Commit 47b28f82 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: Remove session state from BaseRequest and SignatureRequest

parent 855ea196
...@@ -127,7 +127,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM ...@@ -127,7 +127,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
// Verify all proofs and check disclosed attributes, if any, against request // Verify all proofs and check disclosed attributes, if any, against request
session.result.Disclosed, session.result.ProofStatus, err = commitments.Disclosure().VerifyAgainstDisjunctions( session.result.Disclosed, session.result.ProofStatus, err = commitments.Disclosure().VerifyAgainstDisjunctions(
session.conf.IrmaConfiguration, request.Disclose, request.GetContext(), request.GetNonce(), pubkeys, false) session.conf.IrmaConfiguration, request.Disclose, request.GetContext(), request.GetNonce(nil), pubkeys, false)
if err != nil { if err != nil {
if err == irma.ErrorMissingPublicKey { if err == irma.ErrorMissingPublicKey {
return nil, session.fail(server.ErrorUnknownPublicKey, "") return nil, session.fail(server.ErrorUnknownPublicKey, "")
......
...@@ -101,28 +101,21 @@ func (th TestHandler) UnsatisfiableRequest(serverName irma.TranslatedString, mis ...@@ -101,28 +101,21 @@ func (th TestHandler) UnsatisfiableRequest(serverName irma.TranslatedString, mis
ErrorType: irma.ErrorType("UnsatisfiableRequest"), ErrorType: irma.ErrorType("UnsatisfiableRequest"),
}) })
} }
func (th TestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) { func (th TestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
choice := &irma.DisclosureChoice{ var choice irma.DisclosureChoice
Attributes: [][]*irma.AttributeIdentifier{}, for _, cand := range candidates {
} choice.Attributes = append(choice.Attributes, cand[0])
var candidates [][]*irma.AttributeIdentifier
for _, disjunction := range request.Disclose {
candidates, _ = th.client.Candidates(disjunction)
if len(candidates) == 0 {
th.Failure(&irma.SessionError{Err: errors.New("No disclosure candidates found")})
}
choice.Attributes = append(choice.Attributes, candidates[rand.Intn(len(candidates))])
} }
if len(th.expectedServerName) != 0 { if len(th.expectedServerName) != 0 {
require.Equal(th.t, th.expectedServerName, ServerName) require.Equal(th.t, th.expectedServerName, ServerName)
} }
callback(true, choice) callback(true, &choice)
} }
func (th TestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) { func (th TestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, ServerName, callback) th.RequestVerificationPermission(request.DisclosureRequest, candidates, ServerName, callback)
} }
func (th TestHandler) RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) { func (th TestHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, ServerName, callback) th.RequestVerificationPermission(request.DisclosureRequest, candidates, ServerName, callback)
} }
func (th TestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) { func (th TestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
callback(true) callback(true)
...@@ -174,10 +167,10 @@ func (th *ManualTestHandler) Success(result string) { ...@@ -174,10 +167,10 @@ func (th *ManualTestHandler) Success(result string) {
th.c <- retval th.c <- retval
} }
func (th *ManualTestHandler) RequestSignaturePermission(request *irma.SignatureRequest, requesterName irma.TranslatedString, ph irmaclient.PermissionHandler) { func (th *ManualTestHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, requesterName irma.TranslatedString, ph irmaclient.PermissionHandler) {
th.RequestVerificationPermission(request.DisclosureRequest, requesterName, ph) th.RequestVerificationPermission(request.DisclosureRequest, candidates, requesterName, ph)
} }
func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, issuerName irma.TranslatedString, ph irmaclient.PermissionHandler) { func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, issuerName irma.TranslatedString, ph irmaclient.PermissionHandler) {
ph(true, nil) ph(true, nil)
} }
...@@ -185,9 +178,9 @@ func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceReq ...@@ -185,9 +178,9 @@ func (th *ManualTestHandler) RequestIssuancePermission(request *irma.IssuanceReq
func (th *ManualTestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) { func (th *ManualTestHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
th.Failure(&irma.SessionError{Err: errors.New("Unexpected session type")}) th.Failure(&irma.SessionError{Err: errors.New("Unexpected session type")})
} }
func (th *ManualTestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, verifierName irma.TranslatedString, ph irmaclient.PermissionHandler) { func (th *ManualTestHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, verifierName irma.TranslatedString, ph irmaclient.PermissionHandler) {
var choice irma.DisclosureChoice var choice irma.DisclosureChoice
for _, cand := range request.Candidates { for _, cand := range candidates {
choice.Attributes = append(choice.Attributes, cand[0]) choice.Attributes = append(choice.Attributes, cand[0])
} }
ph(true, &choice) ph(true, &choice)
......
...@@ -28,7 +28,7 @@ func (sm *SignedMessage) GetNonce() *big.Int { ...@@ -28,7 +28,7 @@ func (sm *SignedMessage) GetNonce() *big.Int {
func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool { func (sm *SignedMessage) MatchesNonceAndContext(request *SignatureRequest) bool {
return sm.Context.Cmp(request.GetContext()) == 0 && return sm.Context.Cmp(request.GetContext()) == 0 &&
sm.GetNonce().Cmp(request.GetNonce()) == 0 sm.GetNonce().Cmp(request.GetNonce(sm.Timestamp)) == 0
} }
func (sm *SignedMessage) Disclosure() *Disclosure { func (sm *SignedMessage) Disclosure() *Disclosure {
......
...@@ -4,6 +4,7 @@ import ( ...@@ -4,6 +4,7 @@ import (
"strconv" "strconv"
"time" "time"
"github.com/bwesterb/go-atum"
"github.com/getsentry/raven-go" "github.com/getsentry/raven-go"
"github.com/go-errors/errors" "github.com/go-errors/errors"
"github.com/privacybydesign/gabi" "github.com/privacybydesign/gabi"
...@@ -644,23 +645,24 @@ func (client *Client) groupCredentials(choice *irma.DisclosureChoice) ( ...@@ -644,23 +645,24 @@ func (client *Client) groupCredentials(choice *irma.DisclosureChoice) (
} }
// ProofBuilders constructs a list of proof builders for the specified attribute choice. // ProofBuilders constructs a list of proof builders for the specified attribute choice.
func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest, issig bool, func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.SessionRequest,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, error) { ) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *atum.Timestamp, error) {
todisclose, attributeIndices, err := client.groupCredentials(choice) todisclose, attributeIndices, err := client.groupCredentials(choice)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, nil, err
} }
builders := gabi.ProofBuilderList([]gabi.ProofBuilder{}) builders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
for _, grp := range todisclose { for _, grp := range todisclose {
cred, err := client.credentialByID(grp.cred) cred, err := client.credentialByID(grp.cred)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, nil, err
} }
builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(grp.attrs)) builders = append(builders, cred.Credential.CreateDisclosureProofBuilder(grp.attrs))
} }
if issig { var timestamp *atum.Timestamp
if r, ok := request.(*irma.SignatureRequest); ok {
var sigs []*big.Int var sigs []*big.Int
var disclosed [][]*big.Int var disclosed [][]*big.Int
var s *big.Int var s *big.Int
...@@ -670,27 +672,27 @@ func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma. ...@@ -670,27 +672,27 @@ func (client *Client) ProofBuilders(choice *irma.DisclosureChoice, request irma.
sigs = append(sigs, s) sigs = append(sigs, s)
disclosed = append(disclosed, d) disclosed = append(disclosed, d)
} }
r := request.(*irma.SignatureRequest) timestamp, err = irma.GetTimestamp(r.Message, sigs, disclosed)
r.Timestamp, err = irma.GetTimestamp(r.Message, sigs, disclosed)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, nil, err
} }
} }
return builders, attributeIndices, nil return builders, attributeIndices, timestamp, nil
} }
// Proofs computes disclosure proofs containing the attributes specified by choice. // Proofs computes disclosure proofs containing the attributes specified by choice.
func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest, issig bool) (*irma.Disclosure, error) { func (client *Client) Proofs(choice *irma.DisclosureChoice, request irma.SessionRequest) (*irma.Disclosure, *atum.Timestamp, error) {
builders, choices, err := client.ProofBuilders(choice, request, issig) builders, choices, timestamp, err := client.ProofBuilders(choice, request)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
_, issig := request.(*irma.SignatureRequest)
return &irma.Disclosure{ return &irma.Disclosure{
Proofs: builders.BuildProofList(request.Base().GetContext(), request.GetNonce(), issig), Proofs: builders.BuildProofList(request.Base().GetContext(), request.GetNonce(timestamp), issig),
Indices: choices, Indices: choices,
}, nil }, timestamp, nil
} }
// generateIssuerProofNonce generates a nonce which the issuer must use in its gabi.ProofS. // generateIssuerProofNonce generates a nonce which the issuer must use in its gabi.ProofS.
...@@ -701,7 +703,7 @@ func generateIssuerProofNonce() (*big.Int, error) { ...@@ -701,7 +703,7 @@ func generateIssuerProofNonce() (*big.Int, error) {
// IssuanceProofBuilders constructs a list of proof builders in the issuance protocol // IssuanceProofBuilders constructs a list of proof builders in the issuance protocol
// for the future credentials as well as possibly any disclosed attributes, and generates // for the future credentials as well as possibly any disclosed attributes, and generates
// a nonce against which the issuer's proof of knowledge must verify. // a nonce against which the issuer's proof of knowledge must verify.
func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest, func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) { ) (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) {
issuerProofNonce, err := generateIssuerProofNonce() issuerProofNonce, err := generateIssuerProofNonce()
if err != nil { if err != nil {
...@@ -719,7 +721,7 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest, ...@@ -719,7 +721,7 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
builders = append(builders, credBuilder) builders = append(builders, credBuilder)
} }
disclosures, choices, err := client.ProofBuilders(request.Choice, request, false) disclosures, choices, _, err := client.ProofBuilders(choice, request)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
...@@ -729,15 +731,15 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest, ...@@ -729,15 +731,15 @@ func (client *Client) IssuanceProofBuilders(request *irma.IssuanceRequest,
// IssueCommitments computes issuance commitments, along with disclosure proofs specified by choice, // IssueCommitments computes issuance commitments, along with disclosure proofs specified by choice,
// and also returns the credential builders which will become the new credentials upon combination with the issuer's signature. // and also returns the credential builders which will become the new credentials upon combination with the issuer's signature.
func (client *Client) IssueCommitments(request *irma.IssuanceRequest, func (client *Client) IssueCommitments(request *irma.IssuanceRequest, choice *irma.DisclosureChoice,
) (*irma.IssueCommitmentMessage, gabi.ProofBuilderList, error) { ) (*irma.IssueCommitmentMessage, gabi.ProofBuilderList, error) {
builders, choices, issuerProofNonce, err := client.IssuanceProofBuilders(request) builders, choices, issuerProofNonce, err := client.IssuanceProofBuilders(request, choice)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
return &irma.IssueCommitmentMessage{ return &irma.IssueCommitmentMessage{
IssueCommitmentMessage: &gabi.IssueCommitmentMessage{ IssueCommitmentMessage: &gabi.IssueCommitmentMessage{
Proofs: builders.BuildProofList(request.GetContext(), request.GetNonce(), false), Proofs: builders.BuildProofList(request.GetContext(), request.GetNonce(nil), false),
Nonce2: issuerProofNonce, Nonce2: issuerProofNonce,
}, },
Indices: choices, Indices: choices,
......
...@@ -18,7 +18,7 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil) ...@@ -18,7 +18,7 @@ var _ Handler = (*keyshareEnrollmentHandler)(nil)
// Session handlers in the order they are called // Session handlers in the order they are called
func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler) { func (h *keyshareEnrollmentHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
// Fetch the username from the credential request and save it along with the scheme manager // Fetch the username from the credential request and save it along with the scheme manager
smi := request.Credentials[0].CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier() smi := request.Credentials[0].CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
attr := irma.NewAttributeTypeIdentifier(h.client.Configuration.SchemeManagers[smi].KeyshareAttribute) attr := irma.NewAttributeTypeIdentifier(h.client.Configuration.SchemeManagers[smi].KeyshareAttribute)
...@@ -55,10 +55,10 @@ func (h *keyshareEnrollmentHandler) fail(err error) { ...@@ -55,10 +55,10 @@ func (h *keyshareEnrollmentHandler) fail(err error) {
func (h *keyshareEnrollmentHandler) StatusUpdate(action irma.Action, status irma.Status) {} func (h *keyshareEnrollmentHandler) StatusUpdate(action irma.Action, status irma.Status) {}
// The methods below should never be called, so we let each of them fail the session // The methods below should never be called, so we let each of them fail the session
func (h *keyshareEnrollmentHandler) RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler) { func (h *keyshareEnrollmentHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
callback(false, nil) callback(false, nil)
} }
func (h *keyshareEnrollmentHandler) RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler) { func (h *keyshareEnrollmentHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler) {
callback(false, nil) callback(false, nil)
} }
func (h *keyshareEnrollmentHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) { func (h *keyshareEnrollmentHandler) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) {
......
...@@ -10,6 +10,7 @@ import ( ...@@ -10,6 +10,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/bwesterb/go-atum"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/go-errors/errors" "github.com/go-errors/errors"
"github.com/privacybydesign/gabi" "github.com/privacybydesign/gabi"
...@@ -48,6 +49,7 @@ type keyshareSession struct { ...@@ -48,6 +49,7 @@ type keyshareSession struct {
keyshareServer *keyshareServer // The one keyshare server in use in case of issuance keyshareServer *keyshareServer // The one keyshare server in use in case of issuance
transports map[irma.SchemeManagerIdentifier]*irma.HTTPTransport transports map[irma.SchemeManagerIdentifier]*irma.HTTPTransport
issuerProofNonce *big.Int issuerProofNonce *big.Int
timestamp *atum.Timestamp
pinCheck bool pinCheck bool
} }
...@@ -159,6 +161,7 @@ func startKeyshareSession( ...@@ -159,6 +161,7 @@ func startKeyshareSession(
conf *irma.Configuration, conf *irma.Configuration,
keyshareServers map[irma.SchemeManagerIdentifier]*keyshareServer, keyshareServers map[irma.SchemeManagerIdentifier]*keyshareServer,
issuerProofNonce *big.Int, issuerProofNonce *big.Int,
timestamp *atum.Timestamp,
) { ) {
ksscount := 0 ksscount := 0
for managerID := range session.Identifiers().SchemeManagers { for managerID := range session.Identifiers().SchemeManagers {
...@@ -186,6 +189,7 @@ func startKeyshareSession( ...@@ -186,6 +189,7 @@ func startKeyshareSession(
conf: conf, conf: conf,
keyshareServers: keyshareServers, keyshareServers: keyshareServers,
issuerProofNonce: issuerProofNonce, issuerProofNonce: issuerProofNonce,
timestamp: timestamp,
pinCheck: false, pinCheck: false,
} }
...@@ -403,7 +407,7 @@ func (ks *keyshareSession) GetCommitments() { ...@@ -403,7 +407,7 @@ func (ks *keyshareSession) GetCommitments() {
// receive their responses (2nd and 3rd message in Schnorr zero-knowledge protocol). // receive their responses (2nd and 3rd message in Schnorr zero-knowledge protocol).
func (ks *keyshareSession) GetProofPs() { func (ks *keyshareSession) GetProofPs() {
_, issig := ks.session.(*irma.SignatureRequest) _, issig := ks.session.(*irma.SignatureRequest)
challenge := ks.builders.Challenge(ks.session.Base().GetContext(), ks.session.GetNonce(), issig) challenge := ks.builders.Challenge(ks.session.Base().GetContext(), ks.session.GetNonce(ks.timestamp), issig)
// Post the challenge, obtaining JWT's containing the ProofP's // Post the challenge, obtaining JWT's containing the ProofP's
responses := map[irma.SchemeManagerIdentifier]string{} responses := map[irma.SchemeManagerIdentifier]string{}
......
...@@ -132,7 +132,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error) ...@@ -132,7 +132,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
// Get the signed message and timestamp // Get the signed message and timestamp
request := session.request.(*irma.SignatureRequest) request := session.request.(*irma.SignatureRequest)
entry.SignedMessage = []byte(request.Message) entry.SignedMessage = []byte(request.Message)
entry.Timestamp = request.Timestamp entry.Timestamp = session.timestamp
fallthrough fallthrough
case irma.ActionDisclosing: case irma.ActionDisclosing:
......
...@@ -7,6 +7,7 @@ import ( ...@@ -7,6 +7,7 @@ import (
"reflect" "reflect"
"strings" "strings"
"github.com/bwesterb/go-atum"
"github.com/go-errors/errors" "github.com/go-errors/errors"
"github.com/privacybydesign/gabi" "github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big" "github.com/privacybydesign/gabi/big"
...@@ -37,9 +38,9 @@ type Handler interface { ...@@ -37,9 +38,9 @@ type Handler interface {
KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier) KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
RequestIssuancePermission(request *irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler) RequestIssuancePermission(request *irma.IssuanceRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
RequestVerificationPermission(request *irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler) RequestVerificationPermission(request *irma.DisclosureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
RequestSignaturePermission(request *irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler) RequestSignaturePermission(request *irma.SignatureRequest, candidates [][][]*irma.AttributeIdentifier, ServerName irma.TranslatedString, callback PermissionHandler)
RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool)) RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
RequestPin(remainingAttempts int, callback PinHandler) RequestPin(remainingAttempts int, callback PinHandler)
...@@ -62,10 +63,13 @@ type session struct { ...@@ -62,10 +63,13 @@ type session struct {
request irma.SessionRequest request irma.SessionRequest
done bool done bool
// State for issuance protocol // State for issuance sessions
issuerProofNonce *big.Int issuerProofNonce *big.Int
builders gabi.ProofBuilderList builders gabi.ProofBuilderList
// State for signature sessions
timestamp *atum.Timestamp
// These are empty on manual sessions // These are empty on manual sessions
Hostname string Hostname string
ServerURL string ServerURL string
...@@ -264,25 +268,23 @@ func (session *session) processSessionInfo() { ...@@ -264,25 +268,23 @@ func (session *session) processSessionInfo() {
session.Handler.UnsatisfiableRequest(session.ServerName, missing) session.Handler.UnsatisfiableRequest(session.ServerName, missing)
return return
} }
baserequest.Candidates = candidates
// Ask for permission to execute the session // Ask for permission to execute the session
callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) { callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
session.choice = choice session.choice = choice
baserequest.Choice = choice
go session.doSession(proceed) go session.doSession(proceed)
}) })
session.Handler.StatusUpdate(session.Action, irma.StatusConnected) session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
switch session.Action { switch session.Action {
case irma.ActionDisclosing: case irma.ActionDisclosing:
session.Handler.RequestVerificationPermission( session.Handler.RequestVerificationPermission(
session.request.(*irma.DisclosureRequest), session.ServerName, callback) session.request.(*irma.DisclosureRequest), candidates, session.ServerName, callback)
case irma.ActionSigning: case irma.ActionSigning:
session.Handler.RequestSignaturePermission( session.Handler.RequestSignaturePermission(
session.request.(*irma.SignatureRequest), session.ServerName, callback) session.request.(*irma.SignatureRequest), candidates, session.ServerName, callback)
case irma.ActionIssuing: case irma.ActionIssuing:
session.Handler.RequestIssuancePermission( session.Handler.RequestIssuancePermission(
session.request.(*irma.IssuanceRequest), session.ServerName, callback) session.request.(*irma.IssuanceRequest), candidates, session.ServerName, callback)
default: default:
panic("Invalid session type") // does not happen, session.Action has been checked earlier panic("Invalid session type") // does not happen, session.Action has been checked earlier
} }
...@@ -321,6 +323,7 @@ func (session *session) doSession(proceed bool) { ...@@ -321,6 +323,7 @@ func (session *session) doSession(proceed bool) {
session.client.Configuration, session.client.Configuration,
session.client.keyshareServers, session.client.keyshareServers,
session.issuerProofNonce, session.issuerProofNonce,
session.timestamp,
) )
} }
} }
...@@ -336,7 +339,7 @@ func (session *session) sendResponse(message interface{}) { ...@@ -336,7 +339,7 @@ func (session *session) sendResponse(message interface{}) {
switch session.Action { switch session.Action {
case irma.ActionSigning: case irma.ActionSigning:
irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message) irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message, session.timestamp)
if err != nil { if err != nil {
session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"}) session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
return return
...@@ -446,12 +449,10 @@ func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttr ...@@ -446,12 +449,10 @@ func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttr
var choices irma.DisclosedAttributeIndices var choices irma.DisclosedAttributeIndices
switch session.Action { switch session.Action {
case irma.ActionSigning: case irma.ActionSigning, irma.ActionDisclosing:
builders, choices, err = session.client.ProofBuilders(session.choice, session.request, true) builders, choices, session.timestamp, err = session.client.ProofBuilders(session.choice, session.request)
case irma.ActionDisclosing:
builders, choices, err = session.client.ProofBuilders(session.choice, session.request, false)
case irma.ActionIssuing: case irma.ActionIssuing:
builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest)) builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest), session.choice)
} }
return builders, choices, issuerProofNonce, err return builders, choices, issuerProofNonce, err
...@@ -464,12 +465,10 @@ func (session *session) getProof() (interface{}, error) { ...@@ -464,12 +465,10 @@ func (session *session) getProof() (interface{}, error) {
var err error var err error
switch session.Action { switch session.Action {
case irma.ActionSigning: case irma.ActionSigning, irma.ActionDisclosing:
message, err = session.client.Proofs(session.choice, session.request, true) message, session.timestamp, err = session.client.Proofs(session.choice, session.request)
case irma.ActionDisclosing:
message, err = session.client.Proofs(session.choice, session.request, false)
case irma.ActionIssuing: case irma.ActionIssuing:
message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest)) message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest), session.choice)
} }
return message, err return message, err
......
...@@ -17,15 +17,16 @@ import ( ...@@ -17,15 +17,16 @@ import (
// BaseRequest contains the context and nonce for an IRMA session. // BaseRequest contains the context and nonce for an IRMA session.
type BaseRequest struct { type BaseRequest struct {
Context *big.Int `json:"context,omitempty"` // Denotes session type, must be "disclosing", "signing" or "issuing"
Nonce *big.Int `json:"nonce,omitempty"`
Type Action `json:"type"` Type Action `json:"type"`
Candidates [][][]*AttributeIdentifier `json:"-"` // Chosen by the IRMA server during the session
Choice *DisclosureChoice `json:"-"` Context *big.Int `json:"context,omitempty"`
Ids *IrmaIdentifierSet `json:"-"` Nonce *big.Int `json:"nonce,omitempty"`
Version *ProtocolVersion `json:"protocolVersion,omitempty"` Version *ProtocolVersion `json:"protocolVersion,omitempty"`
// cache for Identifiers() method
ids *IrmaIdentifierSet
} }
// An AttributeCon is only satisfied if all of its containing attribute requests are satisfied. // An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
...@@ -49,9 +50,6 @@ type DisclosureRequest struct { ...@@ -49,9 +50,6 @@ type DisclosureRequest struct {
type SignatureRequest struct { type SignatureRequest struct {
*DisclosureRequest *DisclosureRequest
Message string `json:"message"` Message string `json:"message"`
// Session state
Timestamp *atum.Timestamp `json:"-"`
} }
// An IssuanceRequest is a request to issue certain credentials, // An IssuanceRequest is a request to issue certain credentials,
...@@ -78,7 +76,7 @@ type CredentialRequest struct { ...@@ -78,7 +76,7 @@ type CredentialRequest struct {