manual_session_test.go 6.52 KB
Newer Older
1
2
3
package irmaclient

import (
4
	"encoding/json"
5
	"math/big"
Sietse Ringers's avatar
Sietse Ringers committed
6
7
	"testing"

8
	"github.com/mhe/gabi"
9
	"github.com/privacybydesign/irmago"
Koen van Ingen's avatar
Koen van Ingen committed
10
	"github.com/privacybydesign/irmago/internal/test"
11
	"github.com/stretchr/testify/require"
12
13
)

14
// Create a ManualSessionHandler for unit tests
15
16
17
18
19
20
21
func createManualSessionHandler(t *testing.T, client *Client) *ManualSessionHandler {
	return &ManualSessionHandler{
		TestHandler: TestHandler{
			t:      t,
			c:      make(chan *SessionResult),
			client: client,
		},
22
23
24
	}
}

25
26
27
28
29
func manualSessionHelper(t *testing.T, client *Client, h *ManualSessionHandler, request string, verifyAs string, corrupt bool) *irma.SignatureProofResult {
	init := client == nil
	if init {
		client = parseStorage(t)
	}
30

31
	client.NewSession(request, h)
32

33
34
35
	result := <-h.c
	if result.Err != nil {
		require.NoError(t, result.Err)
36
37
	}

38
39
40
41
42
43
44
	verifyasRequest := &irma.SignatureRequest{}
	err := json.Unmarshal([]byte(verifyAs), verifyasRequest)
	require.NoError(t, err)
	if corrupt {
		// Interesting: modifying C results in INVALID_CRYPTO; modifying A or an attribute results in INVALID_TIMESTAMP
		i := result.Result.Signature[0].(*gabi.ProofD).C
		i.Add(i, big.NewInt(16))
45
	}
46
	return result.Result.Verify(client.Configuration, verifyasRequest)
47
}
48

49
50
51
52
func TestManualSession(t *testing.T) {
	request := "{\"nonce\": 42, \"context\": 1337, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
	ms := createManualSessionHandler(t, nil)
	result := manualSessionHelper(t, nil, ms, request, request, false)
53

54
55
	require.Equal(t, irma.ProofStatusValid, result.ProofStatus)
	require.Equal(t, irma.AttributeProofStatusPresent, result.ToAttributeResultList()[0].AttributeProofStatus)
56
57
58
59
60
61

	test.ClearTestStorage(t)
}

// Test if proof verification fails with status 'ERROR_CRYPTO' if we verify it with an invalid nonce
func TestManualSessionInvalidNonce(t *testing.T) {
62
63
	request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
	invalidRequest := "{\"nonce\": 1, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
64
65
	ms := createManualSessionHandler(t, nil)
	result := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
66

67
	require.Equal(t, irma.ProofStatusUnmatchedRequest, result.ProofStatus)
68

69
	test.ClearTestStorage(t)
70
71
}

72
73
// Test if proof verification fails with status 'MISSING_ATTRIBUTES' if we provide it with a non-matching signature request
func TestManualSessionInvalidRequest(t *testing.T) {
74
75
	request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
	invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.university\"]}]}"
76
77
78
	ms := createManualSessionHandler(t, nil)
	result := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
	list := result.ToAttributeResultList()
79

80
	require.Equal(t, irma.ProofStatusMissingAttributes, result.ProofStatus)
81
	// First attribute result is MISSING, because it is in the request but not disclosed
82
	require.Equal(t, irma.AttributeProofStatusMissing, list[0].AttributeProofStatus)
83
	// Second attribute result is EXTRA, since it is disclosed, but not matching the sigrequest
84
85
	require.Equal(t, irma.AttributeProofStatusExtra, list[1].AttributeProofStatus)

86
87
88
89
90
	test.ClearTestStorage(t)
}

// Test if proof verification fails with status 'MISSING_ATTRIBUTES' if we provide it with invalid attribute values
func TestManualSessionInvalidAttributeValue(t *testing.T) {
91
92
	request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":{\"irma-demo.RU.studentCard.studentID\": \"456\"}}]}"
	invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":{\"irma-demo.RU.studentCard.studentID\": \"123\"}}]}"
93
94
	ms := createManualSessionHandler(t, nil)
	result := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
95

96
97
	require.Equal(t, irma.ProofStatusMissingAttributes, result.ProofStatus)
	require.Equal(t, irma.AttributeProofStatusInvalidValue, result.ToAttributeResultList()[0].AttributeProofStatus)
98
99
100
101
102

	test.ClearTestStorage(t)
}

func TestManualKeyShareSession(t *testing.T) {
103
	request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"test.test.mijnirma.email\"]}]}"
104
105
	ms := createManualSessionHandler(t, nil)
	result := manualSessionHelper(t, nil, ms, request, request, false)
106

107
	require.Equal(t, irma.ProofStatusValid, result.ProofStatus)
108

109
	test.ClearTestStorage(t)
110
111
112
}

func TestManualSessionMultiProof(t *testing.T) {
113
	client := parseStorage(t)
114

115
	// First, we need to issue an extra credential (BSN)
116
117
	jwtcontents := getIssuanceJwt("testip", true, "")
	sessionHelper(t, jwtcontents, "issue", client)
118
119

	// Request to sign with both BSN and StudentID
120
	request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]},{\"label\":\"BSN\",\"attributes\":[\"irma-demo.MijnOverheid.root.BSN\"]}]}"
121

122
123
	ms := createManualSessionHandler(t, client)
	result := manualSessionHelper(t, client, ms, request, request, false)
124

125
126
127
128
	require.Equal(t, irma.ProofStatusValid, result.ProofStatus)
	list := result.ToAttributeResultList()
	require.Equal(t, irma.AttributeProofStatusPresent, list[0].AttributeProofStatus)
	require.Equal(t, irma.AttributeProofStatusPresent, list[1].AttributeProofStatus)
129

130
	test.ClearTestStorage(t)
131
132
}

133
func TestManualSessionInvalidProof(t *testing.T) {
134
	request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
135
136
	ms := createManualSessionHandler(t, nil)
	result := manualSessionHelper(t, nil, ms, request, request, true)
137

138
	require.Equal(t, irma.ProofStatusInvalidCrypto, result.ProofStatus)
139

140
	test.ClearTestStorage(t)
141
}