Commit 7e7ff2a1 authored by Sietse Ringers's avatar Sietse Ringers

refactor: move RevocationRecord back to gabi

parent 8431fb78
......@@ -14,6 +14,7 @@ import (
"github.com/go-errors/errors"
"github.com/jasonlvhit/gocron"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server"
"github.com/sirupsen/logrus"
......@@ -387,7 +388,7 @@ func (s *Server) handleRevocationMessage(
return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "POST records expects 1 url arguments"))
}
cred := irma.NewCredentialTypeIdentifier(args[0])
var records []*irma.RevocationRecord
var records []*revocation.Record
if err := json.Unmarshal(message, &records); err != nil {
return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error()))
}
......
......@@ -4,6 +4,7 @@ import (
"time"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/gabi/signed"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server"
......@@ -215,7 +216,7 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
}
func (s *Server) handlePostRevocationRecords(
cred irma.CredentialTypeIdentifier, records []*irma.RevocationRecord,
cred irma.CredentialTypeIdentifier, records []*revocation.Record,
) (interface{}, *irma.RemoteError) {
db, err := s.conf.IrmaConfiguration.RevocationStorage.DB(cred)
if err != nil {
......@@ -229,7 +230,7 @@ func (s *Server) handlePostRevocationRecords(
func (s *Server) handleGetRevocationRecords(
cred irma.CredentialTypeIdentifier, index int,
) ([]*irma.RevocationRecord, *irma.RemoteError) {
) ([]*revocation.Record, *irma.RemoteError) {
if _, ok := s.conf.RevocationServers[cred]; !ok {
return nil, server.RemoteError(server.ErrorInvalidRequest, "not supported by this server")
}
......
......@@ -73,7 +73,7 @@ func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.Ses
// NonrevApplyUpdates updates the credential's nonrevocation witness using the specified messages,
// if they all verify and if their indices are ahead and adjacent to that of our witness.
func (cred *credential) NonrevApplyUpdates(messages []*irma.RevocationRecord, rs *irma.RevocationStorage) (bool, error) {
func (cred *credential) NonrevApplyUpdates(messages []*revocation.Record, rs *irma.RevocationStorage) (bool, error) {
var err error
var pk *revocation.PublicKey
oldindex := cred.NonRevocationWitness.Index
......
......@@ -13,6 +13,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago/internal/fs"
)
......@@ -32,10 +33,10 @@ type BaseRequest struct {
Revocation []CredentialTypeIdentifier `json:"revocation,omitempty"`
// Set by the IRMA server during the session
Context *big.Int `json:"context,omitempty"`
Nonce *big.Int `json:"nonce,omitempty"`
ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`
RevocationUpdates map[CredentialTypeIdentifier][]*RevocationRecord `json:"revocationUpdates,omitempty"`
Context *big.Int `json:"context,omitempty"`
Nonce *big.Int `json:"nonce,omitempty"`
ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`
RevocationUpdates map[CredentialTypeIdentifier][]*revocation.Record `json:"revocationUpdates,omitempty"`
ids *IrmaIdentifierSet // cache for Identifiers() method
......
......@@ -16,13 +16,13 @@ import (
type (
// DB is a bolthold database storing revocation state for a particular accumulator
// (RevocationRecord instances, and IssuanceRecord instances if used by an issuer).
// (Record instances, and IssuanceRecord instances if used by an issuer).
DB struct {
Current revocation.Accumulator
Updated time.Time
onChange []func(*RevocationRecord)
onChange []func(*revocation.Record)
bolt *bolthold.Store
keystore keystore
keystore revocation.Keystore
}
RevocationStorage struct {
......@@ -30,16 +30,6 @@ type (
conf *Configuration
}
// RevocationRecord contains a signed AccumulatorUpdate and associated information and is ued
// by clients, issuers and verifiers to update their revocation state, so that they can create
// and verify nonrevocation proofs and witnesses.
RevocationRecord struct {
StartIndex uint64
EndIndex uint64
PublicKeyIndex uint
Message signed.Message // signed revocation.AccumulatorUpdate
}
TimeRecord struct {
Index uint64
Start, End int64
......@@ -57,9 +47,6 @@ type (
currentRecord struct {
Index uint64
}
// keystore provides support for revocation public key rollover.
keystore func(counter uint) (*revocation.PublicKey, error)
)
const boltCurrentIndexKey = "currentIndex"
......@@ -98,15 +85,15 @@ func (rdb *DB) Revoke(sk *revocation.PrivateKey, key []byte) error {
// Get returns all records that a client requires to update its revocation state if it is currently
// at the specified index, that is, all records whose end index is greater than or equal to
// the specified index.
func (rdb *DB) RevocationRecords(index int) ([]*RevocationRecord, error) {
var records []*RevocationRecord
func (rdb *DB) RevocationRecords(index int) ([]*revocation.Record, error) {
var records []*revocation.Record
if err := rdb.bolt.Find(&records, bolthold.Where(bolthold.Key).Ge(uint64(index))); err != nil {
return nil, err
}
return records, nil
}
func (rdb *DB) LatestRecords(count int) ([]*RevocationRecord, error) {
func (rdb *DB) LatestRecords(count int) ([]*revocation.Record, error) {
c := int(rdb.Current.Index) - count + 1
if c < 0 {
c = 0
......@@ -138,7 +125,7 @@ func (rdb *DB) IssuanceRecord(key []byte) (*IssuanceRecord, error) {
return r, nil
}
func (rdb *DB) AddRecords(records []*RevocationRecord) error {
func (rdb *DB) AddRecords(records []*revocation.Record) error {
var err error
for _, r := range records {
if err = rdb.Add(r.Message, r.PublicKeyIndex); err != nil {
......@@ -169,7 +156,7 @@ func (rdb *DB) Add(updateMsg signed.Message, counter uint) error {
func (rdb *DB) add(update revocation.AccumulatorUpdate, updateMsg signed.Message, pkCounter uint, tx *bolt.Tx) error {
var err error
record := &RevocationRecord{
record := &revocation.Record{
StartIndex: update.StartIndex,
EndIndex: update.Accumulator.Index,
PublicKeyIndex: pkCounter,
......@@ -221,7 +208,7 @@ func (rdb *DB) loadCurrent() error {
return err
}
var record RevocationRecord
var record revocation.Record
if err := rdb.bolt.Get(currentIndex.Index, &record); err != nil {
return err
}
......@@ -274,26 +261,10 @@ func (rdb *DB) Close() error {
return nil
}
func (rdb *DB) OnChange(handler func(*RevocationRecord)) {
func (rdb *DB) OnChange(handler func(*revocation.Record)) {
rdb.onChange = append(rdb.onChange, handler)
}
func (r *RevocationRecord) UnmarshalVerify(keystore keystore) (*revocation.AccumulatorUpdate, error) {
pk, err := keystore(r.PublicKeyIndex)
if err != nil {
return nil, err
}
msg := &revocation.AccumulatorUpdate{}
if err := signed.UnmarshalVerify(pk.ECDSA, r.Message, msg); err != nil {
return nil, err
}
if (r.StartIndex != msg.StartIndex) ||
(r.EndIndex > 0 && r.EndIndex != msg.StartIndex+uint64(len(msg.Revoked))-1) {
return nil, errors.New("record has invalid start or end index")
}
return msg, nil
}
func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error) {
path := filepath.Join(rs.conf.RevocationPath, credid.String())
keystore := rs.keystore(credid.IssuerIdentifier())
......@@ -331,8 +302,8 @@ func (rs *RevocationStorage) PublicKey(issid IssuerIdentifier, counter uint) (*r
return revpk, nil
}
func (rs *RevocationStorage) GetUpdates(credid CredentialTypeIdentifier, index uint64) ([]*RevocationRecord, error) {
var records []*RevocationRecord
func (rs *RevocationStorage) GetUpdates(credid CredentialTypeIdentifier, index uint64) ([]*revocation.Record, error) {
var records []*revocation.Record
err := NewHTTPTransport(rs.conf.CredentialTypes[credid].RevocationServer).
Get(fmt.Sprintf("-/revocation/records/%s/%d", credid, index), &records)
if err != nil {
......@@ -355,7 +326,7 @@ func (rs *RevocationStorage) SetRecords(b *BaseRequest) error {
if len(b.Revocation) == 0 {
return nil
}
b.RevocationUpdates = make(map[CredentialTypeIdentifier][]*RevocationRecord, len(b.Revocation))
b.RevocationUpdates = make(map[CredentialTypeIdentifier][]*revocation.Record, len(b.Revocation))
for _, credid := range b.Revocation {
db, err := rs.DB(credid)
if err != nil {
......@@ -476,7 +447,7 @@ func (rs *RevocationStorage) Close() error {
return merr.ErrorOrNil()
}
func (rs *RevocationStorage) keystore(issuerid IssuerIdentifier) keystore {
func (rs *RevocationStorage) keystore(issuerid IssuerIdentifier) revocation.Keystore {
return func(counter uint) (*revocation.PublicKey, error) {
return rs.PublicKey(issuerid, counter)
}
......
......@@ -8,6 +8,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
irma "github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/fs"
"github.com/sirupsen/logrus"
......@@ -218,11 +219,11 @@ func (conf *Configuration) verifyRevocation() error {
return LogError(err)
}
db.OnChange(func(record *irma.RevocationRecord) {
db.OnChange(func(record *revocation.Record) {
transport := irma.NewHTTPTransport("")
o := struct{}{}
for _, url := range settings.PostURLs {
if err := transport.Post(url+"/-/revocation/records", &o, &[]*irma.RevocationRecord{record}); err != nil {
if err := transport.Post(url+"/-/revocation/records", &o, &[]*revocation.Record{record}); err != nil {
conf.Logger.Warn("error sending revocation update", err)
}
}
......
......@@ -8,6 +8,7 @@ import (
"github.com/go-errors/errors"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/big"
"github.com/privacybydesign/gabi/revocation"
)
// ProofStatus is the status of the complete proof
......@@ -109,7 +110,7 @@ func (pl ProofList) VerifyProofs(
configuration *Configuration,
context *big.Int, nonce *big.Int,
publickeys []*gabi.PublicKey,
revRecords map[CredentialTypeIdentifier][]*RevocationRecord,
revRecords map[CredentialTypeIdentifier][]*revocation.Record,
isSig bool,
) (bool, error) {
// Empty proof lists are allowed (if consistent with the session request, which is checked elsewhere)
......@@ -293,7 +294,7 @@ func (d *Disclosure) VerifyAgainstRequest(
issig bool,
) ([][]*DisclosedAttribute, ProofStatus, error) {
var required AttributeConDisCon
var revRecords map[CredentialTypeIdentifier][]*RevocationRecord
var revRecords map[CredentialTypeIdentifier][]*revocation.Record
if request != nil {
revRecords = request.Base().RevocationUpdates
required = request.Disclosure().Disclose
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment