Commit 8431fb78 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

test: restructure revocation test for reusability

parent b3f055a8
......@@ -269,6 +269,7 @@ func (s *Server) handleClientMessage(
}()
// Route to handler
var err error
switch len(noun) {
case 0:
if method == http.MethodDelete {
......@@ -284,11 +285,11 @@ func (s *Server) handleClientMessage(
h := http.Header(headers)
min := &irma.ProtocolVersion{}
max := &irma.ProtocolVersion{}
if err := json.Unmarshal([]byte(h.Get(irma.MinVersionHeader)), min); err != nil {
if err = json.Unmarshal([]byte(h.Get(irma.MinVersionHeader)), min); err != nil {
status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
return
}
if err := json.Unmarshal([]byte(h.Get(irma.MaxVersionHeader)), max); err != nil {
if err = json.Unmarshal([]byte(h.Get(irma.MaxVersionHeader)), max); err != nil {
status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
return
}
......@@ -301,8 +302,8 @@ func (s *Server) handleClientMessage(
default:
if noun == "statusevents" {
err := server.RemoteError(server.ErrorInvalidRequest, "server sent events not supported by this server")
status, output = server.JsonResponse(nil, err)
rerr := server.RemoteError(server.ErrorInvalidRequest, "server sent events not supported by this server")
status, output = server.JsonResponse(nil, rerr)
return
}
......
......@@ -349,27 +349,34 @@ func revocationSession(t *testing.T, client *irmaclient.Client, options ...sessi
return result
}
func TestRevocation(t *testing.T) {
// setup client, constants, and revocation key material
defer test.ClearTestStorage(t)
client, _ := parseStorage(t)
cred := irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root")
// revocationSetup sets up an irmaclient with a revocation-enabled credential, constants, and revocation key material.
func revocationSetup(t *testing.T) *irmaclient.Client {
StartRevocationServer(t)
// issue two MijnOverheid.root instances with revocation enabled
request := irma.NewIssuanceRequest([]*irma.CredentialRequest{{
RevocationKey: "cred0", // once revocation is required for a credential type, this key is required
CredentialTypeID: cred,
Attributes: map[string]string{
"BSN": "299792458",
},
}})
result := requestorSessionHelper(t, request, client)
// issue a MijnOverheid.root instance with revocation enabled
client, _ := parseStorage(t)
result := requestorSessionHelper(t, revocationIssuanceRequest, client)
require.Nil(t, result.Err)
// issue second one which overwrites the first one, as our credtype is a singleton
return client
}
var revocationIssuanceRequest = irma.NewIssuanceRequest([]*irma.CredentialRequest{{
RevocationKey: "cred0", // once revocation is required for a credential type, this key is required
CredentialTypeID: irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root"),
Attributes: map[string]string{
"BSN": "299792458",
},
}})
func TestRevocation(t *testing.T) {
defer test.ClearTestStorage(t)
client := revocationSetup(t)
// issue second credential which overwrites the first one, as our credtype is a singleton
// this is ok, as we use cred0 only to revoke it, to see if cred1 keeps working
request.Credentials[0].RevocationKey = "cred1"
result = requestorSessionHelper(t, request, client)
revocationIssuanceRequest.Credentials[0].RevocationKey = "cred1"
result := requestorSessionHelper(t, revocationIssuanceRequest, client)
require.Nil(t, result.Err)
// perform disclosure session (of cred1) with nonrevocation proof
......@@ -377,11 +384,8 @@ func TestRevocation(t *testing.T) {
require.Equal(t, irma.ProofStatusValid, result.ProofStatus)
require.NotEmpty(t, result.Disclosed)
req := revocationRequest()
require.NoError(t, client.Configuration.RevocationStorage.SetRecords(req.Base()))
require.NoError(t, client.NonrevPreprare(req))
// revoke cred0
cred := revocationIssuanceRequest.Credentials[0].CredentialTypeID
require.NoError(t, revocationServer.Revoke(cred, "cred0"))
// perform another disclosure session with nonrevocation proof to see that cred1 still works
......
......@@ -73,6 +73,7 @@ func (rdb *DB) EnableRevocation(sk *revocation.PrivateKey) error {
return err
}
rdb.Current = *acc
rdb.Updated = time.Now()
return nil
}
......@@ -304,6 +305,7 @@ func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error
db := &DB{
bolt: b,
keystore: keystore,
Updated: time.Unix(0, 0),
}
if db.Enabled() {
if err = db.loadCurrent(); err != nil {
......
......@@ -69,6 +69,41 @@ func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.Pub
return publicKeys, nil
}
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool {
if t == nil {
temp := time.Now()
t = &temp
}
for _, proof := range pl {
proofd, ok := proof.(*gabi.ProofD)
if !ok {
continue
}
metadata := MetadataFromInt(proofd.ADisclosed[1], configuration) // index 1 is metadata attribute
if metadata.Expiry().Before(*t) {
return true
}
}
return false
}
func extractAttribute(pl gabi.ProofList, index *DisclosedAttributeIndex, conf *Configuration) (*DisclosedAttribute, *string, error) {
if len(pl) < index.CredentialIndex {
return nil, nil, errors.New("Credential index out of range")
}
proofd, ok := pl[index.CredentialIndex].(*gabi.ProofD)
if !ok {
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return nil, nil, errors.New("ProofList contained proof of invalid type")
}
metadata := MetadataFromInt(proofd.ADisclosed[1], conf) // index 1 is metadata attribute
return parseAttribute(index.AttributeIndex, metadata, proofd.ADisclosed[index.AttributeIndex])
}
// VerifyProofs verifies the proofs cryptographically.
func (pl ProofList) VerifyProofs(
configuration *Configuration,
......@@ -158,41 +193,6 @@ func (pl ProofList) VerifyProofs(
return true, nil
}
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool {
if t == nil {
temp := time.Now()
t = &temp
}
for _, proof := range pl {
proofd, ok := proof.(*gabi.ProofD)
if !ok {
continue
}
metadata := MetadataFromInt(proofd.ADisclosed[1], configuration) // index 1 is metadata attribute
if metadata.Expiry().Before(*t) {
return true
}
}
return false
}
func extractAttribute(pl gabi.ProofList, index *DisclosedAttributeIndex, conf *Configuration) (*DisclosedAttribute, *string, error) {
if len(pl) < index.CredentialIndex {
return nil, nil, errors.New("Credential index out of range")
}
proofd, ok := pl[index.CredentialIndex].(*gabi.ProofD)
if !ok {
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return nil, nil, errors.New("ProofList contained proof of invalid type")
}
metadata := MetadataFromInt(proofd.ADisclosed[1], conf) // index 1 is metadata attribute
return parseAttribute(index.AttributeIndex, metadata, proofd.ADisclosed[index.AttributeIndex])
}
func (d *Disclosure) extraIndices(condiscon AttributeConDisCon) []*DisclosedAttributeIndex {
disclosed := make([]map[int]struct{}, len(d.Proofs))
for i, proof := range d.Proofs {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment