refactor: explicitly pass private key to revocation functions

internal/servercore/api.go

@@ -139,7 +139,18 @@ func (s *Server) CancelSession(token string) error {
 }
 
 func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error {
-	return s.conf.IrmaConfiguration.RevocationStorage.Revoke(credid, key)
+	sk, err := s.conf.PrivateKey(credid.IssuerIdentifier())
+	if err != nil {
+		return err
+	}
+	if sk == nil {
+		return errors.Errorf("cannot revoke: private key of %s not found", credid.IssuerIdentifier())
+	}
+	rsk, err := sk.RevocationKey()
+	if err != nil {
+		return err
+	}
+	return s.conf.IrmaConfiguration.RevocationStorage.Revoke(credid, key, rsk)
 }
 
 func ParsePath(path string) (token, noun string, arg []string, err error) {

internal/sessiontest/server_test.go

@@ -88,7 +88,9 @@ func StartRevocationServer(t *testing.T) {
 	require.NoError(t, g.Close())
 
 	// Enable revocation for our credential type
-	require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred))
+	sk, err := irmaconf.RevocationStorage.Keys.PrivateKey(cred.IssuerIdentifier())
+	require.NoError(t, err)
+	require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred, sk))
 
 	// Start revocation server
 	revocationServer, err = irmaserver.New(conf)
@@ -156,7 +158,7 @@ var JwtServerConfiguration = &requestorserver.Configuration{
 	},
 	Port: 48682,
 	DisableRequestorAuthentication: false,
-	MaxRequestAge: 3,
+	MaxRequestAge:                  3,
 	Permissions: requestorserver.Permissions{
 		Disclosing: []string{"*"},
 		Signing:    []string{"*"},

revocation.go

@@ -104,7 +104,7 @@ const (
 // EnableRevocation creates an initial accumulator for a given credential type. This function is the
 // only way to create such an initial accumulator and it must be called before anyone can use
 // revocation for this credential type. Requires the issuer private key.
-func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) error {
+func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier, sk *revocation.PrivateKey) error {
 	hasRecords, err := rs.db.HasRecords(typ, (*RevocationRecord)(nil))
 	if err != nil {
 		return err
@@ -113,10 +113,6 @@ func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) erro
 		return errors.New("revocation record table not empty")
 	}
 
-	sk, err := rs.Keys.PrivateKey(typ.IssuerIdentifier())
-	if err != nil {
-		return err
-	}
 	msg, acc, err := revocation.NewAccumulator(sk)
 	if err != nil {
 		return err
@@ -244,14 +240,10 @@ func (rs *RevocationStorage) IssuanceRecord(typ CredentialTypeIdentifier, key []
 // Revoke revokes the credential specified by key if found within the current database,
 // by updating its revocation time to now, removing its revocation attribute from the current accumulator,
 // and updating the revocation database on disk.
-func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) error {
+func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string, sk *revocation.PrivateKey) error {
 	if rs.getSettings(typ).Mode != RevocationModeServer {
 		return errors.Errorf("cannot revoke %s", typ)
 	}
-	rsk, err := rs.Keys.PrivateKey(typ.IssuerIdentifier())
-	if err != nil {
-		return err
-	}
 
 	return rs.db.Transaction(func(tx revStorage) error {
 		var err error
@@ -263,7 +255,7 @@ func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) er
 		if err = tx.Save(&cr); err != nil {
 			return err
 		}
-		return rs.revokeAttr(tx, typ, rsk, cr.Attr)
+		return rs.revokeAttr(tx, typ, sk, cr.Attr)
 	})
 }