Commit 45b21dd9 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Merge branch 'new-abs-format' into condiscon

parents ca000edb 993d43bf
......@@ -272,7 +272,7 @@
[[projects]]
branch = "master"
digest = "1:bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd"
digest = "1:efc4c33449984cda3f7880142fbf35fdc16c7e9c4c27c50a8e77bd055400cceb"
name = "github.com/privacybydesign/gabi"
packages = [
".",
......@@ -280,7 +280,7 @@
"safeprime",
]
pruneopts = "UT"
revision = "a5a01cfeac1cf9781b73016f7f5492fd1bfca2ff"
revision = "ce779395f4c98898f21f8c49f71f4b3353995127"
[[projects]]
digest = "1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70"
......@@ -480,6 +480,7 @@
"github.com/privacybydesign/gabi",
"github.com/privacybydesign/gabi/big",
"github.com/sirupsen/logrus",
"github.com/spf13/cast",
"github.com/spf13/cobra",
"github.com/spf13/pflag",
"github.com/spf13/viper",
......
......@@ -111,6 +111,10 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
}
for _, file := range files {
filename := file.Name()
if filepath.Ext(filename) != ".xml" && strings.Count(filename, ".") != 3 {
s.conf.Logger.Infof("Skipping non-private key file %s encountered in private keys path", filename)
continue
}
issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
if _, ok := s.conf.IrmaConfiguration.Issuers[issid]; !ok {
return server.LogError(errors.Errorf("Private key %s belongs to an unknown issuer", filename))
......
......@@ -19,7 +19,6 @@ var RootCmd = &cobra.Command{
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
if err := RootCmd.Execute(); err != nil {
fmt.Println(err)
os.Exit(-1)
}
}
......
......@@ -22,12 +22,21 @@ var (
httpServer *http.Server
irmaServer *irmaserver.Server
logger *logrus.Logger
defaulturl string
)
// sessionCmd represents the session command
var sessionCmd = &cobra.Command{
Use: "session",
Short: "Perform an IRMA disclosure, issuance or signature session",
Long: `Perform an IRMA disclosure, issuance or signature session on the command line
Using either the builtin IRMA server library, or an external IRMA server (specify its URL
with --server), an IRMA session is started; the QR is printed in the terminal; and the session
result is printed when the session completes or fails.
A session request can either be constructed using the --disclose, --issue, and --sign together
with --message flags, or it can be specified as JSON to the --request flag.`,
Example: `irma session --disclose irma-demo.MijnOverheid.root.BSN
irma session --sign irma-demo.MijnOverheid.root.BSN --message message
irma session --issue irma-demo.MijnOverheid.ageLower=yes,yes,yes,no --disclose irma-demo.MijnOverheid.root.BSN
......@@ -45,7 +54,7 @@ irma session --server http://localhost:48680 --authmethod token --key mytoken --
noqr, _ := cmd.Flags().GetBool("noqr")
flags := cmd.Flags()
if url != "" && serverurl != "" {
if url != defaulturl && serverurl != "" {
die("Failed to read configuration", errors.New("--url can't be combined with --server"))
}
......@@ -211,7 +220,8 @@ func configure(cmd *cobra.Command) (irma.RequestorRequest, *irma.Configuration,
func init() {
RootCmd.AddCommand(sessionCmd)
defaulturl, err := server.LocalIP()
var err error
defaulturl, err = server.LocalIP()
if err != nil {
logger.Warn("Could not determine local IP address: ", err.Error())
} else {
......@@ -220,10 +230,10 @@ func init() {
flags := sessionCmd.Flags()
flags.SortFlags = false
flags.StringP("url", "u", defaulturl, "external URL used when using the builtin library")
flags.IntP("port", "p", 48680, "port to listen at")
flags.String("server", "", "External IRMA server to post request to (leave blank to use builtin library)")
flags.StringP("url", "u", defaulturl, "external URL to which IRMA app connects (when not using --server)")
flags.IntP("port", "p", 48680, "port to listen at (when not using --server)")
flags.Bool("noqr", false, "Print JSON instead of draw QR")
flags.String("server", "", "Server to post request to (leave blank to use builtin library)")
flags.StringP("request", "r", "", "JSON session request")
flags.StringP("privkeys", "k", "", "path to private keys")
......
......@@ -11,18 +11,25 @@ import (
"github.com/privacybydesign/gabi/big"
)
const SignedMessageLDContext = "https://irma.app/ld/signature/v2"
// SignedMessage is a message signed with an attribute-based signature
// The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
type SignedMessage struct {
LDContext string `json:"@context"`
Signature gabi.ProofList `json:"signature"`
Indices DisclosedAttributeIndices `json:"indices"`
Nonce *big.Int `json:"nonce"`
Context *big.Int `json:"context"`
Message string `json:"message"`
Timestamp *atum.Timestamp `json:"timestamp"`
}
// Message version. Current version is 2.
Version int `json:"v,omitempty"`
func (sm *SignedMessage) Version() int {
if sm.LDContext == "" {
return 1
}
return 2
}
func (sm *SignedMessage) GetNonce() *big.Int {
......
......@@ -20,10 +20,10 @@ type LogEntry struct {
request irma.SessionRequest // cached parsed version of Request; get with LogEntry.SessionRequest()
// Session type-specific info
Removed map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"` // In case of credential removal
SignedMessage []byte `json:",omitempty"` // In case of signature sessions
Timestamp *atum.Timestamp `json:",omitempty"` // In case of signature sessions
SignatureVersion int `json:",omitempty"` // In case of signature sessions
Removed map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"` // In case of credential removal
SignedMessage []byte `json:",omitempty"` // In case of signature sessions
Timestamp *atum.Timestamp `json:",omitempty"` // In case of signature sessions
SignedMessageLDContext string `json:",omitempty"` // In case of signature sessions
IssueCommitment *irma.IssueCommitmentMessage `json:",omitempty"`
Disclosure *irma.Disclosure `json:",omitempty"`
......@@ -106,12 +106,12 @@ func (entry *LogEntry) GetSignedMessage() (abs *irma.SignedMessage, err error) {
}
sigrequest := request.(*irma.SignatureRequest)
return &irma.SignedMessage{
LDContext: entry.SignedMessageLDContext,
Signature: entry.Disclosure.Proofs,
Nonce: sigrequest.Nonce,
Context: sigrequest.GetContext(),
Message: string(entry.SignedMessage),
Timestamp: entry.Timestamp,
Version: entry.SignatureVersion,
}, nil
}
......@@ -135,7 +135,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
request := session.request.(*irma.SignatureRequest)
entry.SignedMessage = []byte(request.Message)
entry.Timestamp = session.timestamp
entry.SignatureVersion = 2
entry.SignedMessageLDContext = irma.SignedMessageLDContext
fallthrough
case irma.ActionDisclosing:
......
......@@ -611,13 +611,13 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp
nonce = bigZero
}
return &SignedMessage{
LDContext: SignedMessageLDContext,
Signature: signature.Proofs,
Indices: signature.Indices,
Nonce: nonce,
Context: sr.GetContext(),
Message: sr.Message,
Timestamp: timestamp,
Version: 2,
}, nil
}
......
......@@ -375,15 +375,18 @@ func (s *Server) handleJwtProofs(w http.ResponseWriter, r *http.Request) {
// Fill standard claims
switch res.Type {
case irma.ActionDisclosing:
claims["subject"] = "verification_result"
claims["sub"] = "disclosure_result"
case irma.ActionSigning:
claims["subject"] = "abs_result"
claims["sub"] = "abs_result"
default:
server.WriteError(w, server.ErrorInvalidRequest, "")
return
}
claims["iat"] = time.Now().Unix()
if s.conf.JwtIssuer != "" {
claims["iss"] = s.conf.JwtIssuer
}
claims["status"] = res.Status
claims["status"] = res.ProofStatus
validity := s.irmaserv.GetRequest(sessiontoken).Base().ResultJwtValidity
if validity != 0 {
claims["exp"] = time.Now().Unix() + int64(validity)
......
......@@ -112,7 +112,7 @@ func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) er
}
}
bts, err := TimestampRequest(message, sigs, disclosed, sm.Version >= 2, conf)
bts, err := TimestampRequest(message, sigs, disclosed, sm.Version() >= 2, conf)
if err != nil {
return err
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment