Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
45b21dd9
Commit
45b21dd9
authored
May 08, 2019
by
Sietse Ringers
Browse files
Merge branch 'new-abs-format' into condiscon
parents
ca000edb
993d43bf
Changes
9
Hide whitespace changes
Inline
Side-by-side
Gopkg.lock
View file @
45b21dd9
...
...
@@ -272,7 +272,7 @@
[[projects]]
branch = "master"
digest = "1:
bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd
"
digest = "1:
efc4c33449984cda3f7880142fbf35fdc16c7e9c4c27c50a8e77bd055400cceb
"
name = "github.com/privacybydesign/gabi"
packages = [
".",
...
...
@@ -280,7 +280,7 @@
"safeprime",
]
pruneopts = "UT"
revision = "
a5a01cfeac1cf9781b73016f7f5492fd1bfca2ff
"
revision = "
ce779395f4c98898f21f8c49f71f4b3353995127
"
[[projects]]
digest = "1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70"
...
...
@@ -480,6 +480,7 @@
"github.com/privacybydesign/gabi",
"github.com/privacybydesign/gabi/big",
"github.com/sirupsen/logrus",
"github.com/spf13/cast",
"github.com/spf13/cobra",
"github.com/spf13/pflag",
"github.com/spf13/viper",
...
...
internal/servercore/api.go
View file @
45b21dd9
...
...
@@ -111,6 +111,10 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
}
for
_
,
file
:=
range
files
{
filename
:=
file
.
Name
()
if
filepath
.
Ext
(
filename
)
!=
".xml"
&&
strings
.
Count
(
filename
,
"."
)
!=
3
{
s
.
conf
.
Logger
.
Infof
(
"Skipping non-private key file %s encountered in private keys path"
,
filename
)
continue
}
issid
:=
irma
.
NewIssuerIdentifier
(
strings
.
TrimSuffix
(
filename
,
filepath
.
Ext
(
filename
)))
// strip .xml
if
_
,
ok
:=
s
.
conf
.
IrmaConfiguration
.
Issuers
[
issid
];
!
ok
{
return
server
.
LogError
(
errors
.
Errorf
(
"Private key %s belongs to an unknown issuer"
,
filename
))
...
...
irma/cmd/root.go
View file @
45b21dd9
...
...
@@ -19,7 +19,6 @@ var RootCmd = &cobra.Command{
// This is called by main.main(). It only needs to happen once to the rootCmd.
func
Execute
()
{
if
err
:=
RootCmd
.
Execute
();
err
!=
nil
{
fmt
.
Println
(
err
)
os
.
Exit
(
-
1
)
}
}
...
...
irma/cmd/session.go
View file @
45b21dd9
...
...
@@ -22,12 +22,21 @@ var (
httpServer
*
http
.
Server
irmaServer
*
irmaserver
.
Server
logger
*
logrus
.
Logger
defaulturl
string
)
// sessionCmd represents the session command
var
sessionCmd
=
&
cobra
.
Command
{
Use
:
"session"
,
Short
:
"Perform an IRMA disclosure, issuance or signature session"
,
Long
:
`Perform an IRMA disclosure, issuance or signature session on the command line
Using either the builtin IRMA server library, or an external IRMA server (specify its URL
with --server), an IRMA session is started; the QR is printed in the terminal; and the session
result is printed when the session completes or fails.
A session request can either be constructed using the --disclose, --issue, and --sign together
with --message flags, or it can be specified as JSON to the --request flag.`
,
Example
:
`irma session --disclose irma-demo.MijnOverheid.root.BSN
irma session --sign irma-demo.MijnOverheid.root.BSN --message message
irma session --issue irma-demo.MijnOverheid.ageLower=yes,yes,yes,no --disclose irma-demo.MijnOverheid.root.BSN
...
...
@@ -45,7 +54,7 @@ irma session --server http://localhost:48680 --authmethod token --key mytoken --
noqr
,
_
:=
cmd
.
Flags
()
.
GetBool
(
"noqr"
)
flags
:=
cmd
.
Flags
()
if
url
!=
""
&&
serverurl
!=
""
{
if
url
!=
defaulturl
&&
serverurl
!=
""
{
die
(
"Failed to read configuration"
,
errors
.
New
(
"--url can't be combined with --server"
))
}
...
...
@@ -211,7 +220,8 @@ func configure(cmd *cobra.Command) (irma.RequestorRequest, *irma.Configuration,
func
init
()
{
RootCmd
.
AddCommand
(
sessionCmd
)
defaulturl
,
err
:=
server
.
LocalIP
()
var
err
error
defaulturl
,
err
=
server
.
LocalIP
()
if
err
!=
nil
{
logger
.
Warn
(
"Could not determine local IP address: "
,
err
.
Error
())
}
else
{
...
...
@@ -220,10 +230,10 @@ func init() {
flags
:=
sessionCmd
.
Flags
()
flags
.
SortFlags
=
false
flags
.
StringP
(
"url"
,
"u"
,
defaulturl
,
"external URL used when using the builtin library"
)
flags
.
IntP
(
"port"
,
"p"
,
48680
,
"port to listen at"
)
flags
.
String
(
"server"
,
""
,
"External IRMA server to post request to (leave blank to use builtin library)"
)
flags
.
StringP
(
"url"
,
"u"
,
defaulturl
,
"external URL to which IRMA app connects (when not using --server)"
)
flags
.
IntP
(
"port"
,
"p"
,
48680
,
"port to listen at (when not using --server)"
)
flags
.
Bool
(
"noqr"
,
false
,
"Print JSON instead of draw QR"
)
flags
.
String
(
"server"
,
""
,
"Server to post request to (leave blank to use builtin library)"
)
flags
.
StringP
(
"request"
,
"r"
,
""
,
"JSON session request"
)
flags
.
StringP
(
"privkeys"
,
"k"
,
""
,
"path to private keys"
)
...
...
irma_signature.go
View file @
45b21dd9
...
...
@@ -11,18 +11,25 @@ import (
"github.com/privacybydesign/gabi/big"
)
const
SignedMessageLDContext
=
"https://irma.app/ld/signature/v2"
// SignedMessage is a message signed with an attribute-based signature
// The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
type
SignedMessage
struct
{
LDContext
string
`json:"@context"`
Signature
gabi
.
ProofList
`json:"signature"`
Indices
DisclosedAttributeIndices
`json:"indices"`
Nonce
*
big
.
Int
`json:"nonce"`
Context
*
big
.
Int
`json:"context"`
Message
string
`json:"message"`
Timestamp
*
atum
.
Timestamp
`json:"timestamp"`
}
// Message version. Current version is 2.
Version
int
`json:"v,omitempty"`
func
(
sm
*
SignedMessage
)
Version
()
int
{
if
sm
.
LDContext
==
""
{
return
1
}
return
2
}
func
(
sm
*
SignedMessage
)
GetNonce
()
*
big
.
Int
{
...
...
irmaclient/logs.go
View file @
45b21dd9
...
...
@@ -20,10 +20,10 @@ type LogEntry struct {
request
irma
.
SessionRequest
// cached parsed version of Request; get with LogEntry.SessionRequest()
// Session type-specific info
Removed
map
[
irma
.
CredentialTypeIdentifier
][]
irma
.
TranslatedString
`json:",omitempty"`
// In case of credential removal
SignedMessage
[]
byte
`json:",omitempty"`
// In case of signature sessions
Timestamp
*
atum
.
Timestamp
`json:",omitempty"`
// In case of signature sessions
Sign
atureVersion
int
`json:",omitempty"`
// In case of signature sessions
Removed
map
[
irma
.
CredentialTypeIdentifier
][]
irma
.
TranslatedString
`json:",omitempty"`
// In case of credential removal
SignedMessage
[]
byte
`json:",omitempty"`
// In case of signature sessions
Timestamp
*
atum
.
Timestamp
`json:",omitempty"`
// In case of signature sessions
Sign
edMessageLDContext
string
`json:",omitempty"`
// In case of signature sessions
IssueCommitment
*
irma
.
IssueCommitmentMessage
`json:",omitempty"`
Disclosure
*
irma
.
Disclosure
`json:",omitempty"`
...
...
@@ -106,12 +106,12 @@ func (entry *LogEntry) GetSignedMessage() (abs *irma.SignedMessage, err error) {
}
sigrequest
:=
request
.
(
*
irma
.
SignatureRequest
)
return
&
irma
.
SignedMessage
{
LDContext
:
entry
.
SignedMessageLDContext
,
Signature
:
entry
.
Disclosure
.
Proofs
,
Nonce
:
sigrequest
.
Nonce
,
Context
:
sigrequest
.
GetContext
(),
Message
:
string
(
entry
.
SignedMessage
),
Timestamp
:
entry
.
Timestamp
,
Version
:
entry
.
SignatureVersion
,
},
nil
}
...
...
@@ -135,7 +135,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
request
:=
session
.
request
.
(
*
irma
.
SignatureRequest
)
entry
.
SignedMessage
=
[]
byte
(
request
.
Message
)
entry
.
Timestamp
=
session
.
timestamp
entry
.
Sign
atureVersion
=
2
entry
.
Sign
edMessageLDContext
=
irma
.
SignedMessageLDContext
fallthrough
case
irma
.
ActionDisclosing
:
...
...
requests.go
View file @
45b21dd9
...
...
@@ -611,13 +611,13 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp
nonce
=
bigZero
}
return
&
SignedMessage
{
LDContext
:
SignedMessageLDContext
,
Signature
:
signature
.
Proofs
,
Indices
:
signature
.
Indices
,
Nonce
:
nonce
,
Context
:
sr
.
GetContext
(),
Message
:
sr
.
Message
,
Timestamp
:
timestamp
,
Version
:
2
,
},
nil
}
...
...
server/requestorserver/server.go
View file @
45b21dd9
...
...
@@ -375,15 +375,18 @@ func (s *Server) handleJwtProofs(w http.ResponseWriter, r *http.Request) {
// Fill standard claims
switch
res
.
Type
{
case
irma
.
ActionDisclosing
:
claims
[
"sub
ject
"
]
=
"
verification
_result"
claims
[
"sub"
]
=
"
disclosure
_result"
case
irma
.
ActionSigning
:
claims
[
"subject"
]
=
"abs_result"
claims
[
"sub"
]
=
"abs_result"
default
:
server
.
WriteError
(
w
,
server
.
ErrorInvalidRequest
,
""
)
return
}
claims
[
"iat"
]
=
time
.
Now
()
.
Unix
()
if
s
.
conf
.
JwtIssuer
!=
""
{
claims
[
"iss"
]
=
s
.
conf
.
JwtIssuer
}
claims
[
"status"
]
=
res
.
Status
claims
[
"status"
]
=
res
.
Proof
Status
validity
:=
s
.
irmaserv
.
GetRequest
(
sessiontoken
)
.
Base
()
.
ResultJwtValidity
if
validity
!=
0
{
claims
[
"exp"
]
=
time
.
Now
()
.
Unix
()
+
int64
(
validity
)
...
...
timestamp.go
View file @
45b21dd9
...
...
@@ -112,7 +112,7 @@ func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) er
}
}
bts
,
err
:=
TimestampRequest
(
message
,
sigs
,
disclosed
,
sm
.
Version
>=
2
,
conf
)
bts
,
err
:=
TimestampRequest
(
message
,
sigs
,
disclosed
,
sm
.
Version
()
>=
2
,
conf
)
if
err
!=
nil
{
return
err
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment