Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
8431fb78
Commit
8431fb78
authored
Oct 16, 2019
by
Sietse Ringers
Browse files
test: restructure revocation test for reusability
parent
b3f055a8
Changes
4
Hide whitespace changes
Inline
Side-by-side
internal/servercore/api.go
View file @
8431fb78
...
...
@@ -269,6 +269,7 @@ func (s *Server) handleClientMessage(
}()
// Route to handler
var
err
error
switch
len
(
noun
)
{
case
0
:
if
method
==
http
.
MethodDelete
{
...
...
@@ -284,11 +285,11 @@ func (s *Server) handleClientMessage(
h
:=
http
.
Header
(
headers
)
min
:=
&
irma
.
ProtocolVersion
{}
max
:=
&
irma
.
ProtocolVersion
{}
if
err
:
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MinVersionHeader
)),
min
);
err
!=
nil
{
if
err
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MinVersionHeader
)),
min
);
err
!=
nil
{
status
,
output
=
server
.
JsonResponse
(
nil
,
session
.
fail
(
server
.
ErrorMalformedInput
,
err
.
Error
()))
return
}
if
err
:
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MaxVersionHeader
)),
max
);
err
!=
nil
{
if
err
=
json
.
Unmarshal
([]
byte
(
h
.
Get
(
irma
.
MaxVersionHeader
)),
max
);
err
!=
nil
{
status
,
output
=
server
.
JsonResponse
(
nil
,
session
.
fail
(
server
.
ErrorMalformedInput
,
err
.
Error
()))
return
}
...
...
@@ -301,8 +302,8 @@ func (s *Server) handleClientMessage(
default
:
if
noun
==
"statusevents"
{
err
:=
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"server sent events not supported by this server"
)
status
,
output
=
server
.
JsonResponse
(
nil
,
err
)
r
err
:=
server
.
RemoteError
(
server
.
ErrorInvalidRequest
,
"server sent events not supported by this server"
)
status
,
output
=
server
.
JsonResponse
(
nil
,
r
err
)
return
}
...
...
internal/sessiontest/requestor_test.go
View file @
8431fb78
...
...
@@ -349,27 +349,34 @@ func revocationSession(t *testing.T, client *irmaclient.Client, options ...sessi
return
result
}
func
TestRevocation
(
t
*
testing
.
T
)
{
// setup client, constants, and revocation key material
defer
test
.
ClearTestStorage
(
t
)
client
,
_
:=
parseStorage
(
t
)
cred
:=
irma
.
NewCredentialTypeIdentifier
(
"irma-demo.MijnOverheid.root"
)
// revocationSetup sets up an irmaclient with a revocation-enabled credential, constants, and revocation key material.
func
revocationSetup
(
t
*
testing
.
T
)
*
irmaclient
.
Client
{
StartRevocationServer
(
t
)
// issue two MijnOverheid.root instances with revocation enabled
request
:=
irma
.
NewIssuanceRequest
([]
*
irma
.
CredentialRequest
{{
RevocationKey
:
"cred0"
,
// once revocation is required for a credential type, this key is required
CredentialTypeID
:
cred
,
Attributes
:
map
[
string
]
string
{
"BSN"
:
"299792458"
,
},
}})
result
:=
requestorSessionHelper
(
t
,
request
,
client
)
// issue a MijnOverheid.root instance with revocation enabled
client
,
_
:=
parseStorage
(
t
)
result
:=
requestorSessionHelper
(
t
,
revocationIssuanceRequest
,
client
)
require
.
Nil
(
t
,
result
.
Err
)
// issue second one which overwrites the first one, as our credtype is a singleton
return
client
}
var
revocationIssuanceRequest
=
irma
.
NewIssuanceRequest
([]
*
irma
.
CredentialRequest
{{
RevocationKey
:
"cred0"
,
// once revocation is required for a credential type, this key is required
CredentialTypeID
:
irma
.
NewCredentialTypeIdentifier
(
"irma-demo.MijnOverheid.root"
),
Attributes
:
map
[
string
]
string
{
"BSN"
:
"299792458"
,
},
}})
func
TestRevocation
(
t
*
testing
.
T
)
{
defer
test
.
ClearTestStorage
(
t
)
client
:=
revocationSetup
(
t
)
// issue second credential which overwrites the first one, as our credtype is a singleton
// this is ok, as we use cred0 only to revoke it, to see if cred1 keeps working
request
.
Credentials
[
0
]
.
RevocationKey
=
"cred1"
result
=
requestorSessionHelper
(
t
,
request
,
client
)
re
vocationIssuanceRe
quest
.
Credentials
[
0
]
.
RevocationKey
=
"cred1"
result
:
=
requestorSessionHelper
(
t
,
re
vocationIssuanceRe
quest
,
client
)
require
.
Nil
(
t
,
result
.
Err
)
// perform disclosure session (of cred1) with nonrevocation proof
...
...
@@ -377,11 +384,8 @@ func TestRevocation(t *testing.T) {
require
.
Equal
(
t
,
irma
.
ProofStatusValid
,
result
.
ProofStatus
)
require
.
NotEmpty
(
t
,
result
.
Disclosed
)
req
:=
revocationRequest
()
require
.
NoError
(
t
,
client
.
Configuration
.
RevocationStorage
.
SetRecords
(
req
.
Base
()))
require
.
NoError
(
t
,
client
.
NonrevPreprare
(
req
))
// revoke cred0
cred
:=
revocationIssuanceRequest
.
Credentials
[
0
]
.
CredentialTypeID
require
.
NoError
(
t
,
revocationServer
.
Revoke
(
cred
,
"cred0"
))
// perform another disclosure session with nonrevocation proof to see that cred1 still works
...
...
revocation.go
View file @
8431fb78
...
...
@@ -73,6 +73,7 @@ func (rdb *DB) EnableRevocation(sk *revocation.PrivateKey) error {
return
err
}
rdb
.
Current
=
*
acc
rdb
.
Updated
=
time
.
Now
()
return
nil
}
...
...
@@ -304,6 +305,7 @@ func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error
db
:=
&
DB
{
bolt
:
b
,
keystore
:
keystore
,
Updated
:
time
.
Unix
(
0
,
0
),
}
if
db
.
Enabled
()
{
if
err
=
db
.
loadCurrent
();
err
!=
nil
{
...
...
verify.go
View file @
8431fb78
...
...
@@ -69,6 +69,41 @@ func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.Pub
return
publicKeys
,
nil
}
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func
(
pl
ProofList
)
Expired
(
configuration
*
Configuration
,
t
*
time
.
Time
)
bool
{
if
t
==
nil
{
temp
:=
time
.
Now
()
t
=
&
temp
}
for
_
,
proof
:=
range
pl
{
proofd
,
ok
:=
proof
.
(
*
gabi
.
ProofD
)
if
!
ok
{
continue
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
configuration
)
// index 1 is metadata attribute
if
metadata
.
Expiry
()
.
Before
(
*
t
)
{
return
true
}
}
return
false
}
func
extractAttribute
(
pl
gabi
.
ProofList
,
index
*
DisclosedAttributeIndex
,
conf
*
Configuration
)
(
*
DisclosedAttribute
,
*
string
,
error
)
{
if
len
(
pl
)
<
index
.
CredentialIndex
{
return
nil
,
nil
,
errors
.
New
(
"Credential index out of range"
)
}
proofd
,
ok
:=
pl
[
index
.
CredentialIndex
]
.
(
*
gabi
.
ProofD
)
if
!
ok
{
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return
nil
,
nil
,
errors
.
New
(
"ProofList contained proof of invalid type"
)
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
conf
)
// index 1 is metadata attribute
return
parseAttribute
(
index
.
AttributeIndex
,
metadata
,
proofd
.
ADisclosed
[
index
.
AttributeIndex
])
}
// VerifyProofs verifies the proofs cryptographically.
func
(
pl
ProofList
)
VerifyProofs
(
configuration
*
Configuration
,
...
...
@@ -158,41 +193,6 @@ func (pl ProofList) VerifyProofs(
return
true
,
nil
}
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func
(
pl
ProofList
)
Expired
(
configuration
*
Configuration
,
t
*
time
.
Time
)
bool
{
if
t
==
nil
{
temp
:=
time
.
Now
()
t
=
&
temp
}
for
_
,
proof
:=
range
pl
{
proofd
,
ok
:=
proof
.
(
*
gabi
.
ProofD
)
if
!
ok
{
continue
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
configuration
)
// index 1 is metadata attribute
if
metadata
.
Expiry
()
.
Before
(
*
t
)
{
return
true
}
}
return
false
}
func
extractAttribute
(
pl
gabi
.
ProofList
,
index
*
DisclosedAttributeIndex
,
conf
*
Configuration
)
(
*
DisclosedAttribute
,
*
string
,
error
)
{
if
len
(
pl
)
<
index
.
CredentialIndex
{
return
nil
,
nil
,
errors
.
New
(
"Credential index out of range"
)
}
proofd
,
ok
:=
pl
[
index
.
CredentialIndex
]
.
(
*
gabi
.
ProofD
)
if
!
ok
{
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return
nil
,
nil
,
errors
.
New
(
"ProofList contained proof of invalid type"
)
}
metadata
:=
MetadataFromInt
(
proofd
.
ADisclosed
[
1
],
conf
)
// index 1 is metadata attribute
return
parseAttribute
(
index
.
AttributeIndex
,
metadata
,
proofd
.
ADisclosed
[
index
.
AttributeIndex
])
}
func
(
d
*
Disclosure
)
extraIndices
(
condiscon
AttributeConDisCon
)
[]
*
DisclosedAttributeIndex
{
disclosed
:=
make
([]
map
[
int
]
struct
{},
len
(
d
.
Proofs
))
for
i
,
proof
:=
range
d
.
Proofs
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment