Add signed timestamps to scheme manager parsing and signing

0231a02f · Sietse Ringers · ede8e739 · 0231a02f · 0231a02f · 0231a02f
Commit 0231a02f authored Jun 12, 2018 by Sietse Ringers
10 changed files
--- a/descriptions.go
+++ b/descriptions.go
@@ -27,6 +27,8 @@ type SchemeManager struct {
 	Status SchemeManagerStatus `xml:"-"`
 	Valid  bool                `xml:"-"` // true iff Status == SchemeManagerStatusValid

+	Timestamp Timestamp
+
 	index SchemeManagerIndex
 }


--- a/irmaconfig.go
+++ b/irmaconfig.go
@@ -208,6 +208,11 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM
 		return
 	}

+	manager.Timestamp, err = readTimestamp(dir + "/timestamp")
+	if err != nil {
+		return errors.New("Could not read scheme manager timestamp")
+	}
+
 	if manager.XMLVersion < 7 {
 		manager.Status = SchemeManagerStatusParsingError
 		return errors.New("Unsupported scheme manager description")

--- a/requests.go
+++ b/requests.go
@@ -2,6 +2,7 @@ package irma

 import (
 	"fmt"
+	"io/ioutil"
 	"math/big"
 	"strconv"
 	"time"
@@ -360,9 +361,7 @@ func (t Timestamp) Before(u Timestamp) bool {

 // MarshalJSON marshals a timestamp.
 func (t *Timestamp) MarshalJSON() ([]byte, error) {
-	ts := time.Time(*t).Unix()
-	stamp := fmt.Sprint(ts)
-	return []byte(stamp), nil
+	return []byte(t.String()), nil
 }

 // UnmarshalJSON unmarshals a timestamp.
@@ -375,6 +374,22 @@ func (t *Timestamp) UnmarshalJSON(b []byte) error {
 	return nil
 }

+// Timestamp implements Stringer.
+func (t *Timestamp) String() string {
+	return fmt.Sprint(time.Time(*t).Unix())
+}
+
+func readTimestamp(path string) (Timestamp, error) {
+	bts, err := ioutil.ReadFile(path)
+	if err != nil {
+		return Timestamp(time.Unix(0, 0)), errors.New("Could not read scheme manager timestamp")
+	}
+
+	// Remove final character which is \n; convert from byte slice to string; parse as int
+	str, err := strconv.ParseInt(string(bts[:len(bts)-1]), 10, 64)
+	return Timestamp(time.Unix(str, 0)), nil
+}
+
 // NewServiceProviderJwt returns a new ServiceProviderJwt.
 func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt {
 	return &ServiceProviderJwt{

--- a/schememgr/cmd/sign.go
+++ b/schememgr/cmd/sign.go
@@ -3,6 +3,8 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strconv"
+	"time"

 	"crypto/ecdsa"
 	"crypto/rand"
@@ -49,6 +51,12 @@ func signManager(args []string) {
 		die("Specified path does not exist", nil)
 	}

+	// Write timestamp
+	bts := []byte(strconv.FormatInt(time.Now().Unix(), 10) + "\n")
+	if err = ioutil.WriteFile(confpath+"/timestamp", bts, 0644); err != nil {
+		die("Failed to write timestamp", err)
+	}
+
 	// Traverse dir and add file hashes to index
 	var index irma.SchemeManagerIndex = make(map[string]irma.ConfigurationFileHash)
 	err = filepath.Walk(confpath, func(path string, info os.FileInfo, err error) error {
@@ -59,10 +67,10 @@ func signManager(args []string) {
 		die("Failed to calculate file index:", err)
 	}

-	// Write index.xml
-	bts := []byte(index.String())
+	// Write index
+	bts = []byte(index.String())
 	if err = ioutil.WriteFile(confpath+"/index", bts, 0644); err != nil {
-		die("Failed to write index.xml", err)
+		die("Failed to write index", err)
 	}

 	// Create and write signature
@@ -76,7 +84,7 @@ func signManager(args []string) {
 		die("Failed to serialize signature:", err)
 	}
 	if err = ioutil.WriteFile(confpath+"/index.sig", sigbytes, 0644); err != nil {
-		die("Failed to write index.xml.sig", err)
+		die("Failed to write index.sig", err)
 	}

 	// Write public key
@@ -105,7 +113,7 @@ func calculateFileHash(path string, info os.FileInfo, err error, confpath string
 		strings.HasSuffix(path, "index") || // Skip the index file itself
 		strings.Contains(path, "/.git/") || // No need to traverse .git dirs
 		strings.Contains(path, "/PrivateKeys/") || // Don't sign private keys
-		(!strings.HasSuffix(path, ".xml") && !strings.HasSuffix(path, ".png")) {
+		(!strings.HasSuffix(path, ".xml") && !strings.HasSuffix(path, ".png") && !strings.HasSuffix(path, "timestamp")) {
 		return nil
 	}


--- a/testdata/irma_configuration/irma-demo/index
+++ b/testdata/irma_configuration/irma-demo/index
@@ -11,3 +11,4 @@ e298a2e6dca3bdb923d22734dc4f76ba7b48c5364eb8d7b60e6ec4e940921f89 irma-demo/RU/Pu
 a4f6cc35cace3e9dc9388b29a8756ea83e5884f799d75cadd4efa60e1a12d855 irma-demo/RU/description.xml
 35697bb7ffb19518a0ac6739ac3eef6b0272cd322c4619b075328b88c06ac43d irma-demo/RU/logo.png
 8dc2ac6f2b697599d788e6580afbeacb1f3d090ba7ba2188c58f165e0da6c776 irma-demo/description.xml
+499936dc1a45c3dbe10934be949cd2db180159d3cd72ed916c5145aeec8c7341 irma-demo/timestamp
--- a/testdata/irma_configuration/irma-demo/index.sig
+++ b/testdata/irma_configuration/irma-demo/index.sig
--- a/testdata/irma_configuration/irma-demo/timestamp
+++ b/testdata/irma_configuration/irma-demo/timestamp
+1528830456
--- a/testdata/irma_configuration/test/index
+++ b/testdata/irma_configuration/test/index
@@ -9,3 +9,4 @@ c01fb73d8b9f3ae1e530f6335bbb1857d67d5022c5c25e5188f0dd9e0f688707 test/descriptio
 a7f792bd702d6d97fd34d4104ddcf56bb3a0995e77fb36784099d4bd05c2df27 test/test/PublicKeys/3.xml
 adc18a59954caeb907b999ab09b710c652665a0b150e5e4a7aff55199a4908dd test/test/description.xml
 48f04181af6874a2f63f97d0a1a79b95f274da3e4d0efd9e5936b0ec0858b1cc test/test/logo.png
+2337d5b392bd77582daf165994df54b95567d0357c859579c534b87b7c5aaf1c test/timestamp
--- a/testdata/irma_configuration/test/index.sig
+++ b/testdata/irma_configuration/test/index.sig
--- a/testdata/irma_configuration/test/timestamp
+++ b/testdata/irma_configuration/test/timestamp
+1528831412