Merge branch 'new-abs-format' into condiscon

45b21dd9 · Sietse Ringers · ca000edb · 993d43bf · 45b21dd9 · 45b21dd9
Commit 45b21dd9 authored May 08, 2019 by Sietse Ringers
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -272,7 +272,7 @@

 [[projects]]
  branch = "master"
-  digest = "1:bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd"
+  digest = "1:efc4c33449984cda3f7880142fbf35fdc16c7e9c4c27c50a8e77bd055400cceb"
  name = "github.com/privacybydesign/gabi"
  packages = [
    ".",
@@ -280,7 +280,7 @@
    "safeprime",
  ]
  pruneopts = "UT"
-  revision = "a5a01cfeac1cf9781b73016f7f5492fd1bfca2ff"
+  revision = "ce779395f4c98898f21f8c49f71f4b3353995127"

 [[projects]]
  digest = "1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70"
@@ -480,6 +480,7 @@
    "github.com/privacybydesign/gabi",
    "github.com/privacybydesign/gabi/big",
    "github.com/sirupsen/logrus",
+    "github.com/spf13/cast",
    "github.com/spf13/cobra",
    "github.com/spf13/pflag",
    "github.com/spf13/viper",

--- a/internal/servercore/api.go
+++ b/internal/servercore/api.go
@@ -111,6 +111,10 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
 		}
 		for _, file := range files {
 			filename := file.Name()
+			if filepath.Ext(filename) != ".xml" && strings.Count(filename, ".") != 3 {
+				s.conf.Logger.Infof("Skipping non-private key file %s encountered in private keys path", filename)
+				continue
+			}
 			issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
 			if _, ok := s.conf.IrmaConfiguration.Issuers[issid]; !ok {
 				return server.LogError(errors.Errorf("Private key %s belongs to an unknown issuer", filename))

--- a/irma/cmd/root.go
+++ b/irma/cmd/root.go
@@ -19,7 +19,6 @@ var RootCmd = &cobra.Command{
 // This is called by main.main(). It only needs to happen once to the rootCmd.
 func Execute() {
 	if err := RootCmd.Execute(); err != nil {
-		fmt.Println(err)
 		os.Exit(-1)
 	}
 }

--- a/irma/cmd/session.go
+++ b/irma/cmd/session.go
@@ -22,12 +22,21 @@ var (
 	httpServer *http.Server
 	irmaServer *irmaserver.Server
 	logger     *logrus.Logger
+	defaulturl string
 )

 // sessionCmd represents the session command
 var sessionCmd = &cobra.Command{
 	Use:   "session",
 	Short: "Perform an IRMA disclosure, issuance or signature session",
+	Long: `Perform an IRMA disclosure, issuance or signature session on the command line
+
+Using either the builtin IRMA server library, or an external IRMA server (specify its URL
+with --server), an IRMA session is started; the QR is printed in the terminal; and the session
+result is printed when the session completes or fails.
+
+A session request can either be constructed using the --disclose, --issue, and --sign together
+with --message flags, or it can be specified as JSON to the --request flag.`,
 	Example: `irma session --disclose irma-demo.MijnOverheid.root.BSN
 irma session --sign irma-demo.MijnOverheid.root.BSN --message message
 irma session --issue irma-demo.MijnOverheid.ageLower=yes,yes,yes,no --disclose irma-demo.MijnOverheid.root.BSN
@@ -45,7 +54,7 @@ irma session --server http://localhost:48680 --authmethod token --key mytoken --
 		noqr, _ := cmd.Flags().GetBool("noqr")
 		flags := cmd.Flags()

-		if url != "" && serverurl != "" {
+		if url != defaulturl && serverurl != "" {
 			die("Failed to read configuration", errors.New("--url can't be combined with --server"))
 		}

@@ -211,7 +220,8 @@ func configure(cmd *cobra.Command) (irma.RequestorRequest, *irma.Configuration,
 func init() {
 	RootCmd.AddCommand(sessionCmd)

-	defaulturl, err := server.LocalIP()
+	var err error
+	defaulturl, err = server.LocalIP()
 	if err != nil {
 		logger.Warn("Could not determine local IP address: ", err.Error())
 	} else {
@@ -220,10 +230,10 @@ func init() {

 	flags := sessionCmd.Flags()
 	flags.SortFlags = false
-	flags.StringP("url", "u", defaulturl, "external URL used when using the builtin library")
-	flags.IntP("port", "p", 48680, "port to listen at")
+	flags.String("server", "", "External IRMA server to post request to (leave blank to use builtin library)")
+	flags.StringP("url", "u", defaulturl, "external URL to which IRMA app connects (when not using --server)")
+	flags.IntP("port", "p", 48680, "port to listen at (when not using --server)")
 	flags.Bool("noqr", false, "Print JSON instead of draw QR")
-	flags.String("server", "", "Server to post request to (leave blank to use builtin library)")
 	flags.StringP("request", "r", "", "JSON session request")
 	flags.StringP("privkeys", "k", "", "path to private keys")


--- a/irma_signature.go
+++ b/irma_signature.go
@@ -11,18 +11,25 @@ import (
 	"github.com/privacybydesign/gabi/big"
 )

+const SignedMessageLDContext = "https://irma.app/ld/signature/v2"
+
 // SignedMessage is a message signed with an attribute-based signature
 // The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
 type SignedMessage struct {
+	LDContext string                    `json:"@context"`
 	Signature gabi.ProofList            `json:"signature"`
 	Indices   DisclosedAttributeIndices `json:"indices"`
 	Nonce     *big.Int                  `json:"nonce"`
 	Context   *big.Int                  `json:"context"`
 	Message   string                    `json:"message"`
 	Timestamp *atum.Timestamp           `json:"timestamp"`
+}

-	// Message version. Current version is 2.
-	Version int `json:"v,omitempty"`
+func (sm *SignedMessage) Version() int {
+	if sm.LDContext == "" {
+		return 1
+	}
+	return 2
 }

 func (sm *SignedMessage) GetNonce() *big.Int {

--- a/irmaclient/logs.go
+++ b/irmaclient/logs.go
@@ -20,10 +20,10 @@ type LogEntry struct {
 	request irma.SessionRequest // cached parsed version of Request; get with LogEntry.SessionRequest()

 	// Session type-specific info
-	Removed          map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"` // In case of credential removal
-	SignedMessage    []byte                                                    `json:",omitempty"` // In case of signature sessions
-	Timestamp        *atum.Timestamp                                           `json:",omitempty"` // In case of signature sessions
-	SignatureVersion int                                                       `json:",omitempty"` // In case of signature sessions
+	Removed                map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"` // In case of credential removal
+	SignedMessage          []byte                                                    `json:",omitempty"` // In case of signature sessions
+	Timestamp              *atum.Timestamp                                           `json:",omitempty"` // In case of signature sessions
+	SignedMessageLDContext string                                                    `json:",omitempty"` // In case of signature sessions

 	IssueCommitment *irma.IssueCommitmentMessage `json:",omitempty"`
 	Disclosure      *irma.Disclosure             `json:",omitempty"`
@@ -106,12 +106,12 @@ func (entry *LogEntry) GetSignedMessage() (abs *irma.SignedMessage, err error) {
 	}
 	sigrequest := request.(*irma.SignatureRequest)
 	return &irma.SignedMessage{
+		LDContext: entry.SignedMessageLDContext,
 		Signature: entry.Disclosure.Proofs,
 		Nonce:     sigrequest.Nonce,
 		Context:   sigrequest.GetContext(),
 		Message:   string(entry.SignedMessage),
 		Timestamp: entry.Timestamp,
-		Version:   entry.SignatureVersion,
 	}, nil
 }

@@ -135,7 +135,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
 		request := session.request.(*irma.SignatureRequest)
 		entry.SignedMessage = []byte(request.Message)
 		entry.Timestamp = session.timestamp
-		entry.SignatureVersion = 2
+		entry.SignedMessageLDContext = irma.SignedMessageLDContext

 		fallthrough
 	case irma.ActionDisclosing:

--- a/requests.go
+++ b/requests.go
@@ -611,13 +611,13 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp
 		nonce = bigZero
 	}
 	return &SignedMessage{
+		LDContext: SignedMessageLDContext,
 		Signature: signature.Proofs,
 		Indices:   signature.Indices,
 		Nonce:     nonce,
 		Context:   sr.GetContext(),
 		Message:   sr.Message,
 		Timestamp: timestamp,
-		Version:   2,
 	}, nil
 }


--- a/server/requestorserver/server.go
+++ b/server/requestorserver/server.go
@@ -375,15 +375,18 @@ func (s *Server) handleJwtProofs(w http.ResponseWriter, r *http.Request) {
 	// Fill standard claims
 	switch res.Type {
 	case irma.ActionDisclosing:
-		claims["subject"] = "verification_result"
+		claims["sub"] = "disclosure_result"
 	case irma.ActionSigning:
-		claims["subject"] = "abs_result"
+		claims["sub"] = "abs_result"
+	default:
+		server.WriteError(w, server.ErrorInvalidRequest, "")
+		return
 	}
 	claims["iat"] = time.Now().Unix()
 	if s.conf.JwtIssuer != "" {
 		claims["iss"] = s.conf.JwtIssuer
 	}
-	claims["status"] = res.Status
+	claims["status"] = res.ProofStatus
 	validity := s.irmaserv.GetRequest(sessiontoken).Base().ResultJwtValidity
 	if validity != 0 {
 		claims["exp"] = time.Now().Unix() + int64(validity)

--- a/timestamp.go
+++ b/timestamp.go
@@ -112,7 +112,7 @@ func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) er
 		}
 	}

-	bts, err := TimestampRequest(message, sigs, disclosed, sm.Version >= 2, conf)
+	bts, err := TimestampRequest(message, sigs, disclosed, sm.Version() >= 2, conf)
 	if err != nil {
 		return err
 	}