Commit eec210bf authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Merge branch 'singleton'

parents 5b99f4b7 465d68ee
...@@ -37,8 +37,9 @@ type metadataField struct { ...@@ -37,8 +37,9 @@ type metadataField struct {
// MetadataAttribute represent a metadata attribute. Contains the credential type, signing date, validity, and the public key counter. // MetadataAttribute represent a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.
type MetadataAttribute struct { type MetadataAttribute struct {
Int *big.Int Int *big.Int
pk *gabi.PublicKey pk *gabi.PublicKey
store *ConfigurationStore
} }
// AttributeList contains attributes, excluding the secret key, // AttributeList contains attributes, excluding the secret key,
...@@ -68,8 +69,8 @@ func (al *AttributeList) UnmarshalJSON(bytes []byte) error { ...@@ -68,8 +69,8 @@ func (al *AttributeList) UnmarshalJSON(bytes []byte) error {
} }
// NewAttributeListFromInts initializes a new AttributeList from a list of bigints. // NewAttributeListFromInts initializes a new AttributeList from a list of bigints.
func NewAttributeListFromInts(ints []*big.Int) (*AttributeList, error) { func NewAttributeListFromInts(ints []*big.Int, store *ConfigurationStore) (*AttributeList, error) {
meta := MetadataFromInt(ints[0]) meta := MetadataFromInt(ints[0], store)
if ints[0] == nil || meta.CredentialType() == nil { if ints[0] == nil || meta.CredentialType() == nil {
return nil, errors.New("Encountered credential of unknown type") return nil, errors.New("Encountered credential of unknown type")
} }
...@@ -112,8 +113,8 @@ func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) string { ...@@ -112,8 +113,8 @@ func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) string {
} }
// MetadataFromInt wraps the given Int // MetadataFromInt wraps the given Int
func MetadataFromInt(i *big.Int) *MetadataAttribute { func MetadataFromInt(i *big.Int, store *ConfigurationStore) *MetadataAttribute {
return &MetadataAttribute{Int: i} return &MetadataAttribute{Int: i, store: store}
} }
// NewMetadataAttribute constructs a new instance containing the default values: // NewMetadataAttribute constructs a new instance containing the default values:
...@@ -122,7 +123,7 @@ func MetadataFromInt(i *big.Int) *MetadataAttribute { ...@@ -122,7 +123,7 @@ func MetadataFromInt(i *big.Int) *MetadataAttribute {
// 0 as keycounter // 0 as keycounter
// ValidityDefault (half a year) as default validity. // ValidityDefault (half a year) as default validity.
func NewMetadataAttribute() *MetadataAttribute { func NewMetadataAttribute() *MetadataAttribute {
val := MetadataAttribute{new(big.Int), nil} val := MetadataAttribute{new(big.Int), nil, nil}
val.setField(versionField, metadataVersion) val.setField(versionField, metadataVersion)
val.setSigningDate() val.setSigningDate()
val.setKeyCounter(0) val.setKeyCounter(0)
...@@ -295,9 +296,9 @@ func (disjunction *AttributeDisjunction) Satisfied() bool { ...@@ -295,9 +296,9 @@ func (disjunction *AttributeDisjunction) Satisfied() bool {
// MatchesStore returns true if all attributes contained in the disjunction are // MatchesStore returns true if all attributes contained in the disjunction are
// present in the MetaStore. // present in the MetaStore.
func (disjunction *AttributeDisjunction) MatchesStore() bool { func (disjunction *AttributeDisjunction) MatchesStore(store *ConfigurationStore) bool {
for ai := range disjunction.Values { for ai := range disjunction.Values {
creddescription, exists := MetaStore.Credentials[ai.CredentialTypeIdentifier()] creddescription, exists := store.Credentials[ai.CredentialTypeIdentifier()]
if !exists { if !exists {
return false return false
} }
......
...@@ -31,22 +31,23 @@ type IgnoringKeyshareHandler struct{} ...@@ -31,22 +31,23 @@ type IgnoringKeyshareHandler struct{}
func (i *IgnoringKeyshareHandler) StartRegistration(m *SchemeManager, callback func(e, p string)) { func (i *IgnoringKeyshareHandler) StartRegistration(m *SchemeManager, callback func(e, p string)) {
} }
func parseStorage(t *testing.T) { func parseStorage(t *testing.T) *CredentialManager {
exists, err := PathExists("testdata/storage/test") exists, err := PathExists("testdata/storage/test")
require.NoError(t, err, "pathexists() failed") require.NoError(t, err, "pathexists() failed")
if !exists { if !exists {
require.NoError(t, os.Mkdir("testdata/storage/test", 0755), "Could not create test storage") require.NoError(t, os.Mkdir("testdata/storage/test", 0755), "Could not create test storage")
} }
require.NoError(t, Manager.Init( manager, err := NewCredentialManager(
"testdata/storage/test", "testdata/storage/test",
"testdata/irma_configuration", "testdata/irma_configuration",
&IgnoringKeyshareHandler{}, &IgnoringKeyshareHandler{},
), "Manager.Init() failed") )
require.NoError(t, err)
return manager
} }
func teardown(t *testing.T) { func teardown(t *testing.T) {
MetaStore = newConfigurationStore() MetaStore = newConfigurationStore()
Manager = newCredentialManager()
assert.NoError(t, os.RemoveAll("testdata/storage/test")) assert.NoError(t, os.RemoveAll("testdata/storage/test"))
// TODO first RemoveAll?! // TODO first RemoveAll?!
} }
...@@ -58,22 +59,22 @@ func s2big(s string) (r *big.Int) { ...@@ -58,22 +59,22 @@ func s2big(s string) (r *big.Int) {
return return
} }
func parseAndroidStorage(t *testing.T) { func parseAndroidStorage(t *testing.T, manager *CredentialManager) {
assert.NoError(t, Manager.ParseAndroidStorage(), "ParseAndroidStorage() failed") assert.NoError(t, manager.ParseAndroidStorage(), "ParseAndroidStorage() failed")
} }
func verifyManagerIsUnmarshaled(t *testing.T) { func verifyManagerIsUnmarshaled(t *testing.T, manager *CredentialManager) {
cred, err := Manager.credential(NewCredentialTypeIdentifier("irma-demo.RU.studentCard"), 0) cred, err := manager.credential(NewCredentialTypeIdentifier("irma-demo.RU.studentCard"), 0)
assert.NoError(t, err, "could not fetch credential") assert.NoError(t, err, "could not fetch credential")
assert.NotNil(t, cred, "Credential should exist") assert.NotNil(t, cred, "Credential should exist")
assert.NotNil(t, cred.Attributes[0], "Metadata attribute of irma-demo.RU.studentCard should not be nil") assert.NotNil(t, cred.Attributes[0], "Metadata attribute of irma-demo.RU.studentCard should not be nil")
cred, err = Manager.credential(NewCredentialTypeIdentifier("test.test.mijnirma"), 0) cred, err = manager.credential(NewCredentialTypeIdentifier("test.test.mijnirma"), 0)
assert.NoError(t, err, "could not fetch credential") assert.NoError(t, err, "could not fetch credential")
assert.NotNil(t, cred, "Credential should exist") assert.NotNil(t, cred, "Credential should exist")
assert.NotNil(t, cred.Signature.KeyshareP) assert.NotNil(t, cred.Signature.KeyshareP)
assert.NotEmpty(t, Manager.CredentialInfoList()) assert.NotEmpty(t, manager.CredentialInfoList())
assert.True(t, assert.True(t,
cred.Signature.Verify(cred.PublicKey(), cred.Attributes), cred.Signature.Verify(cred.PublicKey(), cred.Attributes),
...@@ -81,14 +82,14 @@ func verifyManagerIsUnmarshaled(t *testing.T) { ...@@ -81,14 +82,14 @@ func verifyManagerIsUnmarshaled(t *testing.T) {
) )
} }
func verifyCredentials(t *testing.T) { func verifyCredentials(t *testing.T, manager *CredentialManager) {
for credtype, credsmap := range Manager.credentials { for credtype, credsmap := range manager.credentials {
for index, cred := range credsmap { for index, cred := range credsmap {
require.True(t, require.True(t,
cred.Credential.Signature.Verify(cred.PublicKey(), cred.Attributes), cred.Credential.Signature.Verify(cred.PublicKey(), cred.Attributes),
"Credential %s-%d was invalid", credtype.String(), index, "Credential %s-%d was invalid", credtype.String(), index,
) )
require.Equal(t, cred.Attributes[0], Manager.secretkey, require.Equal(t, cred.Attributes[0], manager.secretkey,
"Secret key of credential %s-%d unequal to main secret key") "Secret key of credential %s-%d unequal to main secret key")
} }
} }
...@@ -111,16 +112,16 @@ func verifyPaillierKey(t *testing.T, PrivateKey *paillierPrivateKey) { ...@@ -111,16 +112,16 @@ func verifyPaillierKey(t *testing.T, PrivateKey *paillierPrivateKey) {
require.Equal(t, plaintext, string(decrypted)) require.Equal(t, plaintext, string(decrypted))
} }
func verifyKeyshareIsUnmarshaled(t *testing.T) { func verifyKeyshareIsUnmarshaled(t *testing.T, manager *CredentialManager) {
require.NotNil(t, Manager.paillierKeyCache) require.NotNil(t, manager.paillierKeyCache)
require.NotNil(t, Manager.keyshareServers) require.NotNil(t, manager.keyshareServers)
test := NewSchemeManagerIdentifier("test") test := NewSchemeManagerIdentifier("test")
require.Contains(t, Manager.keyshareServers, test) require.Contains(t, manager.keyshareServers, test)
kss := Manager.keyshareServers[test] kss := manager.keyshareServers[test]
require.NotEmpty(t, kss.Nonce) require.NotEmpty(t, kss.Nonce)
verifyPaillierKey(t, kss.PrivateKey) verifyPaillierKey(t, kss.PrivateKey)
verifyPaillierKey(t, Manager.paillierKeyCache) verifyPaillierKey(t, manager.paillierKeyCache)
} }
func verifyStoreIsLoaded(t *testing.T) { func verifyStoreIsLoaded(t *testing.T) {
...@@ -152,28 +153,27 @@ func verifyStoreIsLoaded(t *testing.T) { ...@@ -152,28 +153,27 @@ func verifyStoreIsLoaded(t *testing.T) {
} }
func TestAndroidParse(t *testing.T) { func TestAndroidParse(t *testing.T) {
parseStorage(t) manager := parseStorage(t)
verifyStoreIsLoaded(t) verifyStoreIsLoaded(t)
parseAndroidStorage(t) parseAndroidStorage(t, manager)
verifyManagerIsUnmarshaled(t) verifyManagerIsUnmarshaled(t, manager)
verifyCredentials(t) verifyCredentials(t, manager)
verifyKeyshareIsUnmarshaled(t) verifyKeyshareIsUnmarshaled(t, manager)
teardown(t) teardown(t)
} }
func TestUnmarshaling(t *testing.T) { func TestUnmarshaling(t *testing.T) {
parseStorage(t) manager := parseStorage(t)
parseAndroidStorage(t) parseAndroidStorage(t, manager)
Manager = newCredentialManager() newmanager, err := NewCredentialManager("testdata/storage/test", "testdata/irma_configuration", nil)
err := Manager.Init("testdata/storage/test", "testdata/irma_configuration", nil)
require.NoError(t, err) require.NoError(t, err)
verifyManagerIsUnmarshaled(t) verifyManagerIsUnmarshaled(t, newmanager)
verifyCredentials(t) verifyCredentials(t, newmanager)
verifyKeyshareIsUnmarshaled(t) verifyKeyshareIsUnmarshaled(t, newmanager)
teardown(t) teardown(t)
} }
...@@ -195,10 +195,11 @@ func TestMetadataAttribute(t *testing.T) { ...@@ -195,10 +195,11 @@ func TestMetadataAttribute(t *testing.T) {
} }
func TestMetadataCompatibility(t *testing.T) { func TestMetadataCompatibility(t *testing.T) {
require.NoError(t, MetaStore.ParseFolder("testdata/irma_configuration")) store := newConfigurationStore()
require.NoError(t, store.ParseFolder("testdata/irma_configuration"))
// An actual metadata attribute of an IRMA credential extracted from the IRMA app // An actual metadata attribute of an IRMA credential extracted from the IRMA app
attr := MetadataFromInt(s2big("49043481832371145193140299771658227036446546573739245068")) attr := MetadataFromInt(s2big("49043481832371145193140299771658227036446546573739245068"), store)
assert.NotNil(t, attr.CredentialType(), "attr.CredentialType() should not be nil") assert.NotNil(t, attr.CredentialType(), "attr.CredentialType() should not be nil")
assert.Equal(t, assert.Equal(t,
...@@ -215,6 +216,8 @@ func TestMetadataCompatibility(t *testing.T) { ...@@ -215,6 +216,8 @@ func TestMetadataCompatibility(t *testing.T) {
} }
func TestAttributeDisjunctionMarshaling(t *testing.T) { func TestAttributeDisjunctionMarshaling(t *testing.T) {
store := newConfigurationStore()
store.ParseFolder("testdata/irma_configuration")
disjunction := AttributeDisjunction{} disjunction := AttributeDisjunction{}
var _ json.Unmarshaler = &disjunction var _ json.Unmarshaler = &disjunction
...@@ -249,7 +252,7 @@ func TestAttributeDisjunctionMarshaling(t *testing.T) { ...@@ -249,7 +252,7 @@ func TestAttributeDisjunctionMarshaling(t *testing.T) {
require.False(t, disjunction.HasValues()) require.False(t, disjunction.HasValues())
require.Contains(t, disjunction.Attributes, id) require.Contains(t, disjunction.Attributes, id)
require.True(t, disjunction.MatchesStore()) require.True(t, disjunction.MatchesStore(store))
require.False(t, disjunction.Satisfied()) require.False(t, disjunction.Satisfied())
disjunction.selected = &disjunction.Attributes[0] disjunction.selected = &disjunction.Attributes[0]
...@@ -257,14 +260,14 @@ func TestAttributeDisjunctionMarshaling(t *testing.T) { ...@@ -257,14 +260,14 @@ func TestAttributeDisjunctionMarshaling(t *testing.T) {
} }
func TestCandidates(t *testing.T) { func TestCandidates(t *testing.T) {
parseStorage(t) manager := parseStorage(t)
parseAndroidStorage(t) parseAndroidStorage(t, manager)
attrtype := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID") attrtype := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
disjunction := &AttributeDisjunction{ disjunction := &AttributeDisjunction{
Attributes: []AttributeTypeIdentifier{attrtype}, Attributes: []AttributeTypeIdentifier{attrtype},
} }
attrs := Manager.Candidates(disjunction) attrs := manager.Candidates(disjunction)
require.NotNil(t, attrs) require.NotNil(t, attrs)
require.Len(t, attrs, 1) require.Len(t, attrs, 1)
...@@ -276,7 +279,7 @@ func TestCandidates(t *testing.T) { ...@@ -276,7 +279,7 @@ func TestCandidates(t *testing.T) {
Attributes: []AttributeTypeIdentifier{attrtype}, Attributes: []AttributeTypeIdentifier{attrtype},
Values: map[AttributeTypeIdentifier]string{attrtype: "456"}, Values: map[AttributeTypeIdentifier]string{attrtype: "456"},
} }
attrs = Manager.Candidates(disjunction) attrs = manager.Candidates(disjunction)
require.NotNil(t, attrs) require.NotNil(t, attrs)
require.Len(t, attrs, 1) require.Len(t, attrs, 1)
...@@ -284,7 +287,7 @@ func TestCandidates(t *testing.T) { ...@@ -284,7 +287,7 @@ func TestCandidates(t *testing.T) {
Attributes: []AttributeTypeIdentifier{attrtype}, Attributes: []AttributeTypeIdentifier{attrtype},
Values: map[AttributeTypeIdentifier]string{attrtype: "foobarbaz"}, Values: map[AttributeTypeIdentifier]string{attrtype: "foobarbaz"},
} }
attrs = Manager.Candidates(disjunction) attrs = manager.Candidates(disjunction)
require.NotNil(t, attrs) require.NotNil(t, attrs)
require.Empty(t, attrs) require.Empty(t, attrs)
...@@ -347,14 +350,14 @@ func TestTransport(t *testing.T) { ...@@ -347,14 +350,14 @@ func TestTransport(t *testing.T) {
} }
func TestPaillier(t *testing.T) { func TestPaillier(t *testing.T) {
parseStorage(t) manager := parseStorage(t)
parseAndroidStorage(t) parseAndroidStorage(t, manager)
challenge, _ := gabi.RandomBigInt(256) challenge, _ := gabi.RandomBigInt(256)
comm, _ := gabi.RandomBigInt(1000) comm, _ := gabi.RandomBigInt(1000)
resp, _ := gabi.RandomBigInt(1000) resp, _ := gabi.RandomBigInt(1000)
sk := Manager.paillierKey(true) sk := manager.paillierKey(true)
bytes, err := sk.Encrypt(challenge.Bytes()) bytes, err := sk.Encrypt(challenge.Bytes())
require.NoError(t, err) require.NoError(t, err)
cipher := new(big.Int).SetBytes(bytes) cipher := new(big.Int).SetBytes(bytes)
......
...@@ -30,6 +30,7 @@ type keyshareSession struct { ...@@ -30,6 +30,7 @@ type keyshareSession struct {
sessionHandler keyshareSessionHandler sessionHandler keyshareSessionHandler
pinRequestor KeysharePinRequestor pinRequestor KeysharePinRequestor
keyshareServer *keyshareServer keyshareServer *keyshareServer
credManager *CredentialManager
} }
type keyshareServer struct { type keyshareServer struct {
...@@ -130,6 +131,7 @@ func (ks *keyshareServer) HashedPin(pin string) string { ...@@ -130,6 +131,7 @@ func (ks *keyshareServer) HashedPin(pin string) string {
// user cancels; or one of the keyshare servers blocks us. // user cancels; or one of the keyshare servers blocks us.
// Error, blocked or success of the keyshare session is reported back to the keyshareSessionHandler. // Error, blocked or success of the keyshare session is reported back to the keyshareSessionHandler.
func startKeyshareSession( func startKeyshareSession(
credManager *CredentialManager,
session IrmaSession, session IrmaSession,
builders gabi.ProofBuilderList, builders gabi.ProofBuilderList,
sessionHandler keyshareSessionHandler, sessionHandler keyshareSessionHandler,
...@@ -137,9 +139,9 @@ func startKeyshareSession( ...@@ -137,9 +139,9 @@ func startKeyshareSession(
) { ) {
ksscount := 0 ksscount := 0
for _, managerID := range session.SchemeManagers() { for _, managerID := range session.SchemeManagers() {
if MetaStore.SchemeManagers[managerID].Distributed() { if credManager.store.SchemeManagers[managerID].Distributed() {
ksscount++ ksscount++
if _, registered := Manager.keyshareServers[managerID]; !registered { if _, registered := credManager.keyshareServers[managerID]; !registered {
err := errors.New("Not registered to keyshare server of scheme manager " + managerID.String()) err := errors.New("Not registered to keyshare server of scheme manager " + managerID.String())
sessionHandler.KeyshareError(err) sessionHandler.KeyshareError(err)
return return
...@@ -158,16 +160,17 @@ func startKeyshareSession( ...@@ -158,16 +160,17 @@ func startKeyshareSession(
sessionHandler: sessionHandler, sessionHandler: sessionHandler,
transports: map[SchemeManagerIdentifier]*HTTPTransport{}, transports: map[SchemeManagerIdentifier]*HTTPTransport{},
pinRequestor: pin, pinRequestor: pin,
credManager: credManager,
} }
askPin := false askPin := false
for _, managerID := range session.SchemeManagers() { for _, managerID := range session.SchemeManagers() {
if !MetaStore.SchemeManagers[managerID].Distributed() { if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
continue continue
} }
ks.keyshareServer = Manager.keyshareServers[managerID] ks.keyshareServer = ks.credManager.keyshareServers[managerID]
transport := NewHTTPTransport(ks.keyshareServer.URL) transport := NewHTTPTransport(ks.keyshareServer.URL)
transport.SetHeader(kssUsernameHeader, ks.keyshareServer.Username) transport.SetHeader(kssUsernameHeader, ks.keyshareServer.Username)
transport.SetHeader(kssAuthHeader, ks.keyshareServer.token) transport.SetHeader(kssAuthHeader, ks.keyshareServer.token)
...@@ -231,11 +234,11 @@ func (ks *keyshareSession) VerifyPin(attempts int) { ...@@ -231,11 +234,11 @@ func (ks *keyshareSession) VerifyPin(attempts int) {
// If all is ok, success will be true. // If all is ok, success will be true.
func (ks *keyshareSession) verifyPinAttempt(pin string) (success bool, tries int, blocked int, err error) { func (ks *keyshareSession) verifyPinAttempt(pin string) (success bool, tries int, blocked int, err error) {
for _, managerID := range ks.session.SchemeManagers() { for _, managerID := range ks.session.SchemeManagers() {
if !MetaStore.SchemeManagers[managerID].Distributed() { if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
continue continue
} }
kss := Manager.keyshareServers[managerID] kss := ks.credManager.keyshareServers[managerID]
transport := ks.transports[managerID] transport := ks.transports[managerID]
pinmsg := keysharePinMessage{Username: kss.Username, Pin: kss.HashedPin(pin)} pinmsg := keysharePinMessage{Username: kss.Username, Pin: kss.HashedPin(pin)}
pinresult := &keysharePinStatus{} pinresult := &keysharePinStatus{}
...@@ -282,7 +285,7 @@ func (ks *keyshareSession) GetCommitments() { ...@@ -282,7 +285,7 @@ func (ks *keyshareSession) GetCommitments() {
for _, builder := range ks.builders { for _, builder := range ks.builders {
pk := builder.PublicKey() pk := builder.PublicKey()
managerID := NewIssuerIdentifier(pk.Issuer).SchemeManagerIdentifier() managerID := NewIssuerIdentifier(pk.Issuer).SchemeManagerIdentifier()
if !MetaStore.SchemeManagers[managerID].Distributed() { if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
continue continue
} }
if _, contains := pkids[managerID]; !contains { if _, contains := pkids[managerID]; !contains {
...@@ -294,7 +297,7 @@ func (ks *keyshareSession) GetCommitments() { ...@@ -294,7 +297,7 @@ func (ks *keyshareSession) GetCommitments() {
// Now inform each keyshare server of with respect to which public keys // Now inform each keyshare server of with respect to which public keys
// we want them to send us commitments // we want them to send us commitments
for _, managerID := range ks.session.SchemeManagers() { for _, managerID := range ks.session.SchemeManagers() {
if !MetaStore.SchemeManagers[managerID].Distributed() { if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
continue continue
} }
...@@ -398,7 +401,7 @@ func (ks *keyshareSession) finishDisclosureOrSigning(challenge *big.Int, respons ...@@ -398,7 +401,7 @@ func (ks *keyshareSession) finishDisclosureOrSigning(challenge *big.Int, respons
for i, builder := range ks.builders { for i, builder := range ks.builders {
// Parse each received JWT // Parse each received JWT
managerID := NewIssuerIdentifier(builder.PublicKey().Issuer).SchemeManagerIdentifier() managerID := NewIssuerIdentifier(builder.PublicKey().Issuer).SchemeManagerIdentifier()
if !MetaStore.SchemeManagers[managerID].Distributed() { if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
continue continue
} }
msg := struct { msg := struct {
......
...@@ -12,25 +12,16 @@ import ( ...@@ -12,25 +12,16 @@ import (
"github.com/mhe/gabi" "github.com/mhe/gabi"
) )
// Manager is the global instance of CredentialManager.
var Manager = newCredentialManager()
// CredentialManager manages credentials. // CredentialManager manages credentials.
type CredentialManager struct { type CredentialManager struct {
secretkey *big.Int secretkey *big.Int
storagePath string storagePath string
attributes map[CredentialTypeIdentifier][]*AttributeList attributes map[CredentialTypeIdentifier][]*AttributeList
credentials map[CredentialTypeIdentifier]map[int]*credential credentials map[CredentialTypeIdentifier]map[int]*credential
keyshareServers map[SchemeManagerIdentifier]*keyshareServer keyshareServers map[SchemeManagerIdentifier]*keyshareServer
paillierKeyCache *paillierPrivateKey paillierKeyCache *paillierPrivateKey
}
func newCredentialManager() *CredentialManager { store *ConfigurationStore
return &CredentialManager{
credentials: make(map[CredentialTypeIdentifier]map[int]*credential),
keyshareServers: make(map[SchemeManagerIdentifier]*keyshareServer),
}
} }
// CredentialInfoList returns a list of information of all contained credentials. // CredentialInfoList returns a list of information of all contained credentials.
...@@ -87,7 +78,7 @@ func (cm *CredentialManager) credentialByID(id CredentialIdentifier) (cred *cred ...@@ -87,7 +78,7 @@ func (cm *CredentialManager) credentialByID(id CredentialIdentifier) (cred *cred
// credential returns the requested credential, or nil if we do not have it. // credential returns the requested credential, or nil if we do not have it.
func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int) (cred *credential, err error) { func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int) (cred *credential, err error) {
// If the requested credential is not in credential map, we check if its attributes were // If the requested credential is not in credential map, we check if its attributes were
// deserialized during Init(). If so, there should be a corresponding signature file, // deserialized during NewCredentialManager(). If so, there should be a corresponding signature file,
// so we read that, construct the credential, and add it to the credential map // so we read that, construct the credential, and add it to the credential map
if _, exists := cm.creds(id)[counter]; !exists { if _, exists := cm.creds(id)[counter]; !exists {
attrs := cm.Attributes(id, counter) attrs := cm.Attributes(id, counter)
...@@ -151,7 +142,7 @@ func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*At ...@@ -151,7 +142,7 @@ func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*At
for _, attribute := range disjunction.Attributes { for _, attribute := range disjunction.Attributes {
credID := attribute.CredentialTypeIdentifier() credID := attribute.CredentialTypeIdentifier()
if !MetaStore.Contains(credID) { if !cm.store.Contains(credID) {
continue continue
} }
creds := cm.credentials[credID] creds := cm.credentials[credID]
...@@ -212,7 +203,7 @@ func (cm *CredentialManager) groupCredentials(choice *DisclosureChoice) (map[Cre ...@@ -212,7 +203,7 @@ func (cm *CredentialManager) groupCredentials(choice *DisclosureChoice) (map[Cre
if identifier.IsCredential() { if identifier.IsCredential() {
continue // In this case we only disclose the metadata attribute, which is already handled continue // In this case we only disclose the metadata attribute, which is already handled
} }
index, err := MetaStore.Credentials[identifier.CredentialTypeIdentifier()].IndexOf(identifier) index, err := cm.store.Credentials[identifier.CredentialTypeIdentifier()].IndexOf(identifier)
if err != nil { if err != nil {
return nil, err return nil, err
} }
...@@ -276,7 +267,7 @@ func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (ga ...@@ -276,7 +267,7 @@ func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (ga
proofBuilders := gabi.ProofBuilderList([]gabi.ProofBuilder{}) proofBuilders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
for _, futurecred := range request.Credentials { for _, futurecred := range request.Credentials {
pk := MetaStore.PublicKey(futurecred.Credential.IssuerIdentifier(), futurecred.KeyCounter) pk := cm.store.PublicKey(futurecred.Credential.IssuerIdentifier(), futurecred.KeyCounter)
credBuilder := gabi.NewCredentialBuilder(pk, request.GetContext(), cm.secretkey, state.nonce2) credBuilder := gabi.NewCredentialBuilder(pk, request.GetContext(), cm.secretkey, state.nonce2)
request.state.builders = append(request.state.builders, credBuilder) request.state.builders = append(request.state.builders, credBuilder)
proofBuilders = append(proofBuilders, credBuilder) proofBuilders = append(proofBuilders, credBuilder)
...@@ -351,7 +342,7 @@ func (cm *CredentialManager) paillierKey(wait bool) *paillierPrivateKey { ...@@ -351,7 +342,7 @@ func (cm *CredentialManager) paillierKey(wait bool) *paillierPrivateKey {