Commit 917716d1 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Fix incorrect default validity of new credentials

When the identity provider does not provide a validity of the credentials, the Java implementation takes now + 6 months while we took now + 52/2 weeks, which is not always the same. This commit takes the approach of the Java implementation.
parent a28292a2
......@@ -14,10 +14,8 @@ import (
const (
// ExpiryFactor is the precision for the expiry attribute. Value is one week.
ExpiryFactor = 60 * 60 * 24 * 7
// ValidityDefault is the default validity of new credentials (half a year).
ValidityDefault = 52 / 2
metadataLength = 1 + 3 + 2 + 2 + 16
ExpiryFactor = 60 * 60 * 24 * 7
metadataLength = 1 + 3 + 2 + 2 + 16
)
var (
......@@ -131,7 +129,7 @@ func NewMetadataAttribute() *MetadataAttribute {
val.setField(versionField, metadataVersion)
val.setSigningDate()
val.setKeyCounter(0)
val.setValidityDuration(ValidityDefault)
val.setDefaultValidityDuration()
return &val
}
......@@ -192,12 +190,17 @@ func (attr *MetadataAttribute) setValidityDuration(weeks int) {
attr.setField(validityField, shortToByte(weeks))
}
func (attr *MetadataAttribute) setDefaultValidityDuration() {
attr.setExpiryDate(nil)
}
func (attr *MetadataAttribute) setExpiryDate(timestamp *Timestamp) error {
var expiry int64
if timestamp == nil {
attr.setValidityDuration(ValidityDefault)
return nil
expiry = attr.SigningDate().AddDate(0, 6, 0).Unix()
} else {
expiry = time.Time(*timestamp).Unix()
}
expiry := time.Time(*timestamp).Unix()
signing := attr.SigningDate().Unix()
attr.setValidityDuration(int((expiry - signing) / ExpiryFactor))
return nil
......
......@@ -7,6 +7,7 @@ import (
"encoding/json"
"fmt"
"testing"
"time"
"github.com/go-errors/errors"
"github.com/privacybydesign/irmago"
......@@ -94,15 +95,20 @@ func getSigningJwt(name string, id irma.AttributeTypeIdentifier) interface{} {
})
}
func getIssuanceRequest() *irma.IssuanceRequest {
expiry := irma.Timestamp(irma.NewMetadataAttribute().Expiry())
func getIssuanceRequest(defaultValidity bool) *irma.IssuanceRequest {
temp := irma.Timestamp(time.Now().AddDate(1, 0, 0))
var expiry *irma.Timestamp
credid1 := irma.NewCredentialTypeIdentifier("irma-demo.RU.studentCard")
credid2 := irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root")
if !defaultValidity {
expiry = &temp
}
return &irma.IssuanceRequest{
Credentials: []*irma.CredentialRequest{
{
Validity: &expiry,
Validity: expiry,
CredentialTypeID: &credid1,
Attributes: map[string]string{
"university": "Radboud",
......@@ -111,7 +117,7 @@ func getIssuanceRequest() *irma.IssuanceRequest {
"level": "42",
},
}, {
Validity: &expiry,
Validity: expiry,
CredentialTypeID: &credid2,
Attributes: map[string]string{
"BSN": "299792458",
......@@ -121,12 +127,12 @@ func getIssuanceRequest() *irma.IssuanceRequest {
}
}
func getIssuanceJwt(name string) interface{} {
return irma.NewIdentityProviderJwt(name, getIssuanceRequest())
func getIssuanceJwt(name string, defaultValidity bool) interface{} {
return irma.NewIdentityProviderJwt(name, getIssuanceRequest(defaultValidity))
}
func getCombinedJwt(name string, id irma.AttributeTypeIdentifier) interface{} {
isreq := getIssuanceRequest()
isreq := getIssuanceRequest(false)
isreq.Disclose = irma.AttributeDisjunctionList{
&irma.AttributeDisjunction{Label: "foo", Attributes: []irma.AttributeTypeIdentifier{id}},
}
......@@ -169,11 +175,17 @@ func TestIssuanceSession(t *testing.T) {
sessionHelper(t, jwtcontents, "issue", nil)
}
func TestDefaultCredentialValidity(t *testing.T) {
client := parseStorage(t)
jwtcontents := getIssuanceJwt("testip", true)
sessionHelper(t, jwtcontents, "issue", client)
}
func TestLargeAttribute(t *testing.T) {
client := parseStorage(t)
require.NoError(t, client.RemoveAllCredentials())
jwtcontents := getIssuanceJwt("testip")
jwtcontents := getIssuanceJwt("testip", false)
sessionHelper(t, jwtcontents, "issue", client)
cred, err := client.credential(irma.NewCredentialTypeIdentifier("irma-demo.RU.studentCard"), 0)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment