Commit 42788b20 authored by Sietse Ringers's avatar Sietse Ringers

feat: irma server verifies revocation parameters in session request

parent 75dbd3d1
......@@ -80,6 +80,9 @@ func (s *Server) validateRequest(request irma.SessionRequest) error {
if _, err := s.conf.IrmaConfiguration.Download(request); err != nil {
return err
}
if err := request.Base().Validate(s.conf.IrmaConfiguration); err != nil {
return err
}
return request.Disclosure().Disclose.Validate(s.conf.IrmaConfiguration)
}
......
......@@ -266,6 +266,19 @@ func (b *BaseRequest) SupportsRevocation() bool {
return !b.ProtocolVersion.Below(2, 6)
}
func (b *BaseRequest) Validate(conf *Configuration) error {
for credid := range b.Revocation {
credtyp, ok := conf.CredentialTypes[credid]
if !ok {
return errors.Errorf("cannot requet nonrevocation proof for %s: unknown credential type", credid)
}
if !credtyp.RevocationSupported() {
return errors.Errorf("cannot request nonrevocation proof for %s: revocation not enabled in scheme", credid)
}
}
return nil
}
// CredentialTypes returns an array of all credential types occuring in this conjunction.
func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier {
var result []CredentialTypeIdentifier
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment