fix: UpdateLatest revocation update mechanism

internal/servercore/api.go

@@ -372,7 +372,7 @@ func (s *Server) handleRevocationMessage(
 	noun, method string, args []string, headers map[string][]string, message []byte,
 ) (int, []byte) {
 	if (noun == "updatefrom") && method == http.MethodGet {
-		if len(args) != 2 {
+		if len(args) != 3 {
 			return server.BinaryResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "GET updatefrom expects 3 url arguments"))
 		}
 		i, err := strconv.ParseUint(args[1], 10, 64)

irmaclient/revocation.go

@@ -125,7 +125,7 @@ func (client *Client) nonrevUpdate(typ irma.CredentialTypeIdentifier, updates ma
 	u := map[uint]*revocation.Update{}
 	for counter, l := range lowest {
 		update := updates[counter]
-		if update != nil && len(update.Events) > 0 && update.Events[0].Index <= l {
+		if update != nil && len(update.Events) > 0 && update.Events[0].Index <= l+1 {
 			u[counter] = update
 		} else {
 			var err error

revocation.go

@@ -3,6 +3,7 @@ package irma
 import (
 	"database/sql/driver"
 	"fmt"
+	"sort"
 	"time"
 
 	"github.com/fxamacker/cbor"
@@ -123,9 +124,9 @@ const (
 	// In addition this mode exposes the same endpoints as RevocationModeProxy.
 	RevocationModeServer RevocationMode = "server"
 
-	// revocationUpdateCount specifies how many revocation events are attached to session requests
+	// RevocationDefaultEventCount specifies how many revocation events are attached to session requests
 	// for the client to update its revocation state.
-	revocationUpdateCount = 5
+	RevocationDefaultEventCount = 5
 
 	// revocationMaxAccumulatorAge is the default maximum in seconds for the 'accumulator age',
 	// which we define to be the amount of time since the last confirmation from the RA that the
@@ -181,7 +182,7 @@ func (rs *RevocationStorage) UpdateFrom(typ CredentialTypeIdentifier, pkcounter
 			return err
 		}
 		var events []*EventRecord
-		if err := tx.From(&events, "cred_type = ? and pk_counter = ? and index >= ?", typ, pkcounter, index); err != nil {
+		if err := tx.From(&events, "cred_type = ? and pk_counter = ? and eventindex >= ?", typ, pkcounter, index); err != nil {
 			return err
 		}
 		update = rs.newUpdate(acc, events)
@@ -236,6 +237,11 @@ func (*RevocationStorage) newUpdates(records []*AccumulatorRecord, events []*Eve
 		}
 		update.Events = append(update.Events, e.Event())
 	}
+	for _, update := range updates {
+		sort.Slice(update.Events, func(i, j int) bool {
+			return update.Events[i].Index < update.Events[j].Index
+		})
+	}
 	return updates
 }
 
@@ -397,7 +403,7 @@ func (rs *RevocationStorage) accumulator(tx revStorage, typ CredentialTypeIdenti
 // Methods to update from remote revocation server
 
 func (rs *RevocationStorage) UpdateDB(typ CredentialTypeIdentifier) error {
-	updates, err := rs.client.FetchUpdateLatest(typ, revocationUpdateCount)
+	updates, err := rs.client.FetchUpdateLatest(typ, RevocationDefaultEventCount)
 	if err != nil {
 		return err
 	}
@@ -537,7 +543,7 @@ func (rs *RevocationStorage) SetRevocationUpdates(b *BaseRequest) error {
 				return err
 			}
 		}
-		b.RevocationUpdates[credid], err = rs.UpdateLatest(credid, revocationUpdateCount)
+		b.RevocationUpdates[credid], err = rs.UpdateLatest(credid, RevocationDefaultEventCount)
 		if err != nil {
 			return err
 		}

revocation_db.go

@@ -136,7 +136,7 @@ func (s sqlRevStorage) Latest(dest interface{}, count uint64, query interface{},
 	return s.gorm.
 		Where(query, args...).
 		Limit(count).
-		Set("gorm:order_by_primary_key", "ASC").
+		Set("gorm:order_by_primary_key", "DESC").
 		Find(dest).Error
 }