credential.go 3.17 KB
Newer Older
1
2
3
package irmaclient

import (
4
	"github.com/privacybydesign/gabi"
5
	"github.com/privacybydesign/gabi/revocation"
6
	"github.com/privacybydesign/irmago"
7
8
9
10
11
12
)

// credential represents an IRMA credential, whose zeroth attribute
// is always the secret key and the first attribute the metadata attribute.
type credential struct {
	*gabi.Credential
13
14
	*irma.MetadataAttribute
	attrs *irma.AttributeList
15
16
}

17
18
func newCredential(gabicred *gabi.Credential, conf *irma.Configuration) (*credential, error) {
	meta := irma.MetadataFromInt(gabicred.Attributes[1], conf)
19
20
21
22
	cred := &credential{
		Credential:        gabicred,
		MetadataAttribute: meta,
	}
23
24
25
26
27
28

	if cred.CredentialType() == nil {
		// Unknown credtype, populate Pk field later
		return cred, nil
	}

29
	var err error
30
	cred.Pk, err = conf.PublicKey(meta.CredentialType().IssuerIdentifier(), cred.KeyCounter())
31
32
33
34
35
36
	if err != nil {
		return nil, err
	}
	return cred, nil
}

37
func (cred *credential) AttributeList() *irma.AttributeList {
38
	if cred.attrs == nil {
39
		cred.attrs = irma.NewAttributeListFromInts(cred.Credential.Attributes[1:], cred.MetadataAttribute.Conf)
40
41
42
	}
	return cred.attrs
}
43

44
// NonrevPrepare attempts to update the credential's nonrevocation witness from
45
// 1) the session request, and then 2) the revocation server if our witness is too far out of date.
46
47
// Returns whether or not the credential's nonrevocation state was updated. If so the caller should
// persist the updated credential to storage.
48
func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.SessionRequest) (bool, error) {
49
	credtype := cred.CredentialType().Identifier()
50
51
	base := request.Base()
	if !base.RequestsRevocation(credtype) {
52
		return false, nil
53
54
	}

55
56
57
58
	if err := base.RevocationConsistent(); err != nil {
		return false, err
	}

59
60
	// first try to update witness by applying the revocation update messages attached to the session request
	keys := irma.RevocationKeys{Conf: conf}
61
	revupdates := base.RevocationUpdates[credtype]
62
	count := len(revupdates.Events)
63
	updated, err := cred.NonrevApplyUpdates(revupdates, keys)
64
	if err != nil {
65
		return updated, err
66
	}
67
	if cred.NonRevocationWitness.Accumulator.Index >= revupdates.Events[count-1].Index {
68
		return updated, nil
69
	}
70

71
72
	// nonrevocation witness is still out of date after applying the updates from the request:
	// we were too far behind. Update from revocation server.
73
	revupdates, err = irma.RevocationClient{Conf: conf}.FetchUpdateFrom(credtype, cred.NonRevocationWitness.Accumulator.Index+1)
74
	if err != nil {
75
		return updated, err
76
	}
77
	return cred.NonrevApplyUpdates(revupdates, keys)
78
79
}

80
// NonrevApplyUpdates updates the credential's nonrevocation witness using the specified messages,
81
// if they all verify and if their indices are ahead and adjacent to that of our witness.
82
func (cred *credential) NonrevApplyUpdates(update *revocation.Update, keys irma.RevocationKeys) (bool, error) {
83
	oldindex := cred.NonRevocationWitness.Accumulator.Index
84

85
86
87
88
89
90
	pk, err := keys.PublicKey(cred.CredentialType().IssuerIdentifier(), update.SignedAccumulator.PKIndex)
	if err != nil {
		return false, err
	}
	if err = cred.NonRevocationWitness.Update(pk, update); err != nil {
		return false, err
91
	}
92

93
	return cred.NonRevocationWitness.Accumulator.Index != oldindex, nil
94
}