feat: unify server.Configuration and irma.Configuration private key handling

02583d4b · Sietse Ringers · 98271b20 · 02583d4b · 02583d4b · 02583d4b
Commit 02583d4b authored Dec 11, 2019 by Sietse Ringers
6 changed files
--- a/internal/servercore/api.go
+++ b/internal/servercore/api.go
@@ -140,7 +140,7 @@ func (s *Server) CancelSession(token string) error {
 }

 func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error {
-	sk, err := s.conf.PrivateKey(credid.IssuerIdentifier())
+	sk, err := s.conf.IrmaConfiguration.PrivateKey(credid.IssuerIdentifier())
 	if err != nil {
 		return err
 	}

--- a/internal/servercore/handle.go
+++ b/internal/servercore/handle.go
@@ -189,7 +189,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
 	for i, cred := range request.Credentials {
 		id := cred.CredentialTypeID.IssuerIdentifier()
 		pk, _ := session.conf.IrmaConfiguration.PublicKey(id, cred.KeyCounter)
-		sk, _ := session.conf.PrivateKey(id)
+		sk, _ := session.conf.IrmaConfiguration.PrivateKey(id)
 		issuer := gabi.NewIssuer(sk, pk, one)
 		proof, ok := commitments.Proofs[i+discloseCount].(*gabi.ProofU)
 		if !ok {

--- a/internal/servercore/helpers.go
+++ b/internal/servercore/helpers.go
@@ -130,7 +130,7 @@ func (s *Server) validateIssuanceRequest(request *irma.IssuanceRequest) error {
 	for _, cred := range request.Credentials {
 		// Check that we have the appropriate private key
 		iss := cred.CredentialTypeID.IssuerIdentifier()
-		privatekey, err := s.conf.PrivateKey(iss)
+		privatekey, err := s.conf.IrmaConfiguration.PrivateKey(iss)
 		if err != nil {
 			return err
 		}

--- a/irmaconfig.go
+++ b/irmaconfig.go
@@ -46,6 +46,10 @@ type Configuration struct {
 	CredentialTypes map[CredentialTypeIdentifier]*CredentialType
 	AttributeTypes  map[AttributeTypeIdentifier]*AttributeType

+	// Issuer private keys. If set (after calling ParseFolder()), will use these keys
+	// instead of keys in irma_configuration/$issuer/PrivateKeys.
+	PrivateKeys map[IssuerIdentifier]*gabi.PrivateKey
+
 	Revocation *RevocationStorage

 	// Path to the irma_configuration folder that this instance represents
@@ -59,7 +63,6 @@ type Configuration struct {

 	kssPublicKeys map[SchemeManagerIdentifier]map[int]*rsa.PublicKey
 	publicKeys    map[IssuerIdentifier]map[int]*gabi.PublicKey
-	privateKeys   map[IssuerIdentifier]*gabi.PrivateKey
 	reverseHashes map[string]CredentialTypeIdentifier
 	initialized   bool
 	assets        string
@@ -163,7 +166,7 @@ func (conf *Configuration) clear() {
 	conf.DisabledSchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManagerError)
 	conf.kssPublicKeys = make(map[SchemeManagerIdentifier]map[int]*rsa.PublicKey)
 	conf.publicKeys = make(map[IssuerIdentifier]map[int]*gabi.PublicKey)
-	conf.privateKeys = make(map[IssuerIdentifier]*gabi.PrivateKey)
+	conf.PrivateKeys = make(map[IssuerIdentifier]*gabi.PrivateKey)
 	conf.reverseHashes = make(map[string]CredentialTypeIdentifier)
 }

@@ -319,7 +322,7 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM

 // PrivateKey returns the latest private key of the specified issuer, or nil if not present in the Configuration.
 func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error) {
-	if sk := conf.privateKeys[id]; sk != nil {
+	if sk := conf.PrivateKeys[id]; sk != nil {
 		return sk, nil
 	}

@@ -355,7 +358,7 @@ func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, er
 	if int(sk.Counter) != counter {
 		return nil, errors.Errorf("Private key %s of issuer %s has wrong <Counter>", file, id.String())
 	}
-	conf.privateKeys[id] = sk
+	conf.PrivateKeys[id] = sk

 	return sk, nil
 }

--- a/server/conf.go
+++ b/server/conf.go
@@ -89,21 +89,11 @@ func (conf *Configuration) Check() error {
 	return nil
 }

-func (conf *Configuration) PrivateKey(id irma.IssuerIdentifier) (sk *gabi.PrivateKey, err error) {
-	sk = conf.IssuerPrivateKeys[id]
-	if sk == nil {
-		if sk, err = conf.IrmaConfiguration.PrivateKey(id); err != nil {
-			return nil, err
-		}
-	}
-	return sk, nil
-}
-
 func (conf *Configuration) HavePrivateKeys() (bool, error) {
 	var err error
 	var sk *gabi.PrivateKey
 	for id := range conf.IrmaConfiguration.Issuers {
-		sk, err = conf.PrivateKey(id)
+		sk, err = conf.IrmaConfiguration.PrivateKey(id)
 		if err != nil {
 			return false, err
 		}
@@ -146,6 +136,11 @@ func (conf *Configuration) verifyIrmaConf() error {
 		}
 	}

+	// Put private keys into conf.IrmaConfiguration so we can use conf.IrmaConfiguration.PrivateKey()
+	if len(conf.IssuerPrivateKeys) > 0 {
+		conf.IrmaConfiguration.PrivateKeys = conf.IssuerPrivateKeys
+	}
+
 	if len(conf.IrmaConfiguration.SchemeManagers) == 0 {
 		conf.Logger.Infof("No schemes found in %s, downloading default (irma-demo and pbdf)", conf.SchemesPath)
 		if err := conf.IrmaConfiguration.DownloadDefaultSchemes(); err != nil {

--- a/server/requestorserver/conf.go
+++ b/server/requestorserver/conf.go
@@ -356,7 +356,7 @@ func (conf *Configuration) validatePermissionSet(requestor string, requestorperm
 					continue
 				}
 				if typ == "issuing" || typ == "revoking" {
-					sk, err := conf.PrivateKey(credtype.IssuerIdentifier())
+					sk, err := conf.IrmaConfiguration.PrivateKey(credtype.IssuerIdentifier())
 					if err != nil {
 						errs = append(errs, fmt.Sprintf("%s %s permission '%s': failed to load private key: %s", requestor, typ, permission, err))
 						continue