api.go 7.41 KB
Newer Older
1
2
3
4
package backend

import (
	"encoding/json"
5
	"io/ioutil"
6
	"net/http"
7
	"path/filepath"
8
	"regexp"
9
	"strings"
10
11
12

	"github.com/Sirupsen/logrus"
	"github.com/go-errors/errors"
13
14
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
15
	"github.com/privacybydesign/irmago"
Sietse Ringers's avatar
Sietse Ringers committed
16
	"github.com/privacybydesign/irmago/server"
17
18
)

Sietse Ringers's avatar
Sietse Ringers committed
19
func Initialize(configuration *server.Configuration) error {
20
21
22
23
24
25
26
	conf = configuration

	if conf.Logger == nil {
		conf.Logger = logrus.New()
		conf.Logger.Level = logrus.DebugLevel
		conf.Logger.Formatter = &logrus.TextFormatter{}
	}
Sietse Ringers's avatar
Sietse Ringers committed
27
	server.Logger = conf.Logger
Sietse Ringers's avatar
Sietse Ringers committed
28
	irma.Logger = conf.Logger
29
30
31
32
33
34
35
36
37
38

	if conf.IrmaConfiguration == nil {
		var err error
		conf.IrmaConfiguration, err = irma.NewConfiguration(conf.IrmaConfigurationPath, "")
		if err != nil {
			return err
		}
		if err = conf.IrmaConfiguration.ParseFolder(); err != nil {
			return err
		}
39
40
41
42
43
		if len(conf.IrmaConfiguration.SchemeManagers) == 0 {
			if err := conf.IrmaConfiguration.DownloadDefaultSchemes(); err != nil {
				return err
			}
		}
44
45
	}

46
47
	if conf.IssuerPrivateKeys == nil {
		conf.IssuerPrivateKeys = make(map[irma.IssuerIdentifier]*gabi.PrivateKey)
48
	}
49
50
	if conf.IssuerPrivateKeysPath != "" {
		files, err := ioutil.ReadDir(conf.IssuerPrivateKeysPath)
51
52
53
54
55
56
57
58
59
		if err != nil {
			return err
		}
		for _, file := range files {
			filename := file.Name()
			issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
			if _, ok := conf.IrmaConfiguration.Issuers[issid]; !ok {
				return errors.Errorf("Private key %s belongs to an unknown issuer", filename)
			}
60
			sk, err := gabi.NewPrivateKeyFromFile(filepath.Join(conf.IssuerPrivateKeysPath, filename))
61
62
63
			if err != nil {
				return err
			}
64
			conf.IssuerPrivateKeys[issid] = sk
65
66
		}
	}
67
	for issid, sk := range conf.IssuerPrivateKeys {
68
69
70
71
72
73
74
75
76
77
78
79
		pk, err := conf.IrmaConfiguration.PublicKey(issid, int(sk.Counter))
		if err != nil {
			return err
		}
		if pk == nil {
			return errors.Errorf("Missing public key belonging to private key %s-%d", issid.String(), sk.Counter)
		}
		if new(big.Int).Mul(sk.P, sk.Q).Cmp(pk.N) != 0 {
			return errors.Errorf("Private key %s-%d does not belong to corresponding public key", issid.String(), sk.Counter)
		}
	}

80
81
82
83
84
85
86
87
	if conf.Url != "" {
		if !strings.HasSuffix(conf.Url, "/") {
			conf.Url = conf.Url + "/"
		}
	} else {
		conf.Logger.Warn("No url parameter specified in configuration; unless an url is elsewhere prepended in the QR, the IRMA client will not be able to connect")
	}

88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
	return nil
}

func StartSession(request irma.SessionRequest) (*irma.Qr, string, error) {
	if err := request.Validate(); err != nil {
		return nil, "", err
	}
	action := irma.ActionUnknown
	switch request.(type) {
	case *irma.DisclosureRequest:
		action = irma.ActionDisclosing
	case *irma.SignatureRequest:
		action = irma.ActionSigning
	case *irma.IssuanceRequest:
		action = irma.ActionIssuing
		if err := validateIssuanceRequest(request.(*irma.IssuanceRequest)); err != nil {
			return nil, "", err
		}
	default:
		conf.Logger.Warnf("Attempt to start session of invalid type")
		return nil, "", errors.New("Invalid session type")
	}

	session := newSession(action, request)
	conf.Logger.Infof("%s session started, token %s", action, session.token)
	return &irma.Qr{
		Type: action,
115
		URL:  conf.Url + session.token,
116
117
118
	}, session.token, nil
}

Sietse Ringers's avatar
Sietse Ringers committed
119
func GetSessionResult(token string) *server.SessionResult {
Sietse Ringers's avatar
Sietse Ringers committed
120
	session := sessions.get(token)
121
	if session == nil {
Sietse Ringers's avatar
Sietse Ringers committed
122
123
124
125
126
		return nil
	}
	return session.result
}

127
128
129
130
131
132
133
134
135
func CancelSession(token string) error {
	session := sessions.get(token)
	if session == nil {
		return errors.New("Unknown session, can't cancel")
	}
	session.handleDelete()
	return nil
}

136
137
138
139
140
func HandleProtocolMessage(
	path string,
	method string,
	headers map[string][]string,
	message []byte,
Sietse Ringers's avatar
Sietse Ringers committed
141
) (status int, output []byte, result *server.SessionResult) {
142
143
144
145
146
147
148
149
150
151
152
153
154
155
	// Parse path into session and action
	if len(path) > 0 { // Remove any starting and trailing slash
		if path[0] == '/' {
			path = path[1:]
		}
		if path[len(path)-1] == '/' {
			path = path[:len(path)-1]
		}
	}
	conf.Logger.Debugf("Routing protocol message: %s %s", method, path)
	pattern := regexp.MustCompile("(\\w+)/?(\\w*)")
	matches := pattern.FindStringSubmatch(path)
	if len(matches) != 3 {
		conf.Logger.Warnf("Invalid URL: %s", path)
Sietse Ringers's avatar
Sietse Ringers committed
156
		status, output = server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, ""))
157
		return
158
159
	}

Sietse Ringers's avatar
Sietse Ringers committed
160
	// Fetch the session
161
	token := matches[1]
162
	noun := matches[2]
163
164
165
	session := sessions.get(token)
	if session == nil {
		conf.Logger.Warnf("Session not found: %s", token)
Sietse Ringers's avatar
Sietse Ringers committed
166
		status, output = server.JsonResponse(nil, server.RemoteError(server.ErrorSessionUnknown, ""))
167
		return
168
	}
169
170
	session.Lock()
	defer session.Unlock()
171

172
	// However we return, if the session has been finished or cancelled by any of the handlers
173
174
	// then we should inform the user by returning a SessionResult - but only if we have not
	// already done this in the past, e.g. by a previous HTTP call handled by this function
175
	defer func() {
176
177
		if session.finished() && !session.returned {
			session.returned = true
178
179
			result = session.result
		}
180
		sessions.update(token, session)
181
182
	}()

183
	// Route to handler
184
	switch len(noun) {
185
	case 0:
186
		if method == http.MethodDelete {
187
188
189
			session.handleDelete()
			status = http.StatusOK
			return
190
		}
191
		if method == http.MethodGet {
192
193
194
195
			h := http.Header(headers)
			min := &irma.ProtocolVersion{}
			max := &irma.ProtocolVersion{}
			if err := json.Unmarshal([]byte(h.Get(irma.MinVersionHeader)), min); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
196
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
197
				return
198
199
			}
			if err := json.Unmarshal([]byte(h.Get(irma.MaxVersionHeader)), max); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
200
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
201
				return
202
			}
Sietse Ringers's avatar
Sietse Ringers committed
203
			status, output = server.JsonResponse(session.handleGetRequest(min, max))
204
			return
205
		}
Sietse Ringers's avatar
Sietse Ringers committed
206
		status, output = server.JsonResponse(nil, session.fail(server.ErrorInvalidRequest, ""))
207
		return
208
	default:
209
210
		if method == http.MethodGet && noun == "status" {
			status, output = server.JsonResponse(session.handleGetStatus())
Sietse Ringers's avatar
Sietse Ringers committed
211
			return
212
213
214
		}

		// Below are only POST enpoints
215
		if method != http.MethodPost {
Sietse Ringers's avatar
Sietse Ringers committed
216
			status, output = server.JsonResponse(nil, session.fail(server.ErrorInvalidRequest, ""))
Sietse Ringers's avatar
Sietse Ringers committed
217
218
219
			return
		}

220
		if noun == "commitments" && session.action == irma.ActionIssuing {
Sietse Ringers's avatar
Sietse Ringers committed
221
			commitments := &irma.IssueCommitmentMessage{}
Sietse Ringers's avatar
Sietse Ringers committed
222
			if err := irma.UnmarshalValidate(message, commitments); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
223
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, ""))
224
				return
225
			}
Sietse Ringers's avatar
Sietse Ringers committed
226
			status, output = server.JsonResponse(session.handlePostCommitments(commitments))
Sietse Ringers's avatar
Sietse Ringers committed
227
228
			return
		}
229
		if noun == "proofs" && session.action == irma.ActionDisclosing {
Sietse Ringers's avatar
Sietse Ringers committed
230
231
			disclosure := irma.Disclosure{}
			if err := irma.UnmarshalValidate(message, &disclosure); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
232
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, ""))
233
				return
234
			}
Sietse Ringers's avatar
Sietse Ringers committed
235
			status, output = server.JsonResponse(session.handlePostDisclosure(disclosure))
Sietse Ringers's avatar
Sietse Ringers committed
236
237
			return
		}
238
		if noun == "proofs" && session.action == irma.ActionSigning {
Sietse Ringers's avatar
Sietse Ringers committed
239
240
			signature := &irma.SignedMessage{}
			if err := irma.UnmarshalValidate(message, signature); err != nil {
Sietse Ringers's avatar
Sietse Ringers committed
241
				status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, ""))
242
				return
243
			}
Sietse Ringers's avatar
Sietse Ringers committed
244
			status, output = server.JsonResponse(session.handlePostSignature(signature))
245
			return
246
		}
Sietse Ringers's avatar
Sietse Ringers committed
247

Sietse Ringers's avatar
Sietse Ringers committed
248
		status, output = server.JsonResponse(nil, session.fail(server.ErrorInvalidRequest, ""))
249
		return
250
251
	}
}