Commit 1c69f0d5 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Merge branch 'master' into condiscon

parents 6a28eb8f dedd7890
......@@ -272,7 +272,7 @@
[[projects]]
branch = "master"
digest = "1:f7c906dec3dd744b5e351a4aa770d3ab027e634b859d4d3635a42be3b25b1edc"
digest = "1:bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd"
name = "github.com/privacybydesign/gabi"
packages = [
".",
......
......@@ -95,6 +95,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
session.markAlive()
request := session.request.(*irma.IssuanceRequest)
discloseCount := len(commitments.Proofs) - len(request.Credentials)
if discloseCount < 0 {
return nil, session.fail(server.ErrorMalformedInput, "Received insufficient proofs")
......
......@@ -7,10 +7,11 @@ import (
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/test"
"github.com/privacybydesign/irmago/irmaclient"
"github.com/stretchr/testify/require"
)
func TestManualKeyShareSession(t *testing.T) {
func TestManualKeyshareSession(t *testing.T) {
request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("test.test.mijnirma.email"))
ms := createManualSessionHandler(t, nil)
......@@ -24,13 +25,32 @@ func TestRequestorIssuanceKeyshareSession(t *testing.T) {
testRequestorIssuance(t, true)
}
func TestKeyshareRegister(t *testing.T) {
client, handler := parseStorage(t)
defer test.ClearTestStorage(t)
require.NoError(t, client.KeyshareRemoveAll())
require.NoError(t, client.RemoveAllCredentials())
client.KeyshareEnroll(irma.NewSchemeManagerIdentifier("test"), nil, "12345", "en")
require.NoError(t, <-handler.c)
require.Len(t, client.CredentialInfoList(), 1)
sessionHelper(t, getIssuanceRequest(true), "issue", client)
keyshareSessions(t, client)
}
// Use the existing keyshare enrollment and credentials
// in a keyshare session of each session type.
// Use keyshareuser.sql to enroll the user at the keyshare server.
func TestKeyshareSessions(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
keyshareSessions(t, client)
}
func keyshareSessions(t *testing.T, client *irmaclient.Client) {
id := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
expiry := irma.Timestamp(irma.NewMetadataAttribute(0).Expiry())
issuanceRequest := getCombinedIssuanceRequest(id)
......
......@@ -9,7 +9,7 @@ import (
)
func TestLogging(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
logs, err := client.Logs()
oldLogLength := len(logs)
......
......@@ -35,17 +35,18 @@ func TestMain(m *testing.M) {
os.Exit(m.Run())
}
func parseStorage(t *testing.T) *irmaclient.Client {
func parseStorage(t *testing.T) (*irmaclient.Client, *TestClientHandler) {
test.SetupTestStorage(t)
handler := &TestClientHandler{t: t, c: make(chan error)}
path := test.FindTestdataFolder(t)
client, err := irmaclient.New(
filepath.Join(path, "storage", "test"),
filepath.Join(path, "irma_configuration"),
"",
&TestClientHandler{t: t},
handler,
)
require.NoError(t, err)
return client
return client, handler
}
func getDisclosureRequest(id irma.AttributeTypeIdentifier) *irma.DisclosureRequest {
......@@ -197,7 +198,7 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, alg j
func sessionHelper(t *testing.T, request irma.SessionRequest, sessiontype string, client *irmaclient.Client) {
if client == nil {
client = parseStorage(t)
client, _ = parseStorage(t)
defer test.ClearTestStorage(t)
}
......
......@@ -25,7 +25,7 @@ func createManualSessionHandler(t *testing.T, client *irmaclient.Client) *Manual
func manualSessionHelper(t *testing.T, client *irmaclient.Client, h *ManualTestHandler, request, verifyAs irma.SessionRequest, corrupt bool) ([][]*irma.DisclosedAttribute, irma.ProofStatus) {
if client == nil {
client = parseStorage(t)
client, _ = parseStorage(t)
defer test.ClearTestStorage(t)
}
......@@ -110,7 +110,7 @@ func TestManualSessionInvalidAttributeValue(t *testing.T) {
}
func TestManualSessionMultiProof(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
// First, we need to issue an extra credential (BSN)
......
......@@ -17,7 +17,7 @@ func requestorSessionHelper(t *testing.T, request irma.SessionRequest, client *i
defer StopIrmaServer()
if client == nil {
client = parseStorage(t)
client, _ = parseStorage(t)
defer test.ClearTestStorage(t)
}
......@@ -95,6 +95,37 @@ func TestRequestorIssuanceSession(t *testing.T) {
testRequestorIssuance(t, false)
}
func TestRequestorCombinedSessionMultipleAttributes(t *testing.T) {
var ir irma.IssuanceRequest
require.NoError(t, irma.UnmarshalValidate([]byte(`{
"type":"issuing",
"credentials": [
{
"credential":"irma-demo.MijnOverheid.root",
"attributes" : {
"BSN":"12345"
}
}
],
"disclose" : [
{
"label":"Initialen",
"attributes":["irma-demo.RU.studentCard.studentCardNumber"]
},
{
"label":"Achternaam",
"attributes" : ["irma-demo.RU.studentCard.studentID"]
},
{
"label":"Geboortedatum",
"attributes":["irma-demo.RU.studentCard.university"]
}
]
}`), &ir))
require.Equal(t, server.StatusDone, requestorSessionHelper(t, &ir, nil).Status)
}
func testRequestorIssuance(t *testing.T, keyshare bool) {
attrid := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
request := irma.NewIssuanceRequest([]*irma.CredentialRequest{{
......@@ -127,7 +158,7 @@ func testRequestorIssuance(t *testing.T, keyshare bool) {
}
func TestConDisCon(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
ir := getMultipleIssuanceRequest()
ir.Credentials = append(ir.Credentials, &irma.CredentialRequest{
Validity: ir.Credentials[0].Validity,
......@@ -166,7 +197,7 @@ func TestConDisCon(t *testing.T) {
}
func TestOptionalDisclosure(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
university := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.university")
studentid := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
......
......@@ -41,7 +41,7 @@ func TestMultipleIssuanceSession(t *testing.T) {
}
func TestDefaultCredentialValidity(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
request := getIssuanceRequest(true)
sessionHelper(t, request, "issue", client)
}
......@@ -64,7 +64,7 @@ func TestIssuanceOptionalSetAttributes(t *testing.T) {
}
func TestLargeAttribute(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
require.NoError(t, client.RemoveAllCredentials())
......@@ -77,7 +77,7 @@ func TestLargeAttribute(t *testing.T) {
}
func TestIssuanceSingletonCredential(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
request := getMultipleIssuanceRequest()
......@@ -101,7 +101,7 @@ indicates the sign of the integer. In Go this is not the case. This resulted in
signatures being issued in the issuance protocol in two distinct ways, of which we test here
that they have been fixed. */
func TestAttributeByteEncoding(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
require.NoError(t, client.RemoveAllCredentials())
......@@ -124,7 +124,7 @@ func TestAttributeByteEncoding(t *testing.T) {
}
func TestDisclosureNewAttributeUpdateSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
......@@ -141,7 +141,7 @@ func TestDisclosureNewAttributeUpdateSchemeManager(t *testing.T) {
}
func TestIssueNewAttributeUpdateSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
......@@ -158,7 +158,7 @@ func TestIssueNewAttributeUpdateSchemeManager(t *testing.T) {
}
func TestIssueOptionalAttributeUpdateSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
......@@ -175,7 +175,7 @@ func TestIssueOptionalAttributeUpdateSchemeManager(t *testing.T) {
}
func TestIssueNewCredTypeUpdateSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
credid := irma.NewCredentialTypeIdentifier("irma-demo.RU.studentCard")
......@@ -193,7 +193,7 @@ func TestIssueNewCredTypeUpdateSchemeManager(t *testing.T) {
}
func TestDisclosureNewCredTypeUpdateSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
credid := irma.NewCredentialTypeIdentifier("irma-demo.RU.studentCard")
attrid := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.level")
......@@ -211,7 +211,7 @@ func TestDisclosureNewCredTypeUpdateSchemeManager(t *testing.T) {
}
func TestDisclosureNonexistingCredTypeUpdateSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
request := irma.NewDisclosureRequest(
irma.NewAttributeTypeIdentifier("irma-demo.RU.foo.bar"),
irma.NewAttributeTypeIdentifier("irma-demo.baz.qux.abc"),
......@@ -240,7 +240,7 @@ func TestDisclosureNonexistingCredTypeUpdateSchemeManager(t *testing.T) {
// within this manager to test the autmatic downloading of credential definitions,
// issuers, and public keys.
func TestDownloadSchemeManager(t *testing.T) {
client := parseStorage(t)
client, _ := parseStorage(t)
defer test.ClearTestStorage(t)
// Remove irma-demo scheme manager as we need to test adding it
......
......@@ -608,13 +608,13 @@ type attributeGroup struct {
func (client *Client) groupCredentials(choice *irma.DisclosureChoice) (
[]attributeGroup, irma.DisclosedAttributeIndices, error,
) {
todisclose := make([]attributeGroup, 0, 10)
if choice == nil || choice.Attributes == nil {
return todisclose, irma.DisclosedAttributeIndices{}, nil
return []attributeGroup{}, irma.DisclosedAttributeIndices{}, nil
}
// maps an irma.CredentialIdentifier to its index in the final ProofList
credIndices := make(map[irma.CredentialIdentifier]int)
todisclose := make([]attributeGroup, 0, len(choice.Attributes))
attributeIndices := make(irma.DisclosedAttributeIndices, len(choice.Attributes))
for i, attributeset := range choice.Attributes {
attributeIndices[i] = []*irma.DisclosedAttributeIndex{}
......
......@@ -20,9 +20,10 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)
func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
// Fetch the username from the credential request and save it along with the scheme manager
smi := request.Credentials[0].CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
attr := irma.NewAttributeTypeIdentifier(h.client.Configuration.SchemeManagers[smi].KeyshareAttribute)
h.kss.Username = request.Credentials[0].Attributes[attr.Name()]
for _, attr := range request.Credentials[0].Attributes {
h.kss.Username = attr
break
}
// Do the issuance
callback(true, nil)
......
......@@ -5,6 +5,7 @@ import (
"fmt"
"net/url"
"reflect"
"runtime/debug"
"strings"
"github.com/bwesterb/go-atum"
......@@ -582,7 +583,7 @@ func panicToError(e interface{}) *irma.SessionError {
default: // nop
}
fmt.Println("Panic: " + info)
return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info + "\n\n" + string(debug.Stack())}
}
// Idempotently send DELETE to remote server, returning whether or not we did something
......
......@@ -547,7 +547,7 @@ func (ir *IssuanceRequest) Validate() error {
return errors.New("Empty issuance request")
}
for _, cred := range ir.Credentials {
if cred.Validity.Floor().Before(Timestamp(time.Now())) {
if cred.Validity != nil && cred.Validity.Floor().Before(Timestamp(time.Now())) {
return errors.New("Expired credential request")
}
}
......
......@@ -12,6 +12,7 @@ import (
"github.com/privacybydesign/irmago/server"
"github.com/privacybydesign/irmago/server/requestorserver"
"github.com/sirupsen/logrus"
"github.com/spf13/cast"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
......@@ -256,7 +257,12 @@ func configure(cmd *cobra.Command) error {
}
// Handle requestors
requestors := viper.GetStringMap("requestors")
var requestors map[string]interface{}
if val, flagOrEnv := viper.Get("requestors").(string); !flagOrEnv || val != "" {
if requestors, err = cast.ToStringMapE(viper.Get("requestors")); err != nil {
return errors.WrapPrefix(err, "Failed to unmarshal requestors from flag or env var", 0)
}
}
if len(requestors) > 0 {
if err := mapstructure.Decode(requestors, &conf.Requestors); err != nil {
return errors.WrapPrefix(err, "Failed to unmarshal requestors from config file", 0)
......@@ -288,9 +294,15 @@ func productionMode() bool {
if len(os.Args) == i+1 || strings.HasPrefix(os.Args[i+1], "--") {
return true
}
val := strings.ToLower(os.Args[i+1])
return val == "1" || val == "true" || val == "yes" || val == "t"
if checkConfVal(os.Args[i+1]) {
return true
}
}
}
return false
return checkConfVal(os.Getenv("IRMASERVER_PRODUCTION"))
}
func checkConfVal(val string) bool {
lc := strings.ToLower(val)
return lc == "1" || lc == "true" || lc == "yes" || lc == "t"
}
......@@ -318,10 +318,13 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
}
// Next, verify the timestamp
if err := sm.VerifyTimestamp(message, configuration); err != nil {
return nil, ProofStatusInvalidTimestamp, nil
t := time.Now()
if sm.Timestamp != nil {
if err := sm.VerifyTimestamp(message, configuration); err != nil {
return nil, ProofStatusInvalidTimestamp, nil
}
t = time.Unix(sm.Timestamp.Time, 0)
}
t := time.Unix(sm.Timestamp.Time, 0)
// Check if a credential was expired at creation time, according to the timestamp
if expired := ProofList(sm.Signature).Expired(configuration, &t); expired {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment