Commit 81b7f1ee authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: revocation witness now infers its accumulator from its revocation record

parent 27d26f67
......@@ -114,8 +114,6 @@ func (session *session) issuanceHandleRevocation(
}
witness.Record = &r.Record // attach previously selected reocation record to the witness for the client
witness.Nu = nil // don't send to irmaclient, it will reconstruct it from witness.Record
witness.Index = 0 // same
nonrevAttr = witness.E
issrecord := &irma.IssuanceRecord{
CredType: id,
......
......@@ -65,13 +65,13 @@ func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.Ses
if err != nil {
return updated, err
}
if cred.NonRevocationWitness.Index >= revupdates[len(revupdates)-1].EndIndex {
if cred.NonRevocationWitness.Accumulator.Index >= revupdates[len(revupdates)-1].EndIndex {
return updated, nil
}
// nonrevocation witness is still out of date after applying the updates from the request:
// we were too far behind. Update from revocation server.
revupdates, err = irma.RevocationClient{Conf: conf}.FetchRevocationRecords(credtype, cred.NonRevocationWitness.Index+1)
revupdates, err = irma.RevocationClient{Conf: conf}.FetchRevocationRecords(credtype, cred.NonRevocationWitness.Accumulator.Index+1)
if err != nil {
return updated, err
}
......@@ -81,7 +81,7 @@ func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.Ses
// NonrevApplyUpdates updates the credential's nonrevocation witness using the specified messages,
// if they all verify and if their indices are ahead and adjacent to that of our witness.
func (cred *credential) NonrevApplyUpdates(messages []*irma.RevocationRecord, keys irma.RevocationKeys) (bool, error) {
oldindex := cred.NonRevocationWitness.Index
oldindex := cred.NonRevocationWitness.Accumulator.Index
var err error
var pk *revocation.PublicKey
......@@ -97,5 +97,5 @@ func (cred *credential) NonrevApplyUpdates(messages []*irma.RevocationRecord, ke
}
}
return cred.NonRevocationWitness.Index != oldindex, nil
return cred.NonRevocationWitness.Accumulator.Index != oldindex, nil
}
......@@ -2,11 +2,13 @@ package irmaclient
import (
"encoding/json"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/fs"
"io/ioutil"
"path/filepath"
"github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/revocation"
irma "github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/fs"
)
// This file contains the legacy storage based on files. These functions are needed
......
......@@ -251,6 +251,18 @@ func (s *storage) LoadSignature(attrs *irma.AttributeList) (*gabi.CLSignature, *
} else if !found {
return nil, nil, errors.Errorf("Signature of credential with hash %s cannot be found", attrs.Hash())
}
if sig.Witness != nil {
pk, err := s.Configuration.RevocationStorage.Keys.PublicKey(
attrs.CredentialType().IssuerIdentifier(),
sig.Witness.Record.PublicKeyIndex,
)
if err != nil {
return nil, nil, err
}
if err = sig.Witness.Verify(pk); err != nil {
return nil, nil, err
}
}
return sig.CLSignature, sig.Witness, nil
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment