Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
1c69f0d5
Commit
1c69f0d5
authored
Apr 25, 2019
by
Sietse Ringers
Browse files
Merge branch 'master' into condiscon
parents
6a28eb8f
dedd7890
Changes
14
Hide whitespace changes
Inline
Side-by-side
Gopkg.lock
View file @
1c69f0d5
...
...
@@ -272,7 +272,7 @@
[[projects]]
branch = "master"
digest = "1:
f7c906dec3dd744b5e351a4aa770d3ab027e634b859d4d3635a42be3b25b1edc
"
digest = "1:
bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd
"
name = "github.com/privacybydesign/gabi"
packages = [
".",
...
...
internal/servercore/handle.go
View file @
1c69f0d5
...
...
@@ -95,6 +95,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
session
.
markAlive
()
request
:=
session
.
request
.
(
*
irma
.
IssuanceRequest
)
discloseCount
:=
len
(
commitments
.
Proofs
)
-
len
(
request
.
Credentials
)
if
discloseCount
<
0
{
return
nil
,
session
.
fail
(
server
.
ErrorMalformedInput
,
"Received insufficient proofs"
)
...
...
internal/sessiontest/keyshare_test.go
View file @
1c69f0d5
...
...
@@ -7,10 +7,11 @@ import (
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/test"
"github.com/privacybydesign/irmago/irmaclient"
"github.com/stretchr/testify/require"
)
func
TestManualKey
S
hareSession
(
t
*
testing
.
T
)
{
func
TestManualKey
s
hareSession
(
t
*
testing
.
T
)
{
request
:=
irma
.
NewSignatureRequest
(
"I owe you everything"
,
irma
.
NewAttributeTypeIdentifier
(
"test.test.mijnirma.email"
))
ms
:=
createManualSessionHandler
(
t
,
nil
)
...
...
@@ -24,13 +25,32 @@ func TestRequestorIssuanceKeyshareSession(t *testing.T) {
testRequestorIssuance
(
t
,
true
)
}
func
TestKeyshareRegister
(
t
*
testing
.
T
)
{
client
,
handler
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
require
.
NoError
(
t
,
client
.
KeyshareRemoveAll
())
require
.
NoError
(
t
,
client
.
RemoveAllCredentials
())
client
.
KeyshareEnroll
(
irma
.
NewSchemeManagerIdentifier
(
"test"
),
nil
,
"12345"
,
"en"
)
require
.
NoError
(
t
,
<-
handler
.
c
)
require
.
Len
(
t
,
client
.
CredentialInfoList
(),
1
)
sessionHelper
(
t
,
getIssuanceRequest
(
true
),
"issue"
,
client
)
keyshareSessions
(
t
,
client
)
}
// Use the existing keyshare enrollment and credentials
// in a keyshare session of each session type.
// Use keyshareuser.sql to enroll the user at the keyshare server.
func
TestKeyshareSessions
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
keyshareSessions
(
t
,
client
)
}
func
keyshareSessions
(
t
*
testing
.
T
,
client
*
irmaclient
.
Client
)
{
id
:=
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.studentID"
)
expiry
:=
irma
.
Timestamp
(
irma
.
NewMetadataAttribute
(
0
)
.
Expiry
())
issuanceRequest
:=
getCombinedIssuanceRequest
(
id
)
...
...
internal/sessiontest/logs_test.go
View file @
1c69f0d5
...
...
@@ -9,7 +9,7 @@ import (
)
func
TestLogging
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
logs
,
err
:=
client
.
Logs
()
oldLogLength
:=
len
(
logs
)
...
...
internal/sessiontest/main_test.go
View file @
1c69f0d5
...
...
@@ -35,17 +35,18 @@ func TestMain(m *testing.M) {
os
.
Exit
(
m
.
Run
())
}
func
parseStorage
(
t
*
testing
.
T
)
*
irmaclient
.
Client
{
func
parseStorage
(
t
*
testing
.
T
)
(
*
irmaclient
.
Client
,
*
TestClientHandler
)
{
test
.
SetupTestStorage
(
t
)
handler
:=
&
TestClientHandler
{
t
:
t
,
c
:
make
(
chan
error
)}
path
:=
test
.
FindTestdataFolder
(
t
)
client
,
err
:=
irmaclient
.
New
(
filepath
.
Join
(
path
,
"storage"
,
"test"
),
filepath
.
Join
(
path
,
"irma_configuration"
),
""
,
&
TestClientHandler
{
t
:
t
}
,
handler
,
)
require
.
NoError
(
t
,
err
)
return
client
return
client
,
handler
}
func
getDisclosureRequest
(
id
irma
.
AttributeTypeIdentifier
)
*
irma
.
DisclosureRequest
{
...
...
@@ -197,7 +198,7 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, alg j
func
sessionHelper
(
t
*
testing
.
T
,
request
irma
.
SessionRequest
,
sessiontype
string
,
client
*
irmaclient
.
Client
)
{
if
client
==
nil
{
client
=
parseStorage
(
t
)
client
,
_
=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
}
...
...
internal/sessiontest/manual_session_test.go
View file @
1c69f0d5
...
...
@@ -25,7 +25,7 @@ func createManualSessionHandler(t *testing.T, client *irmaclient.Client) *Manual
func
manualSessionHelper
(
t
*
testing
.
T
,
client
*
irmaclient
.
Client
,
h
*
ManualTestHandler
,
request
,
verifyAs
irma
.
SessionRequest
,
corrupt
bool
)
([][]
*
irma
.
DisclosedAttribute
,
irma
.
ProofStatus
)
{
if
client
==
nil
{
client
=
parseStorage
(
t
)
client
,
_
=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
}
...
...
@@ -110,7 +110,7 @@ func TestManualSessionInvalidAttributeValue(t *testing.T) {
}
func
TestManualSessionMultiProof
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
// First, we need to issue an extra credential (BSN)
...
...
internal/sessiontest/requestor_test.go
View file @
1c69f0d5
...
...
@@ -17,7 +17,7 @@ func requestorSessionHelper(t *testing.T, request irma.SessionRequest, client *i
defer
StopIrmaServer
()
if
client
==
nil
{
client
=
parseStorage
(
t
)
client
,
_
=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
}
...
...
@@ -95,6 +95,37 @@ func TestRequestorIssuanceSession(t *testing.T) {
testRequestorIssuance
(
t
,
false
)
}
func
TestRequestorCombinedSessionMultipleAttributes
(
t
*
testing
.
T
)
{
var
ir
irma
.
IssuanceRequest
require
.
NoError
(
t
,
irma
.
UnmarshalValidate
([]
byte
(
`{
"type":"issuing",
"credentials": [
{
"credential":"irma-demo.MijnOverheid.root",
"attributes" : {
"BSN":"12345"
}
}
],
"disclose" : [
{
"label":"Initialen",
"attributes":["irma-demo.RU.studentCard.studentCardNumber"]
},
{
"label":"Achternaam",
"attributes" : ["irma-demo.RU.studentCard.studentID"]
},
{
"label":"Geboortedatum",
"attributes":["irma-demo.RU.studentCard.university"]
}
]
}`
),
&
ir
))
require
.
Equal
(
t
,
server
.
StatusDone
,
requestorSessionHelper
(
t
,
&
ir
,
nil
)
.
Status
)
}
func
testRequestorIssuance
(
t
*
testing
.
T
,
keyshare
bool
)
{
attrid
:=
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.studentID"
)
request
:=
irma
.
NewIssuanceRequest
([]
*
irma
.
CredentialRequest
{{
...
...
@@ -127,7 +158,7 @@ func testRequestorIssuance(t *testing.T, keyshare bool) {
}
func
TestConDisCon
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
ir
:=
getMultipleIssuanceRequest
()
ir
.
Credentials
=
append
(
ir
.
Credentials
,
&
irma
.
CredentialRequest
{
Validity
:
ir
.
Credentials
[
0
]
.
Validity
,
...
...
@@ -166,7 +197,7 @@ func TestConDisCon(t *testing.T) {
}
func
TestOptionalDisclosure
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
university
:=
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.university"
)
studentid
:=
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.studentID"
)
...
...
internal/sessiontest/session_test.go
View file @
1c69f0d5
...
...
@@ -41,7 +41,7 @@ func TestMultipleIssuanceSession(t *testing.T) {
}
func
TestDefaultCredentialValidity
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
request
:=
getIssuanceRequest
(
true
)
sessionHelper
(
t
,
request
,
"issue"
,
client
)
}
...
...
@@ -64,7 +64,7 @@ func TestIssuanceOptionalSetAttributes(t *testing.T) {
}
func
TestLargeAttribute
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
require
.
NoError
(
t
,
client
.
RemoveAllCredentials
())
...
...
@@ -77,7 +77,7 @@ func TestLargeAttribute(t *testing.T) {
}
func
TestIssuanceSingletonCredential
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
request
:=
getMultipleIssuanceRequest
()
...
...
@@ -101,7 +101,7 @@ indicates the sign of the integer. In Go this is not the case. This resulted in
signatures being issued in the issuance protocol in two distinct ways, of which we test here
that they have been fixed. */
func
TestAttributeByteEncoding
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
require
.
NoError
(
t
,
client
.
RemoveAllCredentials
())
...
...
@@ -124,7 +124,7 @@ func TestAttributeByteEncoding(t *testing.T) {
}
func
TestDisclosureNewAttributeUpdateSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
schemeid
:=
irma
.
NewSchemeManagerIdentifier
(
"irma-demo"
)
...
...
@@ -141,7 +141,7 @@ func TestDisclosureNewAttributeUpdateSchemeManager(t *testing.T) {
}
func
TestIssueNewAttributeUpdateSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
schemeid
:=
irma
.
NewSchemeManagerIdentifier
(
"irma-demo"
)
...
...
@@ -158,7 +158,7 @@ func TestIssueNewAttributeUpdateSchemeManager(t *testing.T) {
}
func
TestIssueOptionalAttributeUpdateSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
schemeid
:=
irma
.
NewSchemeManagerIdentifier
(
"irma-demo"
)
...
...
@@ -175,7 +175,7 @@ func TestIssueOptionalAttributeUpdateSchemeManager(t *testing.T) {
}
func
TestIssueNewCredTypeUpdateSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
schemeid
:=
irma
.
NewSchemeManagerIdentifier
(
"irma-demo"
)
credid
:=
irma
.
NewCredentialTypeIdentifier
(
"irma-demo.RU.studentCard"
)
...
...
@@ -193,7 +193,7 @@ func TestIssueNewCredTypeUpdateSchemeManager(t *testing.T) {
}
func
TestDisclosureNewCredTypeUpdateSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
schemeid
:=
irma
.
NewSchemeManagerIdentifier
(
"irma-demo"
)
credid
:=
irma
.
NewCredentialTypeIdentifier
(
"irma-demo.RU.studentCard"
)
attrid
:=
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.RU.studentCard.level"
)
...
...
@@ -211,7 +211,7 @@ func TestDisclosureNewCredTypeUpdateSchemeManager(t *testing.T) {
}
func
TestDisclosureNonexistingCredTypeUpdateSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
request
:=
irma
.
NewDisclosureRequest
(
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.RU.foo.bar"
),
irma
.
NewAttributeTypeIdentifier
(
"irma-demo.baz.qux.abc"
),
...
...
@@ -240,7 +240,7 @@ func TestDisclosureNonexistingCredTypeUpdateSchemeManager(t *testing.T) {
// within this manager to test the autmatic downloading of credential definitions,
// issuers, and public keys.
func
TestDownloadSchemeManager
(
t
*
testing
.
T
)
{
client
:=
parseStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
defer
test
.
ClearTestStorage
(
t
)
// Remove irma-demo scheme manager as we need to test adding it
...
...
irmaclient/client.go
View file @
1c69f0d5
...
...
@@ -608,13 +608,13 @@ type attributeGroup struct {
func
(
client
*
Client
)
groupCredentials
(
choice
*
irma
.
DisclosureChoice
)
(
[]
attributeGroup
,
irma
.
DisclosedAttributeIndices
,
error
,
)
{
todisclose
:=
make
([]
attributeGroup
,
0
,
10
)
if
choice
==
nil
||
choice
.
Attributes
==
nil
{
return
todisclose
,
irma
.
DisclosedAttributeIndices
{},
nil
return
[]
attributeGroup
{}
,
irma
.
DisclosedAttributeIndices
{},
nil
}
// maps an irma.CredentialIdentifier to its index in the final ProofList
credIndices
:=
make
(
map
[
irma
.
CredentialIdentifier
]
int
)
todisclose
:=
make
([]
attributeGroup
,
0
,
len
(
choice
.
Attributes
))
attributeIndices
:=
make
(
irma
.
DisclosedAttributeIndices
,
len
(
choice
.
Attributes
))
for
i
,
attributeset
:=
range
choice
.
Attributes
{
attributeIndices
[
i
]
=
[]
*
irma
.
DisclosedAttributeIndex
{}
...
...
irmaclient/handlers.go
View file @
1c69f0d5
...
...
@@ -20,9 +20,10 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)
func
(
h
*
keyshareEnrollmentHandler
)
RequestIssuancePermission
(
request
*
irma
.
IssuanceRequest
,
candidates
[][][]
*
irma
.
AttributeIdentifier
,
ServerName
irma
.
TranslatedString
,
callback
PermissionHandler
)
{
// Fetch the username from the credential request and save it along with the scheme manager
smi
:=
request
.
Credentials
[
0
]
.
CredentialTypeID
.
IssuerIdentifier
()
.
SchemeManagerIdentifier
()
attr
:=
irma
.
NewAttributeTypeIdentifier
(
h
.
client
.
Configuration
.
SchemeManagers
[
smi
]
.
KeyshareAttribute
)
h
.
kss
.
Username
=
request
.
Credentials
[
0
]
.
Attributes
[
attr
.
Name
()]
for
_
,
attr
:=
range
request
.
Credentials
[
0
]
.
Attributes
{
h
.
kss
.
Username
=
attr
break
}
// Do the issuance
callback
(
true
,
nil
)
...
...
irmaclient/session.go
View file @
1c69f0d5
...
...
@@ -5,6 +5,7 @@ import (
"fmt"
"net/url"
"reflect"
"runtime/debug"
"strings"
"github.com/bwesterb/go-atum"
...
...
@@ -582,7 +583,7 @@ func panicToError(e interface{}) *irma.SessionError {
default
:
// nop
}
fmt
.
Println
(
"Panic: "
+
info
)
return
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorPanic
,
Info
:
info
}
return
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorPanic
,
Info
:
info
+
"
\n\n
"
+
string
(
debug
.
Stack
())
}
}
// Idempotently send DELETE to remote server, returning whether or not we did something
...
...
requests.go
View file @
1c69f0d5
...
...
@@ -547,7 +547,7 @@ func (ir *IssuanceRequest) Validate() error {
return
errors
.
New
(
"Empty issuance request"
)
}
for
_
,
cred
:=
range
ir
.
Credentials
{
if
cred
.
Validity
.
Floor
()
.
Before
(
Timestamp
(
time
.
Now
()))
{
if
cred
.
Validity
!=
nil
&&
cred
.
Validity
.
Floor
()
.
Before
(
Timestamp
(
time
.
Now
()))
{
return
errors
.
New
(
"Expired credential request"
)
}
}
...
...
server/irmad/cmd/root.go
View file @
1c69f0d5
...
...
@@ -12,6 +12,7 @@ import (
"github.com/privacybydesign/irmago/server"
"github.com/privacybydesign/irmago/server/requestorserver"
"github.com/sirupsen/logrus"
"github.com/spf13/cast"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
...
...
@@ -256,7 +257,12 @@ func configure(cmd *cobra.Command) error {
}
// Handle requestors
requestors
:=
viper
.
GetStringMap
(
"requestors"
)
var
requestors
map
[
string
]
interface
{}
if
val
,
flagOrEnv
:=
viper
.
Get
(
"requestors"
)
.
(
string
);
!
flagOrEnv
||
val
!=
""
{
if
requestors
,
err
=
cast
.
ToStringMapE
(
viper
.
Get
(
"requestors"
));
err
!=
nil
{
return
errors
.
WrapPrefix
(
err
,
"Failed to unmarshal requestors from flag or env var"
,
0
)
}
}
if
len
(
requestors
)
>
0
{
if
err
:=
mapstructure
.
Decode
(
requestors
,
&
conf
.
Requestors
);
err
!=
nil
{
return
errors
.
WrapPrefix
(
err
,
"Failed to unmarshal requestors from config file"
,
0
)
...
...
@@ -288,9 +294,15 @@ func productionMode() bool {
if
len
(
os
.
Args
)
==
i
+
1
||
strings
.
HasPrefix
(
os
.
Args
[
i
+
1
],
"--"
)
{
return
true
}
val
:=
strings
.
ToLower
(
os
.
Args
[
i
+
1
])
return
val
==
"1"
||
val
==
"true"
||
val
==
"yes"
||
val
==
"t"
if
checkConfVal
(
os
.
Args
[
i
+
1
])
{
return
true
}
}
}
return
false
return
checkConfVal
(
os
.
Getenv
(
"IRMASERVER_PRODUCTION"
))
}
func
checkConfVal
(
val
string
)
bool
{
lc
:=
strings
.
ToLower
(
val
)
return
lc
==
"1"
||
lc
==
"true"
||
lc
==
"yes"
||
lc
==
"t"
}
verify.go
View file @
1c69f0d5
...
...
@@ -318,10 +318,13 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
}
// Next, verify the timestamp
if
err
:=
sm
.
VerifyTimestamp
(
message
,
configuration
);
err
!=
nil
{
return
nil
,
ProofStatusInvalidTimestamp
,
nil
t
:=
time
.
Now
()
if
sm
.
Timestamp
!=
nil
{
if
err
:=
sm
.
VerifyTimestamp
(
message
,
configuration
);
err
!=
nil
{
return
nil
,
ProofStatusInvalidTimestamp
,
nil
}
t
=
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
)
}
t
:=
time
.
Unix
(
sm
.
Timestamp
.
Time
,
0
)
// Check if a credential was expired at creation time, according to the timestamp
if
expired
:=
ProofList
(
sm
.
Signature
)
.
Expired
(
configuration
,
&
t
);
expired
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment