Commit e1e60e99 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: explicitly pass private key to revocation functions

parent 955aa14d
...@@ -139,7 +139,18 @@ func (s *Server) CancelSession(token string) error { ...@@ -139,7 +139,18 @@ func (s *Server) CancelSession(token string) error {
} }
func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error { func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error {
return s.conf.IrmaConfiguration.RevocationStorage.Revoke(credid, key) sk, err := s.conf.PrivateKey(credid.IssuerIdentifier())
if err != nil {
return err
}
if sk == nil {
return errors.Errorf("cannot revoke: private key of %s not found", credid.IssuerIdentifier())
}
rsk, err := sk.RevocationKey()
if err != nil {
return err
}
return s.conf.IrmaConfiguration.RevocationStorage.Revoke(credid, key, rsk)
} }
func ParsePath(path string) (token, noun string, arg []string, err error) { func ParsePath(path string) (token, noun string, arg []string, err error) {
......
...@@ -88,7 +88,9 @@ func StartRevocationServer(t *testing.T) { ...@@ -88,7 +88,9 @@ func StartRevocationServer(t *testing.T) {
require.NoError(t, g.Close()) require.NoError(t, g.Close())
// Enable revocation for our credential type // Enable revocation for our credential type
require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred)) sk, err := irmaconf.RevocationStorage.Keys.PrivateKey(cred.IssuerIdentifier())
require.NoError(t, err)
require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred, sk))
// Start revocation server // Start revocation server
revocationServer, err = irmaserver.New(conf) revocationServer, err = irmaserver.New(conf)
......
...@@ -104,7 +104,7 @@ const ( ...@@ -104,7 +104,7 @@ const (
// EnableRevocation creates an initial accumulator for a given credential type. This function is the // EnableRevocation creates an initial accumulator for a given credential type. This function is the
// only way to create such an initial accumulator and it must be called before anyone can use // only way to create such an initial accumulator and it must be called before anyone can use
// revocation for this credential type. Requires the issuer private key. // revocation for this credential type. Requires the issuer private key.
func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) error { func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier, sk *revocation.PrivateKey) error {
hasRecords, err := rs.db.HasRecords(typ, (*RevocationRecord)(nil)) hasRecords, err := rs.db.HasRecords(typ, (*RevocationRecord)(nil))
if err != nil { if err != nil {
return err return err
...@@ -113,10 +113,6 @@ func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) erro ...@@ -113,10 +113,6 @@ func (rs *RevocationStorage) EnableRevocation(typ CredentialTypeIdentifier) erro
return errors.New("revocation record table not empty") return errors.New("revocation record table not empty")
} }
sk, err := rs.Keys.PrivateKey(typ.IssuerIdentifier())
if err != nil {
return err
}
msg, acc, err := revocation.NewAccumulator(sk) msg, acc, err := revocation.NewAccumulator(sk)
if err != nil { if err != nil {
return err return err
...@@ -244,14 +240,10 @@ func (rs *RevocationStorage) IssuanceRecord(typ CredentialTypeIdentifier, key [] ...@@ -244,14 +240,10 @@ func (rs *RevocationStorage) IssuanceRecord(typ CredentialTypeIdentifier, key []
// Revoke revokes the credential specified by key if found within the current database, // Revoke revokes the credential specified by key if found within the current database,
// by updating its revocation time to now, removing its revocation attribute from the current accumulator, // by updating its revocation time to now, removing its revocation attribute from the current accumulator,
// and updating the revocation database on disk. // and updating the revocation database on disk.
func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) error { func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string, sk *revocation.PrivateKey) error {
if rs.getSettings(typ).Mode != RevocationModeServer { if rs.getSettings(typ).Mode != RevocationModeServer {
return errors.Errorf("cannot revoke %s", typ) return errors.Errorf("cannot revoke %s", typ)
} }
rsk, err := rs.Keys.PrivateKey(typ.IssuerIdentifier())
if err != nil {
return err
}
return rs.db.Transaction(func(tx revStorage) error { return rs.db.Transaction(func(tx revStorage) error {
var err error var err error
...@@ -263,7 +255,7 @@ func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) er ...@@ -263,7 +255,7 @@ func (rs *RevocationStorage) Revoke(typ CredentialTypeIdentifier, key string) er
if err = tx.Save(&cr); err != nil { if err = tx.Save(&cr); err != nil {
return err return err
} }
return rs.revokeAttr(tx, typ, rsk, cr.Attr) return rs.revokeAttr(tx, typ, sk, cr.Attr)
}) })
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment