Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
4a089d54
Commit
4a089d54
authored
Dec 19, 2018
by
Sietse Ringers
Browse files
Allow public key pinning when installing a new scheme
parent
d23f3ebd
Changes
2
Hide whitespace changes
Inline
Side-by-side
irmaclient/session.go
View file @
4a089d54
...
...
@@ -390,7 +390,7 @@ func (session *session) managerSession() {
session
.
Handler
.
Cancelled
()
// No need to DELETE session here
return
}
if
err
:=
session
.
client
.
Configuration
.
InstallSchemeManager
(
manager
);
err
!=
nil
{
if
err
:=
session
.
client
.
Configuration
.
InstallSchemeManager
(
manager
,
nil
);
err
!=
nil
{
session
.
Handler
.
Failure
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorConfigurationDownload
,
Err
:
err
})
return
}
...
...
irmaconfig.go
View file @
4a089d54
...
...
@@ -635,13 +635,13 @@ func (conf *Configuration) ReinstallSchemeManager(manager *SchemeManager) (err e
if
err
=
conf
.
DeleteSchemeManager
(
manager
.
Identifier
());
err
!=
nil
{
return
}
err
=
conf
.
InstallSchemeManager
(
manager
)
err
=
conf
.
InstallSchemeManager
(
manager
,
nil
)
return
}
// InstallSchemeManager downloads and adds the specified scheme manager to this Configuration,
// provided its signature is valid.
func
(
conf
*
Configuration
)
InstallSchemeManager
(
manager
*
SchemeManager
)
error
{
func
(
conf
*
Configuration
)
InstallSchemeManager
(
manager
*
SchemeManager
,
publickey
[]
byte
)
error
{
name
:=
manager
.
ID
if
err
:=
fs
.
EnsureDirectoryExists
(
filepath
.
Join
(
conf
.
Path
,
name
));
err
!=
nil
{
return
err
...
...
@@ -652,8 +652,14 @@ func (conf *Configuration) InstallSchemeManager(manager *SchemeManager) error {
if
err
:=
t
.
GetFile
(
"description.xml"
,
path
+
"/description.xml"
);
err
!=
nil
{
return
err
}
if
err
:=
t
.
GetFile
(
"pk.pem"
,
path
+
"/pk.pem"
);
err
!=
nil
{
return
err
if
publickey
!=
nil
{
if
err
:=
fs
.
SaveFile
(
path
+
"/pk.pem"
,
publickey
);
err
!=
nil
{
return
err
}
}
else
{
if
err
:=
t
.
GetFile
(
"pk.pem"
,
path
+
"/pk.pem"
);
err
!=
nil
{
return
err
}
}
if
err
:=
conf
.
DownloadSchemeManagerSignature
(
manager
);
err
!=
nil
{
return
err
...
...
@@ -920,15 +926,10 @@ func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err erro
if
err
!=
nil
{
return
err
}
pkblk
,
_
:=
pem
.
Decode
(
pkbts
)
genericPk
,
err
:=
x509
.
ParsePKIXPublicKey
(
pkblk
.
Bytes
)
pk
,
err
:=
ParsePemEcdsaPublicKey
(
pkbts
)
if
err
!=
nil
{
return
err
}
pk
,
ok
:=
genericPk
.
(
*
ecdsa
.
PublicKey
)
if
!
ok
{
return
errors
.
New
(
"Invalid scheme manager public key"
)
}
// Read and parse signature
sig
,
err
:=
ioutil
.
ReadFile
(
dir
+
"/index.sig"
)
...
...
@@ -945,6 +946,19 @@ func (conf *Configuration) VerifySignature(id SchemeManagerIdentifier) (err erro
return
nil
}
func
ParsePemEcdsaPublicKey
(
pkbts
[]
byte
)
(
*
ecdsa
.
PublicKey
,
error
)
{
pkblk
,
_
:=
pem
.
Decode
(
pkbts
)
genericPk
,
err
:=
x509
.
ParsePKIXPublicKey
(
pkblk
.
Bytes
)
if
err
!=
nil
{
return
nil
,
err
}
pk
,
ok
:=
genericPk
.
(
*
ecdsa
.
PublicKey
)
if
!
ok
{
return
nil
,
errors
.
New
(
"Invalid scheme manager public key"
)
}
return
pk
,
nil
}
func
(
hash
ConfigurationFileHash
)
String
()
string
{
return
hex
.
EncodeToString
(
hash
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment