LogError(err)
133
			}
134
			s.conf.IssuerPrivateKeys[issid] = sk
135 136
		}
	}
137 138
	for issid, sk := range s.conf.IssuerPrivateKeys {
		pk, err := s.conf.IrmaConfiguration.PublicKey(issid, int(sk.Counter))
139
		if err != nil {
140
			return server.LogError(err)
141 142
		}
		if pk == nil {
143
			return server.LogError(errors.Errorf("Missing public key belonging to private key %s-%d", issid.String(), sk.Counter))
144 145
		}
		if new(big.Int).Mul(sk.P, sk.Q).Cmp(pk.N) != 0 {
146
			return server.LogError(errors.Errorf("Private key %s-%d does not belong to corresponding public key", issid.String(), sk.Counter))
147 148
		}
	}
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
	for issid := range s.conf.IrmaConfiguration.Issuers {
		sk, err := s.conf.PrivateKey(issid)
		if err != nil {
			return server.LogError(err)
		}
		if sk == nil || !sk.RevocationSupported() {
			continue
		}
		for credid, credtype := range s.conf.IrmaConfiguration.CredentialTypes {
			if credtype.IssuerIdentifier() != issid || !credtype.SupportsRevocation {
				continue
			}
			db, err := s.conf.IrmaConfiguration.RevocationDB(credid)
			if err != nil {
				return server.LogError(err)
			}
165 166 167 168 169 170
			if !db.Enabled() {
				s.conf.Logger.WithFields(logrus.Fields{"cred": credid}).Warn("revocation supported in scheme but not enabled")
			} else {
				if err = db.LoadCurrent(); err != nil {
					return server.LogError(err)
				}
171 172 173
			}
		}
	}
174

175 176 177 178
	return nil
}

func (s *Server) verifyURL(configuration *server.Configuration) error {
179 180 181
	if s.conf.URL != "" {
		if !strings.HasSuffix(s.conf.URL, "/") {
			s.conf.URL = s.conf.URL + "/"
182
		}
183 184 185 186 187 188 189 190 191 192
		if !strings.HasPrefix(s.conf.URL, "https://") {
			if !s.conf.Production || s.conf.DisableTLS {
				s.conf.DisableTLS = true
				s.conf.Logger.Warnf("TLS is not enabled on the url \"%s\" to which the IRMA app will connect. "+
					"Ensure that attributes are encrypted in transit by either enabling TLS or adding TLS in a reverse proxy.", s.conf.URL)
			} else {
				return server.LogError(errors.Errorf("Running without TLS in production mode is unsafe without a reverse proxy. " +
					"Either use a https:// URL or explicitly disable TLS."))
			}
		}
193
	} else {
194
		s.conf.Logger.Warn("No url parameter specified in configuration; unless an url is elsewhere prepended in the QR, the IRMA client will not be able to connect")
195
	}
196 197
	return nil
}
198

199
func (s *Server) verifyEmail(configuration *server.Configuration) error {
Sietse Ringers's avatar
Sietse Ringers committed
200 201 202 203 204
	if s.conf.Email != "" {
		// Very basic sanity checks
		if !strings.Contains(s.conf.Email, "@") || strings.Contains(s.conf.Email, "\n") {
			return server.LogError(errors.New("Invalid email address specified"))
		}
Sietse Ringers's avatar
Sietse Ringers committed
205
		t := irma.NewHTTPTransport("https://metrics.privacybydesign.foundation/history")
Sietse Ringers's avatar
Sietse Ringers committed
206 207
		t.SetHeader("User-Agent", "irmaserver")
		var x string
Sietse Ringers's avatar
Sietse Ringers committed
208
		_ = t.Post("email", &x, s.conf.Email)
Sietse Ringers's avatar
Sietse Ringers committed
209
	}
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225
	return nil
}

func (s *Server) verifyConfiguration(configuration *server.Configuration) error {
	if s.conf.Logger == nil {
		s.conf.Logger = server.NewLogger(s.conf.Verbose, s.conf.Quiet, s.conf.LogJSON)
	}
	server.Logger = s.conf.Logger
	irma.Logger = s.conf.Logger

	// loop to avoid repetetive err != nil line triplets
	for _, f := range []func(*server.Configuration) error{s.verifyIrmaConf, s.verifyPrivateKeys, s.verifyURL, s.verifyEmail} {
		if err := f(configuration); err != nil {
			return err
		}
	}
Sietse Ringers's avatar
Sietse Ringers committed
226

227 228 229
	return nil
}

230
func (s *Server) validateRequest(request irma.SessionRequest) error {
231 232 233 234
	if _, err := s.conf.IrmaConfiguration.Download(request); err != nil {
		return err
	}
	return request.Disclosure().Disclose.Validate(s.conf.IrmaConfiguration)
235 236
}

237
func (s *Server) StartSession(req interface{}) (*irma.Qr, string, error) {
238 239
	rrequest, err := server.ParseSessionRequest(req)
	if err != nil {
240
		return nil, "", err
241
	}
242 243 244

	request := rrequest.SessionRequest()
	action := request.Action()
245

Leon's avatar
Leon committed
246 247 248 249
	if err := s.validateRequest(request); err != nil {
		return nil, "", err
	}

250
	if action == irma.ActionIssuing {
251
		if err := s.validateIssuanceRequest(request.(*irma.IssuanceRequest)); err != nil {
252
			return nil, "", err
253 254 255
		}
	}

256 257 258 259
	session := s.newSession(action, rrequest)
	s.conf.Logger.WithFields(logrus.Fields{"action": action, "session": session.token}).Infof("Session started")
	if s.conf.Logger.IsLevelEnabled(logrus.DebugLevel) {
		s.conf.Logger.WithFields(logrus.Fields{"session": session.token}).Info("Session request: ", server.ToJson(rrequest))
260
	} else {
261
		s.conf.Logger.WithFields(logrus.Fields{"session": session.token}).Info("Session request (purged of attribute values): ", server.ToJson(purgeRequest(rrequest)))
262
	}
263 264
	return &irma.Qr{
		Type: action,
265
		URL:  s.conf.URL + "session/" + session.clientToken,
266 267 268
	}, session.token, nil
}

269 270
func (s *Server) GetSessionResult(token string) *server.SessionResult {
	session := s.sessions.get(token)
271
	if session == nil {
272
		s.conf.Logger.Warn("Session result requested of unknown session ", token)
Sietse Ringers's avatar
Sietse Ringers committed
273 274 275 276 277
		return nil
	}
	return session.result
}

278 279
func (s *Server) GetRequest(token string) irma.RequestorRequest {
	session := s.sessions.get(token)
280
	if session == nil {
281
		s.conf.Logger.Warn("Session request requested of unknown session ", token)
282 283 284 285 286
		return nil
	}
	return session.rrequest
}

287 288
func (s *Server) CancelSession(token string) error {
	session := s.sessions.get(token)
289
	if session == nil {
290
		return server.LogError(errors.Errorf("can't cancel unknown session %s", token))
291 292 293 294 295
	}
	session.handleDelete()
	return nil
}

296
func ParsePath(path string) (string, string, error) {
297
	pattern := regexp.MustCompile("session/(\\w+)/?(|commitments|proofs|status|statusevents)$")
298 299 300 301 302 303 304
	matches := pattern.FindStringSubmatch(path)
	if len(matches) != 3 {
		return "", "", server.LogWarning(errors.Errorf("Invalid URL: %s", path))
	}
	return matches[1], matches[2], nil
}

305
func (s *Server) SubscribeServerSentEvents(w http.ResponseWriter, r *http.Request, token string, requestor bool) error {
306 307 308 309
	if !s.conf.EnableSSE {
		return errors.New("Server sent events disabled")
	}

310 311 312 313 314 315
	var session *session
	if requestor {
		session = s.sessions.get(token)
	} else {
		session = s.sessions.clientGet(token)
	}
316 317 318 319 320 321 322 323 324
	if session == nil {
		return server.LogError(errors.Errorf("can't subscribe to server sent events of unknown session %s", token))
	}
	if session.status.Finished() {
		return server.LogError(errors.Errorf("can't subscribe to server sent events of finished session %s", token))
	}

	session.Lock()
	defer session.Unlock()
325 326 327 328 329 330 331 332 333 334 335 336 337

	// The EventSource.onopen Javascript callback is not consistently called across browsers (Chrome yes, Firefox+Safari no).
	// However, when the SSE connection has been opened the webclient needs some signal so that it can early detect SSE failures.
	// So we manually send an "open" event. Unfortunately:
	// - we need to give the webclient that connected just now some time, otherwise it will miss the "open" event
	// - the "open" event also goes to all other webclients currently listening, as we have no way to send this
	//   event to just the webclient currently listening. (Thus the handler of this "open" event must be idempotent.)
	evtSource := session.eventSource()
	go func() {
		time.Sleep(200 * time.Millisecond)
		evtSource.SendEventMessage("", "open", "")
	}()
	evtSource.ServeHTTP(w, r)
338 339 340
	return nil
}

341
func (s *Server) HandleProtocolMessage(
342 343 344 345
	path string,
	method string,
	headers map[string][]string,
	message []byte,
346 347 348 349
) (int, []byte, *server.SessionResult) {
	var start time.Time
	if s.conf.Verbose >= 2 {
		start = time.Now()
350
		server.LogRequest("client", method, path, "", http.Header(headers), message)
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366
	}

	status, output, result := s.handleProtocolMessage(path, method, headers, message)

	if s.conf.Verbose >= 2 {
		server.LogResponse(status, time.Now().Sub(start), output)
	}

	return status, output, result
}

func (s *Server) handleProtocolMessage(
	path string,
	method string,
	headers map[string][]string,
	message []byte,
Sietse Ringers's avatar
Sietse Ringers committed
367
) (status int, output []byte, result *server.SessionResult) {
368 369 370 371 372 373 374 375 376
	// Parse path into session and action
	if len(path) > 0 { // Remove any starting and trailing slash
		if path[0] == '/' {
			path = path[1:]
		}
		if path[len(path)-1] == '/' {
			path = path[:len(path)-1]
		}
	}
377

378 379 380
	token, noun, err := ParsePath(path)
	if err != nil {
		status, output = server.JsonResponse(nil, server.RemoteError(server.ErrorUnsupported, ""))
381
		return
382 383
	}

Sietse Ringers's avatar
Sietse Ringers committed
384
	// Fetch the session
385
	session := s.sessions.clientGet(token)
386
	if session == nil {
387
		s.conf.Logger.WithField("clientToken", token).Warn("Session not found")
Sietse Ringers's avatar
Sietse Ringers committed
388
		status, output = server.JsonResponse(nil, server.RemoteError(server.ErrorSessionUnknown, ""))
389
		return
390
	}
391 392
	session.Lock()
	defer session.Unlock()
393

394 395
	// However we return, if the session status has been updated
	// then we should inform the user by returning a SessionResult
396
	defer func() {
397 398
		if session.status != session.prevStatus {
			session.prevStatus = session.status
399 400 401 402
			result = session.result
		}
	}()

403
	// Route to handler
404
	switch len(noun) {
405
	case 0:
406
		if method == http.MethodDelete {
407 408 409
			session.handleDelete()
			status = http.StatusOK
			return
410
		}
411
		if method == http.MethodGet {
412 413 414 415
			status, output = session.checkCache(message, server.StatusConnected)
			if len(output) != 0 {
				return
			}
416 417 418 419
			h := http.Header(headers)
			min := &irma.ProtocolVersion{}
			max := &irma.ProtocolVersion{}
			if err := json.Unmarshal([]byte(h.Get(irma.MinVersionHeader)), min); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
420
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
421
				return
422 423
			}
			if err := json.Unmarshal([]byte(h.Get(irma.MaxVersionHeader)), max); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
424
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
425
				return
426
			}
Sietse Ringers's avatar
Sietse Ringers committed
427
			status, output = server.JsonResponse(session.handleGetRequest(min, max))
428
			session.responseCache = responseCache{message: message, response: output, status: status, sessionStatus: server.StatusConnected}
429
			return
430
		}
Sietse Ringers's avatar
Sietse Ringers committed
431
		status, output = server.JsonResponse(nil, session.fail(server.ErrorInvalidRequest, ""))
432
		return
433

434
	default:
435 436 437 438 439 440
		if noun == "statusevents" {
			err := server.RemoteError(server.ErrorInvalidRequest, "server sent events not supported by this server")
			status, output = server.JsonResponse(nil, err)
			return
		}

441 442
		if method == http.MethodGet && noun == "status" {
			status, output = server.JsonResponse(session.handleGetStatus())
Sietse Ringers's avatar
Sietse Ringers committed
443
			return
444 445 446
		}

		// Below are only POST enpoints
447
		if method != http.MethodPost {
Sietse Ringers's avatar
Sietse Ringers committed
448
			status, output = server.JsonResponse(nil, session.fail(server.ErrorInvalidRequest, ""))
Sietse Ringers's avatar
Sietse Ringers committed
449 450 451
			return
		}

452
		if noun == "commitments" && session.action == irma.ActionIssuing {
453 454 455 456
			status, output = session.checkCache(message, server.StatusDone)
			if len(output) != 0 {
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
457
			commitments := &irma.IssueCommitmentMessage{}
458 459
			if err = irma.UnmarshalValidate(message, commitments); err != nil {
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
460
				return
461
			}
Sietse Ringers's avatar
Sietse Ringers committed
462
			status, output = server.JsonResponse(session.handlePostCommitments(commitments))
463
			session.responseCache = responseCache{message: message, response: output, status: status, sessionStatus: server.StatusDone}
Sietse Ringers's avatar
Sietse Ringers committed
464 465
			return
		}
466

467
		if noun == "proofs" && session.action == irma.ActionDisclosing {
468 469 470 471 472 473 474
			status, output = session.checkCache(message, server.StatusDone)
			if len(output) != 0 {
				return
			}
			disclosure := &irma.Disclosure{}
			if err = irma.UnmarshalValidate(message, disclosure); err != nil {
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
475
				return
476
			}
Sietse Ringers's avatar
Sietse Ringers committed
477
			status, output = server.JsonResponse(session.handlePostDisclosure(disclosure))
478
			session.responseCache = responseCache{message: message, response: output, status: status, sessionStatus: server.StatusDone}
Sietse Ringers's avatar
Sietse Ringers committed
479 480
			return
		}
481

482
		if noun == "proofs" && session.action == irma.ActionSigning {
483 484 485 486
			status, output = session.checkCache(message, server.StatusDone)
			if len(output) != 0 {
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
487
			signature := &irma.SignedMessage{}
488 489
			if err = irma.UnmarshalValidate(message, signature); err != nil {
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
490
				return
491
			}
Sietse Ringers's avatar
Sietse Ringers committed
492
			status, output = server.JsonResponse(session.handlePostSignature(signature))
493
			session.responseCache = responseCache{message: message, response: output, status: status, sessionStatus: server.StatusDone}
494
			return
495
		}
Sietse Ringers's avatar
Sietse Ringers committed
496

Sietse Ringers's avatar
Sietse Ringers committed
497
		status, output = server.JsonResponse(nil, session.fail(server.ErrorInvalidRequest, ""))
498
		return
499 500
	}
}