Commit 8431fb78 authored by Sietse Ringers's avatar Sietse Ringers

test: restructure revocation test for reusability

parent b3f055a8
...@@ -269,6 +269,7 @@ func (s *Server) handleClientMessage( ...@@ -269,6 +269,7 @@ func (s *Server) handleClientMessage(
}() }()
// Route to handler // Route to handler
var err error
switch len(noun) { switch len(noun) {
case 0: case 0:
if method == http.MethodDelete { if method == http.MethodDelete {
...@@ -284,11 +285,11 @@ func (s *Server) handleClientMessage( ...@@ -284,11 +285,11 @@ func (s *Server) handleClientMessage(
h := http.Header(headers) h := http.Header(headers)
min := &irma.ProtocolVersion{} min := &irma.ProtocolVersion{}
max := &irma.ProtocolVersion{} max := &irma.ProtocolVersion{}
if err := json.Unmarshal([]byte(h.Get(irma.MinVersionHeader)), min); err != nil { if err = json.Unmarshal([]byte(h.Get(irma.MinVersionHeader)), min); err != nil {
status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error())) status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
return return
} }
if err := json.Unmarshal([]byte(h.Get(irma.MaxVersionHeader)), max); err != nil { if err = json.Unmarshal([]byte(h.Get(irma.MaxVersionHeader)), max); err != nil {
status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error())) status, output = server.JsonResponse(nil, session.fail(server.ErrorMalformedInput, err.Error()))
return return
} }
...@@ -301,8 +302,8 @@ func (s *Server) handleClientMessage( ...@@ -301,8 +302,8 @@ func (s *Server) handleClientMessage(
default: default:
if noun == "statusevents" { if noun == "statusevents" {
err := server.RemoteError(server.ErrorInvalidRequest, "server sent events not supported by this server") rerr := server.RemoteError(server.ErrorInvalidRequest, "server sent events not supported by this server")
status, output = server.JsonResponse(nil, err) status, output = server.JsonResponse(nil, rerr)
return return
} }
......
...@@ -349,27 +349,34 @@ func revocationSession(t *testing.T, client *irmaclient.Client, options ...sessi ...@@ -349,27 +349,34 @@ func revocationSession(t *testing.T, client *irmaclient.Client, options ...sessi
return result return result
} }
func TestRevocation(t *testing.T) { // revocationSetup sets up an irmaclient with a revocation-enabled credential, constants, and revocation key material.
// setup client, constants, and revocation key material func revocationSetup(t *testing.T) *irmaclient.Client {
defer test.ClearTestStorage(t)
client, _ := parseStorage(t)
cred := irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root")
StartRevocationServer(t) StartRevocationServer(t)
// issue two MijnOverheid.root instances with revocation enabled // issue a MijnOverheid.root instance with revocation enabled
request := irma.NewIssuanceRequest([]*irma.CredentialRequest{{ client, _ := parseStorage(t)
RevocationKey: "cred0", // once revocation is required for a credential type, this key is required result := requestorSessionHelper(t, revocationIssuanceRequest, client)
CredentialTypeID: cred,
Attributes: map[string]string{
"BSN": "299792458",
},
}})
result := requestorSessionHelper(t, request, client)
require.Nil(t, result.Err) require.Nil(t, result.Err)
// issue second one which overwrites the first one, as our credtype is a singleton
return client
}
var revocationIssuanceRequest = irma.NewIssuanceRequest([]*irma.CredentialRequest{{
RevocationKey: "cred0", // once revocation is required for a credential type, this key is required
CredentialTypeID: irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root"),
Attributes: map[string]string{
"BSN": "299792458",
},
}})
func TestRevocation(t *testing.T) {
defer test.ClearTestStorage(t)
client := revocationSetup(t)
// issue second credential which overwrites the first one, as our credtype is a singleton
// this is ok, as we use cred0 only to revoke it, to see if cred1 keeps working // this is ok, as we use cred0 only to revoke it, to see if cred1 keeps working
request.Credentials[0].RevocationKey = "cred1" revocationIssuanceRequest.Credentials[0].RevocationKey = "cred1"
result = requestorSessionHelper(t, request, client) result := requestorSessionHelper(t, revocationIssuanceRequest, client)
require.Nil(t, result.Err) require.Nil(t, result.Err)
// perform disclosure session (of cred1) with nonrevocation proof // perform disclosure session (of cred1) with nonrevocation proof
...@@ -377,11 +384,8 @@ func TestRevocation(t *testing.T) { ...@@ -377,11 +384,8 @@ func TestRevocation(t *testing.T) {
require.Equal(t, irma.ProofStatusValid, result.ProofStatus) require.Equal(t, irma.ProofStatusValid, result.ProofStatus)
require.NotEmpty(t, result.Disclosed) require.NotEmpty(t, result.Disclosed)
req := revocationRequest()
require.NoError(t, client.Configuration.RevocationStorage.SetRecords(req.Base()))
require.NoError(t, client.NonrevPreprare(req))
// revoke cred0 // revoke cred0
cred := revocationIssuanceRequest.Credentials[0].CredentialTypeID
require.NoError(t, revocationServer.Revoke(cred, "cred0")) require.NoError(t, revocationServer.Revoke(cred, "cred0"))
// perform another disclosure session with nonrevocation proof to see that cred1 still works // perform another disclosure session with nonrevocation proof to see that cred1 still works
......
...@@ -73,6 +73,7 @@ func (rdb *DB) EnableRevocation(sk *revocation.PrivateKey) error { ...@@ -73,6 +73,7 @@ func (rdb *DB) EnableRevocation(sk *revocation.PrivateKey) error {
return err return err
} }
rdb.Current = *acc rdb.Current = *acc
rdb.Updated = time.Now()
return nil return nil
} }
...@@ -304,6 +305,7 @@ func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error ...@@ -304,6 +305,7 @@ func (rs *RevocationStorage) loadDB(credid CredentialTypeIdentifier) (*DB, error
db := &DB{ db := &DB{
bolt: b, bolt: b,
keystore: keystore, keystore: keystore,
Updated: time.Unix(0, 0),
} }
if db.Enabled() { if db.Enabled() {
if err = db.loadCurrent(); err != nil { if err = db.loadCurrent(); err != nil {
......
...@@ -69,6 +69,41 @@ func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.Pub ...@@ -69,6 +69,41 @@ func (pl ProofList) ExtractPublicKeys(configuration *Configuration) ([]*gabi.Pub
return publicKeys, nil return publicKeys, nil
} }
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool {
if t == nil {
temp := time.Now()
t = &temp
}
for _, proof := range pl {
proofd, ok := proof.(*gabi.ProofD)
if !ok {
continue
}
metadata := MetadataFromInt(proofd.ADisclosed[1], configuration) // index 1 is metadata attribute
if metadata.Expiry().Before(*t) {
return true
}
}
return false
}
func extractAttribute(pl gabi.ProofList, index *DisclosedAttributeIndex, conf *Configuration) (*DisclosedAttribute, *string, error) {
if len(pl) < index.CredentialIndex {
return nil, nil, errors.New("Credential index out of range")
}
proofd, ok := pl[index.CredentialIndex].(*gabi.ProofD)
if !ok {
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return nil, nil, errors.New("ProofList contained proof of invalid type")
}
metadata := MetadataFromInt(proofd.ADisclosed[1], conf) // index 1 is metadata attribute
return parseAttribute(index.AttributeIndex, metadata, proofd.ADisclosed[index.AttributeIndex])
}
// VerifyProofs verifies the proofs cryptographically. // VerifyProofs verifies the proofs cryptographically.
func (pl ProofList) VerifyProofs( func (pl ProofList) VerifyProofs(
configuration *Configuration, configuration *Configuration,
...@@ -158,41 +193,6 @@ func (pl ProofList) VerifyProofs( ...@@ -158,41 +193,6 @@ func (pl ProofList) VerifyProofs(
return true, nil return true, nil
} }
// Expired returns true if any of the contained disclosure proofs is specified at the specified time,
// or now, when the specified time is nil.
func (pl ProofList) Expired(configuration *Configuration, t *time.Time) bool {
if t == nil {
temp := time.Now()
t = &temp
}
for _, proof := range pl {
proofd, ok := proof.(*gabi.ProofD)
if !ok {
continue
}
metadata := MetadataFromInt(proofd.ADisclosed[1], configuration) // index 1 is metadata attribute
if metadata.Expiry().Before(*t) {
return true
}
}
return false
}
func extractAttribute(pl gabi.ProofList, index *DisclosedAttributeIndex, conf *Configuration) (*DisclosedAttribute, *string, error) {
if len(pl) < index.CredentialIndex {
return nil, nil, errors.New("Credential index out of range")
}
proofd, ok := pl[index.CredentialIndex].(*gabi.ProofD)
if !ok {
// If with the index the user told us to look for the required attribute at this specific location,
// and the proof here is not a disclosure proof, then reject
return nil, nil, errors.New("ProofList contained proof of invalid type")
}
metadata := MetadataFromInt(proofd.ADisclosed[1], conf) // index 1 is metadata attribute
return parseAttribute(index.AttributeIndex, metadata, proofd.ADisclosed[index.AttributeIndex])
}
func (d *Disclosure) extraIndices(condiscon AttributeConDisCon) []*DisclosedAttributeIndex { func (d *Disclosure) extraIndices(condiscon AttributeConDisCon) []*DisclosedAttributeIndex {
disclosed := make([]map[int]struct{}, len(d.Proofs)) disclosed := make([]map[int]struct{}, len(d.Proofs))
for i, proof := range d.Proofs { for i, proof := range d.Proofs {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment