revocation-enable.go 2.6 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package cmd

import (
	"path/filepath"

	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/revocation"
	irma "github.com/privacybydesign/irmago"
	"github.com/privacybydesign/irmago/internal/fs"
	"github.com/spf13/cobra"
)

var revokeEnableCmd = &cobra.Command{
	Use:   "enable CREDENTIALTYPE [PATH]",
	Short: "Enable revocation for a credential type",
	Long: `Enable revocation for a given credential type.

Must be done (and can only be done) by the issuer of the specified credential type, if enable in the
scheme. The revocation database is written to or updated from PATH, or the default IRMA storage path
(` + irma.DefaultDataPath() + `).`,
	Args: cobra.RangeArgs(1, 2),
	Run: func(cmd *cobra.Command, args []string) {
		path := irma.DefaultDataPath()
		if len(args) > 1 {
			path = args[1]
		}
		db, nonrevKey := configureRevocation(cmd, path, args[0])

		if err := db.EnableRevocation(nonrevKey); err != nil {
			die("failed to enable revocation", err)
		}
	},
}

func configureRevocation(cmd *cobra.Command, path, credtype string) (*revocation.DB, *revocation.PrivateKey) {
	var err error
	if err = fs.EnsureDirectoryExists(filepath.Join(path, "revocation")); err != nil {
		die("failed to create revocation database folder", err)
	}

	// parse irma_configuration and lookup credential type
42
	irmaconf, err := irma.NewConfiguration(filepath.Join(path, "irma_configuration"), irma.ConfigurationOptions{})
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
	if err != nil {
		die("failed to open irma_configuration", err)
	}
	if err = irmaconf.ParseFolder(); err != nil {
		die("failed to parse irma_configuration", err)
	}

	id := irma.NewCredentialTypeIdentifier(credtype)
	typ := irmaconf.CredentialTypes[id]
	if typ == nil {
		die("unknown credential type", nil)
	}

	// Read private key from either flag or irma_configuration
	var privatekey *gabi.PrivateKey
	privkeypath, _ := cmd.Flags().GetString("privatekey")
	if privkeypath != "" {
		privatekey, err = gabi.NewPrivateKeyFromFile(privkeypath)
	} else {
		privatekey, err = irmaconf.PrivateKey(typ.IssuerIdentifier())
	}
	if err != nil {
		die("failed to read private key", err)
	}
	if privatekey == nil {
		die("no private key specified and none found in irma_configuration", nil)
	}
	nonrevKey, err := privatekey.RevocationKey()
	if err != nil {
		die("failed to load nonrevocation private key from IRMA private key", err)
	}
	db, err := irmaconf.RevocationDB(id)
	if err != nil {
		die("failed to load revocation database", err)
	}

	return db, nonrevKey
}

func init() {
	revokeEnableCmd.Flags().StringP("privatekey", "s", "", `Issuer private key for specified credential type`)
	revocationCmd.AddCommand(revokeEnableCmd)
}