irmaconfig.go 49.3 KB
Newer Older
1
package irma
2
3

import (
4
	"crypto/rsa"
5
6
7
8
9
	"encoding/base64"
	"encoding/xml"
	"io/ioutil"
	"os"
	"path/filepath"
10
	"reflect"
11
	"regexp"
12
	"runtime"
13
	"strconv"
14
	"time"
15

16
17
	"crypto/sha256"

18
19
20
21
	"fmt"

	"strings"

22
23
24
25
26
27
28
29
30
	"sort"

	"bytes"

	"encoding/hex"

	"crypto/x509"
	"encoding/pem"

31
	"github.com/dgrijalva/jwt-go"
32
	"github.com/go-errors/errors"
Sietse Ringers's avatar
Sietse Ringers committed
33
	"github.com/jasonlvhit/gocron"
34
35
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
36
37
	"github.com/privacybydesign/gabi/revocation"
	"github.com/privacybydesign/gabi/signed"
38
	"github.com/privacybydesign/irmago/internal/fs"
39
40
)

41
// Configuration keeps track of scheme managers, issuers, credential types and public keys,
42
// dezerializing them from an irma_configuration folder, and downloads and saves new ones on demand.
43
type Configuration struct {
44
45
46
	SchemeManagers  map[SchemeManagerIdentifier]*SchemeManager
	Issuers         map[IssuerIdentifier]*Issuer
	CredentialTypes map[CredentialTypeIdentifier]*CredentialType
47
	AttributeTypes  map[AttributeTypeIdentifier]*AttributeType
48

Sietse Ringers's avatar
Sietse Ringers committed
49
	// Path to the irma_configuration folder that this instance represents
50
51
	Path           string
	RevocationPath string
Sietse Ringers's avatar
Sietse Ringers committed
52

53
54
55
	// DisabledSchemeManagers keeps track of scheme managers that did not parse  succesfully
	// (i.e., invalid signature, parsing error), and the problem that occurred when parsing them
	DisabledSchemeManagers map[SchemeManagerIdentifier]*SchemeManagerError
56

57
58
	Warnings []string

59
	kssPublicKeys map[SchemeManagerIdentifier]map[int]*rsa.PublicKey
60
	publicKeys    map[IssuerIdentifier]map[int]*gabi.PublicKey
61
	privateKeys   map[IssuerIdentifier]*gabi.PrivateKey
62
	reverseHashes map[string]CredentialTypeIdentifier
63
	revDBs        map[CredentialTypeIdentifier]*revocation.DB
64
	initialized   bool
65
	assets        string
66
	readOnly      bool
Sietse Ringers's avatar
Sietse Ringers committed
67
	cronchan      chan bool
68
	scheduler     *gocron.Scheduler
69
70
}

Sietse Ringers's avatar
Sietse Ringers committed
71
72
// ConfigurationFileHash encodes the SHA256 hash of an authenticated
// file under a scheme manager within the configuration folder.
73
74
type ConfigurationFileHash []byte

Sietse Ringers's avatar
Sietse Ringers committed
75
76
// SchemeManagerIndex is a (signed) list of files under a scheme manager
// along with their SHA266 hash
77
78
type SchemeManagerIndex map[string]ConfigurationFileHash

79
80
type SchemeManagerStatus string

81
82
type SchemeManagerError struct {
	Manager SchemeManagerIdentifier
83
	Status  SchemeManagerStatus
84
85
86
	Err     error
}

87
88
89
90
91
type UnknownIdentifierError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

Leon's avatar
Leon committed
92
93
94
95
96
type RequiredAttributeMissingError struct {
	ErrorType
	Missing *IrmaIdentifierSet
}

97
98
99
100
101
102
103
const (
	SchemeManagerStatusValid               = SchemeManagerStatus("Valid")
	SchemeManagerStatusUnprocessed         = SchemeManagerStatus("Unprocessed")
	SchemeManagerStatusInvalidIndex        = SchemeManagerStatus("InvalidIndex")
	SchemeManagerStatusInvalidSignature    = SchemeManagerStatus("InvalidSignature")
	SchemeManagerStatusParsingError        = SchemeManagerStatus("ParsingError")
	SchemeManagerStatusContentParsingError = SchemeManagerStatus("ContentParsingError")
104

105
106
	pubkeyPattern  = "%s/%s/%s/PublicKeys/*.xml"
	privkeyPattern = "%s/%s/%s/PrivateKeys/*.xml"
107
108
)

109
110
111
112
var (
	validLangs = []string{"en", "nl"} // Hardcode these for now, TODO make configurable
)

113
114
115
116
func (sme SchemeManagerError) Error() string {
	return fmt.Sprintf("Error parsing scheme manager %s: %s", sme.Manager.Name(), sme.Err.Error())
}

117
// NewConfiguration returns a new configuration. After this
118
// ParseFolder() should be called to parse the specified path.
119
120
121
122
func NewConfiguration(path string) (*Configuration, error) {
	return newConfiguration(path, "")
}

123
124
// NewConfigurationReadOnly returns a new configuration whose representation on disk
// is never altered. ParseFolder() should be called to parse the specified path.
125
126
127
128
129
130
131
132
133
func NewConfigurationReadOnly(path string) (*Configuration, error) {
	conf, err := newConfiguration(path, "")
	if err != nil {
		return nil, err
	}
	conf.readOnly = true
	return conf, nil
}

134
135
// NewConfigurationFromAssets returns a new configuration, copying the schemes out of the assets folder to path.
// ParseFolder() should be called to parse the specified path.
136
137
138
139
140
func NewConfigurationFromAssets(path, assets string) (*Configuration, error) {
	return newConfiguration(path, assets)
}

func newConfiguration(path string, assets string) (conf *Configuration, err error) {
141
	conf = &Configuration{
142
143
144
		Path:           path,
		RevocationPath: filepath.Join(DefaultDataPath(), "revocation"),
		assets:         assets,
145
	}
146

147
148
149
150
	if conf.assets != "" { // If an assets folder is specified, then it must exist
		if err = fs.AssertPathExists(conf.assets); err != nil {
			return nil, errors.WrapPrefix(err, "Nonexistent assets folder specified", 0)
		}
151
	}
152
	if err = fs.EnsureDirectoryExists(conf.Path); err != nil {
153
154
		return nil, err
	}
155

156
157
158
	// Init all maps
	conf.clear()

159
160
161
	return
}

162
func (conf *Configuration) clear() {
163
164
165
	conf.SchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManager)
	conf.Issuers = make(map[IssuerIdentifier]*Issuer)
	conf.CredentialTypes = make(map[CredentialTypeIdentifier]*CredentialType)
166
	conf.AttributeTypes = make(map[AttributeTypeIdentifier]*AttributeType)
167
	conf.DisabledSchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManagerError)
168
	conf.kssPublicKeys = make(map[SchemeManagerIdentifier]map[int]*rsa.PublicKey)
169
	conf.publicKeys = make(map[IssuerIdentifier]map[int]*gabi.PublicKey)
170
	conf.privateKeys = make(map[IssuerIdentifier]*gabi.PrivateKey)
171
	conf.reverseHashes = make(map[string]CredentialTypeIdentifier)
172
173
174
175
176
177
178
}

// ParseFolder populates the current Configuration by parsing the storage path,
// listing the containing scheme managers, issuers and credential types.
func (conf *Configuration) ParseFolder() (err error) {
	// Init all maps
	conf.clear()
179

180
181
	// Copy any new or updated scheme managers out of the assets into storage
	if conf.assets != "" {
182
		err = fs.IterateSubfolders(conf.assets, func(dir string, _ os.FileInfo) error {
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
			scheme := NewSchemeManagerIdentifier(filepath.Base(dir))
			uptodate, err := conf.isUpToDate(scheme)
			if err != nil {
				return err
			}
			if !uptodate {
				_, err = conf.CopyManagerFromAssets(scheme)
			}
			return err
		})
		if err != nil {
			return err
		}
	}

	// Parse scheme managers in storage
199
	var mgrerr *SchemeManagerError
200
	err = fs.IterateSubfolders(conf.Path, func(dir string, _ os.FileInfo) error {
201
202
		manager := NewSchemeManager(filepath.Base(dir))
		err := conf.ParseSchemeManagerFolder(dir, manager)
203
204
		if err == nil {
			return nil // OK, do next scheme manager folder
205
		}
206
207
208
209
		// If there is an error, and it is of type SchemeManagerError, return nil
		// so as to continue parsing other managers.
		var ok bool
		if mgrerr, ok = err.(*SchemeManagerError); ok {
210
			conf.DisabledSchemeManagers[manager.Identifier()] = mgrerr
211
			return nil
212
		}
213
		return err // Not a SchemeManagerError? return it & halt parsing now
214
215
	})
	if err != nil {
216
		return
217
	}
218
	conf.initialized = true
219
220
221
	if mgrerr != nil {
		return mgrerr
	}
222
	return
223
224
}

225
226
227
228
229
230
231
// ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore
// any broken scheme managers from their remote.
// Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError;
// In this case the scheme in which it occured is downloaded from its remote and re-parsed.
// If any other error is encountered at any time, it is returned immediately.
// If no error is returned, parsing and possibly restoring has been succesfull, and there should be no
// disabled scheme managers.
232
233
func (conf *Configuration) ParseOrRestoreFolder() error {
	err := conf.ParseFolder()
234
235
236
	// Only in case of a *SchemeManagerError might we be able to recover
	if _, isSchemeMgrErr := err.(*SchemeManagerError); !isSchemeMgrErr {
		return err
237
	}
238
239
240
	if err != nil && (conf.assets == "" || conf.readOnly) {
		return err
	}
241
242

	for id := range conf.DisabledSchemeManagers {
243
244
245
246
247
248
249
250
251
		if err = conf.ReinstallSchemeManager(conf.SchemeManagers[id]); err == nil {
			continue
		}
		if _, err = conf.CopyManagerFromAssets(id); err != nil {
			return err // File system error, too serious, bail out now
		}
		name := id.String()
		if err = conf.ParseSchemeManagerFolder(filepath.Join(conf.Path, name), NewSchemeManager(name)); err == nil {
			delete(conf.DisabledSchemeManagers, id)
252
		}
253
	}
254

255
256
257
	return err
}

258
// ParseSchemeManagerFolder parses the entire tree of the specified scheme manager
259
// If err != nil then a problem occured
260
func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeManager) (err error) {
261
262
263
264
265
266
267
	// From this point, keep it in our map even if it has an error. The user must check either:
	// - manager.Status == SchemeManagerStatusValid, aka "VALID"
	// - or equivalently, manager.Valid == true
	// before using any scheme manager for anything, and handle accordingly
	conf.SchemeManagers[manager.Identifier()] = manager

	// Ensure we return a SchemeManagerError when any error occurs
268
269
	defer func() {
		if err != nil {
270
271
272
273
274
			err = &SchemeManagerError{
				Manager: manager.Identifier(),
				Err:     err,
				Status:  manager.Status,
			}
275
276
277
		}
	}()

278
279
	// Verify signature and read scheme manager description
	if err = conf.VerifySignature(manager.Identifier()); err != nil {
280
281
		return
	}
282
	if manager.index, err = conf.parseIndex(filepath.Base(dir), manager); err != nil {
283
284
		manager.Status = SchemeManagerStatusInvalidIndex
		return
285
	}
286
	exists, err := conf.pathToDescription(manager, dir+"/description.xml", manager)
287
288
289
	if err != nil {
		manager.Status = SchemeManagerStatusParsingError
		return
290
	}
291
292
293
294
	if !exists {
		manager.Status = SchemeManagerStatusParsingError
		return errors.New("Scheme manager description not found")
	}
295
	if err = conf.validateScheme(manager, dir); err != nil {
296
		return
297
	}
298
299
300
301
302
303
304

	// Verify that all other files are validly signed
	err = conf.VerifySchemeManager(manager)
	if err != nil {
		manager.Status = SchemeManagerStatusInvalidSignature
		return
	}
305

306
	// Read timestamp indicating time of last modification
307
308
309
	ts, exists, err := readTimestamp(dir + "/timestamp")
	if err != nil || !exists {
		return errors.WrapPrefix(err, "Could not read scheme manager timestamp", 0)
310
	}
311
	manager.Timestamp = *ts
312

313
	// Parse contained issuers and credential types
314
	err = conf.parseIssuerFolders(manager, dir)
315
316
317
318
319
320
	if err != nil {
		manager.Status = SchemeManagerStatusContentParsingError
		return
	}
	manager.Status = SchemeManagerStatusValid
	manager.Valid = true
321
322
323
	return
}

324
// PrivateKey returns the latest private key of the specified issuer, or nil if not present in the Configuration.
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error) {
	if sk := conf.privateKeys[id]; sk != nil {
		return sk, nil
	}

	path := fmt.Sprintf(privkeyPattern, conf.Path, id.SchemeManagerIdentifier().Name(), id.Name())
	files, err := filepath.Glob(path)
	if err != nil {
		return nil, err
	}
	if len(files) == 0 {
		return nil, nil
	}

	// List private keys and get highest counter
	counters := make([]int, 0, len(files))
	for _, file := range files {
		filename := filepath.Base(file)
		count := filename[:len(filename)-4]
		i, err := strconv.Atoi(count)
		if err != nil {
			return nil, err
		}
		counters = append(counters, i)
	}
	sort.Ints(counters)
	counter := counters[len(counters)-1]

	// Read private key
	file := strings.Replace(path, "*", strconv.Itoa(counter), 1)
	sk, err := gabi.NewPrivateKeyFromFile(file)
	if err != nil {
		return nil, err
	}
	if int(sk.Counter) != counter {
		return nil, errors.Errorf("Private key %s of issuer %s has wrong <Counter>", file, id.String())
	}
	conf.privateKeys[id] = sk

	return sk, nil
}

367
368
// PublicKey returns the specified public key, or nil if not present in the Configuration.
func (conf *Configuration) PublicKey(id IssuerIdentifier, counter int) (*gabi.PublicKey, error) {
369
370
371
372
373
374
375
376
377
378
379
	var haveIssuer, haveKey bool
	var err error
	_, haveIssuer = conf.publicKeys[id]
	if haveIssuer {
		_, haveKey = conf.publicKeys[id][counter]
	}

	// If we have not seen this issuer or key before in conf.publicKeys,
	// try to parse the public key folder; new keys might have been put there since we last parsed it
	if !haveIssuer || !haveKey {
		if err = conf.parseKeysFolder(id); err != nil {
380
			return nil, err
381
382
		}
	}
383
	return conf.publicKeys[id][counter], nil
384
385
}

386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
// KeyshareServerKeyFunc returns a function that returns the public key with which to verify a keyshare server JWT,
// suitable for passing to jwt.Parse() and jwt.ParseWithClaims().
func (conf *Configuration) KeyshareServerKeyFunc(scheme SchemeManagerIdentifier) func(t *jwt.Token) (interface{}, error) {
	return func(t *jwt.Token) (i interface{}, e error) {
		var kid int
		if kidstr, ok := t.Header["kid"].(string); ok {
			var err error
			if kid, err = strconv.Atoi(kidstr); err != nil {
				return nil, err
			}
		}
		return conf.KeyshareServerPublicKey(scheme, kid)
	}
}

// KeyshareServerPublicKey returns the i'th public key of the specified scheme.
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
func (conf *Configuration) KeyshareServerPublicKey(scheme SchemeManagerIdentifier, i int) (*rsa.PublicKey, error) {
	if _, contains := conf.kssPublicKeys[scheme]; !contains {
		conf.kssPublicKeys[scheme] = make(map[int]*rsa.PublicKey)
	}
	if _, contains := conf.kssPublicKeys[scheme][i]; !contains {
		pkbts, err := ioutil.ReadFile(filepath.Join(conf.Path, scheme.Name(), fmt.Sprintf("kss-%d.pem", i)))
		if err != nil {
			return nil, err
		}
		pkblk, _ := pem.Decode(pkbts)
		genericPk, err := x509.ParsePKIXPublicKey(pkblk.Bytes)
		if err != nil {
			return nil, err
		}
		pk, ok := genericPk.(*rsa.PublicKey)
		if !ok {
			return nil, errors.New("Invalid keyshare server public key")
		}
		conf.kssPublicKeys[scheme][i] = pk
	}
	return conf.kssPublicKeys[scheme][i], nil
}

425
func (conf *Configuration) addReverseHash(credid CredentialTypeIdentifier) {
426
	hash := sha256.Sum256([]byte(credid.String()))
427
	conf.reverseHashes[base64.StdEncoding.EncodeToString(hash[:16])] = credid
428
429
}

430
431
432
func (conf *Configuration) hashToCredentialType(hash []byte) *CredentialType {
	if str, exists := conf.reverseHashes[base64.StdEncoding.EncodeToString(hash)]; exists {
		return conf.CredentialTypes[str]
433
434
435
436
	}
	return nil
}

437
// IsInitialized indicates whether this instance has successfully been initialized.
438
439
func (conf *Configuration) IsInitialized() bool {
	return conf.initialized
440
441
}

442
443
444
445
446
447
448
449
450
// Prune removes any invalid scheme managers and everything they own from this Configuration
func (conf *Configuration) Prune() {
	for _, manager := range conf.SchemeManagers {
		if !manager.Valid {
			_ = conf.RemoveSchemeManager(manager.Identifier(), false) // does not return errors
		}
	}
}

451
func (conf *Configuration) parseIssuerFolders(manager *SchemeManager, path string) error {
452
	return fs.IterateSubfolders(path, func(dir string, _ os.FileInfo) error {
453
		issuer := &Issuer{}
454
		exists, err := conf.pathToDescription(manager, dir+"/description.xml", issuer)
455
456
457
		if err != nil {
			return err
		}
458
459
		if !exists {
			return nil
460
		}
461
462
463
		if issuer.XMLVersion < 4 {
			return errors.New("Unsupported issuer description")
		}
464

465
		if err = conf.validateIssuer(manager, issuer, dir); err != nil {
466
467
468
			return err
		}

469
		conf.Issuers[issuer.Identifier()] = issuer
470
		issuer.Valid = conf.SchemeManagers[issuer.SchemeManagerIdentifier()].Valid
471
		return conf.parseCredentialsFolder(manager, issuer, dir+"/Issues/")
472
473
474
	})
}

475
476
477
func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error {
	delete(conf.SchemeManagers, id)
	delete(conf.DisabledSchemeManagers, id)
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
	name := id.String()
	for iss := range conf.Issuers {
		if iss.Root() == name {
			delete(conf.Issuers, iss)
		}
	}
	for iss := range conf.publicKeys {
		if iss.Root() == name {
			delete(conf.publicKeys, iss)
		}
	}
	for cred := range conf.CredentialTypes {
		if cred.Root() == name {
			delete(conf.CredentialTypes, cred)
		}
	}
494
495
496
497
	if !conf.readOnly {
		return os.RemoveAll(filepath.Join(conf.Path, id.Name()))
	}
	return nil
498
499
}

500
// parse $schememanager/$issuer/PublicKeys/$i.xml for $i = 1, ...
501
502
func (conf *Configuration) parseKeysFolder(issuerid IssuerIdentifier) error {
	manager := conf.SchemeManagers[issuerid.SchemeManagerIdentifier()]
503
	conf.publicKeys[issuerid] = map[int]*gabi.PublicKey{}
504
	path := fmt.Sprintf(pubkeyPattern, conf.Path, issuerid.SchemeManagerIdentifier().Name(), issuerid.Name())
505
506
507
508
509
510
511
512
513
514
	files, err := filepath.Glob(path)
	if err != nil {
		return err
	}

	for _, file := range files {
		filename := filepath.Base(file)
		count := filename[:len(filename)-4]
		i, err := strconv.Atoi(count)
		if err != nil {
515
			return err
516
		}
517
		relativepath, err := filepath.Rel(conf.Path, file)
518
519
520
521
		if err != nil {
			return err
		}
		bts, found, err := conf.ReadAuthenticatedFile(manager, relativepath)
522
		if err != nil || !found {
523
524
525
			return err
		}
		pk, err := gabi.NewPublicKeyFromBytes(bts)
526
527
528
		if err != nil {
			return err
		}
529
530
531
		if int(pk.Counter) != i {
			return errors.Errorf("Public key %s of issuer %s has wrong <Counter>", file, issuerid.String())
		}
532
		pk.Issuer = issuerid.String()
533
		conf.publicKeys[issuerid][i] = pk
534
	}
535

536
537
538
	return nil
}

539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
func (conf *Configuration) PublicKeyIndices(issuerid IssuerIdentifier) (i []int, err error) {
	return conf.matchKeyPattern(issuerid, pubkeyPattern)
}

func (conf *Configuration) matchKeyPattern(issuerid IssuerIdentifier, pattern string) (i []int, err error) {
	pkpath := fmt.Sprintf(pattern, conf.Path, issuerid.SchemeManagerIdentifier().Name(), issuerid.Name())
	files, err := filepath.Glob(pkpath)
	if err != nil {
		return
	}
	for _, file := range files {
		var count int
		base := filepath.Base(file)
		if count, err = strconv.Atoi(base[:len(base)-4]); err != nil {
			return
		}
		i = append(i, count)
	}
	sort.Ints(i)
	return
}

561
// parse $schememanager/$issuer/Issues/*/description.xml
562
563
func (conf *Configuration) parseCredentialsFolder(manager *SchemeManager, issuer *Issuer, path string) error {
	var foundcred bool
564
	err := fs.IterateSubfolders(path, func(dir string, _ os.FileInfo) error {
565
		cred := &CredentialType{}
566
		exists, err := conf.pathToDescription(manager, dir+"/description.xml", cred)
567
568
569
		if err != nil {
			return err
		}
570
571
572
		if !exists {
			return nil
		}
573
		if err = conf.validateCredentialType(manager, issuer, cred, dir); err != nil {
574
575
576
577
			return err
		}
		foundcred = true
		cred.Valid = conf.SchemeManagers[cred.SchemeManagerIdentifier()].Valid
578
		credid := cred.Identifier()
579
580
		conf.CredentialTypes[credid] = cred
		conf.addReverseHash(credid)
581
		for index, attr := range cred.AttributeTypes {
582
583
584
585
			attr.Index = index
			attr.SchemeManagerID = cred.SchemeManagerID
			attr.IssuerID = cred.IssuerID
			attr.CredentialTypeID = cred.ID
586
			conf.AttributeTypes[attr.GetAttributeTypeIdentifier()] = attr
587
		}
588
589
		return nil
	})
590
591
592
593
594
595
	if !foundcred {
		conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no credential types", issuer.Identifier().String()))
	}
	return err
}

596
func (conf *Configuration) pathToDescription(manager *SchemeManager, path string, description interface{}) (bool, error) {
597
598
599
600
	if _, err := os.Stat(path); err != nil {
		return false, nil
	}

601
	relativepath, err := filepath.Rel(conf.Path, path)
602
603
604
605
	if err != nil {
		return false, err
	}
	bts, found, err := conf.ReadAuthenticatedFile(manager, relativepath)
606
	if !found {
607
608
		if manager.index.Scheme() != manager.Identifier() {
			return false, errors.Errorf("Folder must be called %s, not %s", manager.index.Scheme(), manager.ID)
609
		}
610
		return false, errors.Errorf("File %s not present in scheme index", relativepath)
611
	}
612
613
614
615
	if err != nil {
		return true, err
	}

616
	err = xml.Unmarshal(bts, description)
617
618
619
620
621
622
	if err != nil {
		return true, err
	}

	return true, nil
}
623

624
625
// ContainsCredentialType checks if the configuration contains the specified credential type.
func (conf *Configuration) ContainsCredentialType(cred CredentialTypeIdentifier) bool {
626
627
628
	return conf.SchemeManagers[cred.IssuerIdentifier().SchemeManagerIdentifier()] != nil &&
		conf.Issuers[cred.IssuerIdentifier()] != nil &&
		conf.CredentialTypes[cred] != nil
629
}
630

631
632
633
634
635
func (conf *Configuration) ContainsAttributeType(attr AttributeTypeIdentifier) bool {
	_, contains := conf.AttributeTypes[attr]
	return contains && conf.ContainsCredentialType(attr.CredentialTypeIdentifier())
}

636
func (conf *Configuration) isUpToDate(scheme SchemeManagerIdentifier) (bool, error) {
637
	if conf.assets == "" || conf.readOnly {
638
639
		return true, nil
	}
640
641
642
643
	name := scheme.String()
	newTime, exists, err := readTimestamp(filepath.Join(conf.assets, name, "timestamp"))
	if err != nil || !exists {
		return true, errors.WrapPrefix(err, "Could not read asset timestamp of scheme "+name, 0)
644
	}
645
646
647
648
	// The storage version of the manager does not need to have a timestamp. If it does not, it is outdated.
	oldTime, exists, err := readTimestamp(filepath.Join(conf.Path, name, "timestamp"))
	if err != nil {
		return true, err
649
	}
650
	return exists && !newTime.After(*oldTime), nil
651
652
}

653
func (conf *Configuration) CopyManagerFromAssets(scheme SchemeManagerIdentifier) (bool, error) {
654
	if conf.assets == "" || conf.readOnly {
655
		return false, nil
656
	}
657
658
659
660
661
	// Remove old version; we want an exact copy of the assets version
	// not a merge of the assets version and the storage version
	name := scheme.String()
	if err := os.RemoveAll(filepath.Join(conf.Path, name)); err != nil {
		return false, err
662
	}
663
664
665
	return true, fs.CopyDirectory(
		filepath.Join(conf.assets, name),
		filepath.Join(conf.Path, name),
666
667
668
	)
}

669
670
// DownloadSchemeManager downloads and returns a scheme manager description.xml file
// from the specified URL.
671
func DownloadSchemeManager(url string) (*SchemeManager, error) {
672
673
674
675
676
677
678
679
680
	if !strings.HasPrefix(url, "http://") && !strings.HasPrefix(url, "https://") {
		url = "https://" + url
	}
	if url[len(url)-1] == '/' {
		url = url[:len(url)-1]
	}
	if strings.HasSuffix(url, "/description.xml") {
		url = url[:len(url)-len("/description.xml")]
	}
681
	b, err := NewHTTPTransport(url).GetBytes("description.xml")
682
683
684
	if err != nil {
		return nil, err
	}
685
	manager := NewSchemeManager("")
686
687
688
689
690
691
692
693
	if err = xml.Unmarshal(b, manager); err != nil {
		return nil, err
	}

	manager.URL = url // TODO?
	return manager, nil
}

Sietse Ringers's avatar
Sietse Ringers committed
694
695
// RemoveSchemeManager removes the specified scheme manager and all associated issuers,
// public keys and credential types from this Configuration.
696
func (conf *Configuration) RemoveSchemeManager(id SchemeManagerIdentifier, fromStorage bool) error {
697
	// Remove everything falling under the manager's responsibility
698
	for credid := range conf.CredentialTypes {
699
		if credid.IssuerIdentifier().SchemeManagerIdentifier() == id {
700
			delete(conf.CredentialTypes, credid)
701
702
		}
	}
703
	for issid := range conf.Issuers {
704
		if issid.SchemeManagerIdentifier() == id {
705
			delete(conf.Issuers, issid)
706
707
		}
	}
708
	for issid := range conf.publicKeys {
709
		if issid.SchemeManagerIdentifier() == id {
710
			delete(conf.publicKeys, issid)
711
712
		}
	}
713
	delete(conf.SchemeManagers, id)
714

715
	if fromStorage || !conf.readOnly {
Sietse Ringers's avatar
Sietse Ringers committed
716
		return os.RemoveAll(fmt.Sprintf("%s/%s", conf.Path, id.String()))
717
718
	}
	return nil
719
720
}

721
func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error) {
722
723
724
725
	if conf.readOnly {
		return errors.New("cannot install scheme into a read-only configuration")
	}

726
727
728
729
730
731
732
733
734
	// Check if downloading stuff from the remote works before we uninstall the specified manager:
	// If we can't download anything we should keep the broken version
	manager, err = DownloadSchemeManager(manager.URL)
	if err != nil {
		return
	}
	if err = conf.DeleteSchemeManager(manager.Identifier()); err != nil {
		return
	}
735
	err = conf.InstallSchemeManager(manager, nil)
736
737
738
	return
}

739
// InstallSchemeManager downloads and adds the specified scheme manager to this Configuration,
Sietse Ringers's avatar
Sietse Ringers committed
740
// provided its signature is valid.
741
func (conf *Configuration) InstallSchemeManager(manager *SchemeManager, publickey []byte) error {
742
743
744
745
	if conf.readOnly {
		return errors.New("cannot install scheme into a read-only configuration")
	}

746
	name := manager.ID
747
	if err := fs.EnsureDirectoryExists(filepath.Join(conf.Path, name)); err != nil {
748
749
		return err
	}
750
751

	t := NewHTTPTransport(manager.URL)
Sietse Ringers's avatar
Sietse Ringers committed
752
	path := fmt.Sprintf("%s/%s", conf.Path, name)
753
754
755
	if err := t.GetFile("description.xml", path+"/description.xml"); err != nil {
		return err
	}
756
757
758
759
760
761
762
763
	if publickey != nil {
		if err := fs.SaveFile(path+"/pk.pem", publickey); err != nil {
			return err
		}
	} else {
		if err := t.GetFile("pk.pem", path+"/pk.pem"); err != nil {
			return err
		}
764
	}
765
	if err := conf.DownloadSchemeManagerSignature(manager); err != nil {
766
767
		return err
	}
768
769
770
771
	conf.SchemeManagers[manager.Identifier()] = manager
	if err := conf.UpdateSchemeManager(manager.Identifier(), nil); err != nil {
		return err
	}
772

773
	return conf.ParseSchemeManagerFolder(filepath.Join(conf.Path, name), manager)
774
775
776
777
778
}

// DownloadSchemeManagerSignature downloads, stores and verifies the latest version
// of the index file and signature of the specified manager.
func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager) (err error) {
779
780
781
782
	if conf.readOnly {
		return errors.New("cannot download into a read-only configuration")
	}

783
	t := NewHTTPTransport(manager.URL)
Sietse Ringers's avatar
Sietse Ringers committed
784
	path := fmt.Sprintf("%s/%s", conf.Path, manager.ID)
785
786
787
788
	index := filepath.Join(path, "index")
	sig := filepath.Join(path, "index.sig")

	if err = t.GetFile("index", index); err != nil {
789
		return
790
791
	}
	if err = t.GetFile("index.sig", sig); err != nil {
792
		return
793
	}
794
	err = conf.VerifySignature(manager.Identifier())
795
	return
796
}
797

798
func (e *UnknownIdentifierError) Error() string {
Leon's avatar
Leon committed
799
800
801
802
803
	return "Unknown identifiers: " + e.Missing.String()
}

func (e *RequiredAttributeMissingError) Error() string {
	return "Required attributes are missing: " + e.Missing.String()
804
805
}

Sietse Ringers's avatar
Sietse Ringers committed
806
// Download downloads the issuers, credential types and public keys specified in set
Leon's avatar
Leon committed
807
// if the current Configuration does not already have them, and checks their authenticity
Sietse Ringers's avatar
Sietse Ringers committed
808
// using the scheme manager index.
809
func (conf *Configuration) Download(session SessionRequest) (downloaded *IrmaIdentifierSet, err error) {
810
	if conf.readOnly {
Leon's avatar
Leon committed
811
		return nil, errors.New("Cannot download into a read-only configuration")
812
	}
813

Leon's avatar
Leon committed
814
	missing, requiredMissing, err := conf.checkIdentifiers(session)
815
816
	if err != nil {
		return nil, err
817
	}
818
819
	if len(missing.SchemeManagers) > 0 {
		return nil, &UnknownIdentifierError{ErrorUnknownSchemeManager, missing}
820
821
	}

Leon's avatar
Leon committed
822
	// Update the scheme found above and parse, if necessary
823
	downloaded = newIrmaIdentifierSet()
Leon's avatar
Leon committed
824
825
826
827
828
829
830
831
832
833

	// Combine to find all identifiers that possibly require updating, i.e.,
	// ones that are not found in the configuration or,
	// ones that were tagged non-optional, but were tagged optional in a more recent configuration
	allMissing := newIrmaIdentifierSet()
	allMissing.join(missing)
	allMissing.join(requiredMissing)

	// Try updating them
	for id := range allMissing.allSchemes() {
834
		if err = conf.UpdateSchemeManager(id, downloaded); err != nil {
835
836
837
838
			return
		}
	}
	if !downloaded.Empty() {
839
840
841
		if err = conf.ParseFolder(); err != nil {
			return nil, err
		}
842
	}
843

Leon's avatar
Leon committed
844
845
846
	// Check again if all session identifiers are known now and required attributes are present
	missing, requiredMissing, err = conf.checkIdentifiers(session)
	if err != nil {
847
848
		return nil, err
	}
Leon's avatar
Leon committed
849
850

	// Required in the request, but not found in the configuration
851
852
853
854
	if !missing.Empty() {
		return nil, &UnknownIdentifierError{ErrorUnknownIdentifier, missing}
	}

Leon's avatar
Leon committed
855
856
857
858
859
	// (Still) required in the configuration, but not in the request
	if !requiredMissing.Empty() {
		return nil, &RequiredAttributeMissingError{ErrorRequiredAttributeMissing, requiredMissing}
	}

860
861
862
	return
}

Leon's avatar
Leon committed
863
func (conf *Configuration) checkCredentialTypes(session SessionRequest, missing *IrmaIdentifierSet, requiredMissing *IrmaIdentifierSet) {
864
865
866
867
868
869
	var typ *CredentialType
	var contains bool

	switch s := session.(type) {
	case *IssuanceRequest:
		for _, credreq := range s.Credentials {
Leon's avatar
Leon committed
870

871
			// First check if we have this credential type
872
			typ, contains = conf.CredentialTypes[credreq.CredentialTypeID]
873
			if !contains {
874
				missing.CredentialTypes[credreq.CredentialTypeID] = struct{}{}
875
876
				continue
			}
Leon's avatar
Leon committed
877
878
879
880
881
882

			// Check for attributes in the request that are not in the credential configuration
			for reqAttr, _ := range credreq.Attributes {
				attrID := NewAttributeTypeIdentifier(credreq.CredentialTypeID.String() + "." + reqAttr)
				if !typ.ContainsAttribute(attrID) {
					missing.AttributeTypes[attrID] = struct{}{}
883
884
				}
			}
Leon's avatar
Leon committed
885
886
887
888
889
890
891

			// Check if all attributes from the configuration are present, unless they are marked as optional
			for _, attrtype := range typ.AttributeTypes {
				_, present := credreq.Attributes[attrtype.ID]
				if !present && !attrtype.IsOptional() {
					requiredMissing.AttributeTypes[attrtype.GetAttributeTypeIdentifier()] = struct{}{}
				}
892
893
894
895
			}
		}
	}

896
897
898
	_ = session.Disclosure().Disclose.Iterate(func(attr *AttributeRequest) error {
		credid := attr.Type.CredentialTypeIdentifier()
		if typ, contains = conf.CredentialTypes[credid]; !contains {
899
			missing.CredentialTypes[credid] = struct{}{}
900
			return nil
901
		}
902
		if !attr.Type.IsCredential() && !typ.ContainsAttribute(attr.Type) {
Leon's avatar
Leon committed
903
			missing.AttributeTypes[attr.Type] = struct{}{}
904
905
906
		}
		return nil
	})
907

908
909
910
	return
}

Leon's avatar
Leon committed
911
func (conf *Configuration) checkIdentifiers(session SessionRequest) (*IrmaIdentifierSet, *IrmaIdentifierSet, error) {
912
	missing := newIrmaIdentifierSet()
Leon's avatar
Leon committed
913
	requiredMissing := newIrmaIdentifierSet()
914
915
	conf.checkSchemes(session, missing)
	if err := conf.checkIssuers(session.Identifiers(), missing); err != nil {
Leon's avatar
Leon committed
916
		return nil, nil, err
917
	}
Leon's avatar
Leon committed
918
919
	conf.checkCredentialTypes(session, missing, requiredMissing)
	return missing, requiredMissing, nil
920
921
922
923
924
925
926
927
928
929
930
}

// CheckSchemes verifies that all schemes occuring in the specified session request occur in this
// instance.
func (conf *Configuration) checkSchemes(session SessionRequest, missing *IrmaIdentifierSet) {
	for id := range session.Identifiers().SchemeManagers {
		scheme, contains := conf.SchemeManagers[id]
		if !contains || !scheme.Valid {
			missing.SchemeManagers[id] = struct{}{}
		}
	}
931
932
}

933
func (conf *Configuration) checkIssuers(set *IrmaIdentifierSet, missing *IrmaIdentifierSet) error {
934
	for issid := range set.Issuers {
935
		if _, contains := conf.Issuers[issid]; !contains {
936
			missing.Issuers[issid] = struct{}{}
937
		}
Sietse Ringers's avatar
Sietse Ringers committed
938
	}
939
940
941
	for issid, keyids := range set.PublicKeys {
		for _, keyid := range keyids {
			pk, err := conf.PublicKey(issid, keyid)
Sietse Ringers's avatar
Sietse Ringers committed
942
			if err != nil {
943
				return err
Sietse Ringers's avatar
Sietse Ringers committed
944
945
			}
			if pk == nil {
946
				missing.PublicKeys[issid] = append(missing.PublicKeys[issid], keyid)
947
948
949
			}
		}
	}
950
	return nil
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
}

func (i SchemeManagerIndex) String() string {
	var paths []string
	var b bytes.Buffer

	for path := range i {
		paths = append(paths, path)
	}
	sort.Strings(paths)

	for _, path := range paths {
		b.WriteString(hex.EncodeToString(i[path]))
		b.WriteString(" ")
		b.WriteString(path)
		b.WriteString("\n")
	}

	return b.String()
}

Sietse Ringers's avatar
Sietse Ringers committed
972
// FromString populates this index by parsing the specified string.
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
func (i SchemeManagerIndex) FromString(s string) error {
	for j, line := range strings.Split(s, "\n") {
		if len(line) == 0 {
			continue
		}
		parts := strings.Split(line, " ")
		if len(parts) != 2 {
			return errors.Errorf("Scheme manager index line %d has incorrect amount of parts", j)
		}
		hash, err := hex.DecodeString(parts[0])
		if err != nil {
			return err
		}
		i[parts[1]] = hash
	}

	return nil
}

992
993
994
995
996
997
998
func (i SchemeManagerIndex) Scheme() SchemeManagerIdentifier {
	for p := range i {
		return NewSchemeManagerIdentifier(p[0:strings.Index(p, "/")])
	}
	return NewSchemeManagerIdentifier("")
}

999
// parseIndex parses the index file of the specified manager.
1000
func (conf *Configuration) parseIndex(name string, manager *SchemeManager) (SchemeManagerIndex, error) {
Sietse Ringers's avatar
Sietse Ringers committed
1001
	path := filepath.Join(conf.Path, name, "index")
Sietse Ringers's avatar
Sietse Ringers committed
1002
	if err := fs.AssertPathExists(path); err != nil {
1003
		return nil, fmt.Errorf("Missing scheme manager index file; tried %s", path)
1004
	}
Sietse Ringers's avatar
Sietse Ringers committed
1005
	indexbts, err := ioutil.ReadFile(path)
1006
	if err != nil {
1007
		return nil, err
1008
	}
1009
	index := SchemeManagerIndex(make(map[string]ConfigurationFileHash))
1010
1011
1012
1013
1014
1015
1016
1017
	if err = index.FromString(string(indexbts)); err != nil {
		return nil, err
	}

	return index, conf.checkUnsignedFiles(name, index)
}

func (conf *Configuration) checkUnsignedFiles(name string, index SchemeManagerIndex) error {