Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
irmago
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
IRMA
Github mirrors
irmago
Commits
33598603
Commit
33598603
authored
Nov 20, 2019
by
Sietse Ringers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
refactor: rename irma.Configuration.Revocation
parent
81b7f1ee
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
24 additions
and
24 deletions
+24
-24
internal/servercore/api.go
internal/servercore/api.go
+3
-3
internal/servercore/handle.go
internal/servercore/handle.go
+6
-6
internal/servercore/helpers.go
internal/servercore/helpers.go
+4
-4
internal/sessiontest/server_test.go
internal/sessiontest/server_test.go
+2
-2
irmaclient/storage.go
irmaclient/storage.go
+1
-1
irmaconfig.go
irmaconfig.go
+3
-3
server/conf.go
server/conf.go
+4
-4
verify.go
verify.go
+1
-1
No files found.
internal/servercore/api.go
View file @
33598603
...
...
@@ -52,7 +52,7 @@ func New(conf *server.Configuration) (*Server, error) {
if
s
:=
conf
.
RevocationSettings
[
credid
];
s
!=
nil
&&
s
.
Mode
!=
irma
.
RevocationModeRequestor
{
continue
}
if
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
UpdateDB
(
credid
);
err
!=
nil
{
if
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
UpdateDB
(
credid
);
err
!=
nil
{
s
.
conf
.
Logger
.
Error
(
"failed to update revocation database for %s:"
,
credid
.
String
())
_
=
server
.
LogError
(
err
)
}
...
...
@@ -65,7 +65,7 @@ func New(conf *server.Configuration) (*Server, error) {
}
func
(
s
*
Server
)
Stop
()
{
if
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
Close
();
err
!=
nil
{
if
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
Close
();
err
!=
nil
{
_
=
server
.
LogWarning
(
err
)
}
s
.
stopScheduler
<-
true
...
...
@@ -150,7 +150,7 @@ func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error
if
err
!=
nil
{
return
err
}
return
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
Revoke
(
credid
,
key
,
rsk
)
return
s
.
conf
.
IrmaConfiguration
.
Revocation
.
Revoke
(
credid
,
key
,
rsk
)
}
func
ParsePath
(
path
string
)
(
token
,
noun
string
,
arg
[]
string
,
err
error
)
{
...
...
internal/servercore/handle.go
View file @
33598603
...
...
@@ -36,7 +36,7 @@ func (session *session) handleGetRequest(min, max *irma.ProtocolVersion) (irma.S
// we include the latest revocation records for the client here, as opposed to when the session
// was started, so that the client always gets the very latest revocation records
var
err
error
if
err
=
session
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
SetRevocationRecords
(
session
.
request
.
Base
());
err
!=
nil
{
if
err
=
session
.
conf
.
IrmaConfiguration
.
Revocation
.
SetRevocationRecords
(
session
.
request
.
Base
());
err
!=
nil
{
return
nil
,
session
.
fail
(
server
.
ErrorUnknown
,
err
.
Error
())
// TODO error type
}
...
...
@@ -216,7 +216,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
// POST revocation/records
func
(
s
*
Server
)
handlePostRevocationRecords
(
records
[]
*
irma
.
RevocationRecord
)
(
interface
{},
*
irma
.
RemoteError
)
{
if
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
AddRevocationRecords
(
records
);
err
!=
nil
{
if
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
AddRevocationRecords
(
records
);
err
!=
nil
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorUnknown
,
err
.
Error
())
// TODO error type
}
return
nil
,
nil
...
...
@@ -229,7 +229,7 @@ func (s *Server) handleGetRevocationRecords(
if
_
,
ok
:=
s
.
conf
.
RevocationSettings
[
cred
];
!
ok
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"not supported by this server"
)
}
records
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
RevocationRecords
(
cred
,
index
)
records
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
RevocationRecords
(
cred
,
index
)
if
err
!=
nil
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorUnknown
,
err
.
Error
())
// TODO error type
}
...
...
@@ -243,7 +243,7 @@ func (s *Server) handleGetLatestRevocationRecords(
if
_
,
ok
:=
s
.
conf
.
RevocationSettings
[
cred
];
!
ok
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"not supported by this server"
)
}
records
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
LatestRevocationRecords
(
cred
,
count
)
records
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
LatestRevocationRecords
(
cred
,
count
)
if
err
!=
nil
{
return
nil
,
server
.
RemoteError
(
server
.
ErrorUnknown
,
err
.
Error
())
// TODO error type
}
...
...
@@ -260,7 +260,7 @@ func (s *Server) handlePostIssuanceRecord(
// Grab the counter-th issuer public key, with which the message should be signed,
// and verify and unmarshal the issuance record
pk
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
Keys
.
PublicKey
(
cred
.
IssuerIdentifier
(),
uint
(
counter
))
pk
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
Keys
.
PublicKey
(
cred
.
IssuerIdentifier
(),
uint
(
counter
))
if
err
!=
nil
{
return
""
,
server
.
RemoteError
(
server
.
ErrorUnknown
,
err
.
Error
())
}
...
...
@@ -272,7 +272,7 @@ func (s *Server) handlePostIssuanceRecord(
return
""
,
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"issuance record of wrong credential type"
)
}
if
err
=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
AddIssuanceRecord
(
&
rec
);
err
!=
nil
{
if
err
=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
AddIssuanceRecord
(
&
rec
);
err
!=
nil
{
return
""
,
server
.
RemoteError
(
server
.
ErrorUnknown
,
err
.
Error
())
}
return
"OK"
,
nil
...
...
internal/servercore/helpers.go
View file @
33598603
...
...
@@ -86,12 +86,12 @@ func (session *session) issuanceHandleRevocation(
// ensure the client always gets an up to date nonrevocation witness
if
settings
,
ok
:=
session
.
conf
.
RevocationSettings
[
id
];
!
ok
||
settings
.
Mode
!=
irma
.
RevocationModeServer
{
if
err
=
session
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
UpdateDB
(
id
);
err
!=
nil
{
if
err
=
session
.
conf
.
IrmaConfiguration
.
Revocation
.
UpdateDB
(
id
);
err
!=
nil
{
return
}
}
rs
:=
session
.
conf
.
IrmaConfiguration
.
Revocation
Storage
rs
:=
session
.
conf
.
IrmaConfiguration
.
Revocation
// Fetch latest revocation record, and then extract the current value of the accumulator
// from it to generate the witness from
...
...
@@ -122,7 +122,7 @@ func (session *session) issuanceHandleRevocation(
Issued
:
time
.
Now
()
.
UnixNano
(),
// or (floored) cred issuance time?
ValidUntil
:
attributes
.
Expiry
()
.
UnixNano
(),
}
err
=
session
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
SaveIssuanceRecord
(
id
,
issrecord
)
err
=
session
.
conf
.
IrmaConfiguration
.
Revocation
.
SaveIssuanceRecord
(
id
,
issrecord
)
return
}
...
...
@@ -152,7 +152,7 @@ func (s *Server) validateIssuanceRequest(request *irma.IssuanceRequest) error {
}
if
s
.
conf
.
IrmaConfiguration
.
CredentialTypes
[
cred
.
CredentialTypeID
]
.
SupportsRevocation
()
{
enabled
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
Storage
.
RevocationEnabled
(
cred
.
CredentialTypeID
)
enabled
,
err
:=
s
.
conf
.
IrmaConfiguration
.
Revocation
.
RevocationEnabled
(
cred
.
CredentialTypeID
)
if
err
!=
nil
{
return
err
}
...
...
internal/sessiontest/server_test.go
View file @
33598603
...
...
@@ -90,9 +90,9 @@ func StartRevocationServer(t *testing.T) {
require
.
NoError
(
t
,
g
.
Close
())
// Enable revocation for our credential type
sk
,
err
:=
irmaconf
.
Revocation
Storage
.
Keys
.
PrivateKey
(
cred
.
IssuerIdentifier
())
sk
,
err
:=
irmaconf
.
Revocation
.
Keys
.
PrivateKey
(
cred
.
IssuerIdentifier
())
require
.
NoError
(
t
,
err
)
require
.
NoError
(
t
,
irmaconf
.
Revocation
Storage
.
EnableRevocation
(
cred
,
sk
))
require
.
NoError
(
t
,
irmaconf
.
Revocation
.
EnableRevocation
(
cred
,
sk
))
// Start revocation server
revocationServer
,
err
=
irmaserver
.
New
(
conf
)
...
...
irmaclient/storage.go
View file @
33598603
...
...
@@ -252,7 +252,7 @@ func (s *storage) LoadSignature(attrs *irma.AttributeList) (*gabi.CLSignature, *
return
nil
,
nil
,
errors
.
Errorf
(
"Signature of credential with hash %s cannot be found"
,
attrs
.
Hash
())
}
if
sig
.
Witness
!=
nil
{
pk
,
err
:=
s
.
Configuration
.
Revocation
Storage
.
Keys
.
PublicKey
(
pk
,
err
:=
s
.
Configuration
.
Revocation
.
Keys
.
PublicKey
(
attrs
.
CredentialType
()
.
IssuerIdentifier
(),
sig
.
Witness
.
Record
.
PublicKeyIndex
,
)
...
...
irmaconfig.go
View file @
33598603
...
...
@@ -46,7 +46,7 @@ type Configuration struct {
CredentialTypes
map
[
CredentialTypeIdentifier
]
*
CredentialType
AttributeTypes
map
[
AttributeTypeIdentifier
]
*
AttributeType
Revocation
Storage
*
RevocationStorage
Revocation
*
RevocationStorage
// Path to the irma_configuration folder that this instance represents
Path
string
...
...
@@ -129,8 +129,8 @@ func NewConfiguration(path string, opts ConfigurationOptions) (conf *Configurati
assets
:
opts
.
Assets
,
readOnly
:
opts
.
ReadOnly
,
}
conf
.
Revocation
Storage
=
&
RevocationStorage
{
conf
:
conf
}
if
err
=
conf
.
Revocation
Storage
.
Load
(
Logger
.
IsLevelEnabled
(
logrus
.
DebugLevel
),
opts
.
RevocationDB
,
opts
.
RevocationSettings
);
err
!=
nil
{
conf
.
Revocation
=
&
RevocationStorage
{
conf
:
conf
}
if
err
=
conf
.
Revocation
.
Load
(
Logger
.
IsLevelEnabled
(
logrus
.
DebugLevel
),
opts
.
RevocationDB
,
opts
.
RevocationSettings
);
err
!=
nil
{
return
nil
,
err
}
...
...
server/conf.go
View file @
33598603
...
...
@@ -76,7 +76,7 @@ func (conf *Configuration) Check() error {
}
{
if
err
:=
f
();
err
!=
nil
{
if
conf
.
IrmaConfiguration
!=
nil
{
if
e
:=
conf
.
IrmaConfiguration
.
Revocation
Storage
.
Close
();
e
!=
nil
{
if
e
:=
conf
.
IrmaConfiguration
.
Revocation
.
Close
();
e
!=
nil
{
_
=
LogError
(
e
)
}
}
...
...
@@ -208,14 +208,14 @@ func (conf *Configuration) verifyRevocation() error {
}
if
settings
.
Mode
==
irma
.
RevocationModeServer
{
enabled
,
err
:=
conf
.
IrmaConfiguration
.
Revocation
Storage
.
RevocationEnabled
(
credid
)
enabled
,
err
:=
conf
.
IrmaConfiguration
.
Revocation
.
RevocationEnabled
(
credid
)
if
err
!=
nil
{
return
LogError
(
errors
.
WrapPrefix
(
err
,
"failed to check if revocation is enabled for "
+
credid
.
String
(),
0
))
}
if
!
enabled
{
return
LogError
(
errors
.
Errorf
(
"revocation not enabled for %s"
,
credid
.
String
()))
}
_
,
err
=
conf
.
IrmaConfiguration
.
Revocation
Storage
.
Keys
.
PrivateKey
(
credid
.
IssuerIdentifier
())
_
,
err
=
conf
.
IrmaConfiguration
.
Revocation
.
Keys
.
PrivateKey
(
credid
.
IssuerIdentifier
())
if
err
!=
nil
{
return
LogError
(
errors
.
WrapPrefix
(
err
,
"failed to load private key of "
+
credid
.
IssuerIdentifier
()
.
String
()
+
" (required for revocation)"
,
0
))
}
...
...
@@ -226,7 +226,7 @@ func (conf *Configuration) verifyRevocation() error {
if
!
credtype
.
SupportsRevocation
()
{
continue
}
_
,
err
:=
conf
.
IrmaConfiguration
.
Revocation
Storage
.
Keys
.
PrivateKey
(
credid
.
IssuerIdentifier
())
_
,
err
:=
conf
.
IrmaConfiguration
.
Revocation
.
Keys
.
PrivateKey
(
credid
.
IssuerIdentifier
())
haveSK
:=
err
==
nil
settings
,
ok
:=
conf
.
RevocationSettings
[
credid
]
serverConfigured
:=
ok
&&
settings
.
ServerURL
!=
""
...
...
verify.go
View file @
33598603
...
...
@@ -185,7 +185,7 @@ func (pl ProofList) VerifyProofs(
return
false
,
nil
,
errors
.
New
(
"nonrevocation proof used wrong accumulator"
)
}
if
ours
==
theirs
{
settings
:=
configuration
.
Revocation
Storage
.
getSettings
(
id
)
settings
:=
configuration
.
Revocation
.
getSettings
(
id
)
if
uint
(
time
.
Now
()
.
Sub
(
settings
.
updated
)
.
Seconds
())
>
settings
.
MaxNonrevocationDuration
{
revocation
[
i
]
=
&
settings
.
updated
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment