Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
I
irmago
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
IRMA
Github mirrors
irmago
Commits
8431fb78
Commit
8431fb78
authored
Oct 16, 2019
by
Sietse Ringers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
test: restructure revocation test for reusability
parent
b3f055a8
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
67 additions
and
60 deletions
+67
-60
internal/servercore/api.go
internal/servercore/api.go
+5
-4
internal/sessiontest/requestor_test.go
internal/sessiontest/requestor_test.go
+25
-21
revocation.go
revocation.go
+2
-0
verify.go
verify.go
+35
-35
No files found.
internal/servercore/api.go
View file @
8431fb78
...
...
@@ -269,6 +269,7 @@ func (s *Server) handleClientMessage(
}()
// Route to handler
var
err
error
switch
len
(
noun
)
{
case
0
:
if
method
==
http
.
MethodDelete
{
...
...
@@ -284,11 +285,11 @@ func (s *Server) handleClientMessage(
h
:=
http
.
Header
(
headers
)
min
:=
&
irma
.
ProtocolVersion
{}
max
:=
&
irma
.
ProtocolVersion
{}
if
err
:
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MinVersionHeader
)),
min
);
err
!=
nil
{
if
err
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MinVersionHeader
)),
min
);
err
!=
nil
{
status
,
output
=
server
.
JsonResponse
(
nil
,
session
.
fail
(
server
.
ErrorMalformedInput
,
err
.
Error
()))
return
}
if
err
:
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MaxVersionHeader
)),
max
);
err
!=
nil
{
if
err
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MaxVersionHeader
)),
max
);
err
!=
nil
{
status
,
output
=
server
.
JsonResponse
(
nil
,
session
.
fail
(
server
.
ErrorMalformedInput
,
err
.
Error
()))
return
}
...
...
@@ -301,8 +302,8 @@ func (s *Server) handleClientMessage(
default
:
if
noun
==
"statusevents"
{
err
:=
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"server sent events not supported by this server"
)
status
,
output
=
server
.
JsonResponse
(
nil
,
err
)
r
err
:=
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"server sent events not supported by this server"
)
status
,
output
=
server
.
JsonResponse
(
nil
,
r
err
)
return
}
...
...
internal/sessiontest/requestor_test.go
View file @
8431fb78
...
...
@@ -349,27 +349,34 @@ func revocationSession(t *testing.T, client *irmaclient.Client, options ...sessi
return
result
}
func
TestRevocation
(
t
*
testing
.
T
)
{
// setup client, constants, and revocation key material
defer
test
.
ClearTestStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
cred
:=
irma
.
NewCredentialTypeIdentifier
(
"irma-demo.MijnOverheid.root"
)
// revocationSetup sets up an irmaclient with a revocation-enabled credential, constants, and revocation key material.
func
revocationSetup
(
t
*
testing
.
T
)
*
irmaclient
.
Client
{
StartRevocationServer
(
t
)
// issue two MijnOverheid.root instances with revocation enabled
request
:=
irma
.
NewIssuanceRequest
([]
*
irma
.
CredentialRequest
{{
RevocationKey
:
"cred0"
,
// once revocation is required for a credential type, this key is required
CredentialTypeID
:
cred
,
Attributes
:
map
[
string
]
string
{
"BSN"
:
"299792458"
,
},
}})
result
:=
requestorSessionHelper
(
t
,
request
,
client
)
// issue a MijnOverheid.root instance with revocation enabled
client
,
_
:=
parseStorage
(
t
)
result
:=
requestorSessionHelper
(
t
,
revocationIssuanceRequest
,
client
)
require
.
Nil
(
t
,
result
.
Err
)
// issue second one which overwrites the first one, as our credtype is a singleton
return
client
}
var
revocationIssuanceRequest
=
irma
.
NewIssuanceRequest
([]
*
irma
.
CredentialRequest
{{
RevocationKey
:
"cred0"
,
// once revocation is required for a credential type, this key is required
CredentialTypeID
:
irma
.
NewCredentialTypeIdentifier
(
"irma-demo.MijnOverheid.root"
),
Attributes
:
map
[
string
]
string
{
"BSN"
:
"299792458"
,
},
}})
func
TestRevocation
(
t
*
testing
.
T
)
{
defer
test
.
ClearTestStorage
(
t
)
client
:=
revocationSetup
(
t
)
// issue second credential which overwrites the first one, as our credtype is a singleton
// this is ok, as we use cred0 only to revoke it, to see if cred1 keeps working
request
.
Credentials
[
0
]
.
RevocationKey
=
"cred1"
result
=
requestorSessionHelper
(
t
,
r
equest
,
client
)
re
vocationIssuanceRe
quest
.
Credentials
[
0
]
.
RevocationKey
=
"cred1"
result
:=
requestorSessionHelper
(
t
,
revocationIssuanceR
equest
,
client
)
require
.
Nil
(
t
,
result
.
Err
)
// perform disclosure session (of cred1) with nonrevocation proof
...
...
@@ -377,11 +384,8 @@ func TestRevocation(t *testing.T) {
require
.
Equal
(
t
,
irma
.
ProofStatusValid
,
result
.
ProofStatus
)
require
.
NotEmpty
(
t
,
result
.
Disclosed
)
req
:=
revocationRequest
()
require
.
NoError
(
t
,
client
.
Configuration
.
RevocationStorage
.
SetRecords
(
req
.
Base
()))
require
.
NoError
(
t
,
client
.
NonrevPreprare
(
req
))
// revoke cred0
cred
:=
revocationIssuanceRequest
.
Credentials
[
0
]
.
CredentialTypeID
require
.
NoError
(
t
,
revocationServer
.
Revoke
(
cred
,
"cred0"
))
// perform another disclosure session with nonrevocation proof to see that cred1 still works
...
...
revocation.go
View file @
8431fb78
...
...
@@ -73,6 +73,7 @@ func (rdb *DB) EnableRevocation(sk *revocation.PrivateKey) error {
return
err
}
rdb
.
Current
=
*
acc
rdb
.
Updated
=
time
.
Now
()
return
nil
}
...
...
@@ -304,6 +305,7 @@ func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error
db
:=
&
DB
{
bolt
:
b
,
keystore
:
keystore
,
Updated
:
time
.
Unix
(
0
,
0
),
}
if
db
.
Enabled
()
{
if
err
=
db
.
loadCurrent
();
err
!=
nil
{
...
...
verify.go
View file @
8431fb78
...
...
@@ -69,6 +69,41 @@ func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.Pub
return
publicKeys
,
nil
}
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func
(
pl
ProofList
)
Expired
(
configuration
*
Configuration
,
t
*
time
.
Time
)
bool
{
if
t
==
nil
{
temp
:=
time
.
Now
()
t
=
&
temp
}
for
_
,
proof
:=
range
pl
{
proofd
,
ok
:=
proof
.
(
*
gabi
.
ProofD
)
if
!
ok
{
continue
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
configuration
)
// index 1 is metadata attribute
if
metadata
.
Expiry
()
.
Before
(
*
t
)
{
return
true
}
}
return
false
}
func
extractAttribute
(
pl
gabi
.
ProofList
,
index
*
DisclosedAttributeIndex
,
conf
*
Configuration
)
(
*
DisclosedAttribute
,
*
string
,
error
)
{
if
len
(
pl
)
<
index
.
CredentialIndex
{
return
nil
,
nil
,
errors
.
New
(
"Credential index out of range"
)
}
proofd
,
ok
:=
pl
[
index
.
CredentialIndex
]
.
(
*
gabi
.
ProofD
)
if
!
ok
{
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return
nil
,
nil
,
errors
.
New
(
"ProofList contained proof of invalid type"
)
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
conf
)
// index 1 is metadata attribute
return
parseAttribute
(
index
.
AttributeIndex
,
metadata
,
proofd
.
ADisclosed
[
index
.
AttributeIndex
])
}
// VerifyProofs verifies the proofs cryptographically.
func
(
pl
ProofList
)
VerifyProofs
(
configuration
*
Configuration
,
...
...
@@ -158,41 +193,6 @@ func (pl ProofList) VerifyProofs(
return
true
,
nil
}
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func
(
pl
ProofList
)
Expired
(
configuration
*
Configuration
,
t
*
time
.
Time
)
bool
{
if
t
==
nil
{
temp
:=
time
.
Now
()
t
=
&
temp
}
for
_
,
proof
:=
range
pl
{
proofd
,
ok
:=
proof
.
(
*
gabi
.
ProofD
)
if
!
ok
{
continue
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
configuration
)
// index 1 is metadata attribute
if
metadata
.
Expiry
()
.
Before
(
*
t
)
{
return
true
}
}
return
false
}
func
extractAttribute
(
pl
gabi
.
ProofList
,
index
*
DisclosedAttributeIndex
,
conf
*
Configuration
)
(
*
DisclosedAttribute
,
*
string
,
error
)
{
if
len
(
pl
)
<
index
.
CredentialIndex
{
return
nil
,
nil
,
errors
.
New
(
"Credential index out of range"
)
}
proofd
,
ok
:=
pl
[
index
.
CredentialIndex
]
.
(
*
gabi
.
ProofD
)
if
!
ok
{
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return
nil
,
nil
,
errors
.
New
(
"ProofList contained proof of invalid type"
)
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
conf
)
// index 1 is metadata attribute
return
parseAttribute
(
index
.
AttributeIndex
,
metadata
,
proofd
.
ADisclosed
[
index
.
AttributeIndex
])
}
func
(
d
*
Disclosure
)
extraIndices
(
condiscon
AttributeConDisCon
)
[]
*
DisclosedAttributeIndex
{
disclosed
:=
make
([]
map
[
int
]
struct
{},
len
(
d
.
Proofs
))
for
i
,
proof
:=
range
d
.
Proofs
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment