Merge branch 'new-abs-format' into condiscon

Gopkg.lock

@@ -272,7 +272,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:bb1a0e54dd761717865f96b989b382e0abf7f4863081cc65f5982799208254dd"
+  digest = "1:efc4c33449984cda3f7880142fbf35fdc16c7e9c4c27c50a8e77bd055400cceb"
   name = "github.com/privacybydesign/gabi"
   packages = [
     ".",
@@ -280,7 +280,7 @@
     "safeprime",
   ]
   pruneopts = "UT"
-  revision = "a5a01cfeac1cf9781b73016f7f5492fd1bfca2ff"
+  revision = "ce779395f4c98898f21f8c49f71f4b3353995127"
 
 [[projects]]
   digest = "1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70"
@@ -480,6 +480,7 @@
     "github.com/privacybydesign/gabi",
     "github.com/privacybydesign/gabi/big",
     "github.com/sirupsen/logrus",
+    "github.com/spf13/cast",
     "github.com/spf13/cobra",
     "github.com/spf13/pflag",
     "github.com/spf13/viper",

internal/servercore/api.go

@@ -111,6 +111,10 @@ func (s *Server) verifyConfiguration(configuration *server.Configuration) error
 		}
 		for _, file := range files {
 			filename := file.Name()
+			if filepath.Ext(filename) != ".xml" && strings.Count(filename, ".") != 3 {
+				s.conf.Logger.Infof("Skipping non-private key file %s encountered in private keys path", filename)
+				continue
+			}
 			issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
 			if _, ok := s.conf.IrmaConfiguration.Issuers[issid]; !ok {
 				return server.LogError(errors.Errorf("Private key %s belongs to an unknown issuer", filename))

irma/cmd/root.go

@@ -19,7 +19,6 @@ var RootCmd = &cobra.Command{
 // This is called by main.main(). It only needs to happen once to the rootCmd.
 func Execute() {
 	if err := RootCmd.Execute(); err != nil {
-		fmt.Println(err)
 		os.Exit(-1)
 	}
 }

irma/cmd/session.go

@@ -22,12 +22,21 @@ var (
 	httpServer *http.Server
 	irmaServer *irmaserver.Server
 	logger     *logrus.Logger
+	defaulturl string
 )
 
 // sessionCmd represents the session command
 var sessionCmd = &cobra.Command{
 	Use:   "session",
 	Short: "Perform an IRMA disclosure, issuance or signature session",
+	Long: `Perform an IRMA disclosure, issuance or signature session on the command line
+
+Using either the builtin IRMA server library, or an external IRMA server (specify its URL
+with --server), an IRMA session is started; the QR is printed in the terminal; and the session
+result is printed when the session completes or fails.
+
+A session request can either be constructed using the --disclose, --issue, and --sign together
+with --message flags, or it can be specified as JSON to the --request flag.`,
 	Example: `irma session --disclose irma-demo.MijnOverheid.root.BSN
 irma session --sign irma-demo.MijnOverheid.root.BSN --message message
 irma session --issue irma-demo.MijnOverheid.ageLower=yes,yes,yes,no --disclose irma-demo.MijnOverheid.root.BSN
@@ -45,7 +54,7 @@ irma session --server http://localhost:48680 --authmethod token --key mytoken --
 		noqr, _ := cmd.Flags().GetBool("noqr")
 		flags := cmd.Flags()
 
-		if url != "" && serverurl != "" {
+		if url != defaulturl && serverurl != "" {
 			die("Failed to read configuration", errors.New("--url can't be combined with --server"))
 		}
 
@@ -211,7 +220,8 @@ func configure(cmd *cobra.Command) (irma.RequestorRequest, *irma.Configuration,
 func init() {
 	RootCmd.AddCommand(sessionCmd)
 
-	defaulturl, err := server.LocalIP()
+	var err error
+	defaulturl, err = server.LocalIP()
 	if err != nil {
 		logger.Warn("Could not determine local IP address: ", err.Error())
 	} else {
@@ -220,10 +230,10 @@ func init() {
 
 	flags := sessionCmd.Flags()
 	flags.SortFlags = false
-	flags.StringP("url", "u", defaulturl, "external URL used when using the builtin library")
-	flags.IntP("port", "p", 48680, "port to listen at")
+	flags.String("server", "", "External IRMA server to post request to (leave blank to use builtin library)")
+	flags.StringP("url", "u", defaulturl, "external URL to which IRMA app connects (when not using --server)")
+	flags.IntP("port", "p", 48680, "port to listen at (when not using --server)")
 	flags.Bool("noqr", false, "Print JSON instead of draw QR")
-	flags.String("server", "", "Server to post request to (leave blank to use builtin library)")
 	flags.StringP("request", "r", "", "JSON session request")
 	flags.StringP("privkeys", "k", "", "path to private keys")
 

irma_signature.go

@@ -11,18 +11,25 @@ import (
 	"github.com/privacybydesign/gabi/big"
 )
 
+const SignedMessageLDContext = "https://irma.app/ld/signature/v2"
+
 // SignedMessage is a message signed with an attribute-based signature
 // The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
 type SignedMessage struct {
+	LDContext string                    `json:"@context"`
 	Signature gabi.ProofList            `json:"signature"`
 	Indices   DisclosedAttributeIndices `json:"indices"`
 	Nonce     *big.Int                  `json:"nonce"`
 	Context   *big.Int                  `json:"context"`
 	Message   string                    `json:"message"`
 	Timestamp *atum.Timestamp           `json:"timestamp"`
+}
 
-	// Message version. Current version is 2.
-	Version int `json:"v,omitempty"`
+func (sm *SignedMessage) Version() int {
+	if sm.LDContext == "" {
+		return 1
+	}
+	return 2
 }
 
 func (sm *SignedMessage) GetNonce() *big.Int {

irmaclient/logs.go

@@ -20,10 +20,10 @@ type LogEntry struct {
 	request irma.SessionRequest // cached parsed version of Request; get with LogEntry.SessionRequest()
 
 	// Session type-specific info
-	Removed          map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"` // In case of credential removal
-	SignedMessage    []byte                                                    `json:",omitempty"` // In case of signature sessions
-	Timestamp        *atum.Timestamp                                           `json:",omitempty"` // In case of signature sessions
-	SignatureVersion int                                                       `json:",omitempty"` // In case of signature sessions
+	Removed                map[irma.CredentialTypeIdentifier][]irma.TranslatedString `json:",omitempty"` // In case of credential removal
+	SignedMessage          []byte                                                    `json:",omitempty"` // In case of signature sessions
+	Timestamp              *atum.Timestamp                                           `json:",omitempty"` // In case of signature sessions
+	SignedMessageLDContext string                                                    `json:",omitempty"` // In case of signature sessions
 
 	IssueCommitment *irma.IssueCommitmentMessage `json:",omitempty"`
 	Disclosure      *irma.Disclosure             `json:",omitempty"`
@@ -106,12 +106,12 @@ func (entry *LogEntry) GetSignedMessage() (abs *irma.SignedMessage, err error) {
 	}
 	sigrequest := request.(*irma.SignatureRequest)
 	return &irma.SignedMessage{
+		LDContext: entry.SignedMessageLDContext,
 		Signature: entry.Disclosure.Proofs,
 		Nonce:     sigrequest.Nonce,
 		Context:   sigrequest.GetContext(),
 		Message:   string(entry.SignedMessage),
 		Timestamp: entry.Timestamp,
-		Version:   entry.SignatureVersion,
 	}, nil
 }
 
@@ -135,7 +135,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
 		request := session.request.(*irma.SignatureRequest)
 		entry.SignedMessage = []byte(request.Message)
 		entry.Timestamp = session.timestamp
-		entry.SignatureVersion = 2
+		entry.SignedMessageLDContext = irma.SignedMessageLDContext
 
 		fallthrough
 	case irma.ActionDisclosing:

requests.go

@@ -611,13 +611,13 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp
 		nonce = bigZero
 	}
 	return &SignedMessage{
+		LDContext: SignedMessageLDContext,
 		Signature: signature.Proofs,
 		Indices:   signature.Indices,
 		Nonce:     nonce,
 		Context:   sr.GetContext(),
 		Message:   sr.Message,
 		Timestamp: timestamp,
-		Version:   2,
 	}, nil
 }
 

server/requestorserver/server.go

@@ -375,15 +375,18 @@ func (s *Server) handleJwtProofs(w http.ResponseWriter, r *http.Request) {
 	// Fill standard claims
 	switch res.Type {
 	case irma.ActionDisclosing:
-		claims["subject"] = "verification_result"
+		claims["sub"] = "disclosure_result"
 	case irma.ActionSigning:
-		claims["subject"] = "abs_result"
+		claims["sub"] = "abs_result"
+	default:
+		server.WriteError(w, server.ErrorInvalidRequest, "")
+		return
 	}
 	claims["iat"] = time.Now().Unix()
 	if s.conf.JwtIssuer != "" {
 		claims["iss"] = s.conf.JwtIssuer
 	}
-	claims["status"] = res.Status
+	claims["status"] = res.ProofStatus
 	validity := s.irmaserv.GetRequest(sessiontoken).Base().ResultJwtValidity
 	if validity != 0 {
 		claims["exp"] = time.Now().Unix() + int64(validity)

timestamp.go

@@ -112,7 +112,7 @@ func (sm *SignedMessage) VerifyTimestamp(message string, conf *Configuration) er
 		}
 	}
 
-	bts, err := TimestampRequest(message, sigs, disclosed, sm.Version >= 2, conf)
+	bts, err := TimestampRequest(message, sigs, disclosed, sm.Version() >= 2, conf)
 	if err != nil {
 		return err
 	}