Commit e1e60e99 authored by Sietse Ringers's avatar Sietse Ringers

refactor: explicitly pass private key to revocation functions

parent 955aa14d
......@@ -139,7 +139,18 @@ func (s *Server) CancelSession(token string) error {
}
func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error {
return s.conf.IrmaConfiguration.RevocationStorage.Revoke(credid, key)
sk, err := s.conf.PrivateKey(credid.IssuerIdentifier())
if err != nil {
return err
}
if sk == nil {
return errors.Errorf("cannot revoke: private key of %s not found", credid.IssuerIdentifier())
}
rsk, err := sk.RevocationKey()
if err != nil {
return err
}
return s.conf.IrmaConfiguration.RevocationStorage.Revoke(credid, key, rsk)
}
func ParsePath(path string) (token, noun string, arg []string, err error) {
......
......@@ -88,7 +88,9 @@ func StartRevocationServer(t *testing.T) {
require.NoError(t, g.Close())
// Enable revocation for our credential type
require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred))
sk, err := irmaconf.RevocationStorage.Keys.PrivateKey(cred.IssuerIdentifier())
require.NoError(t, err)
require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred, sk))
// Start revocation server
revocationServer, err = irmaserver.New(conf)
......@@ -156,7 +158,7 @@ var JwtServerConfiguration = &requestorserver.Configuration{
},
Port: 48682,
DisableRequestorAuthentication: false,
MaxRequestAge: 3,
MaxRequestAge: 3,
Permissions: requestorserver.Permissions{
Disclosing: []string{"*"},
Signing: []string{"*"},
......
......@@ -104,7 +104,7 @@ const (
// EnableRevocation creates an initial accumulator for a given credential type. This function is the
// only way to create such an initial accumulator and it must be called before anyone can use
// revocation for this credential type. Requires the issuer private key.
func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) error {
func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier, sk *revocation.PrivateKey) error {
hasRecords, err := rs.db.HasRecords(typ, (*RevocationRecord)(nil))
if err != nil {
return err
......@@ -113,10 +113,6 @@ func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) erro
return errors.New("revocation record table not empty")
}
sk, err := rs.Keys.PrivateKey(typ.IssuerIdentifier())
if err != nil {
return err
}
msg, acc, err := revocation.NewAccumulator(sk)
if err != nil {
return err
......@@ -244,14 +240,10 @@ func (rs *RevocationStorage) IssuanceRecord(typ CredentialTypeIdentifier, key []
// Revoke revokes the credential specified by key if found within the current database,
// by updating its revocation time to now, removing its revocation attribute from the current accumulator,
// and updating the revocation database on disk.
func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) error {
func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string, sk *revocation.PrivateKey) error {
if rs.getSettings(typ).Mode != RevocationModeServer {
return errors.Errorf("cannot revoke %s", typ)
}
rsk, err := rs.Keys.PrivateKey(typ.IssuerIdentifier())
if err != nil {
return err
}
return rs.db.Transaction(func(tx revStorage) error {
var err error
......@@ -263,7 +255,7 @@ func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) er
if err = tx.Save(&cr); err != nil {
return err
}
return rs.revokeAttr(tx, typ, rsk, cr.Attr)
return rs.revokeAttr(tx, typ, sk, cr.Attr)
})
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment