Commit a1322024 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Support private keys in irma_configuration

parent aac243f7
......@@ -56,6 +56,7 @@ type Configuration struct {
kssPublicKeys map[SchemeManagerIdentifier]map[int]*rsa.PublicKey
publicKeys map[IssuerIdentifier]map[int]*gabi.PublicKey
privateKeys map[IssuerIdentifier]*gabi.PrivateKey
reverseHashes map[string]CredentialTypeIdentifier
initialized bool
assets string
......@@ -142,6 +143,7 @@ func (conf *Configuration) clear() {
conf.DisabledSchemeManagers = make(map[SchemeManagerIdentifier]*SchemeManagerError)
conf.kssPublicKeys = make(map[SchemeManagerIdentifier]map[int]*rsa.PublicKey)
conf.publicKeys = make(map[IssuerIdentifier]map[int]*gabi.PublicKey)
conf.privateKeys = make(map[IssuerIdentifier]*gabi.PrivateKey)
conf.reverseHashes = make(map[string]CredentialTypeIdentifier)
}
......@@ -316,6 +318,49 @@ func relativePath(outer string, inner string) (string, error) {
return innerAbs[len(outerAbs)+1:], nil
}
// PrivateKey returns the specified private key, or nil if not present in the Configuration.
func (conf *Configuration) PrivateKey(id IssuerIdentifier) (*gabi.PrivateKey, error) {
if sk := conf.privateKeys[id]; sk != nil {
return sk, nil
}
path := fmt.Sprintf(privkeyPattern, conf.Path, id.SchemeManagerIdentifier().Name(), id.Name())
files, err := filepath.Glob(path)
if err != nil {
return nil, err
}
if len(files) == 0 {
return nil, nil
}
// List private keys and get highest counter
counters := make([]int, 0, len(files))
for _, file := range files {
filename := filepath.Base(file)
count := filename[:len(filename)-4]
i, err := strconv.Atoi(count)
if err != nil {
return nil, err
}
counters = append(counters, i)
}
sort.Ints(counters)
counter := counters[len(counters)-1]
// Read private key
file := strings.Replace(path, "*", strconv.Itoa(counter), 1)
sk, err := gabi.NewPrivateKeyFromFile(file)
if err != nil {
return nil, err
}
if int(sk.Counter) != counter {
return nil, errors.Errorf("Private key %s of issuer %s has wrong <Counter>", file, id.String())
}
conf.privateKeys[id] = sk
return sk, nil
}
// PublicKey returns the specified public key, or nil if not present in the Configuration.
func (conf *Configuration) PublicKey(id IssuerIdentifier, counter int) (*gabi.PublicKey, error) {
var haveIssuer, haveKey bool
......
......@@ -149,7 +149,8 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
for i, cred := range request.Credentials {
id := cred.CredentialTypeID.IssuerIdentifier()
pk, _ := conf.IrmaConfiguration.PublicKey(id, cred.KeyCounter)
issuer := gabi.NewIssuer(conf.IssuerPrivateKeys[id], pk, one)
sk, _ := privatekey(id)
issuer := gabi.NewIssuer(sk, pk, one)
proof := commitments.Proofs[i+discloseCount].(*gabi.ProofU)
attributes, err := cred.AttributeList(conf.IrmaConfiguration, 0x03)
if err != nil {
......
......@@ -41,8 +41,11 @@ func validateIssuanceRequest(request *irma.IssuanceRequest) error {
for _, cred := range request.Credentials {
// Check that we have the appropriate private key
iss := cred.CredentialTypeID.IssuerIdentifier()
privatekey, havekey := conf.IssuerPrivateKeys[iss]
if !havekey {
privatekey, err := privatekey(iss)
if err != nil {
return err
}
if privatekey == nil {
return errors.Errorf("missing private key of issuer %s", iss.String())
}
pubkey, err := conf.IrmaConfiguration.PublicKey(iss, int(privatekey.Counter))
......@@ -72,6 +75,16 @@ func validateIssuanceRequest(request *irma.IssuanceRequest) error {
return nil
}
func privatekey(id irma.IssuerIdentifier) (sk *gabi.PrivateKey, err error) {
sk = conf.IssuerPrivateKeys[id]
if sk == nil {
if sk, err = conf.IrmaConfiguration.PrivateKey(id); err != nil {
return nil, err
}
}
return sk, nil
}
func (session *session) getProofP(commitments *irma.IssueCommitmentMessage, scheme irma.SchemeManagerIdentifier) (*gabi.ProofP, error) {
if session.kssProofs == nil {
session.kssProofs = make(map[irma.SchemeManagerIdentifier]*gabi.ProofP)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment