Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IRMA
Github mirrors
irmago
Commits
e1e60e99
Commit
e1e60e99
authored
Nov 15, 2019
by
Sietse Ringers
Browse files
refactor: explicitly pass private key to revocation functions
parent
955aa14d
Changes
3
Hide whitespace changes
Inline
Side-by-side
internal/servercore/api.go
View file @
e1e60e99
...
...
@@ -139,7 +139,18 @@ func (s *Server) CancelSession(token string) error {
}
func
(
s
*
Server
)
Revoke
(
credid
irma
.
CredentialTypeIdentifier
,
key
string
)
error
{
return
s
.
conf
.
IrmaConfiguration
.
RevocationStorage
.
Revoke
(
credid
,
key
)
sk
,
err
:=
s
.
conf
.
PrivateKey
(
credid
.
IssuerIdentifier
())
if
err
!=
nil
{
return
err
}
if
sk
==
nil
{
return
errors
.
Errorf
(
"cannot revoke: private key of %s not found"
,
credid
.
IssuerIdentifier
())
}
rsk
,
err
:=
sk
.
RevocationKey
()
if
err
!=
nil
{
return
err
}
return
s
.
conf
.
IrmaConfiguration
.
RevocationStorage
.
Revoke
(
credid
,
key
,
rsk
)
}
func
ParsePath
(
path
string
)
(
token
,
noun
string
,
arg
[]
string
,
err
error
)
{
...
...
internal/sessiontest/server_test.go
View file @
e1e60e99
...
...
@@ -88,7 +88,9 @@ func StartRevocationServer(t *testing.T) {
require
.
NoError
(
t
,
g
.
Close
())
// Enable revocation for our credential type
require
.
NoError
(
t
,
irmaconf
.
RevocationStorage
.
EnableRevocation
(
cred
))
sk
,
err
:=
irmaconf
.
RevocationStorage
.
Keys
.
PrivateKey
(
cred
.
IssuerIdentifier
())
require
.
NoError
(
t
,
err
)
require
.
NoError
(
t
,
irmaconf
.
RevocationStorage
.
EnableRevocation
(
cred
,
sk
))
// Start revocation server
revocationServer
,
err
=
irmaserver
.
New
(
conf
)
...
...
@@ -156,7 +158,7 @@ var JwtServerConfiguration = &requestorserver.Configuration{
},
Port
:
48682
,
DisableRequestorAuthentication
:
false
,
MaxRequestAge
:
3
,
MaxRequestAge
:
3
,
Permissions
:
requestorserver
.
Permissions
{
Disclosing
:
[]
string
{
"*"
},
Signing
:
[]
string
{
"*"
},
...
...
revocation.go
View file @
e1e60e99
...
...
@@ -104,7 +104,7 @@ const (
// EnableRevocation creates an initial accumulator for a given credential type. This function is the
// only way to create such an initial accumulator and it must be called before anyone can use
// revocation for this credential type. Requires the issuer private key.
func
(
rs
*
RevocationStorage
)
EnableRevocation
(
typ
CredentialTypeIdentifier
)
error
{
func
(
rs
*
RevocationStorage
)
EnableRevocation
(
typ
CredentialTypeIdentifier
,
sk
*
revocation
.
PrivateKey
)
error
{
hasRecords
,
err
:=
rs
.
db
.
HasRecords
(
typ
,
(
*
RevocationRecord
)(
nil
))
if
err
!=
nil
{
return
err
...
...
@@ -113,10 +113,6 @@ func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) erro
return
errors
.
New
(
"revocation record table not empty"
)
}
sk
,
err
:=
rs
.
Keys
.
PrivateKey
(
typ
.
IssuerIdentifier
())
if
err
!=
nil
{
return
err
}
msg
,
acc
,
err
:=
revocation
.
NewAccumulator
(
sk
)
if
err
!=
nil
{
return
err
...
...
@@ -244,14 +240,10 @@ func (rs *RevocationStorage) IssuanceRecord(typ CredentialTypeIdentifier, key []
// Revoke revokes the credential specified by key if found within the current database,
// by updating its revocation time to now, removing its revocation attribute from the current accumulator,
// and updating the revocation database on disk.
func
(
rs
*
RevocationStorage
)
Revoke
(
typ
CredentialTypeIdentifier
,
key
string
)
error
{
func
(
rs
*
RevocationStorage
)
Revoke
(
typ
CredentialTypeIdentifier
,
key
string
,
sk
*
revocation
.
PrivateKey
)
error
{
if
rs
.
getSettings
(
typ
)
.
Mode
!=
RevocationModeServer
{
return
errors
.
Errorf
(
"cannot revoke %s"
,
typ
)
}
rsk
,
err
:=
rs
.
Keys
.
PrivateKey
(
typ
.
IssuerIdentifier
())
if
err
!=
nil
{
return
err
}
return
rs
.
db
.
Transaction
(
func
(
tx
revStorage
)
error
{
var
err
error
...
...
@@ -263,7 +255,7 @@ func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) er
if
err
=
tx
.
Save
(
&
cr
);
err
!=
nil
{
return
err
}
return
rs
.
revokeAttr
(
tx
,
typ
,
r
sk
,
cr
.
Attr
)
return
rs
.
revokeAttr
(
tx
,
typ
,
sk
,
cr
.
Attr
)
})
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment