Merge branch 'master' into condiscon

1c69f0d5 · Sietse Ringers · 6a28eb8f · dedd7890 · 1c69f0d5 · 1c69f0d5
Commit 1c69f0d5 authored Apr 25, 2019 by Sietse Ringers
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -272,7 +272,7 @@

 [[projects]]
  branch = "master"
-  digest = "1:f7c906dec3dd744b5e351a4aa770d3ab027e634b859d4d3635a42be3b25b1edc"
+  digest = "1:bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd"
  name = "github.com/privacybydesign/gabi"
  packages = [
    ".",

--- a/internal/servercore/handle.go
+++ b/internal/servercore/handle.go
@@ -95,6 +95,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
 	session.markAlive()

 	request := session.request.(*irma.IssuanceRequest)
+
 	discloseCount := len(commitments.Proofs) - len(request.Credentials)
 	if discloseCount < 0 {
 		return nil, session.fail(server.ErrorMalformedInput, "Received insufficient proofs")

--- a/internal/sessiontest/keyshare_test.go
+++ b/internal/sessiontest/keyshare_test.go
@@ -7,10 +7,11 @@ import (

 	"github.com/privacybydesign/irmago"
 	"github.com/privacybydesign/irmago/internal/test"
+	"github.com/privacybydesign/irmago/irmaclient"
 	"github.com/stretchr/testify/require"
 )

-func TestManualKeyShareSession(t *testing.T) {
+func TestManualKeyshareSession(t *testing.T) {
 	request := irma.NewSignatureRequest("I owe you everything", irma.NewAttributeTypeIdentifier("test.test.mijnirma.email"))
 	ms := createManualSessionHandler(t, nil)

@@ -24,13 +25,32 @@ func TestRequestorIssuanceKeyshareSession(t *testing.T) {
 	testRequestorIssuance(t, true)
 }

+func TestKeyshareRegister(t *testing.T) {
+	client, handler := parseStorage(t)
+	defer test.ClearTestStorage(t)
+
+	require.NoError(t, client.KeyshareRemoveAll())
+	require.NoError(t, client.RemoveAllCredentials())
+
+	client.KeyshareEnroll(irma.NewSchemeManagerIdentifier("test"), nil, "12345", "en")
+	require.NoError(t, <-handler.c)
+
+	require.Len(t, client.CredentialInfoList(), 1)
+
+	sessionHelper(t, getIssuanceRequest(true), "issue", client)
+	keyshareSessions(t, client)
+}
+
 // Use the existing keyshare enrollment and credentials
 // in a keyshare session of each session type.
 // Use keyshareuser.sql to enroll the user at the keyshare server.
 func TestKeyshareSessions(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)
+	keyshareSessions(t, client)
+}

+func keyshareSessions(t *testing.T, client *irmaclient.Client) {
 	id := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
 	expiry := irma.Timestamp(irma.NewMetadataAttribute(0).Expiry())
 	issuanceRequest := getCombinedIssuanceRequest(id)

--- a/internal/sessiontest/logs_test.go
+++ b/internal/sessiontest/logs_test.go
@@ -9,7 +9,7 @@ import (
 )

 func TestLogging(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)

 	logs, err := client.Logs()
 	oldLogLength := len(logs)

--- a/internal/sessiontest/main_test.go
+++ b/internal/sessiontest/main_test.go
@@ -35,17 +35,18 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }

-func parseStorage(t *testing.T) *irmaclient.Client {
+func parseStorage(t *testing.T) (*irmaclient.Client, *TestClientHandler) {
 	test.SetupTestStorage(t)
+	handler := &TestClientHandler{t: t, c: make(chan error)}
 	path := test.FindTestdataFolder(t)
 	client, err := irmaclient.New(
 		filepath.Join(path, "storage", "test"),
 		filepath.Join(path, "irma_configuration"),
 		"",
-		&TestClientHandler{t: t},
+		handler,
 	)
 	require.NoError(t, err)
-	return client
+	return client, handler
 }

 func getDisclosureRequest(id irma.AttributeTypeIdentifier) *irma.DisclosureRequest {
@@ -197,7 +198,7 @@ func getJwt(t *testing.T, request irma.SessionRequest, sessiontype string, alg j

 func sessionHelper(t *testing.T, request irma.SessionRequest, sessiontype string, client *irmaclient.Client) {
 	if client == nil {
-		client = parseStorage(t)
+		client, _ = parseStorage(t)
 		defer test.ClearTestStorage(t)
 	}


--- a/internal/sessiontest/manual_session_test.go
+++ b/internal/sessiontest/manual_session_test.go
@@ -25,7 +25,7 @@ func createManualSessionHandler(t *testing.T, client *irmaclient.Client) *Manual

 func manualSessionHelper(t *testing.T, client *irmaclient.Client, h *ManualTestHandler, request, verifyAs irma.SessionRequest, corrupt bool) ([][]*irma.DisclosedAttribute, irma.ProofStatus) {
 	if client == nil {
-		client = parseStorage(t)
+		client, _ = parseStorage(t)
 		defer test.ClearTestStorage(t)
 	}

@@ -110,7 +110,7 @@ func TestManualSessionInvalidAttributeValue(t *testing.T) {
 }

 func TestManualSessionMultiProof(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	// First, we need to issue an extra credential (BSN)

--- a/internal/sessiontest/requestor_test.go
+++ b/internal/sessiontest/requestor_test.go
@@ -17,7 +17,7 @@ func requestorSessionHelper(t *testing.T, request irma.SessionRequest, client *i
 	defer StopIrmaServer()

 	if client == nil {
-		client = parseStorage(t)
+		client, _ = parseStorage(t)
 		defer test.ClearTestStorage(t)
 	}

@@ -95,6 +95,37 @@ func TestRequestorIssuanceSession(t *testing.T) {
 	testRequestorIssuance(t, false)
 }

+func TestRequestorCombinedSessionMultipleAttributes(t *testing.T) {
+	var ir irma.IssuanceRequest
+	require.NoError(t, irma.UnmarshalValidate([]byte(`{
+		"type":"issuing",
+		"credentials": [
+			{
+				"credential":"irma-demo.MijnOverheid.root",
+				"attributes" : {
+					"BSN":"12345"
+				}
+			}
+		],
+		"disclose" : [
+			{
+				"label":"Initialen",
+				"attributes":["irma-demo.RU.studentCard.studentCardNumber"]
+			},
+			{
+				"label":"Achternaam",
+				"attributes" : ["irma-demo.RU.studentCard.studentID"]
+			},
+			{
+				"label":"Geboortedatum",
+				"attributes":["irma-demo.RU.studentCard.university"]
+			}
+		]
+	}`), &ir))
+
+	require.Equal(t, server.StatusDone, requestorSessionHelper(t, &ir, nil).Status)
+}
+
 func testRequestorIssuance(t *testing.T, keyshare bool) {
 	attrid := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
 	request := irma.NewIssuanceRequest([]*irma.CredentialRequest{{
@@ -127,7 +158,7 @@ func testRequestorIssuance(t *testing.T, keyshare bool) {
 }

 func TestConDisCon(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	ir := getMultipleIssuanceRequest()
 	ir.Credentials = append(ir.Credentials, &irma.CredentialRequest{
 		Validity:         ir.Credentials[0].Validity,
@@ -166,7 +197,7 @@ func TestConDisCon(t *testing.T) {
 }

 func TestOptionalDisclosure(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	university := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.university")
 	studentid := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")


--- a/internal/sessiontest/session_test.go
+++ b/internal/sessiontest/session_test.go
@@ -41,7 +41,7 @@ func TestMultipleIssuanceSession(t *testing.T) {
 }

 func TestDefaultCredentialValidity(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	request := getIssuanceRequest(true)
 	sessionHelper(t, request, "issue", client)
 }
@@ -64,7 +64,7 @@ func TestIssuanceOptionalSetAttributes(t *testing.T) {
 }

 func TestLargeAttribute(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	require.NoError(t, client.RemoveAllCredentials())
@@ -77,7 +77,7 @@ func TestLargeAttribute(t *testing.T) {
 }

 func TestIssuanceSingletonCredential(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	request := getMultipleIssuanceRequest()
@@ -101,7 +101,7 @@ indicates the sign of the integer. In Go this is not the case. This resulted in
 signatures being issued in the issuance protocol in two distinct ways, of which we test here
 that they have been fixed. */
 func TestAttributeByteEncoding(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)
 	require.NoError(t, client.RemoveAllCredentials())

@@ -124,7 +124,7 @@ func TestAttributeByteEncoding(t *testing.T) {
 }

 func TestDisclosureNewAttributeUpdateSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
@@ -141,7 +141,7 @@ func TestDisclosureNewAttributeUpdateSchemeManager(t *testing.T) {
 }

 func TestIssueNewAttributeUpdateSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
@@ -158,7 +158,7 @@ func TestIssueNewAttributeUpdateSchemeManager(t *testing.T) {
 }

 func TestIssueOptionalAttributeUpdateSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
@@ -175,7 +175,7 @@ func TestIssueOptionalAttributeUpdateSchemeManager(t *testing.T) {
 }

 func TestIssueNewCredTypeUpdateSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
 	credid := irma.NewCredentialTypeIdentifier("irma-demo.RU.studentCard")

@@ -193,7 +193,7 @@ func TestIssueNewCredTypeUpdateSchemeManager(t *testing.T) {
 }

 func TestDisclosureNewCredTypeUpdateSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	schemeid := irma.NewSchemeManagerIdentifier("irma-demo")
 	credid := irma.NewCredentialTypeIdentifier("irma-demo.RU.studentCard")
 	attrid := irma.NewAttributeTypeIdentifier("irma-demo.RU.studentCard.level")
@@ -211,7 +211,7 @@ func TestDisclosureNewCredTypeUpdateSchemeManager(t *testing.T) {
 }

 func TestDisclosureNonexistingCredTypeUpdateSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	request := irma.NewDisclosureRequest(
 		irma.NewAttributeTypeIdentifier("irma-demo.RU.foo.bar"),
 		irma.NewAttributeTypeIdentifier("irma-demo.baz.qux.abc"),
@@ -240,7 +240,7 @@ func TestDisclosureNonexistingCredTypeUpdateSchemeManager(t *testing.T) {
 // within this manager to test the autmatic downloading of credential definitions,
 // issuers, and public keys.
 func TestDownloadSchemeManager(t *testing.T) {
-	client := parseStorage(t)
+	client, _ := parseStorage(t)
 	defer test.ClearTestStorage(t)

 	// Remove irma-demo scheme manager as we need to test adding it

--- a/irmaclient/client.go
+++ b/irmaclient/client.go
@@ -608,13 +608,13 @@ type attributeGroup struct {
 func (client *Client) groupCredentials(choice *irma.DisclosureChoice) (
 	[]attributeGroup, irma.DisclosedAttributeIndices, error,
 ) {
-	todisclose := make([]attributeGroup, 0, 10)
 	if choice == nil || choice.Attributes == nil {
-		return todisclose, irma.DisclosedAttributeIndices{}, nil
+		return []attributeGroup{}, irma.DisclosedAttributeIndices{}, nil
 	}

 	// maps an irma.CredentialIdentifier to its index in the final ProofList
 	credIndices := make(map[irma.CredentialIdentifier]int)
+	todisclose := make([]attributeGroup, 0, len(choice.Attributes))
 	attributeIndices := make(irma.DisclosedAttributeIndices, len(choice.Attributes))
 	for i, attributeset := range choice.Attributes {
 		attributeIndices[i] = []*irma.DisclosedAttributeIndex{}

--- a/irmaclient/handlers.go
+++ b/irmaclient/handlers.go
@@ -20,9 +20,10 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)

 func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
 	// Fetch the username from the credential request and save it along with the scheme manager
-	smi := request.Credentials[0].CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
-	attr := irma.NewAttributeTypeIdentifier(h.client.Configuration.SchemeManagers[smi].KeyshareAttribute)
-	h.kss.Username = request.Credentials[0].Attributes[attr.Name()]
+	for _, attr := range request.Credentials[0].Attributes {
+		h.kss.Username = attr
+		break
+	}

 	// Do the issuance
 	callback(true, nil)

--- a/irmaclient/session.go
+++ b/irmaclient/session.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/url"
 	"reflect"
+	"runtime/debug"
 	"strings"

 	"github.com/bwesterb/go-atum"
@@ -582,7 +583,7 @@ func panicToError(e interface{}) *irma.SessionError {
 	default: // nop
 	}
 	fmt.Println("Panic: " + info)
-	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
+	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info + "\n\n" + string(debug.Stack())}
 }

 // Idempotently send DELETE to remote server, returning whether or not we did something

--- a/requests.go
+++ b/requests.go
@@ -547,7 +547,7 @@ func (ir *IssuanceRequest) Validate() error {
 		return errors.New("Empty issuance request")
 	}
 	for _, cred := range ir.Credentials {
-		if cred.Validity.Floor().Before(Timestamp(time.Now())) {
+		if cred.Validity != nil && cred.Validity.Floor().Before(Timestamp(time.Now())) {
 			return errors.New("Expired credential request")
 		}
 	}

--- a/server/irmad/cmd/root.go
+++ b/server/irmad/cmd/root.go
@@ -12,6 +12,7 @@ import (
 	"github.com/privacybydesign/irmago/server"
 	"github.com/privacybydesign/irmago/server/requestorserver"
 	"github.com/sirupsen/logrus"
+	"github.com/spf13/cast"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -256,7 +257,12 @@ func configure(cmd *cobra.Command) error {
 	}

 	// Handle requestors
-	requestors := viper.GetStringMap("requestors")
+	var requestors map[string]interface{}
+	if val, flagOrEnv := viper.Get("requestors").(string); !flagOrEnv || val != "" {
+		if requestors, err = cast.ToStringMapE(viper.Get("requestors")); err != nil {
+			return errors.WrapPrefix(err, "Failed to unmarshal requestors from flag or env var", 0)
+		}
+	}
 	if len(requestors) > 0 {
 		if err := mapstructure.Decode(requestors, &conf.Requestors); err != nil {
 			return errors.WrapPrefix(err, "Failed to unmarshal requestors from config file", 0)
@@ -288,9 +294,15 @@ func productionMode() bool {
 			if len(os.Args) == i+1 || strings.HasPrefix(os.Args[i+1], "--") {
 				return true
 			}
-			val := strings.ToLower(os.Args[i+1])
-			return val == "1" || val == "true" || val == "yes" || val == "t"
+			if checkConfVal(os.Args[i+1]) {
+				return true
+			}
 		}
 	}
-	return false
+
+	return checkConfVal(os.Getenv("IRMASERVER_PRODUCTION"))
+}
+func checkConfVal(val string) bool {
+	lc := strings.ToLower(val)
+	return lc == "1" || lc == "true" || lc == "yes" || lc == "t"
 }
--- a/verify.go
+++ b/verify.go
@@ -318,10 +318,13 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
 	}

 	// Next, verify the timestamp
-	if err := sm.VerifyTimestamp(message, configuration); err != nil {
-		return nil, ProofStatusInvalidTimestamp, nil
+	t := time.Now()
+	if sm.Timestamp != nil {
+		if err := sm.VerifyTimestamp(message, configuration); err != nil {
+			return nil, ProofStatusInvalidTimestamp, nil
+		}
+		t = time.Unix(sm.Timestamp.Time, 0)
 	}
-	t := time.Unix(sm.Timestamp.Time, 0)

 	// Check if a credential was expired at creation time, according to the timestamp
 	if expired := ProofList(sm.Signature).Expired(configuration, &t); expired {