Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
93b450d7
Commit
93b450d7
authored
Jan 13, 2019
by
Sietse Ringers
Browse files
Renaming configuration options
parent
c78cf2cd
Changes
5
Hide whitespace changes
Inline
Side-by-side
Gopkg.lock
View file @
93b450d7
...
...
@@ -324,12 +324,12 @@
source = "github.com/sietseringers/pflag"
[[projects]]
branch = "
fix-isset
"
digest = "1:
f94a7aac3422a2ab6d6c86fd7e75ebf772784b2467c872e2d2ba0ce060ebf2ec
"
branch = "
add-file-key-replacer
"
digest = "1:
27bd3e1223a9cb2b08955a6e9b279b9711c2fa3515d9b97bf03318b222fc1d52
"
name = "github.com/spf13/viper"
packages = ["."]
pruneopts = "UT"
revision = "
6c2a373fcd610e9ebefba8d50efb954706ec2f44
"
revision = "
554683669b21cf5dc84d6ee1a81de1f605a28ff8
"
source = "github.com/sietseringers/viper"
[[projects]]
...
...
Gopkg.toml
View file @
93b450d7
...
...
@@ -51,7 +51,7 @@
[[constraint]]
name
=
"github.com/spf13/viper"
source
=
"github.com/sietseringers/viper"
branch
=
"
fix-isset
"
branch
=
"
add-file-key-replacer
"
[[override]]
name
=
"github.com/spf13/pflag"
...
...
server/api.go
View file @
93b450d7
...
...
@@ -25,15 +25,15 @@ type Configuration struct {
// irma_configuration. If not given, this will be popupated using IrmaConfigurationPath.
IrmaConfiguration
*
irma
.
Configuration
`json:"-"`
// Path to schemes to parse (only used if IrmaConfiguration is not given)
IrmaConfigurationPath
string
`json:"
irmaconf
" mapstructure:"
irmaconf
"`
IrmaConfigurationPath
string
`json:"
schemes_path
" mapstructure:"
schemes_path
"`
// Path to writable dir to write cache to (only used if IrmaConfiguration is not given)
CachePath
string
`json:"cachepath" mapstructure:"cachepath"`
CachePath
string
`json:"cache
_
path" mapstructure:"cache
_
path"`
// Whether or not to download default IRMA schemes if the specified irma_configuration is empty
DownloadDefaultSchemes
bool
`json:"downloadschemes" mapstructure:"downloadschemes"`
DownloadDefaultSchemes
bool
`json:"download
_
schemes" mapstructure:"download
_
schemes"`
// Update all schemes every x minutes (0 to disable)
SchemeUpdateInterval
int
`json:"schemeupdate" mapstructure:"schemeupdate"`
SchemeUpdateInterval
int
`json:"scheme
s_
update" mapstructure:"scheme
s_
update"`
// Path to issuer private keys to parse
IssuerPrivateKeysPath
string
`json:"priv
ate
keys" mapstructure:"priv
ate
keys"`
IssuerPrivateKeysPath
string
`json:"privkeys" mapstructure:"privkeys"`
// Issuer private keys
IssuerPrivateKeys
map
[
irma
.
IssuerIdentifier
]
*
gabi
.
PrivateKey
`json:"-"`
// URL at which the IRMA app can reach this server during sessions
...
...
server/irmaserver/conf.go
View file @
93b450d7
...
...
@@ -24,41 +24,41 @@ type Configuration struct {
// Whether or not incoming session requests should be authenticated. If false, anyone
// can submit session requests. If true, the request is first authenticated against the
// server configuration before the server accepts it.
DisableRequestorAuthentication
bool
`json:"noauth" mapstructure:"noauth"`
DisableRequestorAuthentication
bool
`json:"no
_
auth" mapstructure:"no
_
auth"`
// Address to listen at
ListenAddress
string
`json:"listenaddr" mapstructure:"listenaddr"`
ListenAddress
string
`json:"listen
_
addr" mapstructure:"listen
_
addr"`
// Port to listen at
Port
int
`json:"port" mapstructure:"port"`
// TLS configuration
TlsCertificate
string
`json:"tlscert
ificate
" mapstructure:"tlscert
ificate
"`
TlsCertificateFile
string
`json:"tlscert
ificate
file" mapstructure:"tlscert
ificate
file"`
TlsPrivateKey
string
`json:"tlspriv
ate
key" mapstructure:"tlspriv
ate
key"`
TlsPrivateKeyFile
string
`json:"tlspriv
ate
keyfile" mapstructure:"tlspriv
ate
keyfile"`
TlsCertificate
string
`json:"tls
_
cert" mapstructure:"tls
_
cert"`
TlsCertificateFile
string
`json:"tls
_
cert
_
file" mapstructure:"tls
_
cert
_
file"`
TlsPrivateKey
string
`json:"tls
_
privkey" mapstructure:"tls
_
privkey"`
TlsPrivateKeyFile
string
`json:"tls
_
privkey
_
file" mapstructure:"tls
_
privkey
_
file"`
// If specified, start a separate server for the IRMA app at his port
ClientPort
int
`json:"clientport" mapstructure:"clientport"`
ClientPort
int
`json:"client
_
port" mapstructure:"client
_
port"`
// If clientport is specified, the server for the IRMA app listens at this address
ClientListenAddress
string
`json:"clientlistenaddr" mapstructure:"clientlistenaddr"`
ClientListenAddress
string
`json:"client
_
listen
_
addr" mapstructure:"client
_
listen
_
addr"`
// TLS configuration for irmaclient HTTP API
ClientTlsCertificate
string
`json:"clienttlscert
ificate
" mapstructure:"clienttlscert
ificate
"`
ClientTlsCertificateFile
string
`json:"clienttlscert
ificate
file" mapstructure:"clienttlscert
ificate
file"`
ClientTlsPrivateKey
string
`json:"clienttlspriv
ate
key" mapstructure:"clienttlspriv
ate
key"`
ClientTlsPrivateKeyFile
string
`json:"clienttlspriv
ate
keyfile" mapstructure:"clienttlspriv
ate
keyfile"`
ClientTlsCertificate
string
`json:"client
_
tls
_
cert" mapstructure:"client
_
tls
_
cert"`
ClientTlsCertificateFile
string
`json:"client
_
tls
_
cert
_
file" mapstructure:"client
_
tls
_
cert
_
file"`
ClientTlsPrivateKey
string
`json:"client
_
tls
_
privkey" mapstructure:"client
_
tls
_
privkey"`
ClientTlsPrivateKeyFile
string
`json:"client
_
tls
_
privkey
_
file" mapstructure:"client
_
tls
_
privkey
_
file"`
// Requestor-specific permission and authentication configuration
RequestorsString
string
`json:"-" mapstructure:"requestors"`
Requestors
map
[
string
]
Requestor
`json:"requestors"`
// Used in the "iss" field of result JWTs from /result-jwt and /getproof
JwtIssuer
string
`json:"jwtissuer" mapstructure:"jwtissuer"`
JwtIssuer
string
`json:"jwt
_
issuer" mapstructure:"jwt
_
issuer"`
// Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled.
JwtPrivateKey
string
`json:"jwtpriv
ate
key" mapstructure:"jwtpriv
ate
key"`
JwtPrivateKeyFile
string
`json:"jwtpriv
ate
keyfile" mapstructure:"jwtpriv
ate
keyfile"`
JwtPrivateKey
string
`json:"jwt
_
privkey" mapstructure:"jwt
_
privkey"`
JwtPrivateKeyFile
string
`json:"jwt
_
privkey
_
file" mapstructure:"jwt
_
privkey
_
file"`
// Max age in seconds of a session request JWT (using iat field)
MaxRequestAge
int
`json:"maxrequestage" mapstructure:"maxrequestage"`
MaxRequestAge
int
`json:"max
_
request
_
age" mapstructure:"max
_
request
_
age"`
Verbose
int
`json:"verbose" mapstructure:"verbose"`
Quiet
bool
`json:"quiet" mapstructure:"quiet"`
...
...
@@ -68,9 +68,9 @@ type Configuration struct {
// Permissions specify which attributes or credential a requestor may verify or issue.
type
Permissions
struct
{
Disclosing
[]
string
`json:"disclose" mapstructure:"disclose"`
Signing
[]
string
`json:"sign" mapstructure:"sign"`
Issuing
[]
string
`json:"issue" mapstructure:"issue"`
Disclosing
[]
string
`json:"disclose
_perms
" mapstructure:"disclose
_perms
"`
Signing
[]
string
`json:"sign
_perms
" mapstructure:"sign
_perms
"`
Issuing
[]
string
`json:"issue
_perms
" mapstructure:"issue
_perms
"`
}
// Requestor contains all configuration (disclosure or verification permissions and authentication)
...
...
@@ -78,9 +78,9 @@ type Permissions struct {
type
Requestor
struct
{
Permissions
`mapstructure:",squash"`
AuthenticationMethod
AuthenticationMethod
`json:"authmethod" mapstructure:"authmethod"`
AuthenticationMethod
AuthenticationMethod
`json:"auth
_
method" mapstructure:"auth
_
method"`
AuthenticationKey
string
`json:"key" mapstructure:"key"`
AuthenticationKeyFile
string
`json:"keyfile" mapstructure:"keyfile"`
AuthenticationKeyFile
string
`json:"key
_
file" mapstructure:"key
_
file"`
}
// CanIssue returns whether or not the specified requestor may issue the specified credentials.
...
...
server/irmaserver/irmad/main.go
View file @
93b450d7
...
...
@@ -99,53 +99,53 @@ func setFlags(cmd *cobra.Command) error {
}
flags
.
StringP
(
"config"
,
"c"
,
""
,
"Path to configuration file"
)
flags
.
StringP
(
"
irmaconf
"
,
"i"
,
""
,
"path to irma_configuration"
)
flags
.
String
(
"cachepath"
,
cachepath
,
"Directory for writing cache files to"
)
flags
.
Uint
(
"schemeupdate"
,
60
,
"Update IRMA schemes every x minutes (0 to disable)"
)
flags
.
Int
(
"maxrequestage"
,
300
,
"Max age in seconds of a session request JWT"
)
flags
.
StringP
(
"
schemes-path
"
,
"i"
,
""
,
"path to irma_configuration"
)
flags
.
String
(
"cache
-
path"
,
cachepath
,
"Directory for writing cache files to"
)
flags
.
Uint
(
"scheme
s-
update"
,
60
,
"Update IRMA schemes every x minutes (0 to disable)"
)
flags
.
Int
(
"max
-
request
-
age"
,
300
,
"Max age in seconds of a session request JWT"
)
flags
.
StringP
(
"url"
,
"u"
,
defaulturl
,
"External URL to server to which the IRMA client connects"
)
flags
.
StringP
(
"listenaddr"
,
"l"
,
"0.0.0.0"
,
"Address at which to listen"
)
flags
.
StringP
(
"listen
-
addr"
,
"l"
,
"0.0.0.0"
,
"Address at which to listen"
)
flags
.
IntP
(
"port"
,
"p"
,
8088
,
"Port at which to listen"
)
flags
.
Int
(
"client
port
"
,
0
,
"
If specified, start a separate
server for
the
IRMA app
at his port
"
)
flags
.
String
(
"client
listenaddr
"
,
""
,
"
Address at which
server for IRMA app
listens
"
)
flags
.
Lookup
(
"listenaddr"
)
.
Header
=
`Server address and port to listen on. If the client* configuration options are provided (see also the TLS flags)
flags
.
String
(
"client
-listen-addr
"
,
""
,
"
Address at which
server for IRMA app
listens
"
)
flags
.
Int
(
"client
-port
"
,
0
,
"
If specified, start a separate
server for
the
IRMA app
at his port
"
)
flags
.
Lookup
(
"listen
-
addr"
)
.
Header
=
`Server address and port to listen on. If the client* configuration options are provided (see also the TLS flags)
then the endpoints at /session for the requestor and /irma for the irmaclient (i.e. IRMA app) will listen on
distinct network endpoints (e.g., localhost:1234/session and 0.0.0.0:5678/irma).`
flags
.
Bool
(
"noauth"
,
false
,
"Whether or not to authenticate requestors"
)
flags
.
Bool
(
"no
-
auth"
,
false
,
"Whether or not to authenticate requestors"
)
flags
.
String
(
"requestors"
,
""
,
"Requestor configuration (in JSON)"
)
flags
.
Lookup
(
"noauth"
)
.
Header
=
`Requestor authentication. If disabled, then anyone that can reach this server can submit requests to it.
flags
.
Lookup
(
"no
-
auth"
)
.
Header
=
`Requestor authentication. If disabled, then anyone that can reach this server can submit requests to it.
If it is enabled, then requestor specific configuration must be provided.`
flags
.
StringSlice
(
"disclose"
,
nil
,
"list of attributes that all requestors may verify (default *)"
)
flags
.
StringSlice
(
"sign"
,
nil
,
"list of attributes that all requestors may request in signatures (default *)"
)
flags
.
StringSlice
(
"issue"
,
nil
,
"list of attributes that all requestors may issue"
)
flags
.
Lookup
(
"disclose"
)
.
Header
=
`Default requestor permissions. These apply to all requestors, in addition to any permissions a requestor may
flags
.
StringSlice
(
"disclose
-perms
"
,
nil
,
"list of attributes that all requestors may verify (default *)"
)
flags
.
StringSlice
(
"sign
-perms
"
,
nil
,
"list of attributes that all requestors may request in signatures (default *)"
)
flags
.
StringSlice
(
"issue
-perms
"
,
nil
,
"list of attributes that all requestors may issue"
)
flags
.
Lookup
(
"disclose
-perms
"
)
.
Header
=
`Default requestor permissions. These apply to all requestors, in addition to any permissions a requestor may
have specifically. May contain wildcards. Separate multiple with comma. Example: irma-demo.*,pbdf.*
By default all requestors may use all attributes in disclosure and signature sessions.
Pass empty string to disable session type.`
flags
.
StringP
(
"priv
ate
keys"
,
"k"
,
""
,
"path to IRMA private keys"
)
flags
.
Lookup
(
"priv
ate
keys"
)
.
Header
=
`Path to a folder containing IRMA private keys, with filenames scheme.issuer.xml, e.g. irma-demo.MijnOverheid.xml.
flags
.
StringP
(
"privkeys"
,
"k"
,
""
,
"path to IRMA private keys"
)
flags
.
Lookup
(
"privkeys"
)
.
Header
=
`Path to a folder containing IRMA private keys, with filenames scheme.issuer.xml, e.g. irma-demo.MijnOverheid.xml.
Private keys may also be stored in the scheme (e.g. irma-demo/MijnOverheid/PrivateKeys/0.xml).`
flags
.
StringP
(
"jwtissuer"
,
"j"
,
"irmaserver"
,
"JWT issuer"
)
flags
.
String
(
"jwtpriv
ate
key"
,
""
,
"JWT private key"
)
flags
.
String
(
"jwtpriv
ate
keyfile"
,
""
,
"Path to JWT private key"
)
flags
.
Lookup
(
"jwtissuer"
)
.
Header
=
`JWT configuration. Can be omitted but then endpoints that return signed JWTs are disabled.
flags
.
StringP
(
"jwt
-
issuer"
,
"j"
,
"irmaserver"
,
"JWT issuer"
)
flags
.
String
(
"jwt
-
privkey"
,
""
,
"JWT private key"
)
flags
.
String
(
"jwt
-
privkeyfile"
,
""
,
"Path to JWT private key"
)
flags
.
Lookup
(
"jwt
-
issuer"
)
.
Header
=
`JWT configuration. Can be omitted but then endpoints that return signed JWTs are disabled.
All of the keys and certificates below are expected in PEM. Pass it either directly, or a path to it
using the corresponding "-file" flag.`
flags
.
String
(
"tlscert
ificate
"
,
""
,
"TLS certificate"
)
flags
.
String
(
"tlscert
ificate
file"
,
""
,
"Path to TLS certificate "
)
flags
.
String
(
"tlspriv
ate
key"
,
""
,
"TLS private key"
)
flags
.
String
(
"tlspriv
ate
keyfile"
,
""
,
"Path to TLS private key"
)
flags
.
String
(
"clienttlscert
ificate
"
,
""
,
"TLS certificate for IRMA app server"
)
flags
.
String
(
"clienttlscert
ificate
file"
,
""
,
"Path to TLS certificate for IRMA app server"
)
flags
.
String
(
"clienttlspriv
ate
key"
,
""
,
"TLS private key for IRMA app server"
)
flags
.
String
(
"clienttlspriv
ate
keyfile"
,
""
,
"Path to TLS private key for IRMA app server"
)
flags
.
Lookup
(
"tlscert
ificate
"
)
.
Header
=
"TLS configuration. Leave empty to disable TLS."
flags
.
String
(
"tls
-
cert"
,
""
,
"TLS certificate"
)
flags
.
String
(
"tls
-
cert
-
file"
,
""
,
"Path to TLS certificate "
)
flags
.
String
(
"tls
-
privkey"
,
""
,
"TLS private key"
)
flags
.
String
(
"tls
-
privkey
-
file"
,
""
,
"Path to TLS private key"
)
flags
.
String
(
"client
-
tls
-
cert"
,
""
,
"TLS certificate for IRMA app server"
)
flags
.
String
(
"client
-
tls
-
cert
-
file"
,
""
,
"Path to TLS certificate for IRMA app server"
)
flags
.
String
(
"client
-
tls
-
privkey"
,
""
,
"TLS private key for IRMA app server"
)
flags
.
String
(
"client
-
tls
-
privkey
-
file"
,
""
,
"Path to TLS private key for IRMA app server"
)
flags
.
Lookup
(
"tls
-
cert"
)
.
Header
=
"TLS configuration. Leave empty to disable TLS."
flags
.
CountP
(
"verbose"
,
"v"
,
"verbose (repeatable)"
)
flags
.
BoolP
(
"quiet"
,
"q"
,
false
,
"quiet"
)
...
...
@@ -155,6 +155,9 @@ using the corresponding "-file" flag.`
}
func
configure
(
cmd
*
cobra
.
Command
)
error
{
dashReplacer
:=
strings
.
NewReplacer
(
"-"
,
"_"
)
viper
.
SetEnvKeyReplacer
(
dashReplacer
)
viper
.
SetFileKeyReplacer
(
dashReplacer
)
viper
.
SetEnvPrefix
(
"IRMASERVER"
)
viper
.
AutomaticEnv
()
if
err
:=
viper
.
BindPFlags
(
cmd
.
Flags
());
err
!=
nil
{
...
...
@@ -196,39 +199,39 @@ func configure(cmd *cobra.Command) error {
// Read configuration from flags and/or environmental variables
conf
=
&
irmaserver
.
Configuration
{
Configuration
:
&
server
.
Configuration
{
IrmaConfigurationPath
:
viper
.
GetString
(
"
irmaconf
"
),
IssuerPrivateKeysPath
:
viper
.
GetString
(
"priv
ate
keys"
),
CachePath
:
viper
.
GetString
(
"cachepath"
),
IrmaConfigurationPath
:
viper
.
GetString
(
"
schemes-path
"
),
IssuerPrivateKeysPath
:
viper
.
GetString
(
"privkeys"
),
CachePath
:
viper
.
GetString
(
"cache
-
path"
),
URL
:
viper
.
GetString
(
"url"
),
SchemeUpdateInterval
:
viper
.
GetInt
(
"schemeupdate"
),
SchemeUpdateInterval
:
viper
.
GetInt
(
"scheme
s-
update"
),
Logger
:
logger
,
},
Permissions
:
irmaserver
.
Permissions
{
Disclosing
:
handlePermission
(
"disclose"
),
Signing
:
handlePermission
(
"sign"
),
Issuing
:
viper
.
GetStringSlice
(
"issue"
),
Disclosing
:
handlePermission
(
"disclose
-perms
"
),
Signing
:
handlePermission
(
"sign
-perms
"
),
Issuing
:
viper
.
GetStringSlice
(
"issue
-perms
"
),
},
ListenAddress
:
viper
.
GetString
(
"listenaddr"
),
ListenAddress
:
viper
.
GetString
(
"listen
-
addr"
),
Port
:
viper
.
GetInt
(
"port"
),
ClientListenAddress
:
viper
.
GetString
(
"clientlistenaddr"
),
ClientPort
:
viper
.
GetInt
(
"clientport"
),
DisableRequestorAuthentication
:
viper
.
GetBool
(
"noauth"
),
ClientListenAddress
:
viper
.
GetString
(
"client
-
listen
-
addr"
),
ClientPort
:
viper
.
GetInt
(
"client
-
port"
),
DisableRequestorAuthentication
:
viper
.
GetBool
(
"no
-
auth"
),
Requestors
:
make
(
map
[
string
]
irmaserver
.
Requestor
),
JwtIssuer
:
viper
.
GetString
(
"jwtissuer"
),
JwtPrivateKey
:
viper
.
GetString
(
"jwtpriv
ate
key"
),
JwtPrivateKeyFile
:
viper
.
GetString
(
"jwtpriv
ate
keyfile"
),
MaxRequestAge
:
viper
.
GetInt
(
"maxrequestage"
),
JwtIssuer
:
viper
.
GetString
(
"jwt
-
issuer"
),
JwtPrivateKey
:
viper
.
GetString
(
"jwt
-
privkey"
),
JwtPrivateKeyFile
:
viper
.
GetString
(
"jwt
-
privkey
-
file"
),
MaxRequestAge
:
viper
.
GetInt
(
"max
-
request
-
age"
),
Verbose
:
viper
.
GetInt
(
"verbose"
),
Quiet
:
viper
.
GetBool
(
"quiet"
),
TlsCertificate
:
viper
.
GetString
(
"tlscert
ificate
"
),
TlsCertificateFile
:
viper
.
GetString
(
"tlscert
ificate
file"
),
TlsPrivateKey
:
viper
.
GetString
(
"tlspriv
ate
key"
),
TlsPrivateKeyFile
:
viper
.
GetString
(
"tlspriv
ate
keyfile"
),
ClientTlsCertificate
:
viper
.
GetString
(
"clienttlscert
ificate
"
),
ClientTlsCertificateFile
:
viper
.
GetString
(
"clienttlscert
ificate
file"
),
ClientTlsPrivateKey
:
viper
.
GetString
(
"clienttlspriv
ate
key"
),
ClientTlsPrivateKeyFile
:
viper
.
GetString
(
"clienttlspriv
ate
keyfile"
),
TlsCertificate
:
viper
.
GetString
(
"tls
-
cert"
),
TlsCertificateFile
:
viper
.
GetString
(
"tls
-
cert
-
file"
),
TlsPrivateKey
:
viper
.
GetString
(
"tls
-
privkey"
),
TlsPrivateKeyFile
:
viper
.
GetString
(
"tls
-
privkey
-
file"
),
ClientTlsCertificate
:
viper
.
GetString
(
"client
-
tls
-
cert"
),
ClientTlsCertificateFile
:
viper
.
GetString
(
"client
-
tls
-
cert
-
file"
),
ClientTlsPrivateKey
:
viper
.
GetString
(
"client
-
tls
-
privkey"
),
ClientTlsPrivateKeyFile
:
viper
.
GetString
(
"client
-
tls
-
privkey
-
file"
),
}
// Handle requestors
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment