Commit ca06aa7f authored by Sietse Ringers's avatar Sietse Ringers

feat: client checks consistency of revocation and revocationUpdates fields of session request

parent 710254b9
......@@ -49,13 +49,18 @@ func (cred *credential) AttributeList() *irma.AttributeList {
// persist the updated credential to storage.
func (cred *credential) NonrevPrepare(conf *irma.Configuration, request irma.SessionRequest) (bool, error) {
credtype := cred.CredentialType().Identifier()
if !request.Base().RequestsRevocation(credtype) {
base := request.Base()
if !base.RequestsRevocation(credtype) {
return false, nil
}
if err := base.RevocationConsistent(); err != nil {
return false, err
}
// first try to update witness by applying the revocation update messages attached to the session request
keys := irma.RevocationKeys{Conf: conf}
revupdates := request.Base().RevocationUpdates[credtype]
revupdates := base.RevocationUpdates[credtype]
updated, err := cred.NonrevApplyUpdates(revupdates, keys)
if err != nil {
return updated, err
......
......@@ -239,6 +239,18 @@ func (b *BaseRequest) RequestsRevocation(id CredentialTypeIdentifier) bool {
return len(b.RevocationUpdates) > 0 && len(b.RevocationUpdates[id]) > 0
}
func (b *BaseRequest) RevocationConsistent() error {
if len(b.Revocation) != len(b.RevocationUpdates) {
return errors.New("revocation and revocationUpdates do not have the same length")
}
for _, typ := range b.Revocation {
if _, present := b.RevocationUpdates[typ]; !present {
return errors.Errorf("type %s not present in revocationUpdates", typ)
}
}
return nil
}
// CredentialTypes returns an array of all credential types occuring in this conjunction.
func (c AttributeCon) CredentialTypes() []CredentialTypeIdentifier {
var result []CredentialTypeIdentifier
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment