Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
0231a02f
Commit
0231a02f
authored
Jun 12, 2018
by
Sietse Ringers
Browse files
Add signed timestamps to scheme manager parsing and signing
parent
ede8e739
Changes
10
Hide whitespace changes
Inline
Side-by-side
descriptions.go
View file @
0231a02f
...
...
@@ -27,6 +27,8 @@ type SchemeManager struct {
Status
SchemeManagerStatus
`xml:"-"`
Valid
bool
`xml:"-"`
// true iff Status == SchemeManagerStatusValid
Timestamp
Timestamp
index
SchemeManagerIndex
}
...
...
irmaconfig.go
View file @
0231a02f
...
...
@@ -208,6 +208,11 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM
return
}
manager
.
Timestamp
,
err
=
readTimestamp
(
dir
+
"/timestamp"
)
if
err
!=
nil
{
return
errors
.
New
(
"Could not read scheme manager timestamp"
)
}
if
manager
.
XMLVersion
<
7
{
manager
.
Status
=
SchemeManagerStatusParsingError
return
errors
.
New
(
"Unsupported scheme manager description"
)
...
...
requests.go
View file @
0231a02f
...
...
@@ -2,6 +2,7 @@ package irma
import
(
"fmt"
"io/ioutil"
"math/big"
"strconv"
"time"
...
...
@@ -360,9 +361,7 @@ func (t Timestamp) Before(u Timestamp) bool {
// MarshalJSON marshals a timestamp.
func
(
t
*
Timestamp
)
MarshalJSON
()
([]
byte
,
error
)
{
ts
:=
time
.
Time
(
*
t
)
.
Unix
()
stamp
:=
fmt
.
Sprint
(
ts
)
return
[]
byte
(
stamp
),
nil
return
[]
byte
(
t
.
String
()),
nil
}
// UnmarshalJSON unmarshals a timestamp.
...
...
@@ -375,6 +374,22 @@ func (t *Timestamp) UnmarshalJSON(b []byte) error {
return
nil
}
// Timestamp implements Stringer.
func
(
t
*
Timestamp
)
String
()
string
{
return
fmt
.
Sprint
(
time
.
Time
(
*
t
)
.
Unix
())
}
func
readTimestamp
(
path
string
)
(
Timestamp
,
error
)
{
bts
,
err
:=
ioutil
.
ReadFile
(
path
)
if
err
!=
nil
{
return
Timestamp
(
time
.
Unix
(
0
,
0
)),
errors
.
New
(
"Could not read scheme manager timestamp"
)
}
// Remove final character which is \n; convert from byte slice to string; parse as int
str
,
err
:=
strconv
.
ParseInt
(
string
(
bts
[
:
len
(
bts
)
-
1
]),
10
,
64
)
return
Timestamp
(
time
.
Unix
(
str
,
0
)),
nil
}
// NewServiceProviderJwt returns a new ServiceProviderJwt.
func
NewServiceProviderJwt
(
servername
string
,
dr
*
DisclosureRequest
)
*
ServiceProviderJwt
{
return
&
ServiceProviderJwt
{
...
...
schememgr/cmd/sign.go
View file @
0231a02f
...
...
@@ -3,6 +3,8 @@ package cmd
import
(
"fmt"
"os"
"strconv"
"time"
"crypto/ecdsa"
"crypto/rand"
...
...
@@ -49,6 +51,12 @@ func signManager(args []string) {
die
(
"Specified path does not exist"
,
nil
)
}
// Write timestamp
bts
:=
[]
byte
(
strconv
.
FormatInt
(
time
.
Now
()
.
Unix
(),
10
)
+
"
\n
"
)
if
err
=
ioutil
.
WriteFile
(
confpath
+
"/timestamp"
,
bts
,
0644
);
err
!=
nil
{
die
(
"Failed to write timestamp"
,
err
)
}
// Traverse dir and add file hashes to index
var
index
irma
.
SchemeManagerIndex
=
make
(
map
[
string
]
irma
.
ConfigurationFileHash
)
err
=
filepath
.
Walk
(
confpath
,
func
(
path
string
,
info
os
.
FileInfo
,
err
error
)
error
{
...
...
@@ -59,10 +67,10 @@ func signManager(args []string) {
die
(
"Failed to calculate file index:"
,
err
)
}
// Write index
.xml
bts
:
=
[]
byte
(
index
.
String
())
// Write index
bts
=
[]
byte
(
index
.
String
())
if
err
=
ioutil
.
WriteFile
(
confpath
+
"/index"
,
bts
,
0644
);
err
!=
nil
{
die
(
"Failed to write index
.xml
"
,
err
)
die
(
"Failed to write index"
,
err
)
}
// Create and write signature
...
...
@@ -76,7 +84,7 @@ func signManager(args []string) {
die
(
"Failed to serialize signature:"
,
err
)
}
if
err
=
ioutil
.
WriteFile
(
confpath
+
"/index.sig"
,
sigbytes
,
0644
);
err
!=
nil
{
die
(
"Failed to write index.
xml.
sig"
,
err
)
die
(
"Failed to write index.sig"
,
err
)
}
// Write public key
...
...
@@ -105,7 +113,7 @@ func calculateFileHash(path string, info os.FileInfo, err error, confpath string
strings
.
HasSuffix
(
path
,
"index"
)
||
// Skip the index file itself
strings
.
Contains
(
path
,
"/.git/"
)
||
// No need to traverse .git dirs
strings
.
Contains
(
path
,
"/PrivateKeys/"
)
||
// Don't sign private keys
(
!
strings
.
HasSuffix
(
path
,
".xml"
)
&&
!
strings
.
HasSuffix
(
path
,
".png"
))
{
(
!
strings
.
HasSuffix
(
path
,
".xml"
)
&&
!
strings
.
HasSuffix
(
path
,
".png"
)
&&
!
strings
.
HasSuffix
(
path
,
"timestamp"
)
)
{
return
nil
}
...
...
testdata/irma_configuration/irma-demo/index
View file @
0231a02f
...
...
@@ -11,3 +11,4 @@ e298a2e6dca3bdb923d22734dc4f76ba7b48c5364eb8d7b60e6ec4e940921f89 irma-demo/RU/Pu
a4f6cc35cace3e9dc9388b29a8756ea83e5884f799d75cadd4efa60e1a12d855 irma-demo/RU/description.xml
35697bb7ffb19518a0ac6739ac3eef6b0272cd322c4619b075328b88c06ac43d irma-demo/RU/logo.png
8dc2ac6f2b697599d788e6580afbeacb1f3d090ba7ba2188c58f165e0da6c776 irma-demo/description.xml
499936dc1a45c3dbe10934be949cd2db180159d3cd72ed916c5145aeec8c7341 irma-demo/timestamp
testdata/irma_configuration/irma-demo/index.sig
View file @
0231a02f
No preview for this file type
testdata/irma_configuration/irma-demo/timestamp
0 → 100644
View file @
0231a02f
1528830456
testdata/irma_configuration/test/index
View file @
0231a02f
...
...
@@ -9,3 +9,4 @@ c01fb73d8b9f3ae1e530f6335bbb1857d67d5022c5c25e5188f0dd9e0f688707 test/descriptio
a7f792bd702d6d97fd34d4104ddcf56bb3a0995e77fb36784099d4bd05c2df27 test/test/PublicKeys/3.xml
adc18a59954caeb907b999ab09b710c652665a0b150e5e4a7aff55199a4908dd test/test/description.xml
48f04181af6874a2f63f97d0a1a79b95f274da3e4d0efd9e5936b0ec0858b1cc test/test/logo.png
2337d5b392bd77582daf165994df54b95567d0357c859579c534b87b7c5aaf1c test/timestamp
testdata/irma_configuration/test/index.sig
View file @
0231a02f
No preview for this file type
testdata/irma_configuration/test/timestamp
0 → 100644
View file @
0231a02f
1528831412
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment