Commit 02583d4b authored by Sietse Ringers's avatar Sietse Ringers

feat: unify server.Configuration and irma.Configuration private key handling

parent 98271b20
......@@ -140,7 +140,7 @@ func (s *Server) CancelSession(token string) error {
}
func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error {
sk, err := s.conf.PrivateKey(credid.IssuerIdentifier())
sk, err := s.conf.IrmaConfiguration.PrivateKey(credid.IssuerIdentifier())
if err != nil {
return err
}
......
......@@ -189,7 +189,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
for i, cred := range request.Credentials {
id := cred.CredentialTypeID.IssuerIdentifier()
pk, _ := session.conf.IrmaConfiguration.PublicKey(id, cred.KeyCounter)
sk, _ := session.conf.PrivateKey(id)
sk, _ := session.conf.IrmaConfiguration.PrivateKey(id)
issuer := gabi.NewIssuer(sk, pk, one)
proof, ok := commitments.Proofs[i+discloseCount].(*gabi.ProofU)
if !ok {
......
......@@ -130,7 +130,7 @@ func (s *Server) validateIssuanceRequest(request *irma.IssuanceRequest) error {
for _, cred := range request.Credentials {
// Check that we have the appropriate private key
iss := cred.CredentialTypeID.IssuerIdentifier()
privatekey, err := s.conf.PrivateKey(iss)
privatekey, err := s.conf.IrmaConfiguration.PrivateKey(iss)
if err != nil {
return err
}
......
......@@ -46,6 +46,10 @@ type Configuration struct {
CredentialTypes map[CredentialTypeIdentifier]*CredentialType
AttributeTypes map[AttributeTypeIdentifier]*AttributeType
// Issuer private keys. If set (after calling ParseFolder()), will use these keys
// instead of keys in irma_configuration/$issuer/PrivateKeys.
PrivateKeys map[IssuerIdentifier]*gabi.PrivateKey
Revocation *RevocationStorage
// Path to the irma_configuration folder that this instance represents
......@@ -59,7 +63,6 @@ type Configuration struct {
kssPublicKeys map[SchemeManagerIdentifier]map[int]*rsa.PublicKey
publicKeys map[IssuerIdentifier]map[int]*gabi.PublicKey
privateKeys map[IssuerIdentifier]*gabi.PrivateKey
reverseHashes map[string]CredentialTypeIdentifier
initialized bool
assets string
......@@ -163,7 +166,7 @@ func (conf *Configuration) clear() {
conf.DisabledSchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManagerError)
conf.kssPublicKeys = make(map[SchemeManagerIdentifier]map[int]*rsa.PublicKey)
conf.publicKeys = make(map[IssuerIdentifier]map[int]*gabi.PublicKey)
conf.privateKeys = make(map[IssuerIdentifier]*gabi.PrivateKey)
conf.PrivateKeys = make(map[IssuerIdentifier]*gabi.PrivateKey)
conf.reverseHashes = make(map[string]CredentialTypeIdentifier)
}
......@@ -319,7 +322,7 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM
// PrivateKey returns the latest private key of the specified issuer, or nil if not present in the Configuration.
func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error) {
if sk := conf.privateKeys[id]; sk != nil {
if sk := conf.PrivateKeys[id]; sk != nil {
return sk, nil
}
......@@ -355,7 +358,7 @@ func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, er
if int(sk.Counter) != counter {
return nil, errors.Errorf("Private key %s of issuer %s has wrong <Counter>", file, id.String())
}
conf.privateKeys[id] = sk
conf.PrivateKeys[id] = sk
return sk, nil
}
......
......@@ -89,21 +89,11 @@ func (conf *Configuration) Check() error {
return nil
}
func (conf *Configuration) PrivateKey(id irma.IssuerIdentifier) (sk *gabi.PrivateKey, err error) {
sk = conf.IssuerPrivateKeys[id]
if sk == nil {
if sk, err = conf.IrmaConfiguration.PrivateKey(id); err != nil {
return nil, err
}
}
return sk, nil
}
func (conf *Configuration) HavePrivateKeys() (bool, error) {
var err error
var sk *gabi.PrivateKey
for id := range conf.IrmaConfiguration.Issuers {
sk, err = conf.PrivateKey(id)
sk, err = conf.IrmaConfiguration.PrivateKey(id)
if err != nil {
return false, err
}
......@@ -146,6 +136,11 @@ func (conf *Configuration) verifyIrmaConf() error {
}
}
// Put private keys into conf.IrmaConfiguration so we can use conf.IrmaConfiguration.PrivateKey()
if len(conf.IssuerPrivateKeys) > 0 {
conf.IrmaConfiguration.PrivateKeys = conf.IssuerPrivateKeys
}
if len(conf.IrmaConfiguration.SchemeManagers) == 0 {
conf.Logger.Infof("No schemes found in %s, downloading default (irma-demo and pbdf)", conf.SchemesPath)
if err := conf.IrmaConfiguration.DownloadDefaultSchemes(); err != nil {
......
......@@ -356,7 +356,7 @@ func (conf *Configuration) validatePermissionSet(requestor string, requestorperm
continue
}
if typ == "issuing" || typ == "revoking" {
sk, err := conf.PrivateKey(credtype.IssuerIdentifier())
sk, err := conf.IrmaConfiguration.PrivateKey(credtype.IssuerIdentifier())
if err != nil {
errs = append(errs, fmt.Sprintf("%s %s permission '%s': failed to load private key: %s", requestor, typ, permission, err))
continue
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment