Commit 0231a02f authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Add signed timestamps to scheme manager parsing and signing

parent ede8e739
......@@ -27,6 +27,8 @@ type SchemeManager struct {
Status SchemeManagerStatus `xml:"-"`
Valid bool `xml:"-"` // true iff Status == SchemeManagerStatusValid
Timestamp Timestamp
index SchemeManagerIndex
}
......
......@@ -208,6 +208,11 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM
return
}
manager.Timestamp, err = readTimestamp(dir + "/timestamp")
if err != nil {
return errors.New("Could not read scheme manager timestamp")
}
if manager.XMLVersion < 7 {
manager.Status = SchemeManagerStatusParsingError
return errors.New("Unsupported scheme manager description")
......
......@@ -2,6 +2,7 @@ package irma
import (
"fmt"
"io/ioutil"
"math/big"
"strconv"
"time"
......@@ -360,9 +361,7 @@ func (t Timestamp) Before(u Timestamp) bool {
// MarshalJSON marshals a timestamp.
func (t *Timestamp) MarshalJSON() ([]byte, error) {
ts := time.Time(*t).Unix()
stamp := fmt.Sprint(ts)
return []byte(stamp), nil
return []byte(t.String()), nil
}
// UnmarshalJSON unmarshals a timestamp.
......@@ -375,6 +374,22 @@ func (t *Timestamp) UnmarshalJSON(b []byte) error {
return nil
}
// Timestamp implements Stringer.
func (t *Timestamp) String() string {
return fmt.Sprint(time.Time(*t).Unix())
}
func readTimestamp(path string) (Timestamp, error) {
bts, err := ioutil.ReadFile(path)
if err != nil {
return Timestamp(time.Unix(0, 0)), errors.New("Could not read scheme manager timestamp")
}
// Remove final character which is \n; convert from byte slice to string; parse as int
str, err := strconv.ParseInt(string(bts[:len(bts)-1]), 10, 64)
return Timestamp(time.Unix(str, 0)), nil
}
// NewServiceProviderJwt returns a new ServiceProviderJwt.
func NewServiceProviderJwt(servername string, dr *DisclosureRequest) *ServiceProviderJwt {
return &ServiceProviderJwt{
......
......@@ -3,6 +3,8 @@ package cmd
import (
"fmt"
"os"
"strconv"
"time"
"crypto/ecdsa"
"crypto/rand"
......@@ -49,6 +51,12 @@ func signManager(args []string) {
die("Specified path does not exist", nil)
}
// Write timestamp
bts := []byte(strconv.FormatInt(time.Now().Unix(), 10) + "\n")
if err = ioutil.WriteFile(confpath+"/timestamp", bts, 0644); err != nil {
die("Failed to write timestamp", err)
}
// Traverse dir and add file hashes to index
var index irma.SchemeManagerIndex = make(map[string]irma.ConfigurationFileHash)
err = filepath.Walk(confpath, func(path string, info os.FileInfo, err error) error {
......@@ -59,10 +67,10 @@ func signManager(args []string) {
die("Failed to calculate file index:", err)
}
// Write index.xml
bts := []byte(index.String())
// Write index
bts = []byte(index.String())
if err = ioutil.WriteFile(confpath+"/index", bts, 0644); err != nil {
die("Failed to write index.xml", err)
die("Failed to write index", err)
}
// Create and write signature
......@@ -76,7 +84,7 @@ func signManager(args []string) {
die("Failed to serialize signature:", err)
}
if err = ioutil.WriteFile(confpath+"/index.sig", sigbytes, 0644); err != nil {
die("Failed to write index.xml.sig", err)
die("Failed to write index.sig", err)
}
// Write public key
......@@ -105,7 +113,7 @@ func calculateFileHash(path string, info os.FileInfo, err error, confpath string
strings.HasSuffix(path, "index") || // Skip the index file itself
strings.Contains(path, "/.git/") || // No need to traverse .git dirs
strings.Contains(path, "/PrivateKeys/") || // Don't sign private keys
(!strings.HasSuffix(path, ".xml") && !strings.HasSuffix(path, ".png")) {
(!strings.HasSuffix(path, ".xml") && !strings.HasSuffix(path, ".png") && !strings.HasSuffix(path, "timestamp")) {
return nil
}
......
......@@ -11,3 +11,4 @@ e298a2e6dca3bdb923d22734dc4f76ba7b48c5364eb8d7b60e6ec4e940921f89 irma-demo/RU/Pu
a4f6cc35cace3e9dc9388b29a8756ea83e5884f799d75cadd4efa60e1a12d855 irma-demo/RU/description.xml
35697bb7ffb19518a0ac6739ac3eef6b0272cd322c4619b075328b88c06ac43d irma-demo/RU/logo.png
8dc2ac6f2b697599d788e6580afbeacb1f3d090ba7ba2188c58f165e0da6c776 irma-demo/description.xml
499936dc1a45c3dbe10934be949cd2db180159d3cd72ed916c5145aeec8c7341 irma-demo/timestamp
......@@ -9,3 +9,4 @@ c01fb73d8b9f3ae1e530f6335bbb1857d67d5022c5c25e5188f0dd9e0f688707 test/descriptio
a7f792bd702d6d97fd34d4104ddcf56bb3a0995e77fb36784099d4bd05c2df27 test/test/PublicKeys/3.xml
adc18a59954caeb907b999ab09b710c652665a0b150e5e4a7aff55199a4908dd test/test/description.xml
48f04181af6874a2f63f97d0a1a79b95f274da3e4d0efd9e5936b0ec0858b1cc test/test/logo.png
2337d5b392bd77582daf165994df54b95567d0357c859579c534b87b7c5aaf1c test/timestamp
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment