Commit a0660056 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: use JSON-LD @context in session request messages

parent a23c555d
...@@ -11,7 +11,7 @@ import ( ...@@ -11,7 +11,7 @@ import (
"github.com/privacybydesign/gabi/big" "github.com/privacybydesign/gabi/big"
) )
const SignedMessageLDContext = "https://irma.app/ld/signature/v2" const LDContextSignedMessage = "https://irma.app/ld/signature/v2"
// SignedMessage is a message signed with an attribute-based signature // SignedMessage is a message signed with an attribute-based signature
// The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature) // The 'realnonce' will be calculated as: SigRequest.GetNonce() = ASN1(nonce, SHA256(message), timestampSignature)
......
...@@ -135,7 +135,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error) ...@@ -135,7 +135,7 @@ func (session *session) createLogEntry(response interface{}) (*LogEntry, error)
request := session.request.(*irma.SignatureRequest) request := session.request.(*irma.SignatureRequest)
entry.SignedMessage = []byte(request.Message) entry.SignedMessage = []byte(request.Message)
entry.Timestamp = session.timestamp entry.Timestamp = session.timestamp
entry.SignedMessageLDContext = irma.SignedMessageLDContext entry.SignedMessageLDContext = irma.LDContextSignedMessage
fallthrough fallthrough
case irma.ActionDisclosing: case irma.ActionDisclosing:
......
...@@ -261,7 +261,7 @@ func TestSessionRequests(t *testing.T) { ...@@ -261,7 +261,7 @@ func TestSessionRequests(t *testing.T) {
sigMessage := "message to be signed" sigMessage := "message to be signed"
base := &DisclosureRequest{ base := &DisclosureRequest{
BaseRequest: BaseRequest{Type: ActionDisclosing, Version: 2}, BaseRequest: BaseRequest{LDContext: LDContextDisclosureRequest},
Disclose: AttributeConDisCon{ Disclose: AttributeConDisCon{
AttributeDisCon{ AttributeDisCon{
AttributeCon{NewAttributeRequest("irma-demo.MijnOverheid.ageLimits.over18")}, AttributeCon{NewAttributeRequest("irma-demo.MijnOverheid.ageLimits.over18")},
...@@ -299,8 +299,7 @@ func TestSessionRequests(t *testing.T) { ...@@ -299,8 +299,7 @@ func TestSessionRequests(t *testing.T) {
}`, }`,
current: &DisclosureRequest{}, current: &DisclosureRequest{},
currentJson: `{ currentJson: `{
"type": "disclosing", "@context": "https://irma.app/ld/request/disclosure/v2",
"v": 2,
"disclose": [ "disclose": [
[ [
[ [
...@@ -331,7 +330,7 @@ func TestSessionRequests(t *testing.T) { ...@@ -331,7 +330,7 @@ func TestSessionRequests(t *testing.T) {
{ {
expected: &SignatureRequest{ expected: &SignatureRequest{
DisclosureRequest{BaseRequest{Type: ActionSigning, Version: 2}, base.Disclose, base.Labels}, DisclosureRequest{BaseRequest{LDContext: LDContextSignatureRequest}, base.Disclose, base.Labels},
sigMessage, sigMessage,
}, },
old: &SignatureRequest{}, old: &SignatureRequest{},
...@@ -354,8 +353,7 @@ func TestSessionRequests(t *testing.T) { ...@@ -354,8 +353,7 @@ func TestSessionRequests(t *testing.T) {
}`, }`,
current: &SignatureRequest{}, current: &SignatureRequest{},
currentJson: `{ currentJson: `{
"type": "signing", "@context": "https://irma.app/ld/request/signature/v2",
"v": 2,
"disclose": [ "disclose": [
[ [
[ [
...@@ -387,7 +385,7 @@ func TestSessionRequests(t *testing.T) { ...@@ -387,7 +385,7 @@ func TestSessionRequests(t *testing.T) {
{ {
expected: &IssuanceRequest{ expected: &IssuanceRequest{
DisclosureRequest: DisclosureRequest{BaseRequest{Type: ActionIssuing, Version: 2}, base.Disclose, base.Labels}, DisclosureRequest: DisclosureRequest{BaseRequest{LDContext: LDContextIssuanceRequest}, base.Disclose, base.Labels},
Credentials: []*CredentialRequest{ Credentials: []*CredentialRequest{
{ {
CredentialTypeID: NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root"), CredentialTypeID: NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root"),
...@@ -418,8 +416,7 @@ func TestSessionRequests(t *testing.T) { ...@@ -418,8 +416,7 @@ func TestSessionRequests(t *testing.T) {
}`, }`,
current: &IssuanceRequest{}, current: &IssuanceRequest{},
currentJson: `{ currentJson: `{
"type": "issuing", "@context": "https://irma.app/ld/request/issuance/v2",
"v": 2,
"credentials": [ "credentials": [
{ {
"credential": "irma-demo.MijnOverheid.root", "credential": "irma-demo.MijnOverheid.root",
...@@ -460,7 +457,8 @@ func TestSessionRequests(t *testing.T) { ...@@ -460,7 +457,8 @@ func TestSessionRequests(t *testing.T) {
for _, tst := range tests { for _, tst := range tests {
require.NoError(t, json.Unmarshal([]byte(tst.oldJson), tst.old)) require.NoError(t, json.Unmarshal([]byte(tst.oldJson), tst.old))
require.NoError(t, json.Unmarshal([]byte(tst.currentJson), tst.current)) require.NoError(t, json.Unmarshal([]byte(tst.currentJson), tst.current))
tst.old.Base().legacy = false tst.old.Base().legacy = false // We don't care about this field differing, override it
tst.old.Base().Type = "" // same
require.True(t, reflect.DeepEqual(tst.old, tst.expected), "Legacy %s did not unmarshal to expected value", reflect.TypeOf(tst.old).String()) require.True(t, reflect.DeepEqual(tst.old, tst.expected), "Legacy %s did not unmarshal to expected value", reflect.TypeOf(tst.old).String())
require.True(t, reflect.DeepEqual(tst.current, tst.expected), "%s did not unmarshal to expected value", reflect.TypeOf(tst.old).String()) require.True(t, reflect.DeepEqual(tst.current, tst.expected), "%s did not unmarshal to expected value", reflect.TypeOf(tst.old).String())
......
...@@ -39,7 +39,7 @@ func (dr *LegacyDisclosureRequest) Validate() error { panic("not ...@@ -39,7 +39,7 @@ func (dr *LegacyDisclosureRequest) Validate() error { panic("not
func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest { panic("not implemented") } func (dr *LegacyDisclosureRequest) Disclosure() *DisclosureRequest { panic("not implemented") }
func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet { panic("not implemented") } func (dr *LegacyDisclosureRequest) Identifiers() *IrmaIdentifierSet { panic("not implemented") }
func (dr *LegacyDisclosureRequest) Base() *BaseRequest { return &dr.BaseRequest } func (dr *LegacyDisclosureRequest) Base() *BaseRequest { return &dr.BaseRequest }
func (dr *LegacyDisclosureRequest) Action() Action { return dr.Type } func (dr *LegacyDisclosureRequest) Action() Action { return ActionDisclosing }
func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error) { return dr, nil } func (dr *LegacyDisclosureRequest) Legacy() (SessionRequest, error) { return dr, nil }
type LegacySignatureRequest struct { type LegacySignatureRequest struct {
...@@ -47,6 +47,8 @@ type LegacySignatureRequest struct { ...@@ -47,6 +47,8 @@ type LegacySignatureRequest struct {
Message string `json:"message"` Message string `json:"message"`
} }
func (ir *LegacySignatureRequest) Action() Action { return ActionIssuing }
type LegacyIssuanceRequest struct { type LegacyIssuanceRequest struct {
BaseRequest BaseRequest
Credentials []*CredentialRequest `json:"credentials"` Credentials []*CredentialRequest `json:"credentials"`
...@@ -57,7 +59,7 @@ func (ir *LegacyIssuanceRequest) Validate() error { panic("not i ...@@ -57,7 +59,7 @@ func (ir *LegacyIssuanceRequest) Validate() error { panic("not i
func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest { panic("not implemented") } func (ir *LegacyIssuanceRequest) Disclosure() *DisclosureRequest { panic("not implemented") }
func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet { panic("not implemented") } func (ir *LegacyIssuanceRequest) Identifiers() *IrmaIdentifierSet { panic("not implemented") }
func (ir *LegacyIssuanceRequest) Base() *BaseRequest { return &ir.BaseRequest } func (ir *LegacyIssuanceRequest) Base() *BaseRequest { return &ir.BaseRequest }
func (ir *LegacyIssuanceRequest) Action() Action { return ir.Type } func (ir *LegacyIssuanceRequest) Action() Action { return ActionIssuing }
func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error) { return ir, nil } func (ir *LegacyIssuanceRequest) Legacy() (SessionRequest, error) { return ir, nil }
func convertConDisCon(cdc AttributeConDisCon, labels map[int]TranslatedString) ([]LegacyLabeledDisjunction, error) { func convertConDisCon(cdc AttributeConDisCon, labels map[int]TranslatedString) ([]LegacyLabeledDisjunction, error) {
...@@ -96,14 +98,14 @@ func convertDisjunctions(disjunctions []LegacyLabeledDisjunction) ( ...@@ -96,14 +98,14 @@ func convertDisjunctions(disjunctions []LegacyLabeledDisjunction) (
return return
} }
func parseVersion(bts []byte) (int, error) { func parseLDContext(bts []byte) (string, error) {
var v struct { var v struct {
Version int `json:"v"` LDContext string `json:"@context"`
} }
if err := json.Unmarshal(bts, &v); err != nil { if err := json.Unmarshal(bts, &v); err != nil {
return 0, err return "", err
} }
return v.Version, nil return v.LDContext, nil
} }
func checkType(typ, expected Action) error { func checkType(typ, expected Action) error {
...@@ -168,7 +170,7 @@ func (dr *DisclosureRequest) Legacy() (SessionRequest, error) { ...@@ -168,7 +170,7 @@ func (dr *DisclosureRequest) Legacy() (SessionRequest, error) {
} }
return &LegacyDisclosureRequest{ return &LegacyDisclosureRequest{
BaseRequest: BaseRequest{ BaseRequest: BaseRequest{
Type: dr.Type, Type: ActionDisclosing,
Context: dr.Context, Context: dr.Context,
Nonce: dr.Nonce, Nonce: dr.Nonce,
ProtocolVersion: dr.ProtocolVersion, ProtocolVersion: dr.ProtocolVersion,
...@@ -178,12 +180,12 @@ func (dr *DisclosureRequest) Legacy() (SessionRequest, error) { ...@@ -178,12 +180,12 @@ func (dr *DisclosureRequest) Legacy() (SessionRequest, error) {
} }
func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error) { func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error) {
var version int var ldContext string
if version, err = parseVersion(bts); err != nil { if ldContext, err = parseLDContext(bts); err != nil {
return err return err
} }
if version >= 2 { if ldContext != "" {
type newDisclosureRequest DisclosureRequest // Same type with default JSON unmarshaler type newDisclosureRequest DisclosureRequest // Same type with default JSON unmarshaler
var req newDisclosureRequest var req newDisclosureRequest
if err = json.Unmarshal(bts, &req); err != nil { if err = json.Unmarshal(bts, &req); err != nil {
...@@ -199,7 +201,7 @@ func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error) { ...@@ -199,7 +201,7 @@ func (dr *DisclosureRequest) UnmarshalJSON(bts []byte) (err error) {
} }
dr.BaseRequest = legacy.BaseRequest dr.BaseRequest = legacy.BaseRequest
dr.legacy = true dr.legacy = true
dr.Version = 2 dr.LDContext = LDContextDisclosureRequest
dr.Disclose, dr.Labels = convertDisjunctions(legacy.Content) dr.Disclose, dr.Labels = convertDisjunctions(legacy.Content)
return checkType(legacy.Type, ActionDisclosing) return checkType(legacy.Type, ActionDisclosing)
...@@ -214,7 +216,7 @@ func (sr *SignatureRequest) Legacy() (SessionRequest, error) { ...@@ -214,7 +216,7 @@ func (sr *SignatureRequest) Legacy() (SessionRequest, error) {
Message: sr.Message, Message: sr.Message,
LegacyDisclosureRequest: LegacyDisclosureRequest{ LegacyDisclosureRequest: LegacyDisclosureRequest{
BaseRequest: BaseRequest{ BaseRequest: BaseRequest{
Type: sr.Type, Type: ActionSigning,
Context: sr.Context, Context: sr.Context,
Nonce: sr.Nonce, Nonce: sr.Nonce,
ProtocolVersion: sr.ProtocolVersion, ProtocolVersion: sr.ProtocolVersion,
...@@ -225,12 +227,12 @@ func (sr *SignatureRequest) Legacy() (SessionRequest, error) { ...@@ -225,12 +227,12 @@ func (sr *SignatureRequest) Legacy() (SessionRequest, error) {
} }
func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error) { func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error) {
var version int var ldContext string
if version, err = parseVersion(bts); err != nil { if ldContext, err = parseLDContext(bts); err != nil {
return err return err
} }
if version >= 2 { if ldContext != "" {
var req struct { // Identical type with default JSON unmarshaler var req struct { // Identical type with default JSON unmarshaler
BaseRequest BaseRequest
Disclose AttributeConDisCon `json:"disclose"` Disclose AttributeConDisCon `json:"disclose"`
...@@ -257,7 +259,7 @@ func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error) { ...@@ -257,7 +259,7 @@ func (sr *SignatureRequest) UnmarshalJSON(bts []byte) (err error) {
} }
sr.BaseRequest = legacy.BaseRequest sr.BaseRequest = legacy.BaseRequest
sr.legacy = true sr.legacy = true
sr.Version = 2 sr.LDContext = LDContextSignatureRequest
sr.Disclose, sr.Labels = convertDisjunctions(legacy.Content) sr.Disclose, sr.Labels = convertDisjunctions(legacy.Content)
sr.Message = legacy.Message sr.Message = legacy.Message
...@@ -271,7 +273,7 @@ func (ir *IssuanceRequest) Legacy() (SessionRequest, error) { ...@@ -271,7 +273,7 @@ func (ir *IssuanceRequest) Legacy() (SessionRequest, error) {
} }
return &LegacyIssuanceRequest{ return &LegacyIssuanceRequest{
BaseRequest: BaseRequest{ BaseRequest: BaseRequest{
Type: ir.Type, Type: ActionIssuing,
Context: ir.Context, Context: ir.Context,
Nonce: ir.Nonce, Nonce: ir.Nonce,
ProtocolVersion: ir.ProtocolVersion, ProtocolVersion: ir.ProtocolVersion,
...@@ -282,12 +284,12 @@ func (ir *IssuanceRequest) Legacy() (SessionRequest, error) { ...@@ -282,12 +284,12 @@ func (ir *IssuanceRequest) Legacy() (SessionRequest, error) {
} }
func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error) { func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error) {
var version int var ldContext string
if version, err = parseVersion(bts); err != nil { if ldContext, err = parseLDContext(bts); err != nil {
return err return err
} }
if version >= 2 { if ldContext != "" {
var req struct { // Identical type with default JSON unmarshaler var req struct { // Identical type with default JSON unmarshaler
BaseRequest BaseRequest
Disclose AttributeConDisCon `json:"disclose"` Disclose AttributeConDisCon `json:"disclose"`
...@@ -310,7 +312,7 @@ func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error) { ...@@ -310,7 +312,7 @@ func (ir *IssuanceRequest) UnmarshalJSON(bts []byte) (err error) {
} }
ir.BaseRequest = legacy.BaseRequest ir.BaseRequest = legacy.BaseRequest
ir.legacy = true ir.legacy = true
ir.Version = 2 ir.LDContext = LDContextIssuanceRequest
ir.Credentials = legacy.Credentials ir.Credentials = legacy.Credentials
ir.Disclose, ir.Labels = convertDisjunctions(legacy.Disclose) ir.Disclose, ir.Labels = convertDisjunctions(legacy.Disclose)
......
...@@ -15,20 +15,25 @@ import ( ...@@ -15,20 +15,25 @@ import (
"github.com/privacybydesign/irmago/internal/fs" "github.com/privacybydesign/irmago/internal/fs"
) )
const (
LDContextDisclosureRequest = "https://irma.app/ld/request/disclosure/v2"
LDContextSignatureRequest = "https://irma.app/ld/request/signature/v2"
LDContextIssuanceRequest = "https://irma.app/ld/request/issuance/v2"
)
// BaseRequest contains the context and nonce for an IRMA session. // BaseRequest contains the context and nonce for an IRMA session.
type BaseRequest struct { type BaseRequest struct {
// Denotes session type, must be "disclosing", "signing" or "issuing" LDContext string `json:"@context,omitempty"`
Type Action `json:"type"`
// Message version. Current version is 2.
Version int `json:"v,omitempty"`
// Chosen by the IRMA server during the session // Chosen by the IRMA server during the session
Context *big.Int `json:"context,omitempty"` Context *big.Int `json:"context,omitempty"`
Nonce *big.Int `json:"nonce,omitempty"` Nonce *big.Int `json:"nonce,omitempty"`
ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"` ProtocolVersion *ProtocolVersion `json:"protocolVersion,omitempty"`
ids *IrmaIdentifierSet // cache for Identifiers() method ids *IrmaIdentifierSet // cache for Identifiers() method
legacy bool
legacy bool // Whether or not this was deserialized from a legacy (pre-condiscon) request
Type Action `json:"type,omitempty"` // Session type, only used in legacy code
} }
// An AttributeCon is only satisfied if all of its containing attribute requests are satisfied. // An AttributeCon is only satisfied if all of its containing attribute requests are satisfied.
...@@ -384,7 +389,7 @@ func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *stri ...@@ -384,7 +389,7 @@ func (dr *DisclosureRequest) AddSingle(attr AttributeTypeIdentifier, value *stri
func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest { func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest {
request := &DisclosureRequest{ request := &DisclosureRequest{
BaseRequest: BaseRequest{Type: ActionDisclosing, Version: 2}, BaseRequest: BaseRequest{LDContext: LDContextDisclosureRequest},
Labels: map[int]TranslatedString{}, Labels: map[int]TranslatedString{},
} }
for _, attr := range attrs { for _, attr := range attrs {
...@@ -395,7 +400,7 @@ func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest { ...@@ -395,7 +400,7 @@ func NewDisclosureRequest(attrs ...AttributeTypeIdentifier) *DisclosureRequest {
func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest { func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *SignatureRequest {
dr := NewDisclosureRequest(attrs...) dr := NewDisclosureRequest(attrs...)
dr.Type = ActionSigning dr.LDContext = LDContextSignatureRequest
return &SignatureRequest{ return &SignatureRequest{
DisclosureRequest: *dr, DisclosureRequest: *dr,
Message: message, Message: message,
...@@ -404,7 +409,7 @@ func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *Sign ...@@ -404,7 +409,7 @@ func NewSignatureRequest(message string, attrs ...AttributeTypeIdentifier) *Sign
func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest { func NewIssuanceRequest(creds []*CredentialRequest, attrs ...AttributeTypeIdentifier) *IssuanceRequest {
dr := NewDisclosureRequest(attrs...) dr := NewDisclosureRequest(attrs...)
dr.Type = ActionIssuing dr.LDContext = LDContextIssuanceRequest
return &IssuanceRequest{ return &IssuanceRequest{
DisclosureRequest: *dr, DisclosureRequest: *dr,
Credentials: creds, Credentials: creds,
...@@ -442,7 +447,7 @@ func (dr *DisclosureRequest) Base() *BaseRequest { ...@@ -442,7 +447,7 @@ func (dr *DisclosureRequest) Base() *BaseRequest {
func (dr *DisclosureRequest) Action() Action { return ActionDisclosing } func (dr *DisclosureRequest) Action() Action { return ActionDisclosing }
func (dr *DisclosureRequest) Validate() error { func (dr *DisclosureRequest) Validate() error {
if dr.Type != ActionDisclosing { if dr.LDContext != LDContextDisclosureRequest {
return errors.New("Not a disclosure request") return errors.New("Not a disclosure request")
} }
if len(dr.Disclose) == 0 { if len(dr.Disclose) == 0 {
...@@ -573,7 +578,7 @@ func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *P ...@@ -573,7 +578,7 @@ func (ir *IssuanceRequest) GetCredentialInfoList(conf *Configuration, version *P
func (ir *IssuanceRequest) Action() Action { return ActionIssuing } func (ir *IssuanceRequest) Action() Action { return ActionIssuing }
func (ir *IssuanceRequest) Validate() error { func (ir *IssuanceRequest) Validate() error {
if ir.Type != ActionIssuing { if ir.LDContext != LDContextIssuanceRequest {
return errors.New("Not an issuance request") return errors.New("Not an issuance request")
} }
if len(ir.Credentials) == 0 { if len(ir.Credentials) == 0 {
...@@ -611,7 +616,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp ...@@ -611,7 +616,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp
nonce = bigZero nonce = bigZero
} }
return &SignedMessage{ return &SignedMessage{
LDContext: SignedMessageLDContext, LDContext: LDContextSignedMessage,
Signature: signature.Proofs, Signature: signature.Proofs,
Indices: signature.Indices, Indices: signature.Indices,
Nonce: nonce, Nonce: nonce,
...@@ -624,7 +629,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp ...@@ -624,7 +629,7 @@ func (sr *SignatureRequest) SignatureFromMessage(message interface{}, timestamp
func (sr *SignatureRequest) Action() Action { return ActionSigning } func (sr *SignatureRequest) Action() Action { return ActionSigning }
func (sr *SignatureRequest) Validate() error { func (sr *SignatureRequest) Validate() error {
if sr.Type != ActionSigning { if sr.LDContext != LDContextSignatureRequest {
return errors.New("Not a signature request") return errors.New("Not a signature request")
} }
if sr.Message == "" { if sr.Message == "" {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment