Commit e9c6d829 authored by David Venhoek's avatar David Venhoek Committed by Sietse Ringers
Browse files

Improved consistency in variable names and spelling of strings/comments.

parent 546b6524
......@@ -21,7 +21,7 @@ type (
// Key used to sign keyshare protocol messages
signKey *rsa.PrivateKey
signKeyId int
signKeyID int
// Commit values generated in first step of keyshare protocol
commitmentData map[uint64]*big.Int
......@@ -49,26 +49,26 @@ func GenerateAESKey() (AesKey, error) {
// Add an aes key for decryption, with identifier keyid
// Calling this will cause all keyshare packets generated with the key to be trusted
func (c *KeyshareCore) DangerousAddAESKey(keyid uint32, key AesKey) {
c.decryptionKeys[keyid] = key
func (c *KeyshareCore) DangerousAddAESKey(keyID uint32, key AesKey) {
c.decryptionKeys[keyID] = key
}
// Set the aes key for encrypting new/changed keyshare data
// with identifier keyid
// Calling this wil also cause all keyshare packets generated with the key to be trusted
func (c *KeyshareCore) DangerousSetAESEncryptionKey(keyid uint32, key AesKey) {
c.decryptionKeys[keyid] = key
func (c *KeyshareCore) DangerousSetAESEncryptionKey(keyID uint32, key AesKey) {
c.decryptionKeys[keyID] = key
c.encryptionKey = key
c.encryptionKeyID = keyid
c.encryptionKeyID = keyID
}
// Set key used to sign keyshare protocol messages
func (c *KeyshareCore) SetSignKey(key *rsa.PrivateKey, id int) {
c.signKey = key
c.signKeyId = id
c.signKeyID = id
}
// Add public key as trusted by keyshareCore. Calling this on incorrectly generated key material WILL compromise keyshare secrets!
func (c *KeyshareCore) DangerousAddTrustedPublicKey(keyid irma.PublicKeyIdentifier, key *gabi.PublicKey) {
c.trustedKeys[keyid] = key
func (c *KeyshareCore) DangerousAddTrustedPublicKey(keyID irma.PublicKeyIdentifier, key *gabi.PublicKey) {
c.trustedKeys[keyID] = key
}
......@@ -48,7 +48,7 @@ func (c *KeyshareCore) GenerateKeyshareSecret(pinRaw string) (EncryptedKeyshareP
if err != nil {
return EncryptedKeysharePacket{}, err
}
p.setId(id)
p.setID(id)
// And encrypt
return c.encryptPacket(p)
......@@ -72,14 +72,14 @@ func (c *KeyshareCore) DangerousBuildKeyshareSecret(pinRaw string, secret *big.I
if err != nil {
return EncryptedKeysharePacket{}, err
}
p.setId(id)
p.setID(id)
return c.encryptPacket(p)
}
// Check pin for validity, and generate jwt for future access
// userid is an extra field added to the jwt for
func (c *KeyshareCore) ValidatePin(ep EncryptedKeysharePacket, pin string, userid string) (string, error) {
func (c *KeyshareCore) ValidatePin(ep EncryptedKeysharePacket, pin string, userID string) (string, error) {
paddedPin, err := padPin(pin)
if err != nil {
return "", err
......@@ -98,16 +98,16 @@ func (c *KeyshareCore) ValidatePin(ep EncryptedKeysharePacket, pin string, useri
}
// Generate jwt token
id := p.getId()
id := p.ID()
token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
"iss": "keyshare_server",
"sub": "auth_tok",
"iat": time.Now().Unix(),
"exp": time.Now().Add(3 * time.Minute).Unix(),
"user_id": userid,
"user_id": userID,
"token_id": base64.StdEncoding.EncodeToString(id[:]),
})
token.Header["kid"] = c.signKeyId
token.Header["kid"] = c.signKeyID
return token.SignedString(c.signKey)
}
......@@ -148,7 +148,7 @@ func (c *KeyshareCore) ChangePin(ep EncryptedKeysharePacket, oldpinRaw, newpinRa
return EncryptedKeysharePacket{}, err
}
p.setPin(newpin)
p.setId(id)
p.setID(id)
return c.encryptPacket(p)
}
......@@ -177,11 +177,11 @@ func (c *KeyshareCore) verifyAccess(ep EncryptedKeysharePacket, jwtToken string)
if _, present := claims["token_id"]; !present {
return unencryptedKeysharePacket{}, ErrInvalidJWT
}
tokenIdB64, ok := claims["token_id"].(string)
tokenIDB64, ok := claims["token_id"].(string)
if !ok {
return unencryptedKeysharePacket{}, ErrInvalidJWT
}
tokenId, err := base64.StdEncoding.DecodeString(tokenIdB64)
tokenID, err := base64.StdEncoding.DecodeString(tokenIDB64)
if err != nil {
return unencryptedKeysharePacket{}, ErrInvalidJWT
}
......@@ -190,9 +190,9 @@ func (c *KeyshareCore) verifyAccess(ep EncryptedKeysharePacket, jwtToken string)
if err != nil {
return unencryptedKeysharePacket{}, err
}
refId := p.getId()
refId := p.ID()
if !hmac.Equal(refId[:], tokenId) {
if !hmac.Equal(refId[:], tokenID) {
return unencryptedKeysharePacket{}, ErrInvalidJWT
}
......@@ -200,15 +200,15 @@ func (c *KeyshareCore) verifyAccess(ep EncryptedKeysharePacket, jwtToken string)
}
// Get keyshare commitment usign given idemix public key(s)
func (c *KeyshareCore) GenerateCommitments(ep EncryptedKeysharePacket, accessToken string, keyids []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
func (c *KeyshareCore) GenerateCommitments(ep EncryptedKeysharePacket, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error) {
// Validate input request and build key list
var keylist []*gabi.PublicKey
for _, keyid := range keyids {
key, ok := c.trustedKeys[keyid]
var keyList []*gabi.PublicKey
for _, keyID := range keyIDs {
key, ok := c.trustedKeys[keyID]
if !ok {
return nil, 0, ErrKeyNotFound
}
keylist = append(keylist, key)
keyList = append(keyList, key)
}
// verify access and decrypt
......@@ -218,33 +218,33 @@ func (c *KeyshareCore) GenerateCommitments(ep EncryptedKeysharePacket, accessTok
}
// Generate commitment
commitSecret, commitments, err := gabi.NewKeyshareCommitments(p.getKeyshareSecret(), keylist)
commitSecret, commitments, err := gabi.NewKeyshareCommitments(p.getKeyshareSecret(), keyList)
if err != nil {
return nil, 0, err
}
// Generate commitment id
var commitId uint64
err = binary.Read(rand.Reader, binary.LittleEndian, &commitId)
var commitID uint64
err = binary.Read(rand.Reader, binary.LittleEndian, &commitID)
if err != nil {
return nil, 0, err
}
// Store commit in backing storage
c.commitmentMutex.Lock()
c.commitmentData[commitId] = commitSecret
c.commitmentData[commitID] = commitSecret
c.commitmentMutex.Unlock()
return commitments, commitId, nil
return commitments, commitID, nil
}
// Generate response for zero-knowledge proof of keyshare secret, for a given previous commit and challenge
func (c *KeyshareCore) GenerateResponse(ep EncryptedKeysharePacket, accessToken string, commitId uint64, challenge *big.Int, keyid irma.PublicKeyIdentifier) (string, error) {
func (c *KeyshareCore) GenerateResponse(ep EncryptedKeysharePacket, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error) {
// Validate request
if uint(challenge.BitLen()) > gabi.DefaultSystemParameters[1024].Lh || challenge.Cmp(big.NewInt(0)) < 0 {
return "", ErrInvalidChallenge
}
key, ok := c.trustedKeys[keyid]
key, ok := c.trustedKeys[keyID]
if !ok {
return "", ErrKeyNotFound
}
......@@ -257,8 +257,8 @@ func (c *KeyshareCore) GenerateResponse(ep EncryptedKeysharePacket, accessToken
// Fetch commit
c.commitmentMutex.Lock()
commit, ok := c.commitmentData[commitId]
delete(c.commitmentData, commitId)
commit, ok := c.commitmentData[commitID]
delete(c.commitmentData, commitID)
c.commitmentMutex.Unlock()
if !ok {
return "", ErrUnknownCommit
......@@ -271,7 +271,7 @@ func (c *KeyshareCore) GenerateResponse(ep EncryptedKeysharePacket, accessToken
"sub": "ProofP",
"iss": "keyshare_server",
})
token.Header["kid"] = c.signKeyId
token.Header["kid"] = c.signKeyID
return token.SignedString(c.signKey)
}
......
......@@ -91,14 +91,14 @@ func TestVerifyAccess(t *testing.T) {
// Test incorrectly constructed jwts
p, err := c.verifyAccess(ep1, jwtt)
require.NoError(t, err)
id := p.getId()
tokenId := base64.StdEncoding.EncodeToString(id[:])
id := p.ID()
tokenID := base64.StdEncoding.EncodeToString(id[:])
// incorrect exp
token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
"iat": time.Now().Add(-6 * time.Minute).Unix(),
"exp": time.Now().Add(-3 * time.Minute).Unix(),
"token_id": tokenId,
"token_id": tokenID,
})
jwtt, err = token.SignedString(c.signKey)
require.NoError(t, err)
......@@ -108,7 +108,7 @@ func TestVerifyAccess(t *testing.T) {
// missing exp
token = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
"iat": time.Now().Unix(),
"token_id": tokenId,
"token_id": tokenID,
})
jwtt, err = token.SignedString(c.signKey)
require.NoError(t, err)
......@@ -119,7 +119,7 @@ func TestVerifyAccess(t *testing.T) {
token = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
"iat": time.Now().Unix(),
"exp": "test",
"token_id": tokenId,
"token_id": tokenID,
})
jwtt, err = token.SignedString(c.signKey)
require.NoError(t, err)
......@@ -151,7 +151,7 @@ func TestVerifyAccess(t *testing.T) {
token = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"iat": time.Now().Unix(),
"exp": time.Now().Add(3 * time.Minute).Unix(),
"token_id": tokenId,
"token_id": tokenID,
})
jwtt, err = token.SignedString([]byte("bla"))
require.NoError(t, err)
......
......@@ -57,13 +57,13 @@ func (p *unencryptedKeysharePacket) setKeyshareSecret(val *big.Int) error {
return nil
}
func (p *unencryptedKeysharePacket) getId() [32]byte {
func (p *unencryptedKeysharePacket) ID() [32]byte {
var result [32]byte
copy(result[:], p[128:160])
return result
}
func (p *unencryptedKeysharePacket) setId(id [32]byte) {
func (p *unencryptedKeysharePacket) setID(id [32]byte) {
copy(p[128:160], id[:])
}
......
......@@ -41,7 +41,7 @@ func StartKeyshareServer(t *testing.T, l *logrus.Logger) {
IssuerPrivateKeysPath: filepath.Join(testdataPath, "privatekeys"),
URL: "http://localhost:8080/irma_keyshare_server/api/v1/",
DB: db,
JwtKeyId: 0,
JwtKeyID: 0,
JwtPrivateKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk.pem"),
StoragePrimaryKeyFile: filepath.Join(testdataPath, "keyshareStorageTestkey"),
KeyshareCredential: "test.test.mijnirma",
......
......@@ -29,7 +29,7 @@ var confKeyshareMyirma *myirmaserver.Configuration
var myirmadCmd = &cobra.Command{
Use: "myirma",
Short: "Irma keyshare server myirma component",
Short: "IRMA keyshare server myirma component",
Run: func(command *cobra.Command, args []string) {
configureMyirmad(command)
......@@ -120,7 +120,7 @@ func init() {
flags.StringSlice("keyshare-attributes", nil, "Attributes allowed for login to myirma")
flags.StringSlice("email-attributes", nil, "Attributes allowed for adding email addresses")
flags.Lookup("keyshare-attributes").Header = `Irma session configuration`
flags.Lookup("keyshare-attributes").Header = `IRMA session configuration`
flags.String("email-server", "", "Email server to use for sending email address confirmation emails")
flags.String("email-hostname", "", "Hostname used in email server tls certificate (leave empty when mail server does not use tls)")
......@@ -218,8 +218,8 @@ func configureMyirmad(cmd *cobra.Command) {
StaticPath: viper.GetString("static-path"),
StaticPrefix: viper.GetString("static-prefix"),
DbType: myirmaserver.DatabaseType(viper.GetString("db-type")),
DbConnstring: viper.GetString("db"),
DBType: myirmaserver.DatabaseType(viper.GetString("db-type")),
DBConnstring: viper.GetString("db"),
KeyshareAttributeNames: viper.GetStringSlice("keyshare-attributes"),
EmailAttributeNames: viper.GetStringSlice("email-attributes"),
......
......@@ -29,7 +29,7 @@ var confKeysharePhone *keyshareserver.Configuration
var keysharedCmd = &cobra.Command{
Use: "phone",
Short: "Irma keyshare server phone component",
Short: "IRMA keyshare server phone component",
Run: func(command *cobra.Command, args []string) {
configureKeyshared(command)
......@@ -217,10 +217,10 @@ func configureKeyshared(cmd *cobra.Command) {
URL: string(regexp.MustCompile("(https?://[^/]*):port").ReplaceAll([]byte(viper.GetString("url")), []byte("$1:"+strconv.Itoa(viper.GetInt("port"))))),
DisableTLS: viper.GetBool("no-tls"),
DbType: keyshareserver.DatabaseType(viper.GetString("db-type")),
DbConnstring: viper.GetString("db"),
DBType: keyshareserver.DatabaseType(viper.GetString("db-type")),
DBConnstring: viper.GetString("db"),
JwtKeyId: viper.GetInt("jwt-privkey-id"),
JwtKeyID: viper.GetInt("jwt-privkey-id"),
JwtPrivateKey: viper.GetString("jwt-privkey"),
JwtPrivateKeyFile: viper.GetString("jwt-privkey-file"),
StoragePrimaryKeyFile: viper.GetString("storage-primary-keyfile"),
......
......@@ -4,7 +4,7 @@ import "github.com/sietseringers/cobra"
var keyshareRoot = &cobra.Command{
Use: "keyshare",
Short: "Irma keyshare server",
Short: "IRMA keyshare server",
}
func init() {
......
......@@ -18,7 +18,7 @@ var confKeyshareTask *keysharetask.Configuration
var keyshareTaskCmd = &cobra.Command{
Use: "task",
Short: "Irma keyshare server background tasks",
Short: "IRMA keyshare server background tasks",
Run: func(command *cobra.Command, args []string) {
configureKeyshareTask(command)
......@@ -121,7 +121,7 @@ func configureKeyshareTask(cmd *cobra.Command) {
}
confKeyshareTask = &keysharetask.Configuration{
DbConnstring: viper.GetString("db"),
DBConnstring: viper.GetString("db"),
ExpiryDelay: viper.GetInt("expiry-delay"),
DeleteDelay: viper.GetInt("delete-delay"),
......
......@@ -30,14 +30,14 @@ func (c *Converter) ConvertUsers() {
defer common.Close(users)
for users.Next() {
var source_id int
var sourceID int
var username, pin, keyshare string
var language *string
var lastseen, pinBlockDate, expiryWarning *int64
var lastSeen, pinBlockDate, expiryWarning *int64
var pinCounter *int
var enrolled, enabled bool
err = users.Scan(&source_id, &username, &lastseen, &pin, &pinCounter, &pinBlockDate, &keyshare, &enrolled, &enabled, &language, &expiryWarning)
err = users.Scan(&sourceID, &username, &lastSeen, &pin, &pinCounter, &pinBlockDate, &keyshare, &enrolled, &enabled, &language, &expiryWarning)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not scan user row")
}
......@@ -54,9 +54,9 @@ func (c *Converter) ConvertUsers() {
}
// Ensure we start with a 0 value for lastseen if not provided (we special-case on this later)
if lastseen == nil {
lastseen = new(int64)
*lastseen = 0
if lastSeen == nil {
lastSeen = new(int64)
*lastSeen = 0
}
// Ensure pinCounter and pinBlockData have values
......@@ -82,23 +82,23 @@ func (c *Converter) ConvertUsers() {
coredata, err := c.core.DangerousBuildKeyshareSecret(pin, secret)
// create user
var target_id int64
create_res, err := c.target_db.Query("INSERT INTO irma.users (username, language, coredata, last_seen, pin_counter, pin_block_date, delete_on) VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING irma.users.id", username, *language, coredata[:], *lastseen, *pinCounter, *pinBlockDate, expiryWarning)
var targetID int64
createRes, err := c.target_db.Query("INSERT INTO irma.users (username, language, coredata, last_seen, pin_counter, pin_block_date, delete_on) VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING irma.users.id", username, *language, coredata[:], *lastSeen, *pinCounter, *pinBlockDate, expiryWarning)
if err != nil {
c.logger.WithField("error", err).Fatal("Problem creating user in new database")
}
defer common.Close(create_res)
defer common.Close(createRes)
if !create_res.Next() {
c.logger.WithField("error", create_res.Err()).Fatal("Could not retrieve ID of created user")
if !createRes.Next() {
c.logger.WithField("error", createRes.Err()).Fatal("Could not retrieve ID of created user")
}
err = create_res.Scan(&target_id)
err = createRes.Scan(&targetID)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not retrieve ID of created user")
}
// Convert emails
emails, err := c.source_db.Query("SELECT email FROM irma.email_addresses WHERE user_id = $1", source_id)
emails, err := c.source_db.Query("SELECT email FROM irma.email_addresses WHERE user_id = $1", sourceID)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not retrieve user email addresses")
}
......@@ -111,7 +111,7 @@ func (c *Converter) ConvertUsers() {
c.logger.WithField("error", err).Fatal("Could not scan user email row")
}
_, err := c.target_db.Exec("INSERT INTO irma.emails (user_id, email) VALUES ($1, $2)", target_id, email)
_, err := c.target_db.Exec("INSERT INTO irma.emails (user_id, email) VALUES ($1, $2)", targetID, email)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not add email address to user")
}
......@@ -123,7 +123,7 @@ func (c *Converter) ConvertUsers() {
}
// Convert log entries
logs, err := c.source_db.Query("SELECT time, event, param FROM irma.log_entry_records WHERE user_id = $1", source_id)
logs, err := c.source_db.Query("SELECT time, event, param FROM irma.log_entry_records WHERE user_id = $1", sourceID)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not retrieve user email addresses")
}
......@@ -139,13 +139,13 @@ func (c *Converter) ConvertUsers() {
c.logger.WithField("error", err).Fatal("Error scanning log entry row")
}
if *lastseen < time {
*lastseen = time
if *lastSeen < time {
*lastSeen = time
}
params := fmt.Sprintf("%v", param)
_, err = c.target_db.Exec("INSERT INTO irma.log_entry_records (time, event, param, user_id) VALUES ($1, $2, $3, $4)", time, event, params, target_id)
_, err = c.target_db.Exec("INSERT INTO irma.log_entry_records (time, event, param, user_id) VALUES ($1, $2, $3, $4)", time, event, params, targetID)
if err != nil {
c.logger.WithField("error", err).Fatal("Error storing log entry in new database")
}
......@@ -157,16 +157,16 @@ func (c *Converter) ConvertUsers() {
}
// update lastseen
if *lastseen == 0 {
*lastseen = time.Now().Unix()
if *lastSeen == 0 {
*lastSeen = time.Now().Unix()
}
_, err = c.target_db.Exec("UPDATE irma.users SET last_seen = $1 WHERE id = $2", *lastseen, target_id)
_, err = c.target_db.Exec("UPDATE irma.users SET last_seen = $1 WHERE id = $2", *lastSeen, targetID)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not update lastseen of user")
}
// Convert email verification records
emver, err := c.source_db.Query("SELECT (time_created+timeout) AS expiry_time, email, token FROM irma.email_verification_records WHERE user_id = $1 AND time_verified IS NULL", source_id)
emver, err := c.source_db.Query("SELECT (time_created+timeout) AS expiry_time, email, token FROM irma.email_verification_records WHERE user_id = $1 AND time_verified IS NULL", sourceID)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not fetch email verification records")
}
......@@ -180,7 +180,7 @@ func (c *Converter) ConvertUsers() {
c.logger.WithField("error", err).Fatal("Error scanning email verification record row")
}
_, err = c.target_db.Exec("INSERT INTO irma.email_verification_tokens (expiry, email, token, user_id) VALUES ($1, $2, $3, $4)", expiry, email, token, source_id)
_, err = c.target_db.Exec("INSERT INTO irma.email_verification_tokens (expiry, email, token, user_id) VALUES ($1, $2, $3, $4)", expiry, email, token, sourceID)
if err != nil {
c.logger.WithField("error", err).Fatal("Could not create email verification record for user")
}
......
......@@ -28,7 +28,7 @@ const (
// Configuration contains configuration for the irmaserver library and irmad.
type Configuration struct {
// Irma server configuration. If not given, this will be populated using information here
// IRMA server configuration. If not given, this will be populated using information here
ServerConfiguration *server.Configuration `json:"-"`
// Path to IRMA schemes to parse into server configuration (only used if ServerConfiguration == nil).
// If left empty, default value is taken using DefaultSchemesPath().
......@@ -51,14 +51,14 @@ type Configuration struct {
DisableTLS bool `json:"no_tls" mapstructure:"no_tls"`
// Database configuration (ignored when database is provided)
DbType DatabaseType `json:"db_type" mapstructure:"db_type"`
DbConnstring string `json:"db_connstring" mapstructure:"db_connstring"`
DBType DatabaseType `json:"db_type" mapstructure:"db_type"`
DBConnstring string `json:"db_connstring" mapstructure:"db_connstring"`
// Provide a prepared database (useful for testing)
DB KeyshareDB `json:"-"`
// Configuration of secure Core
// Private key used to sign JWTs with
JwtKeyId int `json:"jwt_key_id" mapstructure:"jwt_key_id"`
JwtKeyID int `json:"jwt_key_id" mapstructure:"jwt_key_id"`
JwtPrivateKey string `json:"jwt_privkey" mapstructure:"jwt_privkey"`
JwtPrivateKeyFile string `json:"jwt_privkey_file" mapstructure:"jwt_privkey_file"`
// Decryption keys used for keyshare packets
......@@ -128,7 +128,7 @@ func processConfiguration(conf *Configuration) (*keysharecore.KeyshareCore, erro
}
}
// Force loggers to match (TODO: reevaluate once logging is reworked in irma server)
// Force loggers to match (TODO: reevaluate once logging is reworked in IRMA server)
conf.ServerConfiguration.Logger = conf.Logger
// Force production status to match
......@@ -188,12 +188,12 @@ func processConfiguration(conf *Configuration) (*keysharecore.KeyshareCore, erro
// Setup database
if conf.DB == nil {
switch conf.DbType {
switch conf.DBType {
case DatabaseTypeMemory:
conf.DB = NewMemoryDatabase()
case DatabaseTypePostgres:
var err error
conf.DB, err = NewPostgresDatabase(conf.DbConnstring)
conf.DB, err = NewPostgresDatabase(conf.DBConnstring)
if err != nil {
return nil, server.LogError(err)
}
......@@ -234,12 +234,12 @@ func processConfiguration(conf *Configuration) (*keysharecore.KeyshareCore, erro
if err != nil {
return nil, server.LogError(errors.WrapPrefix(err, "failed to read keyshare server jwt key", 0))
}
core.SetSignKey(jwtPrivateKey, conf.JwtKeyId)
encId, encKey, err := readAESKey(conf.StoragePrimaryKeyFile)
core.SetSignKey(jwtPrivateKey, conf.JwtKeyID)
encID, encKey, err := readAESKey(conf.StoragePrimaryKeyFile)
if err != nil {
return nil, server.LogError(errors.WrapPrefix(err, "failed to load primary storage key", 0))
}
core.DangerousSetAESEncryptionKey(encId, encKey)
core.DangerousSetAESEncryptionKey(encID, encKey)
for _, keyFile := range conf.StorageFallbackKeyFiles {
id, key, err := readAESKey(keyFile)
if err != nil {
......
......@@ -16,8 +16,8 @@ func TestConfInvalidAESKey(t *testing.T) {
_, err := New(&Configuration{
SchemesPath: filepath.Join(testdataPath, "irma_configuration"),
URL: "http://localhost:8080/irma_keyshare_server/",
DbType: DatabaseTypeMemory,
JwtKeyId: 0,
DBType: DatabaseTypeMemory,
JwtKeyID: 0,
JwtPrivateKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk.pem"),
StoragePrimaryKeyFile: filepath.Join(testdataPath, "keyshareStorageTestkey"),
KeyshareCredential: "test.test.mijnirma",
......@@ -28,8 +28,8 @@ func TestConfInvalidAESKey(t *testing.T) {
_, err = New(&Configuration{
SchemesPath: filepath.Join(testdataPath, "irma_configuration"),
URL: "http://localhost:8080/irma_keyshare_server/",
DbType: DatabaseTypeMemory,
JwtKeyId: 0,
DBType: DatabaseTypeMemory,
JwtKeyID: 0,
JwtPrivateKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk-does-not-exist.pem"),
StoragePrimaryKeyFile: filepath.Join(testdataPath, "keyshareStorageTestkey"),
KeyshareCredential: "test.test.mijnirma",
......@@ -40,8 +40,8 @@ func TestConfInvalidAESKey(t *testing.T) {
_, err = New(&Configuration{
SchemesPath: filepath.Join(testdataPath, "irma_configuration"),
URL: "http://localhost:8080/irma_keyshare_server/",
DbType: DatabaseTypeMemory,
JwtKeyId: 0,
DBType: DatabaseTypeMemory,
JwtKeyID: 0,
JwtPrivateKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk.pem"),
StoragePrimaryKeyFile: filepath.Join(testdataPath, "keyshareStorageTestkey-does-not-exist"),
KeyshareCredential: "test.test.mijnirma",
......@@ -52,8 +52,8 @@ func TestConfInvalidAESKey(t *testing.T) {
_, err = New(&Configuration{
SchemesPath: filepath.Join(testdataPath, "irma_configuration"),
URL: "http://localhost:8080/irma_keyshare_server/",
DbType: DatabaseTypeMemory,
JwtKeyId: 0,
DBType: DatabaseTypeMemory,
JwtKeyID: 0,
JwtPrivateKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk.pem"),
StoragePrimaryKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk.pem"),
KeyshareCredential: "test.test.mijnirma",
......@@ -64,8 +64,8 @@ func TestConfInvalidAESKey(t *testing.T) {
_, err = New(&Configuration{
SchemesPath: filepath.Join(testdataPath, "irma_configuration"),
URL: "http://localhost:8080/irma_keyshare_server/",
DbType: "undefined",
JwtKeyId: 0,
DBType: "undefined",
JwtKeyID: 0,
JwtPrivateKeyFile: filepath.Join(testdataPath, "jwtkeys", "kss-sk.pem"),