Commit 3de4368b authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Restore invalid schemes from remote instead of assets when necessary

parent d935fe8c
......@@ -3,9 +3,11 @@
package test
import (
"net/http"
"os"
"path/filepath"
"testing"
"time"
"github.com/go-errors/errors"
"github.com/privacybydesign/irmago/internal/fs"
......@@ -23,6 +25,21 @@ func checkError(t *testing.T, err error) {
}
}
var schemeServer *http.Server
func StartSchemeManagerServer() {
path := findTestdataFolder(nil)
schemeServer = &http.Server{Addr: ":48681", Handler: http.FileServer(http.Dir(path))}
go func() {
schemeServer.ListenAndServe()
}()
time.Sleep(100 * time.Millisecond) // Give server time to start
}
func StopSchemeManagerServer() {
schemeServer.Close()
}
// findTestdataFolder finds the "testdata" folder which is in . or ..
// depending on which package is calling us.
func findTestdataFolder(t *testing.T) string {
......
......@@ -4,10 +4,8 @@ import (
"encoding/json"
"errors"
"math/big"
"net/http"
"os"
"testing"
"time"
"github.com/mhe/gabi"
"github.com/privacybydesign/irmago"
......@@ -18,18 +16,14 @@ import (
func TestMain(m *testing.M) {
// Create HTTP server for scheme managers
server := &http.Server{Addr: ":48681", Handler: http.FileServer(http.Dir("../testdata"))}
go func() {
server.ListenAndServe()
}()
time.Sleep(100 * time.Millisecond) // Give server time to start
test.StartSchemeManagerServer()
test.ClearTestStorage(nil)
test.CreateTestStorage(nil)
retCode := m.Run()
test.ClearTestStorage(nil)
server.Close()
test.StopSchemeManagerServer()
os.Exit(retCode)
}
......
......@@ -164,15 +164,31 @@ func (conf *Configuration) ParseFolder() (err error) {
return
}
// ParseOrRestoreFolder parses the irma_configuration folder, and when possible attempts to restore
// any broken scheme managers from their remote.
// Any error encountered during parsing is considered recoverable only if it is of type *SchemeManagerError;
// In this case the scheme in which it occured is downloaded from its remote and re-parsed.
// If any other error is encountered at any time, it is returned immediately.
// If no error is returned, parsing and possibly restoring has been succesfull, and there should be no
// disabled scheme managers.
func (conf *Configuration) ParseOrRestoreFolder() error {
err := conf.ParseFolder()
var parse bool
for id := range conf.DisabledSchemeManagers {
parse, _ = conf.CopyManagerFromAssets(id)
// Only in case of a *SchemeManagerError might we be able to recover
if _, isSchemeMgrErr := err.(*SchemeManagerError); !isSchemeMgrErr {
return err
}
if parse {
return conf.ParseFolder()
err = nil
for id := range conf.DisabledSchemeManagers {
if reinstallErr := conf.ReinstallSchemeManager(conf.SchemeManagers[id]); reinstallErr != nil {
// Again, we can recover only from a *SchemeManagerError, so bail out now otherwise
if _, isSchemeMgrErr := reinstallErr.(*SchemeManagerError); !isSchemeMgrErr {
return err
}
err = reinstallErr
}
}
return err
}
......@@ -196,22 +212,14 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM
}
}()
err = fs.AssertPathExists(dir + "/description.xml")
if err != nil {
// Verify signature and read scheme manager description
if err = conf.VerifySignature(manager.Identifier()); err != nil {
return
}
if manager.index, err = conf.parseIndex(filepath.Base(dir), manager); err != nil {
manager.Status = SchemeManagerStatusInvalidIndex
return
}
err = conf.VerifySchemeManager(manager)
if err != nil {
manager.Status = SchemeManagerStatusInvalidSignature
return
}
exists, err := conf.pathToDescription(manager, dir+"/description.xml", manager)
if !exists {
manager.Status = SchemeManagerStatusParsingError
......@@ -221,18 +229,26 @@ func (conf *Configuration) ParseSchemeManagerFolder(dir string, manager *SchemeM
manager.Status = SchemeManagerStatusParsingError
return
}
if manager.XMLVersion < 7 {
manager.Status = SchemeManagerStatusParsingError
return errors.New("Unsupported scheme manager description")
}
// Verify that all other files are validly signed
err = conf.VerifySchemeManager(manager)
if err != nil {
manager.Status = SchemeManagerStatusInvalidSignature
return
}
// Read timestamp indicating time of last modification
ts, exists, err := readTimestamp(dir + "/timestamp")
if err != nil || !exists {
return errors.WrapPrefix(err, "Could not read scheme manager timestamp", 0)
}
manager.Timestamp = *ts
if manager.XMLVersion < 7 {
manager.Status = SchemeManagerStatusParsingError
return errors.New("Unsupported scheme manager description")
}
// Parse contained issuers and credential types
err = conf.parseIssuerFolders(manager, dir)
if err != nil {
manager.Status = SchemeManagerStatusContentParsingError
......@@ -306,6 +322,22 @@ func (conf *Configuration) parseIssuerFolders(manager *SchemeManager, path strin
func (conf *Configuration) DeleteSchemeManager(id SchemeManagerIdentifier) error {
delete(conf.SchemeManagers, id)
delete(conf.DisabledSchemeManagers, id)
name := id.String()
for iss := range conf.Issuers {
if iss.Root() == name {
delete(conf.Issuers, iss)
}
}
for iss := range conf.publicKeys {
if iss.Root() == name {
delete(conf.publicKeys, iss)
}
}
for cred := range conf.CredentialTypes {
if cred.Root() == name {
delete(conf.CredentialTypes, cred)
}
}
return os.RemoveAll(filepath.Join(conf.Path, id.Name()))
}
......@@ -503,6 +535,20 @@ func (conf *Configuration) RemoveSchemeManager(id SchemeManagerIdentifier, fromS
return nil
}
func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err error) {
// Check if downloading stuff from the remote works before we uninstall the specified manager:
// If we can't download anything we should keep the broken version
manager, err = DownloadSchemeManager(manager.URL)
if err != nil {
return
}
if err = conf.DeleteSchemeManager(manager.Identifier()); err != nil {
return
}
err = conf.InstallSchemeManager(manager)
return
}
// InstallSchemeManager downloads and adds the specified scheme manager to this Configuration,
// provided its signature is valid.
func (conf *Configuration) InstallSchemeManager(manager *SchemeManager) error {
......@@ -544,13 +590,7 @@ func (conf *Configuration) DownloadSchemeManagerSignature(manager *SchemeManager
if err = t.GetFile("index.sig", sig); err != nil {
return
}
valid, err := conf.VerifySignature(manager.Identifier())
if err != nil {
return
}
if !valid {
err = errors.New("Scheme manager signature invalid")
}
err = conf.VerifySignature(manager.Identifier())
return
}
......@@ -714,16 +754,14 @@ func (conf *Configuration) parseIndex(name string, manager *SchemeManager) (Sche
}
func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error {
valid, err := conf.VerifySignature(manager.Identifier())
err := conf.VerifySignature(manager.Identifier())
if err != nil {
return err
}
if !valid {
return errors.New("Scheme manager signature was invalid")
}
var exists bool
for file := range manager.index {
exists, err := fs.PathExists(filepath.Join(conf.Path, file))
exists, err = fs.PathExists(filepath.Join(conf.Path, file))
if err != nil {
return err
}
......@@ -731,7 +769,7 @@ func (conf *Configuration) VerifySchemeManager(manager *SchemeManager) error {
continue
}
// Don't care about the actual bytes
if _, _, err := conf.ReadAuthenticatedFile(manager, file); err != nil {
if _, _, err = conf.ReadAuthenticatedFile(manager, file); err != nil {
return err
}
}
......@@ -763,10 +801,9 @@ func (conf *Configuration) ReadAuthenticatedFile(manager *SchemeManager, path st
// VerifySignature verifies the signature on the scheme manager index file
// (which contains the SHA256 hashes of all files under this scheme manager,
// which are used for verifying file authenticity).
func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (valid bool, err error) {
func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err error) {
defer func() {
if r := recover(); r != nil {
valid = false
if e, ok := r.(error); ok {
err = errors.Errorf("Scheme manager index signature failed to verify: %s", e.Error())
} else {
......@@ -777,41 +814,44 @@ func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (valid bo
dir := filepath.Join(conf.Path, id.String())
if err := fs.AssertPathExists(dir+"/index", dir+"/index.sig", dir+"/pk.pem"); err != nil {
return false, errors.New("Missing scheme manager index file, signature, or public key")
return errors.New("Missing scheme manager index file, signature, or public key")
}
// Read and hash index file
indexbts, err := ioutil.ReadFile(dir + "/index")
if err != nil {
return false, err
return err
}
indexhash := sha256.Sum256(indexbts)
// Read and parse scheme manager public key
pkbts, err := ioutil.ReadFile(dir + "/pk.pem")
if err != nil {
return false, err
return err
}
pkblk, _ := pem.Decode(pkbts)
genericPk, err := x509.ParsePKIXPublicKey(pkblk.Bytes)
if err != nil {
return false, err
return err
}
pk, ok := genericPk.(*ecdsa.PublicKey)
if !ok {
return false, errors.New("Invalid scheme manager public key")
return errors.New("Invalid scheme manager public key")
}
// Read and parse signature
sig, err := ioutil.ReadFile(dir + "/index.sig")
if err != nil {
return false, err
return err
}
ints := make([]*big.Int, 0, 2)
_, err = asn1.Unmarshal(sig, &ints)
// Verify signature
return ecdsa.Verify(pk, indexhash[:], ints[0], ints[1]), nil
if !ecdsa.Verify(pk, indexhash[:], ints[0], ints[1]) {
return errors.New("Scheme manager signature was invalid")
}
return nil
}
func (hash ConfigurationFileHash) String() string {
......
......@@ -69,6 +69,21 @@ func TestParseInvalidIrmaConfiguration(t *testing.T) {
require.Equal(t, false, conf.SchemeManagers[smerr.Manager].Valid)
}
func TestRestoreInvalidIrmaConfiguration(t *testing.T) {
test.StartSchemeManagerServer()
conf, err := NewConfiguration("testdata/storage/test/irma_configuration", "testdata/irma_configuration_invalid")
require.NoError(t, err)
err = conf.ParseOrRestoreFolder()
require.NoError(t, err)
require.Empty(t, conf.DisabledSchemeManagers)
require.Contains(t, conf.SchemeManagers, NewSchemeManagerIdentifier("irma-demo"))
test.StopSchemeManagerServer()
test.ClearTestStorage(t)
}
func TestParseIrmaConfiguration(t *testing.T) {
conf := parseConfiguration(t)
......
<IssueSpecification version="4">
<Name>
<en>Student Card</en>
<nl>Studentenkaart</nl>
</Name>
<ShortName>
<en>Student Card</en>
<nl>Studentenkaart</nl>
</ShortName>
<SchemeManager>irma-demo</SchemeManager>
<IssuerID>RU</IssuerID>
<CredentialID>studentCard</CredentialID>
<Description>
<en>Student Card issued by the Radboud University Nijmegen. Modified to invalidate scheme signature</en>
<nl>Studentenkaart uitgegeven door de Radboud Universiteit Nijmegen</nl>
</Description>
<ShouldBeSingleton>true</ShouldBeSingleton>
<Attributes>
<Attribute id="university">
<Name>
<en>University</en>
<nl>Universiteit</nl>
</Name>
<Description>
<en>The name of the university</en>
<nl>Naam van de universiteit</nl>
</Description>
</Attribute>
<Attribute id="studentCardNumber">
<Name>
<en>Student card number</en>
<nl>Studentenkaartnummer</nl>
</Name>
<Description>
<en>The unique number of your student card</en>
<nl>Het unieke nummer op uw studentenkaart</nl>
</Description>
</Attribute>
<Attribute id="studentID">
<Name>
<en>Student number</en>
<nl>Studentnummer</nl>
</Name>
<Description>
<en>Your student number</en>
<nl>Uw studentnummer</nl>
</Description>
</Attribute>
<Attribute id="level">
<Name>
<en>Type</en>
<nl>Soort</nl>
</Name>
<Description>
<en>Whether you are a regular or PhD student</en>
<nl>Of u een gewone of PhD student bent</nl>
</Description>
</Attribute>
</Attributes>
</IssueSpecification>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
<Counter>0</Counter>
<ExpiryDate>1491436800</ExpiryDate>
<References>
<IssuerPublicKey>http://www.irmacard.org/credentials/phase1/RU/ipk.xml</IssuerPublicKey>
</References>
<Elements>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
<pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
<q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
<qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
</Elements>
</IssuerPrivateKey>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
<Counter>0</Counter>
<ExpiryDate>1491436800</ExpiryDate>
<References>
<IssuerPublicKey>http://www.irmacard.org/credentials/phase1/RU/ipk.xml</IssuerPublicKey>
</References>
<Elements>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
<pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
<q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
<qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
</Elements>
</IssuerPrivateKey>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
<Counter>0</Counter>
<ExpiryDate>1893456000</ExpiryDate>
<References>
<IssuerPublicKey>http://www.irmacard.org/credentials/phase1/RU/ipk.xml</IssuerPublicKey>
</References>
<Elements>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
<pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
<q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
<qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
</Elements>
</IssuerPrivateKey>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPublicKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPublicKey.xsd">
<Counter>0</Counter>
<ExpiryDate>1491436800</ExpiryDate>
<References>
<GroupParameters>http://www.irmacard.org/credentials/phase1/RU/gp.xml</GroupParameters>
</References>
<Elements>
<S>68460510129747727135744503403370273952956360997532594630007762045745171031173231339034881007977792852962667675924510408558639859602742661846943843432940752427075903037429735029814040501385798095836297700111333573975220392538916785564158079116348699773855815825029476864341585033111676283214405517983188761136</S>
<Z>44579327840225837958738167571392618381868336415293109834301264408385784355849790902532728798897199236650711385876328647206143271336410651651791998475869027595051047904885044274040212624547595999947339956165755500019260290516022753290814461070607850420459840370288988976468437318992206695361417725670417150636</Z>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<Bases num="6">
<Base_0>75350858539899247205099195870657569095662997908054835686827949842616918065279527697469302927032348256512990413925385972530386004430200361722733856287145745926519366823425418198189091190950415327471076288381822950611094023093577973125683837586451857056904547886289627214081538422503416179373023552964235386251</Base_0>
<Base_1>16493273636283143082718769278943934592373185321248797185217530224336539646051357956879850630049668377952487166494198481474513387080523771033539152347804895674103957881435528189990601782516572803731501616717599698546778915053348741763191226960285553875185038507959763576845070849066881303186850782357485430766</Base_1>
<Base_2>13291821743359694134120958420057403279203178581231329375341327975072292378295782785938004910295078955941500173834360776477803543971319031484244018438746973179992753654070994560440903251579649890648424366061116003693414594252721504213975050604848134539324290387019471337306533127861703270017452296444985692840</Base_2>
<Base_3>86332479314886130384736453625287798589955409703988059270766965934046079318379171635950761546707334446554224830120982622431968575935564538920183267389540869023066259053290969633312602549379541830869908306681500988364676409365226731817777230916908909465129739617379202974851959354453994729819170838277127986187</Base_3>
<Base_4>68324072803453545276056785581824677993048307928855083683600441649711633245772441948750253858697288489650767258385115035336890900077233825843691912005645623751469455288422721175655533702255940160761555155932357171848703103682096382578327888079229101354304202688749783292577993444026613580092677609916964914513</Base_4>
<Base_5>65082646756773276491139955747051924146096222587013375084161255582716233287172212541454173762000144048198663356249316446342046266181487801411025319914616581971563024493732489885161913779988624732795125008562587549337253757085766106881836850538709151996387829026336509064994632876911986826959512297657067426387</Base_5>
</Bases>
</Elements>
<Features>
<Epoch length="432000"/>
</Features>
</IssuerPublicKey>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPublicKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPublicKey.xsd">
<Counter>0</Counter>
<ExpiryDate>1491436800</ExpiryDate>
<References>
<GroupParameters>http://www.irmacard.org/credentials/phase1/RU/gp.xml</GroupParameters>
</References>
<Elements>
<S>68460510129747727135744503403370273952956360997532594630007762045745171031173231339034881007977792852962667675924510408558639859602742661846943843432940752427075903037429735029814040501385798095836297700111333573975220392538916785564158079116348699773855815825029476864341585033111676283214405517983188761136</S>
<Z>44579327840225837958738167571392618381868336415293109834301264408385784355849790902532728798897199236650711385876328647206143271336410651651791998475869027595051047904885044274040212624547595999947339956165755500019260290516022753290814461070607850420459840370288988976468437318992206695361417725670417150636</Z>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<Bases num="16">
<Base_0>75350858539899247205099195870657569095662997908054835686827949842616918065279527697469302927032348256512990413925385972530386004430200361722733856287145745926519366823425418198189091190950415327471076288381822950611094023093577973125683837586451857056904547886289627214081538422503416179373023552964235386251</Base_0>
<Base_1>16493273636283143082718769278943934592373185321248797185217530224336539646051357956879850630049668377952487166494198481474513387080523771033539152347804895674103957881435528189990601782516572803731501616717599698546778915053348741763191226960285553875185038507959763576845070849066881303186850782357485430766</Base_1>
<Base_2>13291821743359694134120958420057403279203178581231329375341327975072292378295782785938004910295078955941500173834360776477803543971319031484244018438746973179992753654070994560440903251579649890648424366061116003693414594252721504213975050604848134539324290387019471337306533127861703270017452296444985692840</Base_2>
<Base_3>86332479314886130384736453625287798589955409703988059270766965934046079318379171635950761546707334446554224830120982622431968575935564538920183267389540869023066259053290969633312602549379541830869908306681500988364676409365226731817777230916908909465129739617379202974851959354453994729819170838277127986187</Base_3>
<Base_4>68324072803453545276056785581824677993048307928855083683600441649711633245772441948750253858697288489650767258385115035336890900077233825843691912005645623751469455288422721175655533702255940160761555155932357171848703103682096382578327888079229101354304202688749783292577993444026613580092677609916964914513</Base_4>
<Base_5>65082646756773276491139955747051924146096222587013375084161255582716233287172212541454173762000144048198663356249316446342046266181487801411025319914616581971563024493732489885161913779988624732795125008562587549337253757085766106881836850538709151996387829026336509064994632876911986826959512297657067426387</Base_5>
<Base_6>63874659024615068338240333975368246140159933088503494192169386470663990819206499436099908283211758824583120731775079733233918512992716255632360158355599409595092638309153631787713042297185191119164002796803320251786811576733233565960688620527003917904544567533947196715598026771669486819897144904640919683383</Base_6>
<Base_7>53120012498647271847614903007438523756226702548925411521362124776403512546171688156771769494830539508698639960566312015021223073799115225696603788091248714474288575966898783227186834024955676508375657014860678198452988831943798305301365905747151433979255013901646958759431737824372577668338986031236451772269</Base_7>
<Base_8>94977507250977029244216303110519491359875480658706513494340611066613627545948656540622594494622494034637459076045014939472664047178246799166875645473055247016767320637503219234978138979618408672939898258371340440168212941434681279973794100674871952106938348702393347230733030900740201684853057244821052834117</Base_8>
<Base_9>33548776713692344991270752400860301125809441995491893919759487182007682973762800990095419451049128242439573384043915281283857592153663865432175099052908521761590533867959011344314294416279790357713907587691573186353837474297713423093706417749437370939058878724457006161671387943292631963343496403429153753396</Base_9>
<Base_10>94574726946601311270006868434593417652808272730645249117063357791139600932579421107662622218042782210660106516758352732411467133081985887995712153349804349931333557568741890650497071347577519196959718203195659595103591556387334526723678545698426523473502762766884156358071546903398148184011906532388711785721</Base_10>
<Base_11>71090625764693291864285716422145150306126524180059105194565460788896047107462526007995563627850002378781272329850450878584451950595502090636945677338880179616046621238180371802305655084281936899214412903969479574417709225908055818094924257062172940790013556842762762535221837464641528877343701699876888529554</Base_11>
<Base_12>89994189860381421573742821038879743391200144327848159531934049789288319618969504505012613979547374436515371120105455959258872406699407099552042442952761821745480029437329148097257703259967834665509602000108021618598038391726267727222679373923001035505119409434760111133574362301840327725460034795546285540835</Base_12>
<Base_13>26594376735775799517445468049435127400393014535839420349719804863728749868693100988700175899311806025580320148993947081372042948769831418325762987824461133415403469332383651493091850245273719248741693476860597808584205875155739828651286256882205461551112512137832820048825668958958555444643284146512447317689</Base_13>
<Base_14>60420623476195691535788990971382128738569322575201762126878149347771922861695354188117742207888738588603502786109282069405660401120272078097069836730000976180496411585344658782366502405176926957968999453498629454813517274798579004003693665402524059702290577819992845964292939395302650732269322395698057074365</Base_14>
<Base_15>21301988514882217846540919004657447469216700284687798970695364442043078466651947322026422983762182649319819066905212410964124592259318776319123011997208665297960600907308232432224398119887503378299735768472166279238616632478267271322106955079660714214449716417195400285606024704955471500762937023765507613590</Base_15>
</Bases>
</Elements>
<Features>
<Epoch length="432000"/>
</Features>
</IssuerPublicKey>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPublicKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPublicKey.xsd">
<Counter>0</Counter>
<ExpiryDate>1893456000</ExpiryDate>
<References>
<GroupParameters>http://www.irmacard.org/credentials/phase1/RU/gp.xml</GroupParameters>
</References>
<Elements>
<S>68460510129747727135744503403370273952956360997532594630007762045745171031173231339034881007977792852962667675924510408558639859602742661846943843432940752427075903037429735029814040501385798095836297700111333573975220392538916785564158079116348699773855815825029476864341585033111676283214405517983188761136</S>
<Z>44579327840225837958738167571392618381868336415293109834301264408385784355849790902532728798897199236650711385876328647206143271336410651651791998475869027595051047904885044274040212624547595999947339956165755500019260290516022753290814461070607850420459840370288988976468437318992206695361417725670417150636</Z>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<Bases num="16">
<Base_0>75350858539899247205099195870657569095662997908054835686827949842616918065279527697469302927032348256512990413925385972530386004430200361722733856287145745926519366823425418198189091190950415327471076288381822950611094023093577973125683837586451857056904547886289627214081538422503416179373023552964235386251</Base_0>
<Base_1>16493273636283143082718769278943934592373185321248797185217530224336539646051357956879850630049668377952487166494198481474513387080523771033539152347804895674103957881435528189990601782516572803731501616717599698546778915053348741763191226960285553875185038507959763576845070849066881303186850782357485430766</Base_1>
<Base_2>13291821743359694134120958420057403279203178581231329375341327975072292378295782785938004910295078955941500173834360776477803543971319031484244018438746973179992753654070994560440903251579649890648424366061116003693414594252721504213975050604848134539324290387019471337306533127861703270017452296444985692840</Base_2>
<Base_3>86332479314886130384736453625287798589955409703988059270766965934046079318379171635950761546707334446554224830120982622431968575935564538920183267389540869023066259053290969633312602549379541830869908306681500988364676409365226731817777230916908909465129739617379202974851959354453994729819170838277127986187</Base_3>
<Base_4>68324072803453545276056785581824677993048307928855083683600441649711633245772441948750253858697288489650767258385115035336890900077233825843691912005645623751469455288422721175655533702255940160761555155932357171848703103682096382578327888079229101354304202688749783292577993444026613580092677609916964914513</Base_4>
<Base_5>65082646756773276491139955747051924146096222587013375084161255582716233287172212541454173762000144048198663356249316446342046266181487801411025319914616581971563024493732489885161913779988624732795125008562587549337253757085766106881836850538709151996387829026336509064994632876911986826959512297657067426387</Base_5>
<Base_6>63874659024615068338240333975368246140159933088503494192169386470663990819206499436099908283211758824583120731775079733233918512992716255632360158355599409595092638309153631787713042297185191119164002796803320251786811576733233565960688620527003917904544567533947196715598026771669486819897144904640919683383</Base_6>
<Base_7>53120012498647271847614903007438523756226702548925411521362124776403512546171688156771769494830539508698639960566312015021223073799115225696603788091248714474288575966898783227186834024955676508375657014860678198452988831943798305301365905747151433979255013901646958759431737824372577668338986031236451772269</Base_7>
<Base_8>94977507250977029244216303110519491359875480658706513494340611066613627545948656540622594494622494034637459076045014939472664047178246799166875645473055247016767320637503219234978138979618408672939898258371340440168212941434681279973794100674871952106938348702393347230733030900740201684853057244821052834117</Base_8>
<Base_9>33548776713692344991270752400860301125809441995491893919759487182007682973762800990095419451049128242439573384043915281283857592153663865432175099052908521761590533867959011344314294416279790357713907587691573186353837474297713423093706417749437370939058878724457006161671387943292631963343496403429153753396</Base_9>
<Base_10>94574726946601311270006868434593417652808272730645249117063357791139600932579421107662622218042782210660106516758352732411467133081985887995712153349804349931333557568741890650497071347577519196959718203195659595103591556387334526723678545698426523473502762766884156358071546903398148184011906532388711785721</Base_10>
<Base_11>71090625764693291864285716422145150306126524180059105194565460788896047107462526007995563627850002378781272329850450878584451950595502090636945677338880179616046621238180371802305655084281936899214412903969479574417709225908055818094924257062172940790013556842762762535221837464641528877343701699876888529554</Base_11>
<Base_12>89994189860381421573742821038879743391200144327848159531934049789288319618969504505012613979547374436515371120105455959258872406699407099552042442952761821745480029437329148097257703259967834665509602000108021618598038391726267727222679373923001035505119409434760111133574362301840327725460034795546285540835</Base_12>
<Base_13>26594376735775799517445468049435127400393014535839420349719804863728749868693100988700175899311806025580320148993947081372042948769831418325762987824461133415403469332383651493091850245273719248741693476860597808584205875155739828651286256882205461551112512137832820048825668958958555444643284146512447317689</Base_13>
<Base_14>60420623476195691535788990971382128738569322575201762126878149347771922861695354188117742207888738588603502786109282069405660401120272078097069836730000976180496411585344658782366502405176926957968999453498629454813517274798579004003693665402524059702290577819992845964292939395302650732269322395698057074365</Base_14>
<Base_15>21301988514882217846540919004657447469216700284687798970695364442043078466651947322026422983762182649319819066905212410964124592259318776319123011997208665297960600907308232432224398119887503378299735768472166279238616632478267271322106955079660714214449716417195400285606024704955471500762937023765507613590</Base_15>
</Bases>
</Elements>
<Features>
<Epoch length="432000"/>
</Features>
</IssuerPublicKey>
<Issuer version="4">
<ID>RU</ID>
<Name>
<en>Radboud University Nijmegen</en>
<nl>Radboud Universiteit Nijmegen</nl>
</Name>
<ShortName>
<en>Radboud University</en>
<nl>Radboud Universiteit</nl>
</ShortName>
<SchemeManager>irma-demo</SchemeManager>
<ContactAddress>Comeniuslaan 4
6525 HP Nijmegen</ContactAddress>
<ContactEMail>info@ru.nl</ContactEMail>
<baseURL>http://www.irmacard.org/credentials/phase1/RU/</baseURL>
</Issuer>
<SchemeManager version="7">
<Id>irma-demo</Id>
<Url>https://credentials.github.io/irma_configuration/irma-demo</Url>
<Url>http://localhost:48681/irma_configuration/irma-demo</Url>
<Name>
<en>Irma Demo</en>
<nl>Irma Demo</nl>
......@@ -10,7 +10,5 @@
<nl>Demo IRMA-credentials</nl>
</Description>
<Contact>https://www.irmacard.org
phone@demo.irmacard.org
This line was added after signing to invalidate the signature</Contact>
phone@demo.irmacard.org</Contact>
</SchemeManager>
d9f04a4b5ddf96e90d19c3baca10fcab2af56baa33eee7dcc9f6d10232f2b80a irma-demo/description.xml
e71c1d8636e1097ff653d1473f1066d90ed8dee186b20a08501ba8d59d5cae4e irma-demo/RU/Issues/studentCard/description.xml
449a51cbb1ce540c88eaa54942d5200122859136de26b30fb02d23541a54f17b irma-demo/RU/PublicKeys/0.xml
ffa2349b0a638132837c767df12c7b15cbac85f648c614a0811b3edb751d0a6d irma-demo/RU/PublicKeys/1.xml
e298a2e6dca3bdb923d22734dc4f76ba7b48c5364eb8d7b60e6ec4e940921f89 irma-demo/RU/PublicKeys/2.xml
a4f6cc35cace3e9dc9388b29a8756ea83e5884f799d75cadd4efa60e1a12d855 irma-demo/RU/description.xml
35697bb7ffb19518a0ac6739ac3eef6b0272cd322c4619b075328b88c06ac43d irma-demo/RU/logo.png
79946ec7f042d0eea4d24b3e000f7262d987dc849fe9dc3c4c19c582a9e11295 irma-demo/description.xml
e782149eab91036a011fba8d946903c3d425489b50d643f269a76e0974e4ee69 irma-demo/timestamp
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3FUAXtr8L/CT7WofXXcl7yiYI59r
z8ZSb+60UrkIn/ktBlOPlg1SYBNTXP4ITL0x0K4hHDF1DPXyH1F0rpVtCw==
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHVnmAY+kGkFZn7XXozdI4HY8GOjm
54ngh4chTfn6WsTCf2w5rprfIqML61z2VTE4k8yJ0Z1QbyW6cdaao8obTQ==
-----END PUBLIC KEY-----