Commit 710254b9 authored by Sietse Ringers's avatar Sietse Ringers

chore: cleanup todo's; add a new server configuration consistency check

parent 473ccda4
......@@ -650,9 +650,10 @@ func panicToError(e interface{}) *irma.SessionError {
return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info + "\n\n" + string(debug.Stack())}
}
// Idempotently send DELETE to remote server, returning whether or not we did something
// TODO this function does more, rename
func (session *session) delete() bool {
// finish the session, by sending a DELETE to the server if there is one, and restarting local
// background jobs. This function is idempotent, doing nothing when called a second time. It
// returns whether or not it did something.
func (session *session) finish() bool {
if !session.done {
if session.IsInteractive() {
session.transport.Delete()
......@@ -666,14 +667,14 @@ func (session *session) delete() bool {
}
func (session *session) fail(err *irma.SessionError) {
if session.delete() && err.ErrorType != irma.ErrorKeyshareUnenrolled {
if session.finish() && err.ErrorType != irma.ErrorKeyshareUnenrolled {
err.Err = errors.Wrap(err.Err, 0)
session.Handler.Failure(err)
}
}
func (session *session) cancel() {
if session.delete() {
if session.finish() {
session.Handler.Cancelled()
}
}
......
......@@ -154,7 +154,6 @@ func (s sqlRevStorage) Save(o interface{}) error {
}
func (s sqlRevStorage) Last(typ CredentialTypeIdentifier, o interface{}) error {
// TODO merge with Latest?
return s.gorm.Last(o, "cred_type = ?", typ).Error
}
......
......@@ -314,7 +314,6 @@ func (conf *Configuration) validatePermissions() error {
}
func (conf *Configuration) validatePermissionSet(requestor string, requestorperms Permissions) []string {
// TODO other concistency checks with the rest of the Configuration
var errs []string
perms := map[string][]string{
"issuing": requestorperms.Issuing,
......@@ -351,10 +350,28 @@ func (conf *Configuration) validatePermissionSet(requestor string, requestorperm
}
if len(parts) > 2 && parts[2] != "*" {
id := irma.NewCredentialTypeIdentifier(strings.Join(parts[:3], "."))
if conf.IrmaConfiguration.CredentialTypes[id] == nil {
credtype := conf.IrmaConfiguration.CredentialTypes[id]
if credtype == nil {
errs = append(errs, fmt.Sprintf("%s %s permission '%s': unknown credential type", requestor, typ, permission))
continue
}
if typ == "issuing" || typ == "revoking" {
sk, err := conf.PrivateKey(credtype.IssuerIdentifier())
if err != nil {
errs = append(errs, fmt.Sprintf("%s %s permission '%s': failed to load private key: %s", requestor, typ, permission, err))
continue
}
if sk == nil {
errs = append(errs, fmt.Sprintf("%s %s permission '%s': private key not installed", requestor, typ, permission))
continue
}
if typ == "revoking" {
if _, err = sk.RevocationKey(); err != nil {
errs = append(errs, fmt.Sprintf("%s %s permission '%s': private key does not support revocation (add revocation key material to it using \"irma issuer revocation keypair\")", requestor, typ, permission))
continue
}
}
}
}
if len(parts) > 3 && parts[3] != "*" {
id := irma.NewAttributeTypeIdentifier(strings.Join(parts[:4], "."))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment