Commit 47b28f82 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: Remove session state from BaseRequest and SignatureRequest

parent 855ea196
......@@ -127,7 +127,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
// Verify all proofs and check disclosed attributes, if any, against request
session.result.Disclosed, session.result.ProofStatus, err = commitments.Disclosure().VerifyAgainstDisjunctions(
session.conf.IrmaConfiguration, request.Disclose, request.GetContext(), request.GetNonce(), pubkeys, false)
session.conf.IrmaConfiguration, request.Disclose, request.GetContext(), request.GetNonce(nil), pubkeys, false)
if err != nil {
if err == irma.ErrorMissingPublicKey {
return nil, session.fail(server.ErrorUnknownPublicKey, "")
......
......@@ -101,28 +101,21 @@ func (th TestHandler) UnsatisfiableRequest(serverName irma.TranslatedString, mis
ErrorType: irma.ErrorType("UnsatisfiableRequest"),
})
}
func (th TestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
choice := &irma.DisclosureChoice{
Attributes: [][]*irma.AttributeIdentifier{},
}
var candidates [][]*irma.AttributeIdentifier
for _, disjunction := range request.Disclose {
candidates, _ = th.client.Candidates(disjunction)
if len(candidates) == 0 {
th.Failure(&irma.SessionError{Err: errors.New("No disclosure candidates found")})
}
choice.Attributes = append(choice.Attributes, candidates[rand.Intn(len(candidates))])
func (th TestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
var choice irma.DisclosureChoice
for _, cand := range candidates {
choice.Attributes = append(choice.Attributes, cand[0])
}
if len(th.expectedServerName) != 0 {
require.Equal(th.t, th.expectedServerName, ServerName)
}
callback(true, choice)
callback(true, &choice)
}
func (th TestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, ServerName, callback)
func (th TestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, candidates, ServerName, callback)
}
func (th TestHandler) RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, ServerName, callback)
func (th TestHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, candidates, ServerName, callback)
}
func (th TestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
callback(true)
......@@ -174,10 +167,10 @@ func (th *ManualTestHandler) Success(result string) {
th.c <- retval
}
func (th *ManualTestHandler) RequestSignaturePermission(request *irma.SignatureRequest, requesterName irma.TranslatedString, ph irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, requesterName, ph)
func (th *ManualTestHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, requesterName irma.TranslatedString, ph irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, candidates, requesterName, ph)
}
func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, issuerName irma.TranslatedString, ph irmaclient.PermissionHandler) {
func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, issuerName irma.TranslatedString, ph irmaclient.PermissionHandler) {
ph(true, nil)
}
......@@ -185,9 +178,9 @@ func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceReq
func (th *ManualTestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
th.Failure(&irma.SessionError{Err: errors.New("Unexpected session type")})
}
func (th *ManualTestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, verifierName irma.TranslatedString, ph irmaclient.PermissionHandler) {
func (th *ManualTestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, verifierName irma.TranslatedString, ph irmaclient.PermissionHandler) {
var choice irma.DisclosureChoice
for _, cand := range request.Candidates {
for _, cand := range candidates {
choice.Attributes = append(choice.Attributes, cand[0])
}
ph(true, &choice)
......
......@@ -28,7 +28,7 @@ func (sm *SignedMessage) GetNonce() *big.Int {
func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool {
return sm.Context.Cmp(request.GetContext()) == 0 &&
sm.GetNonce().Cmp(request.GetNonce()) == 0
sm.GetNonce().Cmp(request.GetNonce(sm.Timestamp)) == 0
}
func (sm *SignedMessage) Disclosure() *Disclosure {
......
......@@ -4,6 +4,7 @@ import (
"strconv"
"time"
"github.com/bwesterb/go-atum"
"github.com/getsentry/raven-go"
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
......@@ -644,23 +645,24 @@ func (client *Client) groupCredentials(choice *irma.DisclosureChoice) (
}
// ProofBuilders constructs a list of proof builders for the specified attribute choice.
func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest, issig bool,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, error) {
func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *atum.Timestamp, error) {
todisclose, attributeIndices, err := client.groupCredentials(choice)
if err != nil {
return nil, nil, err
return nil, nil, nil, err
}
builders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
for _, grp := range todisclose {
cred, err := client.credentialByID(grp.cred)
if err != nil {
return nil, nil, err
return nil, nil, nil, err
}
builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(grp.attrs))
}
if issig {
var timestamp *atum.Timestamp
if r, ok := request.(*irma.SignatureRequest); ok {
var sigs []*big.Int
var disclosed [][]*big.Int
var s *big.Int
......@@ -670,27 +672,27 @@ func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.
sigs = append(sigs, s)
disclosed = append(disclosed, d)
}
r := request.(*irma.SignatureRequest)
r.Timestamp, err = irma.GetTimestamp(r.Message, sigs, disclosed)
timestamp, err = irma.GetTimestamp(r.Message, sigs, disclosed)
if err != nil {
return nil, nil, err
return nil, nil, nil, err
}
}
return builders, attributeIndices, nil
return builders, attributeIndices, timestamp, nil
}
// Proofs computes disclosure proofs containing the attributes specified by choice.
func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest, issig bool) (*irma.Disclosure, error) {
builders, choices, err := client.ProofBuilders(choice, request, issig)
func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest) (*irma.Disclosure, *atum.Timestamp, error) {
builders, choices, timestamp, err := client.ProofBuilders(choice, request)
if err != nil {
return nil, err
return nil, nil, err
}
_, issig := request.(*irma.SignatureRequest)
return &irma.Disclosure{
Proofs: builders.BuildProofList(request.Base().GetContext(), request.GetNonce(), issig),
Proofs: builders.BuildProofList(request.Base().GetContext(), request.GetNonce(timestamp), issig),
Indices: choices,
}, nil
}, timestamp, nil
}
// generateIssuerProofNonce generates a nonce which the issuer must use in its gabi.ProofS.
......@@ -701,7 +703,7 @@ func generateIssuerProofNonce() (*big.Int, error) {
// IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
// for the future credentials as well as possibly any disclosed attributes, and generates
// a nonce against which the issuer's proof of knowledge must verify.
func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) {
issuerProofNonce, err := generateIssuerProofNonce()
if err != nil {
......@@ -719,7 +721,7 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
builders = append(builders, credBuilder)
}
disclosures, choices, err := client.ProofBuilders(request.Choice, request, false)
disclosures, choices, _, err := client.ProofBuilders(choice, request)
if err != nil {
return nil, nil, nil, err
}
......@@ -729,15 +731,15 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
// IssueCommitments computes issuance commitments, along with disclosure proofs specified by choice,
// and also returns the credential builders which will become the new credentials upon combination with the issuer's signature.
func (client *Client) IssueCommitments(request *irma.IssuanceRequest,
func (client *Client) IssueCommitments(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
) (*irma.IssueCommitmentMessage, gabi.ProofBuilderList, error) {
builders, choices, issuerProofNonce, err := client.IssuanceProofBuilders(request)
builders, choices, issuerProofNonce, err := client.IssuanceProofBuilders(request, choice)
if err != nil {
return nil, nil, err
}
return &irma.IssueCommitmentMessage{
IssueCommitmentMessage: &gabi.IssueCommitmentMessage{
Proofs: builders.BuildProofList(request.GetContext(), request.GetNonce(), false),
Proofs: builders.BuildProofList(request.GetContext(), request.GetNonce(nil), false),
Nonce2: issuerProofNonce,
},
Indices: choices,
......
......@@ -18,7 +18,7 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)
// Session handlers in the order they are called
func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler) {
func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
// Fetch the username from the credential request and save it along with the scheme manager
smi := request.Credentials[0].CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
attr := irma.NewAttributeTypeIdentifier(h.client.Configuration.SchemeManagers[smi].KeyshareAttribute)
......@@ -55,10 +55,10 @@ func (h *keyshareEnrollmentHandler) fail(err error) {
func (h *keyshareEnrollmentHandler) StatusUpdate(action irma.Action, status irma.Status) {}
// The methods below should never be called, so we let each of them fail the session
func (h *keyshareEnrollmentHandler) RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler) {
func (h *keyshareEnrollmentHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
callback(false, nil)
}
func (h *keyshareEnrollmentHandler) RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler) {
func (h *keyshareEnrollmentHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
callback(false, nil)
}
func (h *keyshareEnrollmentHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
......
......@@ -10,6 +10,7 @@ import (
"strings"
"time"
"github.com/bwesterb/go-atum"
"github.com/dgrijalva/jwt-go"
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
......@@ -48,6 +49,7 @@ type keyshareSession struct {
keyshareServer *keyshareServer // The one keyshare server in use in case of issuance
transports map[irma.SchemeManagerIdentifier]*irma.HTTPTransport
issuerProofNonce *big.Int
timestamp *atum.Timestamp
pinCheck bool
}
......@@ -159,6 +161,7 @@ func startKeyshareSession(
conf *irma.Configuration,
keyshareServers map[irma.SchemeManagerIdentifier]*keyshareServer,
issuerProofNonce *big.Int,
timestamp *atum.Timestamp,
) {
ksscount := 0
for managerID := range session.Identifiers().SchemeManagers {
......@@ -186,6 +189,7 @@ func startKeyshareSession(
conf: conf,
keyshareServers: keyshareServers,
issuerProofNonce: issuerProofNonce,
timestamp: timestamp,
pinCheck: false,
}
......@@ -403,7 +407,7 @@ func (ks *keyshareSession) GetCommitments() {
// receive their responses (2nd and 3rd message in Schnorr zero-knowledge protocol).
func (ks *keyshareSession) GetProofPs() {
_, issig := ks.session.(*irma.SignatureRequest)
challenge := ks.builders.Challenge(ks.session.Base().GetContext(), ks.session.GetNonce(), issig)
challenge := ks.builders.Challenge(ks.session.Base().GetContext(), ks.session.GetNonce(ks.timestamp), issig)
// Post the challenge, obtaining JWT's containing the ProofP's
responses := map[irma.SchemeManagerIdentifier]string{}
......
......@@ -132,7 +132,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
// Get the signed message and timestamp
request := session.request.(*irma.SignatureRequest)
entry.SignedMessage = []byte(request.Message)
entry.Timestamp = request.Timestamp
entry.Timestamp = session.timestamp
fallthrough
case irma.ActionDisclosing:
......
......@@ -7,6 +7,7 @@ import (
"reflect"
"strings"
"github.com/bwesterb/go-atum"
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
......@@ -37,9 +38,9 @@ type Handler interface {
KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler)
RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
RequestPin(remainingAttempts int, callback PinHandler)
......@@ -62,10 +63,13 @@ type session struct {
request irma.SessionRequest
done bool
// State for issuance protocol
// State for issuance sessions
issuerProofNonce *big.Int
builders gabi.ProofBuilderList
// State for signature sessions
timestamp *atum.Timestamp
// These are empty on manual sessions
Hostname string
ServerURL string
......@@ -264,25 +268,23 @@ func (session *session) processSessionInfo() {
session.Handler.UnsatisfiableRequest(session.ServerName, missing)
return
}
baserequest.Candidates = candidates
// Ask for permission to execute the session
callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
session.choice = choice
baserequest.Choice = choice
go session.doSession(proceed)
})
session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
switch session.Action {
case irma.ActionDisclosing:
session.Handler.RequestVerificationPermission(
session.request.(*irma.DisclosureRequest), session.ServerName, callback)
session.request.(*irma.DisclosureRequest), candidates, session.ServerName, callback)
case irma.ActionSigning:
session.Handler.RequestSignaturePermission(
session.request.(*irma.SignatureRequest), session.ServerName, callback)
session.request.(*irma.SignatureRequest), candidates, session.ServerName, callback)
case irma.ActionIssuing:
session.Handler.RequestIssuancePermission(
session.request.(*irma.IssuanceRequest), session.ServerName, callback)
session.request.(*irma.IssuanceRequest), candidates, session.ServerName, callback)
default:
panic("Invalid session type") // does not happen, session.Action has been checked earlier
}
......@@ -321,6 +323,7 @@ func (session *session) doSession(proceed bool) {
session.client.Configuration,
session.client.keyshareServers,
session.issuerProofNonce,
session.timestamp,
)
}
}
......@@ -336,7 +339,7 @@ func (session *session) sendResponse(message interface{}) {
switch session.Action {
case irma.ActionSigning:
irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message, session.timestamp)
if err != nil {
session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
return
......@@ -446,12 +449,10 @@ func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttr
var choices irma.DisclosedAttributeIndices
switch session.Action {
case irma.ActionSigning:
builders, choices, err = session.client.ProofBuilders(session.choice, session.request, true)
case irma.ActionDisclosing:
builders, choices, err = session.client.ProofBuilders(session.choice, session.request, false)
case irma.ActionSigning, irma.ActionDisclosing:
builders, choices, session.timestamp, err = session.client.ProofBuilders(session.choice, session.request)
case irma.ActionIssuing:
builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest), session.choice)
}
return builders, choices, issuerProofNonce, err
......@@ -464,12 +465,10 @@ func (session *session) getProof() (interface{}, error) {
var err error
switch session.Action {
case irma.ActionSigning:
message, err = session.client.Proofs(session.choice, session.request, true)
case irma.ActionDisclosing:
message, err = session.client.Proofs(session.choice, session.request, false)
case irma.ActionSigning, irma.ActionDisclosing:
message, session.timestamp, err = session.client.Proofs(session.choice, session.request)
case irma.ActionIssuing:
message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest), session.choice)
}
return message, err
......
......@@ -17,15 +17,16 @@ import (
// BaseRequest contains the context and nonce for an IRMA session.
type BaseRequest struct {
Context *big.Int `json:"context,omitempty"`
Nonce *big.Int `json:"nonce,omitempty"`
Type Action `json:"type"`
Candidates [][][]*AttributeIdentifier `json:"-"`
Choice *DisclosureChoice `json:"-"`
Ids *IrmaIdentifierSet `json:"-"`
// Denotes session type, must be "disclosing", "signing" or "issuing"
Type Action `json:"type"`
// Chosen by the IRMA server during the session
Context *big.Int `json:"context,omitempty"`
Nonce *big.Int `json:"nonce,omitempty"`
Version *ProtocolVersion `json:"protocolVersion,omitempty"`
// cache for Identifiers() method
ids *IrmaIdentifierSet
}
// An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
......@@ -49,9 +50,6 @@ type DisclosureRequest struct {
type SignatureRequest struct {
*DisclosureRequest
Message string `json:"message"`
// Session state
Timestamp *atum.Timestamp `json:"-"`
}
// An IssuanceRequest is a request to issue certain credentials,
......@@ -78,7 +76,7 @@ type CredentialRequest struct {
type SessionRequest interface {
Validator
Base() *BaseRequest
GetNonce() *big.Int
GetNonce(timestamp *atum.Timestamp) *big.Int
Disclosure() *DisclosureRequest
Identifiers() *IrmaIdentifierSet
Action() Action
......@@ -180,7 +178,7 @@ func (b *BaseRequest) GetContext() *big.Int {
return b.Context
}
func (b *BaseRequest) GetNonce() *big.Int {
func (b *BaseRequest) GetNonce(*atum.Timestamp) *big.Int {
if b.Nonce == nil {
return bigZero
}
......@@ -351,8 +349,8 @@ func (dr *DisclosureRequest) Disclosure() *DisclosureRequest {
}
func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet {
if dr.Ids == nil {
dr.Ids = &IrmaIdentifierSet{
if dr.ids == nil {
dr.ids = &IrmaIdentifierSet{
SchemeManagers: map[SchemeManagerIdentifier]struct{}{},
Issuers: map[IssuerIdentifier]struct{}{},
CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
......@@ -361,13 +359,13 @@ func (dr *DisclosureRequest) Identifiers() *IrmaIdentifierSet {
_ = dr.Disclose.Iterate(func(a *AttributeRequest) error {
attr := a.Type
dr.Ids.SchemeManagers[attr.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()] = struct{}{}
dr.Ids.Issuers[attr.CredentialTypeIdentifier().IssuerIdentifier()] = struct{}{}
dr.Ids.CredentialTypes[attr.CredentialTypeIdentifier()] = struct{}{}
dr.ids.SchemeManagers[attr.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()] = struct{}{}
dr.ids.Issuers[attr.CredentialTypeIdentifier().IssuerIdentifier()] = struct{}{}
dr.ids.CredentialTypes[attr.CredentialTypeIdentifier()] = struct{}{}
return nil
})
}
return dr.Ids
return dr.ids
}
func (dr *DisclosureRequest) Base() *BaseRequest {
......@@ -462,8 +460,8 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion
}
func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet {
if ir.Ids == nil {
ir.Ids = &IrmaIdentifierSet{
if ir.ids == nil {
ir.ids = &IrmaIdentifierSet{
SchemeManagers: map[SchemeManagerIdentifier]struct{}{},
Issuers: map[IssuerIdentifier]struct{}{},
CredentialTypes: map[CredentialTypeIdentifier]struct{}{},
......@@ -472,18 +470,18 @@ func (ir *IssuanceRequest) Identifiers() *IrmaIdentifierSet {
for _, credreq := range ir.Credentials {
issuer := credreq.CredentialTypeID.IssuerIdentifier()
ir.Ids.SchemeManagers[issuer.SchemeManagerIdentifier()] = struct{}{}
ir.Ids.Issuers[issuer] = struct{}{}
ir.Ids.CredentialTypes[credreq.CredentialTypeID] = struct{}{}
if ir.Ids.PublicKeys[issuer] == nil {
ir.Ids.PublicKeys[issuer] = []int{}
ir.ids.SchemeManagers[issuer.SchemeManagerIdentifier()] = struct{}{}
ir.ids.Issuers[issuer] = struct{}{}
ir.ids.CredentialTypes[credreq.CredentialTypeID] = struct{}{}
if ir.ids.PublicKeys[issuer] == nil {
ir.ids.PublicKeys[issuer] = []int{}
}
ir.Ids.PublicKeys[issuer] = append(ir.Ids.PublicKeys[issuer], credreq.KeyCounter)
ir.ids.PublicKeys[issuer] = append(ir.ids.PublicKeys[issuer], credreq.KeyCounter)
}
ir.Ids.join(ir.DisclosureRequest.Identifiers())
ir.ids.join(ir.DisclosureRequest.Identifiers())
}
return ir.Ids
return ir.ids
}
func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *ProtocolVersion) (CredentialInfoList, error) {
......@@ -513,11 +511,11 @@ func (ir *IssuanceRequest) Validate() error {
// GetNonce returns the nonce of this signature session
// (with the message already hashed into it).
func (sr *SignatureRequest) GetNonce() *big.Int {
return ASN1ConvertSignatureNonce(sr.Message, sr.BaseRequest.GetNonce(), sr.Timestamp)
func (sr *SignatureRequest) GetNonce(timestamp *atum.Timestamp) *big.Int {
return ASN1ConvertSignatureNonce(sr.Message, sr.BaseRequest.GetNonce(nil), timestamp)
}
func (sr *SignatureRequest) SignatureFromMessage(message interface{}) (*SignedMessage, error) {
func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp *atum.Timestamp) (*SignedMessage, error) {
signature, ok := message.(*Disclosure)
if !ok {
......@@ -534,7 +532,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}) (*SignedMe
Nonce: nonce,
Context: sr.GetContext(),
Message: sr.Message,
Timestamp: sr.Timestamp,
Timestamp: timestamp,
}, nil
}
......
......@@ -246,7 +246,7 @@ func (d *Disclosure) VerifyAgainstDisjunctions(
}
func (d *Disclosure) Verify(configuration *Configuration, request *DisclosureRequest) ([][]*DisclosedAttribute, ProofStatus, error) {
list, status, err := d.VerifyAgainstDisjunctions(configuration, request.Disclose, request.GetContext(), request.GetNonce(), nil, false)
list, status, err := d.VerifyAgainstDisjunctions(configuration, request.Disclose, request.GetContext(), request.GetNonce(nil), nil, false)
if err != nil {
return list, status, err
}
......@@ -273,7 +273,6 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
// First check if this signature matches the request
if request != nil {
request.Timestamp = sm.Timestamp
if !sm.MatchesNonceAndContext(request) {
return nil, ProofStatusUnmatchedRequest, nil
}
......@@ -285,10 +284,8 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
}
// Verify the timestamp
if sm.Timestamp != nil {
if err := sm.VerifyTimestamp(message, configuration); err != nil {
return nil, ProofStatusInvalidTimestamp, nil
}
if err := sm.VerifyTimestamp(message, configuration); err != nil {
return nil, ProofStatusInvalidTimestamp, nil
}
// Now, cryptographically verify the IRMA disclosure proofs in the signature
......@@ -302,10 +299,7 @@ func (sm *SignedMessage) Verify(configuration *Configuration, request *Signature
}
// Check if a credential is expired
var t time.Time
if sm.Timestamp != nil {
t = time.Unix(sm.Timestamp.Time, 0)
}
t := time.Unix(sm.Timestamp.Time, 0)
if expired := ProofList(sm.Signature).Expired(configuration, &t); expired {
// The ABS contains attributes that were expired at the time of creation of the ABS.
return result, ProofStatusExpired, nil
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment