irmaconfig.go 33 KB
Newer Older
1
package irma
2
3
4
5
6
7
8

import (
	"encoding/base64"
	"encoding/xml"
	"io/ioutil"
	"os"
	"path/filepath"
9
	"reflect"
10
	"regexp"
11
12
	"strconv"

13
14
	"crypto/sha256"

15
16
17
18
	"fmt"

	"strings"

19
20
21
22
23
24
25
26
27
28
29
30
	"sort"

	"bytes"

	"encoding/hex"

	"crypto/ecdsa"
	"crypto/x509"
	"encoding/asn1"
	"encoding/pem"
	"math/big"

31
	"github.com/go-errors/errors"
32
	"github.com/mhe/gabi"
33
	"github.com/privacybydesign/irmago/internal/fs"
34
35
)

36
// Configuration keeps track of scheme managers, issuers, credential types and public keys,
37
// dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.
38
type Configuration struct {
39
40
41
	SchemeManagers  map[SchemeManagerIdentifier]*SchemeManager
	Issuers         map[IssuerIdentifier]*Issuer
	CredentialTypes map[CredentialTypeIdentifier]*CredentialType
42

Sietse Ringers's avatar
Sietse Ringers committed
43
44
45
	// Path to the irma_configuration folder that this instance represents
	Path string

46
47
48
	// DisabledSchemeManagers keeps track of scheme managers that did not parse  succesfully
	// (i.e., invalid signature, parsing error), and the problem that occurred when parsing them
	DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError
49

50
51
	Warnings []string

52
	publicKeys    map[IssuerIdentifier]map[int]*gabi.PublicKey
53
	reverseHashes map[string]CredentialTypeIdentifier
54
	initialized   bool
55
	assets        string
56
57
}

Sietse Ringers's avatar
Sietse Ringers committed
58
59
// ConfigurationFileHash encodes the SHA256 hash of an authenticated
// file under a scheme manager within the configuration folder.
60
61
type ConfigurationFileHash []byte

Sietse Ringers's avatar
Sietse Ringers committed
62
63
// SchemeManagerIndex is a (signed) list of files under a scheme manager
// along with their SHA266 hash
64
65
type SchemeManagerIndex map[string]ConfigurationFileHash

66
67
type SchemeManagerStatus string

68
69
type SchemeManagerError struct {
	Manager SchemeManagerIdentifier
70
	Status  SchemeManagerStatus
71
72
73
	Err     error
}

74
75
76
77
78
79
80
const (
	SchemeManagerStatusValid               = SchemeManagerStatus("Valid")
	SchemeManagerStatusUnprocessed         = SchemeManagerStatus("Unprocessed")
	SchemeManagerStatusInvalidIndex        = SchemeManagerStatus("InvalidIndex")
	SchemeManagerStatusInvalidSignature    = SchemeManagerStatus("InvalidSignature")
	SchemeManagerStatusParsingError        = SchemeManagerStatus("ParsingError")
	SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError")
81
82

	pubkeyPattern = "%s/%s/%s/PublicKeys/*.xml"
83
84
)

85
86
87
88
func (sme SchemeManagerError) Error() string {
	return fmt.Sprintf("Error parsing scheme manager %s: %s", sme.Manager.Name(), sme.Err.Error())
}

89
// NewConfiguration returns a new configuration. After this
90
// ParseFolder() should be called to parse the specified path.
91
92
func NewConfiguration(path string, assets string) (conf *Configuration, err error) {
	conf = &Configuration{
Sietse Ringers's avatar
Sietse Ringers committed
93
		Path:   path,
94
		assets: assets,
95
	}
96

97
98
99
100
	if conf.assets != "" { // If an assets folder is specified, then it must exist
		if err = fs.AssertPathExists(conf.assets); err != nil {
			return nil, errors.WrapPrefix(err, "Nonexistent assets folder specified", 0)
		}
101
	}
102
	if err = fs.EnsureDirectoryExists(conf.Path); err != nil {
103
104
		return nil, err
	}
105

106
107
108
	// Init all maps
	conf.clear()

109
110
111
	return
}

112
func (conf *Configuration) clear() {
113
114
115
	conf.SchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManager)
	conf.Issuers = make(map[IssuerIdentifier]*Issuer)
	conf.CredentialTypes = make(map[CredentialTypeIdentifier]*CredentialType)
116
	conf.DisabledSchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManagerError)
117
	conf.publicKeys = make(map[IssuerIdentifier]map[int]*gabi.PublicKey)
118
	conf.reverseHashes = make(map[string]CredentialTypeIdentifier)
119
120
121
122
123
124
125
}

// ParseFolder populates the current Configuration by parsing the storage path,
// listing the containing scheme managers, issuers and credential types.
func (conf *Configuration) ParseFolder() (err error) {
	// Init all maps
	conf.clear()
126

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
	// Copy any new or updated scheme managers out of the assets into storage
	if conf.assets != "" {
		err = iterateSubfolders(conf.assets, func(dir string) error {
			scheme := NewSchemeManagerIdentifier(filepath.Base(dir))
			uptodate, err := conf.isUpToDate(scheme)
			if err != nil {
				return err
			}
			if !uptodate {
				_, err = conf.CopyManagerFromAssets(scheme)
			}
			return err
		})
		if err != nil {
			return err
		}
	}

	// Parse scheme managers in storage
146
	var mgrerr *SchemeManagerError
Sietse Ringers's avatar
Sietse Ringers committed
147
	err = iterateSubfolders(conf.Path, func(dir string) error {
148
149
		manager := NewSchemeManager(filepath.Base(dir))
		err := conf.ParseSchemeManagerFolder(dir, manager)
150
151
		if err == nil {
			return nil // OK, do next scheme manager folder
152
		}
153
154
155
156
		// If there is an error, and it is of type SchemeManagerError, return nil
		// so as to continue parsing other managers.
		var ok bool
		if mgrerr, ok = err.(*SchemeManagerError); ok {
157
			conf.DisabledSchemeManagers[manager.Identifier()] = mgrerr
158
			return nil
159
		}
160
		return err // Not a SchemeManagerError? return it & halt parsing now
161
162
	})
	if err != nil {
163
		return
164
	}
165
	conf.initialized = true
166
167
168
	if mgrerr != nil {
		return mgrerr
	}
169
	return
170
171
}

172
173
174
175
176
177
178
// ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore
// any broken scheme managers from their remote.
// Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError;
// In this case the scheme in which it occured is downloaded from its remote and re-parsed.
// If any other error is encountered at any time, it is returned immediately.
// If no error is returned, parsing and possibly restoring has been succesfull, and there should be no
// disabled scheme managers.
179
180
func (conf *Configuration) ParseOrRestoreFolder() error {
	err := conf.ParseFolder()
181
182
183
	// Only in case of a *SchemeManagerError might we be able to recover
	if _, isSchemeMgrErr := err.(*SchemeManagerError); !isSchemeMgrErr {
		return err
184
	}
185
186

	for id := range conf.DisabledSchemeManagers {
187
188
189
190
191
192
193
194
195
		if err = conf.ReinstallSchemeManager(conf.SchemeManagers[id]); err == nil {
			continue
		}
		if _, err = conf.CopyManagerFromAssets(id); err != nil {
			return err // File system error, too serious, bail out now
		}
		name := id.String()
		if err = conf.ParseSchemeManagerFolder(filepath.Join(conf.Path, name), NewSchemeManager(name)); err == nil {
			delete(conf.DisabledSchemeManagers, id)
196
		}
197
	}
198

199
200
201
	return err
}

202
// ParseSchemeManagerFolder parses the entire tree of the specified scheme manager
203
// If err != nil then a problem occured
204
func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeManager) (err error) {
205
206
207
208
209
210
211
	// From this point, keep it in our map even if it has an error. The user must check either:
	// - manager.Status == SchemeManagerStatusValid, aka "VALID"
	// - or equivalently, manager.Valid == true
	// before using any scheme manager for anything, and handle accordingly
	conf.SchemeManagers[manager.Identifier()] = manager

	// Ensure we return a SchemeManagerError when any error occurs
212
213
	defer func() {
		if err != nil {
214
215
216
217
218
			err = &SchemeManagerError{
				Manager: manager.Identifier(),
				Err:     err,
				Status:  manager.Status,
			}
219
220
221
		}
	}()

222
223
	// Verify signature and read scheme manager description
	if err = conf.VerifySignature(manager.Identifier()); err != nil {
224
225
		return
	}
226
	if manager.index, err = conf.parseIndex(filepath.Base(dir), manager); err != nil {
227
228
		manager.Status = SchemeManagerStatusInvalidIndex
		return
229
	}
230
231
232
233
234
	exists, err := conf.pathToDescription(manager, dir+"/description.xml", manager)
	if !exists {
		manager.Status = SchemeManagerStatusParsingError
		return errors.New("Scheme manager description not found")
	}
235
236
237
	if err != nil {
		manager.Status = SchemeManagerStatusParsingError
		return
238
	}
239
240
	if err = conf.checkScheme(manager, dir); err != nil {
		return
241
	}
242
243
244
245
246
247
248

	// Verify that all other files are validly signed
	err = conf.VerifySchemeManager(manager)
	if err != nil {
		manager.Status = SchemeManagerStatusInvalidSignature
		return
	}
249

250
	// Read timestamp indicating time of last modification
251
252
253
	ts, exists, err := readTimestamp(dir + "/timestamp")
	if err != nil || !exists {
		return errors.WrapPrefix(err, "Could not read scheme manager timestamp", 0)
254
	}
255
	manager.Timestamp = *ts
256

257
	// Parse contained issuers and credential types
258
	err = conf.parseIssuerFolders(manager, dir)
259
260
261
262
263
264
	if err != nil {
		manager.Status = SchemeManagerStatusContentParsingError
		return
	}
	manager.Status = SchemeManagerStatusValid
	manager.Valid = true
265
266
267
	return
}

268
269
270
271
func relativePath(absolute string, relative string) string {
	return relative[len(absolute)+1:]
}

272
273
274
275
// PublicKey returns the specified public key, or nil if not present in the Configuration.
func (conf *Configuration) PublicKey(id IssuerIdentifier, counter int) (*gabi.PublicKey, error) {
	if _, contains := conf.publicKeys[id]; !contains {
		conf.publicKeys[id] = map[int]*gabi.PublicKey{}
276
		if err := conf.parseKeysFolder(conf.SchemeManagers[id.SchemeManagerIdentifier()], id); err != nil {
277
			return nil, err
278
279
		}
	}
280
	return conf.publicKeys[id][counter], nil
281
282
}

283
func (conf *Configuration) addReverseHash(credid CredentialTypeIdentifier) {
284
	hash := sha256.Sum256([]byte(credid.String()))
285
	conf.reverseHashes[base64.StdEncoding.EncodeToString(hash[:16])] = credid
286
287
}

288
289
290
func (conf *Configuration) hashToCredentialType(hash []byte) *CredentialType {
	if str, exists := conf.reverseHashes[base64.StdEncoding.EncodeToString(hash)]; exists {
		return conf.CredentialTypes[str]
291
292
293
294
	}
	return nil
}

295
// IsInitialized indicates whether this instance has successfully been initialized.
296
297
func (conf *Configuration) IsInitialized() bool {
	return conf.initialized
298
299
}

300
301
302
303
304
305
306
307
308
// Prune removes any invalid scheme managers and everything they own from this Configuration
func (conf *Configuration) Prune() {
	for _, manager := range conf.SchemeManagers {
		if !manager.Valid {
			_ = conf.RemoveSchemeManager(manager.Identifier(), false) // does not return errors
		}
	}
}

309
func (conf *Configuration) parseIssuerFolders(manager *SchemeManager, path string) error {
310
311
	return iterateSubfolders(path, func(dir string) error {
		issuer := &Issuer{}
312
		exists, err := conf.pathToDescription(manager, dir+"/description.xml", issuer)
313
314
315
		if err != nil {
			return err
		}
316
317
		if !exists {
			return nil
318
		}
319
320
321
		if issuer.XMLVersion < 4 {
			return errors.New("Unsupported issuer description")
		}
322

323
		if err = conf.checkIssuer(manager, issuer, dir); err != nil {
324
325
326
			return err
		}

327
		conf.Issuers[issuer.Identifier()] = issuer
328
		issuer.Valid = conf.SchemeManagers[issuer.SchemeManagerIdentifier()].Valid
329
		return conf.parseCredentialsFolder(manager, issuer, dir+"/Issues/")
330
331
332
	})
}

333
334
335
func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error {
	delete(conf.SchemeManagers, id)
	delete(conf.DisabledSchemeManagers, id)
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
	name := id.String()
	for iss := range conf.Issuers {
		if iss.Root() == name {
			delete(conf.Issuers, iss)
		}
	}
	for iss := range conf.publicKeys {
		if iss.Root() == name {
			delete(conf.publicKeys, iss)
		}
	}
	for cred := range conf.CredentialTypes {
		if cred.Root() == name {
			delete(conf.CredentialTypes, cred)
		}
	}
352
353
354
	return os.RemoveAll(filepath.Join(conf.Path, id.Name()))
}

355
// parse $schememanager/$issuer/PublicKeys/$i.xml for $i = 1, ...
356
func (conf *Configuration) parseKeysFolder(manager *SchemeManager, issuerid IssuerIdentifier) error {
357
	path := fmt.Sprintf(pubkeyPattern, conf.Path, issuerid.SchemeManagerIdentifier().Name(), issuerid.Name())
358
359
360
361
362
363
364
365
366
367
368
	files, err := filepath.Glob(path)
	if err != nil {
		return err
	}

	for _, file := range files {
		filename := filepath.Base(file)
		count := filename[:len(filename)-4]
		i, err := strconv.Atoi(count)
		if err != nil {
			continue
369
		}
Sietse Ringers's avatar
Sietse Ringers committed
370
		bts, found, err := conf.ReadAuthenticatedFile(manager, relativePath(conf.Path, file))
371
		if err != nil || !found {
372
373
374
			return err
		}
		pk, err := gabi.NewPublicKeyFromBytes(bts)
375
376
377
		if err != nil {
			return err
		}
378
		pk.Issuer = issuerid.String()
379
		conf.publicKeys[issuerid][i] = pk
380
	}
381

382
383
384
	return nil
}

385
// parse $schememanager/$issuer/Issues/*/description.xml
386
387
388
func (conf *Configuration) parseCredentialsFolder(manager *SchemeManager, issuer *Issuer, path string) error {
	var foundcred bool
	err := iterateSubfolders(path, func(dir string) error {
389
		cred := &CredentialType{}
390
		exists, err := conf.pathToDescription(manager, dir+"/description.xml", cred)
391
392
393
		if err != nil {
			return err
		}
394
395
396
		if !exists {
			return nil
		}
397
		if err = conf.checkCredentialType(manager, issuer, cred, dir); err != nil {
398
399
400
401
			return err
		}
		foundcred = true
		cred.Valid = conf.SchemeManagers[cred.SchemeManagerIdentifier()].Valid
402
		credid := cred.Identifier()
403
404
		conf.CredentialTypes[credid] = cred
		conf.addReverseHash(credid)
405
406
		return nil
	})
407
408
409
410
411
412
	if !foundcred {
		conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no credential types", issuer.Identifier().String()))
	}
	return err
}

413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
// iterateSubfolders iterates over the subfolders of the specified path,
// calling the specified handler each time. If anything goes wrong, or
// if the caller returns a non-nil error, an error is immediately returned.
func iterateSubfolders(path string, handler func(string) error) error {
	dirs, err := filepath.Glob(path + "/*")
	if err != nil {
		return err
	}

	for _, dir := range dirs {
		stat, err := os.Stat(dir)
		if err != nil {
			return err
		}
		if !stat.IsDir() {
			continue
		}
430
431
432
		if strings.HasSuffix(dir, "/.git") {
			continue
		}
433
434
435
436
437
438
439
440
441
		err = handler(dir)
		if err != nil {
			return err
		}
	}

	return nil
}

442
func (conf *Configuration) pathToDescription(manager *SchemeManager, path string, description interface{}) (bool, error) {
443
444
445
446
	if _, err := os.Stat(path); err != nil {
		return false, nil
	}

Sietse Ringers's avatar
Sietse Ringers committed
447
	bts, found, err := conf.ReadAuthenticatedFile(manager, relativePath(conf.Path, path))
448
449
450
	if !found {
		return false, nil
	}
451
452
453
454
	if err != nil {
		return true, err
	}

455
	err = xml.Unmarshal(bts, description)
456
457
458
459
460
461
	if err != nil {
		return true, err
	}

	return true, nil
}
462

463
464
465
466
467
// Contains checks if the configuration contains the specified credential type.
func (conf *Configuration) Contains(cred CredentialTypeIdentifier) bool {
	return conf.SchemeManagers[cred.IssuerIdentifier().SchemeManagerIdentifier()] != nil &&
		conf.Issuers[cred.IssuerIdentifier()] != nil &&
		conf.CredentialTypes[cred] != nil
468
}
469

470
func (conf *Configuration) isUpToDate(scheme SchemeManagerIdentifier) (bool, error) {
471
472
473
	if conf.assets == "" {
		return true, nil
	}
474
475
476
477
	name := scheme.String()
	newTime, exists, err := readTimestamp(filepath.Join(conf.assets, name, "timestamp"))
	if err != nil || !exists {
		return true, errors.WrapPrefix(err, "Could not read asset timestamp of scheme "+name, 0)
478
	}
479
480
481
482
	// The storage version of the manager does not need to have a timestamp. If it does not, it is outdated.
	oldTime, exists, err := readTimestamp(filepath.Join(conf.Path, name, "timestamp"))
	if err != nil {
		return true, err
483
	}
484
	return exists && !newTime.After(*oldTime), nil
485
486
}

487
func (conf *Configuration) CopyManagerFromAssets(scheme SchemeManagerIdentifier) (bool, error) {
488
	if conf.assets == "" {
489
		return false, nil
490
	}
491
492
493
494
495
	// Remove old version; we want an exact copy of the assets version
	// not a merge of the assets version and the storage version
	name := scheme.String()
	if err := os.RemoveAll(filepath.Join(conf.Path, name)); err != nil {
		return false, err
496
	}
497
498
499
	return true, fs.CopyDirectory(
		filepath.Join(conf.assets, name),
		filepath.Join(conf.Path, name),
500
501
502
	)
}

503
504
// DownloadSchemeManager downloads and returns a scheme manager description.xml file
// from the specified URL.
505
func DownloadSchemeManager(url string) (*SchemeManager, error) {
506
507
508
509
510
511
512
513
514
	if !strings.HasPrefix(url, "http://") && !strings.HasPrefix(url, "https://") {
		url = "https://" + url
	}
	if url[len(url)-1] == '/' {
		url = url[:len(url)-1]
	}
	if strings.HasSuffix(url, "/description.xml") {
		url = url[:len(url)-len("/description.xml")]
	}
515
	b, err := NewHTTPTransport(url).GetBytes("description.xml")
516
517
518
	if err != nil {
		return nil, err
	}
519
	manager := NewSchemeManager("")
520
521
522
523
524
525
526
527
	if err = xml.Unmarshal(b, manager); err != nil {
		return nil, err
	}

	manager.URL = url // TODO?
	return manager, nil
}

Sietse Ringers's avatar
Sietse Ringers committed
528
529
// RemoveSchemeManager removes the specified scheme manager and all associated issuers,
// public keys and credential types from this Configuration.
530
func (conf *Configuration) RemoveSchemeManager(id SchemeManagerIdentifier, fromStorage bool) error {
531
	// Remove everything falling under the manager's responsibility
532
	for credid := range conf.CredentialTypes {
533
		if credid.IssuerIdentifier().SchemeManagerIdentifier() == id {
534
			delete(conf.CredentialTypes, credid)
535
536
		}
	}
537
	for issid := range conf.Issuers {
538
		if issid.SchemeManagerIdentifier() == id {
539
			delete(conf.Issuers, issid)
540
541
		}
	}
542
	for issid := range conf.publicKeys {
543
		if issid.SchemeManagerIdentifier() == id {
544
			delete(conf.publicKeys, issid)
545
546
		}
	}
547
	delete(conf.SchemeManagers, id)
548
549

	if fromStorage {
Sietse Ringers's avatar
Sietse Ringers committed
550
		return os.RemoveAll(fmt.Sprintf("%s/%s", conf.Path, id.String()))
551
552
	}
	return nil
553
554
}

555
556
557
558
559
560
561
562
563
564
565
566
567
568
func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error) {
	// Check if downloading stuff from the remote works before we uninstall the specified manager:
	// If we can't download anything we should keep the broken version
	manager, err = DownloadSchemeManager(manager.URL)
	if err != nil {
		return
	}
	if err = conf.DeleteSchemeManager(manager.Identifier()); err != nil {
		return
	}
	err = conf.InstallSchemeManager(manager)
	return
}

569
// InstallSchemeManager downloads and adds the specified scheme manager to this Configuration,
Sietse Ringers's avatar
Sietse Ringers committed
570
// provided its signature is valid.
571
func (conf *Configuration) InstallSchemeManager(manager *SchemeManager) error {
572
	name := manager.ID
573
	if err := fs.EnsureDirectoryExists(filepath.Join(conf.Path, name)); err != nil {
574
575
		return err
	}
576
577

	t := NewHTTPTransport(manager.URL)
Sietse Ringers's avatar
Sietse Ringers committed
578
	path := fmt.Sprintf("%s/%s", conf.Path, name)
579
580
581
	if err := t.GetFile("description.xml", path+"/description.xml"); err != nil {
		return err
	}
582
	if err := t.GetFile("pk.pem", path+"/pk.pem"); err != nil {
583
584
		return err
	}
585
	if err := conf.DownloadSchemeManagerSignature(manager); err != nil {
586
587
		return err
	}
588
589
590
591
	conf.SchemeManagers[manager.Identifier()] = manager
	if err := conf.UpdateSchemeManager(manager.Identifier(), nil); err != nil {
		return err
	}
592

593
	return conf.ParseSchemeManagerFolder(filepath.Join(conf.Path, name), manager)
594
595
596
597
598
599
}

// DownloadSchemeManagerSignature downloads, stores and verifies the latest version
// of the index file and signature of the specified manager.
func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error) {
	t := NewHTTPTransport(manager.URL)
Sietse Ringers's avatar
Sietse Ringers committed
600
	path := fmt.Sprintf("%s/%s", conf.Path, manager.ID)
601
602
603
604
	index := filepath.Join(path, "index")
	sig := filepath.Join(path, "index.sig")

	if err = t.GetFile("index", index); err != nil {
605
		return
606
607
	}
	if err = t.GetFile("index.sig", sig); err != nil {
608
		return
609
	}
610
	err = conf.VerifySignature(manager.Identifier())
611
	return
612
}
613

Sietse Ringers's avatar
Sietse Ringers committed
614
615
616
// Download downloads the issuers, credential types and public keys specified in set
// if the current Configuration does not already have them,  and checks their authenticity
// using the scheme manager index.
617
618
func (conf *Configuration) Download(session IrmaSession) (downloaded *IrmaIdentifierSet, err error) {
	managers := make(map[string]struct{}) // Managers that we must update
619
	downloaded = &IrmaIdentifierSet{
620
621
622
623
		SchemeManagers:  map[SchemeManagerIdentifier]struct{}{},
		Issuers:         map[IssuerIdentifier]struct{}{},
		CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
	}
624

625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
	// Calculate which scheme managers must be updated
	if err = conf.checkIssuers(session.Identifiers(), managers); err != nil {
		return
	}
	if err = conf.checkCredentialTypes(session, managers); err != nil {
		return
	}

	// Update the scheme managers found above and parse them, if necessary
	for id := range managers {
		if err = conf.UpdateSchemeManager(NewSchemeManagerIdentifier(id), downloaded); err != nil {
			return
		}
	}
	if !downloaded.Empty() {
		return downloaded, conf.ParseFolder()
	}
	return
}

func (conf *Configuration) checkCredentialTypes(session IrmaSession, managers map[string]struct{}) error {
	var disjunctions AttributeDisjunctionList
	var typ *CredentialType
	var contains bool

	switch s := session.(type) {
	case *IssuanceRequest:
		for _, credreq := range s.Credentials {
			// First check if we have this credential type
			typ, contains = conf.CredentialTypes[*credreq.CredentialTypeID]
			if !contains {
				managers[credreq.CredentialTypeID.Root()] = struct{}{}
				continue
			}
			newAttrs := make(map[string]string)
			for k, v := range credreq.Attributes {
				newAttrs[k] = v
			}
			// For each of the attributes in the credentialtype, see if it is present; if so remove it from newAttrs
			// If not, check that it is optional; if not the credentialtype must be updated
			for _, attrtyp := range typ.Attributes {
				_, contains = newAttrs[attrtyp.ID]
				if !contains && !attrtyp.IsOptional() {
					managers[credreq.CredentialTypeID.Root()] = struct{}{}
					break
				}
				delete(newAttrs, attrtyp.ID)
			}
			// If there is anything left in newAttrs, then these are attributes that are not in the credentialtype
			if len(newAttrs) > 0 {
				managers[credreq.CredentialTypeID.Root()] = struct{}{}
			}
		}
		disjunctions = s.Disclose
	case *DisclosureRequest:
		disjunctions = s.Content
	case *SignatureRequest:
		disjunctions = s.Content
	}

	for _, disjunction := range disjunctions {
		for _, attrid := range disjunction.Attributes {
			credid := attrid.CredentialTypeIdentifier()
			if typ, contains = conf.CredentialTypes[credid]; !contains {
				managers[credid.Root()] = struct{}{}
			}
			if !typ.ContainsAttribute(attrid) {
				managers[credid.Root()] = struct{}{}
			}
		}
	}

	return nil
}

func (conf *Configuration) checkIssuers(set *IrmaIdentifierSet, managers map[string]struct{}) error {
701
	for issid := range set.Issuers {
702
		if _, contains := conf.Issuers[issid]; !contains {
703
			managers[issid.Root()] = struct{}{}
704
		}
Sietse Ringers's avatar
Sietse Ringers committed
705
	}
706
707
708
	for issid, keyids := range set.PublicKeys {
		for _, keyid := range keyids {
			pk, err := conf.PublicKey(issid, keyid)
Sietse Ringers's avatar
Sietse Ringers committed
709
			if err != nil {
710
				return err
Sietse Ringers's avatar
Sietse Ringers committed
711
712
			}
			if pk == nil {
713
				managers[issid.Root()] = struct{}{}
714
715
716
			}
		}
	}
717
	return nil
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
}

func (i SchemeManagerIndex) String() string {
	var paths []string
	var b bytes.Buffer

	for path := range i {
		paths = append(paths, path)
	}
	sort.Strings(paths)

	for _, path := range paths {
		b.WriteString(hex.EncodeToString(i[path]))
		b.WriteString(" ")
		b.WriteString(path)
		b.WriteString("\n")
	}

	return b.String()
}

Sietse Ringers's avatar
Sietse Ringers committed
739
// FromString populates this index by parsing the specified string.
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
func (i SchemeManagerIndex) FromString(s string) error {
	for j, line := range strings.Split(s, "\n") {
		if len(line) == 0 {
			continue
		}
		parts := strings.Split(line, " ")
		if len(parts) != 2 {
			return errors.Errorf("Scheme manager index line %d has incorrect amount of parts", j)
		}
		hash, err := hex.DecodeString(parts[0])
		if err != nil {
			return err
		}
		i[parts[1]] = hash
	}

	return nil
}

759
// parseIndex parses the index file of the specified manager.
760
func (conf *Configuration) parseIndex(name string, manager *SchemeManager) (SchemeManagerIndex, error) {
Sietse Ringers's avatar
Sietse Ringers committed
761
	path := filepath.Join(conf.Path, name, "index")
Sietse Ringers's avatar
Sietse Ringers committed
762
	if err := fs.AssertPathExists(path); err != nil {
763
		return nil, fmt.Errorf("Missing scheme manager index file; tried %s", path)
764
	}
Sietse Ringers's avatar
Sietse Ringers committed
765
	indexbts, err := ioutil.ReadFile(path)
766
	if err != nil {
767
		return nil, err
768
	}
769
770
	index := SchemeManagerIndex(make(map[string]ConfigurationFileHash))
	return index, index.FromString(string(indexbts))
771
772
}

773
func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error {
774
	err := conf.VerifySignature(manager.Identifier())
775
776
777
778
	if err != nil {
		return err
	}

779
	var exists bool
780
	for file := range manager.index {
781
		exists, err = fs.PathExists(filepath.Join(conf.Path, file))
782
783
784
785
786
787
		if err != nil {
			return err
		}
		if !exists {
			continue
		}
788
		// Don't care about the actual bytes
789
		if _, _, err = conf.ReadAuthenticatedFile(manager, file); err != nil {
790
791
792
793
794
795
796
			return err
		}
	}

	return nil
}

797
798
799
// ReadAuthenticatedFile reads the file at the specified path
// and verifies its authenticity by checking that the file hash
// is present in the (signed) scheme manager index file.
800
func (conf *Configuration) ReadAuthenticatedFile(manager *SchemeManager, path string) ([]byte, bool, error) {
801
	signedHash, ok := manager.index[path]
802
	if !ok {
803
		return nil, false, nil
804
805
	}

Sietse Ringers's avatar
Sietse Ringers committed
806
	bts, err := ioutil.ReadFile(filepath.Join(conf.Path, path))
807
	if err != nil {
808
		return nil, true, err
809
810
811
812
	}
	computedHash := sha256.Sum256(bts)

	if !bytes.Equal(computedHash[:], signedHash) {
813
		return nil, true, errors.Errorf("Hash of %s does not match scheme manager index", path)
814
	}
815
	return bts, true, nil
816
817
818
819
820
}

// VerifySignature verifies the signature on the scheme manager index file
// (which contains the SHA256 hashes of all files under this scheme manager,
// which are used for verifying file authenticity).
821
func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err error) {
822
823
824
825
826
827
828
829
830
831
	defer func() {
		if r := recover(); r != nil {
			if e, ok := r.(error); ok {
				err = errors.Errorf("Scheme manager index signature failed to verify: %s", e.Error())
			} else {
				err = errors.New("Scheme manager index signature failed to verify")
			}
		}
	}()

Sietse Ringers's avatar
Sietse Ringers committed
832
	dir := filepath.Join(conf.Path, id.String())
833
	if err := fs.AssertPathExists(dir+"/index", dir+"/index.sig", dir+"/pk.pem"); err != nil {
834
		return errors.New("Missing scheme manager index file, signature, or public key")
835
836
837
838
839
	}

	// Read and hash index file
	indexbts, err := ioutil.ReadFile(dir + "/index")
	if err != nil {
840
		return err
841
842
843
844
845
846
	}
	indexhash := sha256.Sum256(indexbts)

	// Read and parse scheme manager public key
	pkbts, err := ioutil.ReadFile(dir + "/pk.pem")
	if err != nil {
847
		return err
848
849
850
851
	}
	pkblk, _ := pem.Decode(pkbts)
	genericPk, err := x509.ParsePKIXPublicKey(pkblk.Bytes)
	if err != nil {
852
		return err
853
854
855
	}
	pk, ok := genericPk.(*ecdsa.PublicKey)
	if !ok {
856
		return errors.New("Invalid scheme manager public key")
857
858
859
860
861
	}

	// Read and parse signature
	sig, err := ioutil.ReadFile(dir + "/index.sig")
	if err != nil {
862
		return err
863
864
865
866
867
	}
	ints := make([]*big.Int, 0, 2)
	_, err = asn1.Unmarshal(sig, &ints)

	// Verify signature
868
869
870
871
	if !ecdsa.Verify(pk, indexhash[:], ints[0], ints[1]) {
		return errors.New("Scheme manager signature was invalid")
	}
	return nil
872
}
873
874
875
876

func (hash ConfigurationFileHash) String() string {
	return hex.EncodeToString(hash)
}
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892

func (hash ConfigurationFileHash) Equal(other ConfigurationFileHash) bool {
	return bytes.Equal(hash, other)
}

// UpdateSchemeManager syncs the stored version within the irma_configuration directory
// with the remote version at the scheme manager's URL, downloading and storing
// new and modified files, according to the index files of both versions.
// It stores the identifiers of new or updated credential types or issuers in the second parameter.
// Note: any newly downloaded files are not yet parsed and inserted into conf.
func (conf *Configuration) UpdateSchemeManager(id SchemeManagerIdentifier, downloaded *IrmaIdentifierSet) (err error) {
	manager, contains := conf.SchemeManagers[id]
	if !contains {
		return errors.Errorf("Cannot update unknown scheme manager %s", id)
	}

893
894
895
896
897
898
899
900
901
902
	// Check remote timestamp and see if we have to do anything
	transport := NewHTTPTransport(manager.URL + "/")
	timestampBts, err := transport.GetBytes("timestamp")
	if err != nil {
		return err
	}
	timestamp, err := parseTimestamp(timestampBts)
	if err != nil {
		return err
	}
903
	if !manager.Timestamp.Before(*timestamp) {
904
905
906
		return nil
	}

907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
	// Download the new index and its signature, and check that the new index
	// is validly signed by the new signature
	// By aborting immediately in case of error, and restoring backup versions
	// of the index and signature, we leave our stored copy of the scheme manager
	// intact.
	if err = conf.DownloadSchemeManagerSignature(manager); err != nil {
		return
	}
	newIndex, err := conf.parseIndex(manager.ID, manager)
	if err != nil {
		return
	}

	issPattern := regexp.MustCompile("(.+)/(.+)/description\\.xml")
	credPattern := regexp.MustCompile("(.+)/(.+)/Issues/(.+)/description\\.xml")

	// TODO: how to recover/fix local copy if err != nil below?
	for filename, newHash := range newIndex {
925
		path := filepath.Join(conf.Path, filename)
926
		oldHash, known := manager.index[filename]
927
928
929
930
931
932
		var have bool
		have, err = fs.PathExists(path)
		if err != nil {
			return err
		}
		if known && have && oldHash.Equal(newHash) {
933
934
935
936
937
938
939
940
			continue // nothing to do, we already have this file
		}
		// Ensure that the folder in which to write the file exists
		if err = os.MkdirAll(filepath.Dir(path), 0700); err != nil {
			return err
		}
		stripped := filename[len(manager.ID)+1:] // Scheme manager URL already ends with its name
		// Download the new file, store it in our own irma_configuration folder
941
		if err = transport.GetSignedFile(stripped, path, newHash); err != nil {
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
			return
		}
		// See if the file is a credential type or issuer, and add it to the downloaded set if so
		if downloaded == nil {
			continue
		}
		var matches []string
		matches = issPattern.FindStringSubmatch(filename)
		if len(matches) == 3 {
			issid := NewIssuerIdentifier(fmt.Sprintf("%s.%s", matches[1], matches[2]))
			downloaded.Issuers[issid] = struct{}{}
		}
		matches = credPattern.FindStringSubmatch(filename)
		if len(matches) == 4 {
			credid := NewCredentialTypeIdentifier(fmt.Sprintf("%s.%s.%s", matches[1], matches[2], matches[3]))
			downloaded.CredentialTypes[credid] = struct{}{}
		}
	}

	manager.index = newIndex
	return
}
964
965
966
967
968

// Methods containing consistency checks on irma_configuration

func (conf *Configuration) checkIssuer(manager *SchemeManager, issuer *Issuer, dir string) error {
	issuerid := issuer.Identifier()
969
970
	conf.checkTranslations(fmt.Sprintf("Issuer %s", issuerid.String()), issuer)
	// Check that the issuer has public keys
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
	pkpath := fmt.Sprintf(pubkeyPattern, conf.Path, issuerid.SchemeManagerIdentifier().Name(), issuerid.Name())
	files, err := filepath.Glob(pkpath)
	if err != nil {
		return err
	}
	if len(files) == 0 {
		conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no public keys", issuerid.String()))
	}

	if filepath.Base(dir) != issuer.ID {
		return errors.Errorf("Issuer %s has wrong directory name %s", issuerid.String(), filepath.Base(dir))
	}
	if manager.ID != issuer.SchemeManagerID {
		return errors.Errorf("Issuer %s has wrong SchemeManager %s", issuerid.String(), issuer.SchemeManagerID)
	}
	if err = fs.AssertPathExists(dir + "/logo.png"); err != nil {
		conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no logo.png", issuerid.String()))
	}
	return nil
}

func (conf *Configuration) checkCredentialType(manager *SchemeManager, issuer *Issuer, cred *CredentialType, dir string) error {
	credid := cred.Identifier()
994
	conf.checkTranslations(fmt.Sprintf("Credential type %s", credid.String()), cred)
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
	if cred.XMLVersion < 4 {
		return errors.New("Unsupported credential type description")
	}
	if cred.ID != filepath.Base(dir) {
		return errors.Errorf("Credential type %s has wrong directory name %s", credid.String(), filepath.Base(dir))
	}
	if cred.IssuerID != issuer.ID {
		return errors.Errorf("Credential type %s has wrong IssuerID %s", credid.String(), cred.IssuerID)
	}
	if cred.SchemeManagerID != manager.ID {
		return errors.Errorf("Credential type %s has wrong SchemeManager %s", credid.String(), cred.SchemeManagerID)
	}
	if err := fs.AssertPathExists(dir + "/logo.png"); err != nil {
		conf.Warnings = append(conf.Warnings, fmt.Sprintf("Credential type %s has no logo.png", credid.String()))
	}
	return conf.checkAttributes(cred)
}

func (conf *Configuration) checkAttributes(cred *CredentialType) error {
	name := cred.Identifier().String()
	indices := make(map[int]struct{})
	count := len(cred.Attributes)
	if count == 0 {
		return errors.Errorf("Credenial type %s has no attributes", name)
	}
	for i, attr := range cred.Attributes {
1021
		conf.checkTranslations(fmt.Sprintf("Attribute %s of credential type %s", attr.ID, cred.Identifier().String()), attr)
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
		index := i
		if attr.Index != nil {
			index = *attr.Index
		}
		if index >= count {
			conf.Warnings = append(conf.Warnings, fmt.Sprintf("Credential type %s has invalid attribute index at attribute %d", name, i))
		}
		indices[index] = struct{}{}
	}
	if len(indices) != count {
		conf.Warnings = append(conf.Warnings, fmt.Sprintf("Credential type %s has invalid attribute ordering, check the index-tags", name))
	}
	return nil
}
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071

func (conf *Configuration) checkScheme(scheme *SchemeManager, dir string) error {
	if scheme.XMLVersion < 7 {
		scheme.Status = SchemeManagerStatusParsingError
		return errors.New("Unsupported scheme manager description")
	}
	if filepath.Base(dir) != scheme.ID {
		scheme.Status = SchemeManagerStatusParsingError
		return errors.Errorf("Scheme %s has wrong directory name %s", scheme.ID, filepath.Base(dir))
	}
	conf.checkTranslations(fmt.Sprintf("Scheme %s", scheme.ID), scheme)
	return nil
}

// checkTranslations checks for each member of the interface o that is of type TranslatedString
// that it contains all necessary translations.
func (conf *Configuration) checkTranslations(file string, o interface{}) {
	langs := []string{"en", "nl"} // Hardcode these for now, TODO make configurable
	v := reflect.ValueOf(o)

	// Dereference in case of pointer or interface
	if v.Kind() == reflect.Ptr || v.Kind() == reflect.Interface {
		v = v.Elem()
	}

	for i := 0; i < v.NumField(); i++ {
		if v.Field(i).Type() == reflect.TypeOf(TranslatedString{}) {
			val := v.Field(i).Interface().(TranslatedString)
			for _, lang := range langs {
				if _, exists := val[lang]; !exists {
					conf.Warnings = append(conf.Warnings, fmt.Sprintf("%s misses %s translation in <%s> tag", file, lang, v.Type().Field(i).Name))
				}
			}
		}
	}
}