manual_session_test.go 6.68 KB
Newer Older
1
package sessiontest
2
3

import (
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
6
	"testing"

7
8
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
9
	"github.com/privacybydesign/irmago"
Koen van Ingen's avatar
Koen van Ingen committed
10
	"github.com/privacybydesign/irmago/internal/test"
11
	"github.com/privacybydesign/irmago/irmaclient"
12
	"github.com/stretchr/testify/require"
13
14
)

15
// Create a ManualTestHandler for unit tests
16
func createManualSessionHandler(t *testing.T, client *irmaclient.Client) *ManualTestHandler {
17
	return &ManualTestHandler{
18
19
20
21
22
		TestHandler: TestHandler{
			t:      t,
			c:      make(chan *SessionResult),
			client: client,
		},
23
24
25
	}
}

26
func manualSessionHelper(t *testing.T, client *irmaclient.Client, h *ManualTestHandler, request, verifyAs irma.SessionRequest, corrupt bool) ([][]*irma.DisclosedAttribute, irma.ProofStatus) {
27
	if client == nil {
28
		client = parseStorage(t)
29
		defer test.ClearTestStorage(t)
30
	}
31

32
33
34
35
	bts, err := json.Marshal(request)
	require.NoError(t, err)

	client.NewSession(string(bts), h)
36

37
38
39
	result := <-h.c
	if result.Err != nil {
		require.NoError(t, result.Err)
40
41
	}

42
43
	switch h.action {
	case irma.ActionDisclosing:
44
45
		r, _ := verifyAs.(*irma.DisclosureRequest)
		list, status, err := result.DisclosureResult.Verify(client.Configuration, r)
46
47
		require.NoError(t, err)
		return list, status
48
49
50
51
52
53
	case irma.ActionSigning:
		if corrupt {
			// Interesting: modifying C results in INVALID_CRYPTO; modifying A or an attribute results in INVALID_TIMESTAMP
			i := result.SignatureResult.Signature[0].(*gabi.ProofD).C
			i.Add(i, big.NewInt(16))
		}
54
55
		r, _ := verifyAs.(*irma.SignatureRequest)
		list, status, err := result.SignatureResult.Verify(client.Configuration, r)
56
57
		require.NoError(t, err)
		return list, status
58
	default:
59
		return nil, ""
60
	}
61
}
62

63
func TestManualSession(t *testing.T) {
64
65
66
	request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	request.Nonce = big.NewInt(42)

67
	ms := createManualSessionHandler(t, nil)
68

69
70
	attrs, status := manualSessionHelper(t, nil, ms, request, request, false)
	require.Equal(t, irma.ProofStatusValid, status)
71
72
	require.Equal(t, irma.AttributeProofStatusPresent, attrs[0][0].Status)
	attrs, status = manualSessionHelper(t, nil, ms, request, nil, false)
73
	require.Equal(t, irma.ProofStatusValid, status)
74
	require.Equal(t, irma.AttributeProofStatusExtra, attrs[0][0].Status)
75
76
77
78
}

// Test if proof verification fails with status 'ERROR_CRYPTO' if we verify it with an invalid nonce
func TestManualSessionInvalidNonce(t *testing.T) {
79
80
81
82
	request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	invalidRequest := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	invalidRequest.Nonce = big.NewInt(1)

83
	ms := createManualSessionHandler(t, nil)
84
	_, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
85

86
	require.Equal(t, irma.ProofStatusUnmatchedRequest, status)
87
88
}

89
90
// Test if proof verification fails with status 'MISSING_ATTRIBUTES' if we provide it with a non-matching signature request
func TestManualSessionInvalidRequest(t *testing.T) {
91
92
	request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	invalidRequest := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.university"))
93
	ms := createManualSessionHandler(t, nil)
94
	_, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
95

96
	require.Equal(t, irma.ProofStatusMissingAttributes, status)
97
98
99
100
}

// Test if proof verification fails with status 'MISSING_ATTRIBUTES' if we provide it with invalid attribute values
func TestManualSessionInvalidAttributeValue(t *testing.T) {
101
102
103
104
105
	wrong, correct := "123", "456"
	request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	request.Disclose[0][0][0].Value = &correct
	invalidRequest := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	invalidRequest.Disclose[0][0][0].Value = &wrong
106

107
108
	ms := createManualSessionHandler(t, nil)
	_, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
109
	require.Equal(t, irma.ProofStatusMissingAttributes, status)
110
111
}

112
func TestManualSessionMultiProof(t *testing.T) {
113
	client := parseStorage(t)
114
	defer test.ClearTestStorage(t)
115

116
	// First, we need to issue an extra credential (BSN)
117
	sessionHelper(t, getMultipleIssuanceRequest(), "issue", client)
118
119

	// Request to sign with both BSN and StudentID
120
121
122
	request := irma.NewSignatureRequest("I owe you everything",
		irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"),
		irma.NewAttributeTypeIdentifier("irma-demo.MijnOverheid.root.BSN"))
123

124
	ms := createManualSessionHandler(t, client)
125

126
127
	attrs, status := manualSessionHelper(t, client, ms, request, request, false)
	require.Equal(t, irma.ProofStatusValid, status)
128
129
130
	require.Equal(t, irma.AttributeProofStatusPresent, attrs[0][0].Status)
	require.Equal(t, irma.AttributeProofStatusPresent, attrs[1][0].Status)
	attrs, status = manualSessionHelper(t, client, ms, request, nil, false)
131
	require.Equal(t, irma.ProofStatusValid, status)
132
133
	require.Equal(t, irma.AttributeProofStatusExtra, attrs[0][0].Status)
	require.Equal(t, irma.AttributeProofStatusExtra, attrs[0][1].Status)
134
135
}

136
func TestManualSessionInvalidProof(t *testing.T) {
137
	request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
138
	ms := createManualSessionHandler(t, nil)
139
	_, status := manualSessionHelper(t, nil, ms, request, request, true)
140

141
	require.Equal(t, irma.ProofStatusInvalid, status)
142
}
143
144

func TestManualDisclosureSession(t *testing.T) {
145
	request := irma.NewDisclosureRequest(irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
146
	ms := createManualSessionHandler(t, nil)
147
	attrs, status := manualSessionHelper(t, nil, ms, request, request, false)
148

149
150
	require.Equal(t, irma.AttributeProofStatusPresent, attrs[0][0].Status)
	require.Equal(t, "456", attrs[0][0].Value["en"])
151
	require.Equal(t, irma.ProofStatusValid, status)
152
153
154
155
}

// Test if proof verification fails with status 'MISSING_ATTRIBUTES' if we provide it with a non-matching disclosure request
func TestManualDisclosureSessionInvalidRequest(t *testing.T) {
156
157
	request := irma.NewDisclosureRequest(irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID"))
	invalidRequest := irma.NewDisclosureRequest(irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.university"))
158
	ms := createManualSessionHandler(t, nil)
159
	_, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
160

161
	require.Equal(t, irma.ProofStatusMissingAttributes, status)
162
}