revoke.go 2.71 KB
Newer Older
1
2
3
4
5
6
7
package cmd

import (
	"time"

	irma "github.com/privacybydesign/irmago"
	"github.com/privacybydesign/irmago/server"
8
	"github.com/spf13/cobra"
9
10
11
)

var revokeCmd = &cobra.Command{
12
	Use:   "revoke <credentialtype> <key> <url>",
13
	Short: "Revoke a previously issued credential identified by a given key",
14
	Args:  cobra.ExactArgs(3),
15
16
17
18
19
20
21
	Run: func(cmd *cobra.Command, args []string) {
		flags := cmd.Flags()
		schemespath, _ := flags.GetString("schemes-path")
		authmethod, _ := flags.GetString("auth-method")
		key, _ := flags.GetString("key")
		name, _ := flags.GetString("name")
		verbosity, _ := cmd.Flags().GetCount("verbose")
22
		url := args[2]
23
24
25
26
27
28
29

		request := &irma.RevocationRequest{
			LDContext:      irma.LDContextRevocationRequest,
			CredentialType: irma.NewCredentialTypeIdentifier(args[0]),
			Key:            args[1],
		}

30
		postRevocation(request, url, schemespath, authmethod, key, name, verbosity)
31
32
33
	},
}

34
func postRevocation(request *irma.RevocationRequest, url, schemespath, authmethod, key, name string, verbosity int) {
35
	logger.Level = server.Verbosity(verbosity)
36
	irma.SetLogger(logger)
37
38
39
40
41
42
43
44
45
46
47
48
49

	conf, err := irma.NewConfiguration(schemespath, irma.ConfigurationOptions{ReadOnly: true})
	if err != nil {
		die("failed to open irma_configuration", err)
	}
	if err = conf.ParseFolder(); err != nil {
		die("failed to parse irma_configuration", err)
	}

	credtype, known := conf.CredentialTypes[request.CredentialType]
	if !known {
		die("unknown credential type", nil)
	}
50
	if !credtype.RevocationSupported() {
51
52
53
		die("credential type does not support revocation", nil)
	}

54
	transport := irma.NewHTTPTransport(url, false)
55
56
57

	switch authmethod {
	case "none":
58
		err = transport.Post("revocation", nil, request)
59
60
	case "token":
		transport.SetHeader("Authorization", key)
61
		err = transport.Post("revocation", nil, request)
62
63
64
65
66
67
68
69
70
71
72
73
74
	case "hmac", "rsa":
		sk, jwtalg, err := configureJWTKey(authmethod, key)
		j := irma.RevocationJwt{
			ServerJwt: irma.ServerJwt{
				ServerName: name,
				IssuedAt:   irma.Timestamp(time.Now()),
			},
			Request: request,
		}
		jwtstr, err := j.Sign(jwtalg, sk)
		if err != nil {
			die("failed to sign JWT", err)
		}
75
		err = transport.Post("revocation", nil, jwtstr)
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
	default:
		die("Invalid authentication method (must be none, token, hmac or rsa)", nil)
	}

	if err != nil {
		die("failed to post revocation request", err)
	}
}

func init() {
	flags := revokeCmd.Flags()
	flags.StringP("schemes-path", "s", irma.DefaultSchemesPath(), "path to irma_configuration")
	flags.StringP("auth-method", "a", "none", "Authentication method to server (none, token, rsa, hmac)")
	flags.String("key", "", "Key to sign request with")
	flags.String("name", "", "Requestor name")
	flags.CountP("verbose", "v", "verbose (repeatable)")

93
	issuerCmd.AddCommand(revokeCmd)
94
}