Commit c6be2dac authored by Tomas's avatar Tomas
Browse files

There is no registration, only enrollment

parent be35d0bf
...@@ -3,7 +3,7 @@ irmago ...@@ -3,7 +3,7 @@ irmago
**DO NOT USE!** This library is in heavy development and is in constant flux. It is not ready for use. **DO NOT USE!** This library is in heavy development and is in constant flux. It is not ready for use.
Irmago is an IRMA client in Go: it can receive IRMA attributes, store them, disclose them to others, and use them to create attribute-based signatures. In more detail: Irmago is an IRMA client in Go: it can receive IRMA attributes, store them, disclose them to others, and use them to create attribute-based signatures. In more detail:
* It is the client (like the [IRMA Android app](https://github.com/credentials/irma_android_cardemu)) in the [IRMA protocol](https://credentials.github.io/protocols/irma-protocol/) * It is the client (like the [IRMA Android app](https://github.com/credentials/irma_android_cardemu)) in the [IRMA protocol](https://credentials.github.io/protocols/irma-protocol/)
* It parses [credential and issuer definitions and public keys](https://github.com/credentials/irma_configuration) * It parses [credential and issuer definitions and public keys](https://github.com/credentials/irma_configuration)
......
...@@ -29,10 +29,10 @@ func TestMain(m *testing.M) { ...@@ -29,10 +29,10 @@ func TestMain(m *testing.M) {
type IgnoringClientHandler struct{} type IgnoringClientHandler struct{}
func (i *IgnoringClientHandler) UpdateConfigurationStore(new *IrmaIdentifierSet) {} func (i *IgnoringClientHandler) UpdateConfigurationStore(new *IrmaIdentifierSet) {}
func (i *IgnoringClientHandler) UpdateAttributes() {} func (i *IgnoringClientHandler) UpdateAttributes() {}
func (i *IgnoringClientHandler) RegistrationError(manager SchemeManagerIdentifier, err error) {} func (i *IgnoringClientHandler) EnrollmentError(manager SchemeManagerIdentifier, err error) {}
func (i *IgnoringClientHandler) RegistrationSuccess(manager SchemeManagerIdentifier) {} func (i *IgnoringClientHandler) EnrollmentSuccess(manager SchemeManagerIdentifier) {}
func parseStorage(t *testing.T) *CredentialManager { func parseStorage(t *testing.T) *CredentialManager {
exists, err := PathExists("testdata/storage/test") exists, err := PathExists("testdata/storage/test")
......
...@@ -46,7 +46,7 @@ type keyshareServer struct { ...@@ -46,7 +46,7 @@ type keyshareServer struct {
token string token string
} }
type keyshareRegistration struct { type keyshareEnrollment struct {
Username string `json:"username"` Username string `json:"username"`
Pin string `json:"pin"` Pin string `json:"pin"`
PublicKey *paillierPublicKey `json:"publicKey"` PublicKey *paillierPublicKey `json:"publicKey"`
...@@ -141,8 +141,8 @@ func startKeyshareSession( ...@@ -141,8 +141,8 @@ func startKeyshareSession(
for managerID := range session.Identifiers().SchemeManagers { for managerID := range session.Identifiers().SchemeManagers {
if store.SchemeManagers[managerID].Distributed() { if store.SchemeManagers[managerID].Distributed() {
ksscount++ ksscount++
if _, registered := keyshareServers[managerID]; !registered { if _, enrolled := keyshareServers[managerID]; !enrolled {
err := errors.New("Not registered to keyshare server of scheme manager " + managerID.String()) err := errors.New("Not enrolled to keyshare server of scheme manager " + managerID.String())
sessionHandler.KeyshareError(err) sessionHandler.KeyshareError(err)
return return
} }
......
...@@ -54,10 +54,10 @@ type CredentialManager struct { ...@@ -54,10 +54,10 @@ type CredentialManager struct {
} }
// KeyshareHandler is used for asking the user for his email address and PIN, // KeyshareHandler is used for asking the user for his email address and PIN,
// for registering at a keyshare server. // for enrolling at a keyshare server.
type KeyshareHandler interface { type KeyshareHandler interface {
RegistrationError(manager SchemeManagerIdentifier, err error) EnrollmentError(manager SchemeManagerIdentifier, err error)
RegistrationSuccess(manager SchemeManagerIdentifier) EnrollmentSuccess(manager SchemeManagerIdentifier)
} }
type ClientHandler interface { type ClientHandler interface {
...@@ -77,7 +77,7 @@ type secretKey struct { ...@@ -77,7 +77,7 @@ type secretKey struct {
// androidStoragePath is an optional path to the files of the old android app // androidStoragePath is an optional path to the files of the old android app
// (specify "" if you do not want to parse the old android app files), // (specify "" if you do not want to parse the old android app files),
// and handler is used for informing the user of new stuff, and when a // and handler is used for informing the user of new stuff, and when a
// registration to a keyshare server needs to happen. // enrollment to a keyshare server needs to happen.
// The credential manager returned by this function has been fully deserialized // The credential manager returned by this function has been fully deserialized
// and is ready for use. // and is ready for use.
// //
...@@ -602,15 +602,15 @@ func (cm *CredentialManager) unenrolledKeyshareServers() []SchemeManagerIdentifi ...@@ -602,15 +602,15 @@ func (cm *CredentialManager) unenrolledKeyshareServers() []SchemeManagerIdentifi
return list return list
} }
// KeyshareEnroll attempts to register at the keyshare server of the specified scheme manager. // KeyshareEnroll attempts to enroll at the keyshare server of the specified scheme manager.
func (cm *CredentialManager) KeyshareEnroll(manager SchemeManagerIdentifier, email, pin string) { func (cm *CredentialManager) KeyshareEnroll(manager SchemeManagerIdentifier, email, pin string) {
go func() { go func() {
err := cm.keyshareEnrollWorker(manager, email, pin) err := cm.keyshareEnrollWorker(manager, email, pin)
cm.UnenrolledKeyshareServers = cm.unenrolledKeyshareServers() cm.UnenrolledKeyshareServers = cm.unenrolledKeyshareServers()
if err != nil { if err != nil {
cm.handler.RegistrationError(manager, err) cm.handler.EnrollmentError(manager, err)
} else { } else {
cm.handler.RegistrationSuccess(manager) cm.handler.EnrollmentSuccess(manager)
} }
}() }()
} }
...@@ -632,7 +632,7 @@ func (cm *CredentialManager) keyshareEnrollWorker(managerID SchemeManagerIdentif ...@@ -632,7 +632,7 @@ func (cm *CredentialManager) keyshareEnrollWorker(managerID SchemeManagerIdentif
if err != nil { if err != nil {
return err return err
} }
message := keyshareRegistration{ message := keyshareEnrollment{
Username: email, Username: email,
Pin: kss.HashedPin(pin), Pin: kss.HashedPin(pin),
PublicKey: (*paillierPublicKey)(&kss.PrivateKey.PublicKey), PublicKey: (*paillierPublicKey)(&kss.PrivateKey.PublicKey),
...@@ -648,7 +648,7 @@ func (cm *CredentialManager) keyshareEnrollWorker(managerID SchemeManagerIdentif ...@@ -648,7 +648,7 @@ func (cm *CredentialManager) keyshareEnrollWorker(managerID SchemeManagerIdentif
return cm.storage.StoreKeyshareServers(cm.keyshareServers) return cm.storage.StoreKeyshareServers(cm.keyshareServers)
} }
// KeyshareRemove unregisters the keyshare server of the specified scheme manager. // KeyshareRemove unenrolls the keyshare server of the specified scheme manager.
func (cm *CredentialManager) KeyshareRemove(manager SchemeManagerIdentifier) error { func (cm *CredentialManager) KeyshareRemove(manager SchemeManagerIdentifier) error {
if _, contains := cm.keyshareServers[manager]; !contains { if _, contains := cm.keyshareServers[manager]; !contains {
return errors.New("Can't uninstall unknown keyshare server") return errors.New("Can't uninstall unknown keyshare server")
......
...@@ -26,7 +26,7 @@ type Handler interface { ...@@ -26,7 +26,7 @@ type Handler interface {
Cancelled(action Action) Cancelled(action Action)
Failure(action Action, err *SessionError) Failure(action Action, err *SessionError)
UnsatisfiableRequest(action Action, missing AttributeDisjunctionList) UnsatisfiableRequest(action Action, missing AttributeDisjunctionList)
MissingKeyshareServer(manager SchemeManagerIdentifier) MissingKeyshareEnrollment(manager SchemeManagerIdentifier)
RequestIssuancePermission(request IssuanceRequest, ServerName string, callback PermissionHandler) RequestIssuancePermission(request IssuanceRequest, ServerName string, callback PermissionHandler)
RequestVerificationPermission(request DisclosureRequest, ServerName string, callback PermissionHandler) RequestVerificationPermission(request DisclosureRequest, ServerName string, callback PermissionHandler)
...@@ -185,7 +185,7 @@ func (session *session) start() { ...@@ -185,7 +185,7 @@ func (session *session) start() {
} }
} }
// Check if we are registered to all involved keyshare servers // Check if we are enrolled into all involved keyshare servers
for id := range session.irmaSession.Identifiers().SchemeManagers { for id := range session.irmaSession.Identifiers().SchemeManagers {
manager, ok := session.credManager.ConfigurationStore.SchemeManagers[id] manager, ok := session.credManager.ConfigurationStore.SchemeManagers[id]
if !ok { if !ok {
...@@ -193,10 +193,10 @@ func (session *session) start() { ...@@ -193,10 +193,10 @@ func (session *session) start() {
return return
} }
distributed := manager.Distributed() distributed := manager.Distributed()
_, registered := session.credManager.keyshareServers[id] _, enrolled := session.credManager.keyshareServers[id]
if distributed && !registered { if distributed && !enrolled {
session.transport.Delete() session.transport.Delete()
session.Handler.MissingKeyshareServer(id) session.Handler.MissingKeyshareEnrollment(id)
return return
} }
} }
......
...@@ -20,7 +20,7 @@ type TestHandler struct { ...@@ -20,7 +20,7 @@ type TestHandler struct {
manager *CredentialManager manager *CredentialManager
} }
func (th TestHandler) MissingKeyshareServer(manager SchemeManagerIdentifier) { func (th TestHandler) MissingKeyshareEnrollment(manager SchemeManagerIdentifier) {
th.Failure(ActionUnknown, &SessionError{Err: errors.Errorf("Missing keyshare server %s", manager.String())}) th.Failure(ActionUnknown, &SessionError{Err: errors.Errorf("Missing keyshare server %s", manager.String())})
} }
...@@ -194,23 +194,23 @@ func sessionHelper(t *testing.T, jwtcontents interface{}, url string, manager *C ...@@ -194,23 +194,23 @@ func sessionHelper(t *testing.T, jwtcontents interface{}, url string, manager *C
} }
} }
func registerKeyshareServer(t *testing.T, manager *CredentialManager) { func enrollKeyshareServer(t *testing.T, manager *CredentialManager) {
bytes := make([]byte, 8, 8) bytes := make([]byte, 8, 8)
rand.Read(bytes) rand.Read(bytes)
email := fmt.Sprintf("%s@example.com", hex.EncodeToString(bytes)) email := fmt.Sprintf("%s@example.com", hex.EncodeToString(bytes))
require.NoError(t, manager.keyshareEnrollWorker(NewSchemeManagerIdentifier("test"), email, "12345")) require.NoError(t, manager.keyshareEnrollWorker(NewSchemeManagerIdentifier("test"), email, "12345"))
} }
// Register a new account at the keyshare server and do an issuance, disclosure, // Enroll at a keyshare server and do an issuance, disclosure,
// and issuance session, also using irma-demo credentials deserialized from Android storage // and issuance session, also using irma-demo credentials deserialized from Android storage
func TestKeyshareRegistrationAndSessions(t *testing.T) { func TestKeyshareEnrollmentAndSessions(t *testing.T) {
manager := parseStorage(t) manager := parseStorage(t)
manager.credentials[NewCredentialTypeIdentifier("test.test.mijnirma")] = map[int]*credential{} manager.credentials[NewCredentialTypeIdentifier("test.test.mijnirma")] = map[int]*credential{}
test := NewSchemeManagerIdentifier("test") test := NewSchemeManagerIdentifier("test")
err := manager.KeyshareRemove(test) err := manager.KeyshareRemove(test)
require.NoError(t, err) require.NoError(t, err)
registerKeyshareServer(t, manager) enrollKeyshareServer(t, manager)
id := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID") id := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
expiry := Timestamp(NewMetadataAttribute().Expiry()) expiry := Timestamp(NewMetadataAttribute().Expiry())
...@@ -249,9 +249,9 @@ func TestKeyshareRegistrationAndSessions(t *testing.T) { ...@@ -249,9 +249,9 @@ func TestKeyshareRegistrationAndSessions(t *testing.T) {
teardown(t) teardown(t)
} }
// Use the existing keyshare registration and credentials deserialized from Android storage // Use the existing keyshare enrollment and credentials deserialized from Android storage
// in a keyshare session of each session type. // in a keyshare session of each session type.
// Use keyshareuser.sql to register the user at the keyshare server. // Use keyshareuser.sql to enroll the user at the keyshare server.
func TestKeyshareSessions(t *testing.T) { func TestKeyshareSessions(t *testing.T) {
manager := parseStorage(t) manager := parseStorage(t)
id := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID") id := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment