Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
bf351908
Commit
bf351908
authored
Feb 05, 2018
by
Sietse Ringers
Browse files
Refuse to perform sessions with invalid scheme managers
parent
c0bdcc3d
Changes
5
Hide whitespace changes
Inline
Side-by-side
irmaclient/irmaclient_test.go
View file @
bf351908
...
...
@@ -290,6 +290,9 @@ func TestWrongSchemeManager(t *testing.T) {
// within this manager to test the autmatic downloading of credential definitions,
// issuers, and public keys.
func
TestDownloadSchemeManager
(
t
*
testing
.
T
)
{
// Disabled
//return
client
:=
parseStorage
(
t
)
// Remove irma-demo scheme manager as we need to test adding it
...
...
irmaclient/session.go
View file @
bf351908
...
...
@@ -170,6 +170,39 @@ func (session *session) panicFailure() {
}
}
func
(
session
*
session
)
checkAndUpateConfiguration
(
client
*
Client
)
bool
{
var
err
error
for
id
:=
range
session
.
irmaSession
.
Identifiers
()
.
SchemeManagers
{
manager
,
contains
:=
client
.
Configuration
.
SchemeManagers
[
id
]
if
!
contains
{
session
.
fail
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorUnknownSchemeManager
,
Info
:
id
.
String
(),
})
return
false
}
if
!
manager
.
Valid
{
session
.
fail
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorInvalidSchemeManager
,
Info
:
string
(
manager
.
Status
),
})
return
false
}
}
// Check if we are enrolled into all involved keyshare servers
if
!
session
.
checkKeyshareEnrollment
()
{
return
false
}
// Download missing credential types/issuers/public keys from the scheme manager
if
session
.
downloaded
,
err
=
session
.
client
.
Configuration
.
Download
(
session
.
irmaSession
.
Identifiers
());
err
!=
nil
{
session
.
fail
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorConfigurationDownload
,
Err
:
err
})
return
false
}
return
true
}
// NewManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
func
(
client
*
Client
)
NewManualSession
(
sigrequestJSONString
string
,
handler
Handler
)
{
var
err
error
...
...
@@ -189,14 +222,7 @@ func (client *Client) NewManualSession(sigrequestJSONString string, handler Hand
session
.
Handler
.
StatusUpdate
(
session
.
Action
,
irma
.
StatusManualStarted
)
// Check if we are enrolled into all involved keyshare servers
if
!
session
.
checkKeyshareEnrollment
()
{
return
}
// Download missing credential types/issuers/public keys from the scheme manager
if
session
.
downloaded
,
err
=
session
.
client
.
Configuration
.
Download
(
session
.
irmaSession
.
Identifiers
());
err
!=
nil
{
session
.
fail
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorConfigurationDownload
,
Err
:
err
})
if
!
session
.
checkAndUpateConfiguration
(
client
)
{
return
}
...
...
@@ -293,14 +319,7 @@ func (session *session) start() {
}
}
// Check if we are enrolled into all involved keyshare servers
if
!
session
.
checkKeyshareEnrollment
()
{
return
}
// Download missing credential types/issuers/public keys from the scheme manager
if
session
.
downloaded
,
err
=
session
.
client
.
Configuration
.
Download
(
session
.
irmaSession
.
Identifiers
());
err
!=
nil
{
session
.
fail
(
&
irma
.
SessionError
{
ErrorType
:
irma
.
ErrorConfigurationDownload
,
Err
:
err
})
if
!
session
.
checkAndUpateConfiguration
(
session
.
client
)
{
return
}
...
...
irmaconfig.go
View file @
bf351908
...
...
@@ -167,7 +167,7 @@ func (conf *Configuration) parseSchemeManagerFolder(dir string) (err error, mana
return
}
err
=
conf
.
VerifySchemeManager
(
manager
.
Identifier
()
)
err
=
conf
.
VerifySchemeManager
(
manager
)
if
err
!=
nil
{
manager
.
Status
=
SchemeManagerStatusInvalidSignature
return
...
...
@@ -388,7 +388,7 @@ func (conf *Configuration) DownloadSchemeManager(url string) (*SchemeManager, er
if
err
!=
nil
{
return
nil
,
err
}
manager
:=
&
SchemeManager
{}
manager
:=
&
SchemeManager
{
Status
:
SchemeManagerStatusUnprocessed
,
Valid
:
false
}
if
err
=
xml
.
Unmarshal
(
b
,
manager
);
err
!=
nil
{
return
nil
,
err
}
...
...
@@ -444,6 +444,14 @@ func (conf *Configuration) AddSchemeManager(manager *SchemeManager) error {
return
err
}
if
err
:=
conf
.
VerifySchemeManager
(
manager
);
err
!=
nil
{
manager
.
Status
=
SchemeManagerStatusInvalidSignature
manager
.
Valid
=
false
}
else
{
manager
.
Status
=
SchemeManagerStatusValid
manager
.
Valid
=
true
}
conf
.
SchemeManagers
[
NewSchemeManagerIdentifier
(
name
)]
=
manager
return
nil
}
...
...
@@ -639,12 +647,15 @@ func (conf *Configuration) parseIndex(name string, manager *SchemeManager) error
return
manager
.
Index
.
FromString
(
string
(
indexbts
))
}
func
(
conf
*
Configuration
)
VerifySchemeManager
(
id
SchemeManagerIdentifier
)
error
{
manager
:=
conf
.
SchemeManagers
[
id
]
if
manager
==
nil
{
return
errors
.
New
(
"Can't verify unknown scheme manager"
)
}
func
(
conf
*
Configuration
)
VerifySchemeManager
(
manager
*
SchemeManager
)
error
{
for
file
:=
range
manager
.
Index
{
exists
,
err
:=
fs
.
PathExists
(
filepath
.
Join
(
conf
.
path
,
file
))
if
err
!=
nil
{
return
err
}
if
!
exists
{
continue
}
// Don't care about the actual bytes
if
_
,
err
:=
conf
.
ReadAuthenticatedFile
(
manager
,
file
);
err
!=
nil
{
return
err
...
...
messages.go
View file @
bf351908
...
...
@@ -118,6 +118,8 @@ const (
ErrorConfigurationDownload
=
ErrorType
(
"configurationDownload"
)
// IRMA requests refers to unknown scheme manager
ErrorUnknownSchemeManager
=
ErrorType
(
"unknownSchemeManager"
)
// A session is requested involving a scheme manager that has some problem
ErrorInvalidSchemeManager
=
ErrorType
(
"invalidSchemeManager"
)
// Recovered panic
ErrorPanic
=
ErrorType
(
"panic"
)
)
...
...
schememgr/cmd/verify.go
View file @
bf351908
...
...
@@ -43,7 +43,7 @@ func RunVerify(path string) error {
}
for
_
,
manager
:=
range
conf
.
SchemeManagers
{
if
err
:=
conf
.
VerifySchemeManager
(
manager
.
Identifier
()
);
err
!=
nil
{
if
err
:=
conf
.
VerifySchemeManager
(
manager
);
err
!=
nil
{
return
err
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment