feat: don't pass CredentialRequest.RevocationKey to irmaclient

93e24c46 · Sietse Ringers · eb7abbef · 93e24c46 · 93e24c46
Commit 93e24c46 authored Aug 05, 2019 by Sietse Ringers
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 4 deletions

internal/servercore/handle.go internal/servercore/handle.go +14 -1

internal/servercore/helpers.go internal/servercore/helpers.go +16 -3

No files found.
--- a/internal/servercore/handle.go
+++ b/internal/servercore/handle.go
@@ -63,7 +63,20 @@ func (session *session) handleGetRequest(min, max *irma.ProtocolVersion) (irma.S
 		legacy.Base().ProtocolVersion = session.version
 		return legacy, nil
 	}
-	return session.request, nil
+
+	// In case of issuance requests, strip revocation keys from []CredentialRequest
+	isreq, issuing := session.request.(*irma.IssuanceRequest)
+	if !issuing {
+		return session.request, nil
+	}
+	cpy, err := copyObject(isreq)
+	if err != nil {
+		return nil, session.fail(server.ErrorUnknown, err.Error()) // TODO error type
+	}
+	for _, cred := range cpy.(*irma.IssuanceRequest).Credentials {
+		cred.RevocationKey = ""
+	}
+	return cpy.(*irma.IssuanceRequest), nil
 }

 func (session *session) handleGetStatus() (server.Status, *irma.RemoteError) {

--- a/internal/servercore/helpers.go
+++ b/internal/servercore/helpers.go
@@ -189,6 +189,18 @@ func (session *session) chooseProtocolVersion(minClient, maxClient *irma.Protoco
 	}
 }

+func copyObject(i interface{}) (interface{}, error) {
+	cpy := reflect.New(reflect.TypeOf(i).Elem()).Interface()
+	bts, err := json.Marshal(i)
+	if err != nil {
+		return nil, err
+	}
+	if err = json.Unmarshal(bts, cpy); err != nil {
+		return nil, err
+	}
+	return cpy, nil
+}
+
 // purgeRequest logs the request excluding any attribute values.
 func purgeRequest(request irma.RequestorRequest) irma.RequestorRequest {
 	// We want to log as much as possible of the request, but no attribute values.
@@ -197,9 +209,10 @@ func purgeRequest(request irma.RequestorRequest) irma.RequestorRequest {
 	// Ugly hack alert: the easiest way to do this seems to be to convert it to JSON and then back.
 	// As we do not know the precise type of request, we use reflection to create a new instance
 	// of the same type as request, into which we then unmarshal our copy.
-	cpy := reflect.New(reflect.TypeOf(request).Elem()).Interface()
-	bts, _ := json.Marshal(request)
-	_ = json.Unmarshal(bts, cpy)
+	cpy, err := copyObject(request)
+	if err != nil {
+		panic(err)
+	}

 	// Remove required attribute values from any attributes to be disclosed
 	_ = cpy.(irma.RequestorRequest).SessionRequest().Disclosure().Disclose.Iterate(