Merge branch 'singleton'

attributes.go

@@ -37,8 +37,9 @@ type metadataField struct {
 
 // MetadataAttribute represent a metadata attribute. Contains the credential type, signing date, validity, and the public key counter.
 type MetadataAttribute struct {
-	Int *big.Int
-	pk  *gabi.PublicKey
+	Int   *big.Int
+	pk    *gabi.PublicKey
+	store *ConfigurationStore
 }
 
 // AttributeList contains attributes, excluding the secret key,
@@ -68,8 +69,8 @@ func (al *AttributeList) UnmarshalJSON(bytes []byte) error {
 }
 
 // NewAttributeListFromInts initializes a new AttributeList from a list of bigints.
-func NewAttributeListFromInts(ints []*big.Int) (*AttributeList, error) {
-	meta := MetadataFromInt(ints[0])
+func NewAttributeListFromInts(ints []*big.Int, store *ConfigurationStore) (*AttributeList, error) {
+	meta := MetadataFromInt(ints[0], store)
 	if ints[0] == nil || meta.CredentialType() == nil {
 		return nil, errors.New("Encountered credential of unknown type")
 	}
@@ -112,8 +113,8 @@ func (al *AttributeList) Attribute(identifier AttributeTypeIdentifier) string {
 }
 
 // MetadataFromInt wraps the given Int
-func MetadataFromInt(i *big.Int) *MetadataAttribute {
-	return &MetadataAttribute{Int: i}
+func MetadataFromInt(i *big.Int, store *ConfigurationStore) *MetadataAttribute {
+	return &MetadataAttribute{Int: i, store: store}
 }
 
 // NewMetadataAttribute constructs a new instance containing the default values:
@@ -122,7 +123,7 @@ func MetadataFromInt(i *big.Int) *MetadataAttribute {
 // 0 as keycounter
 // ValidityDefault (half a year) as default validity.
 func NewMetadataAttribute() *MetadataAttribute {
-	val := MetadataAttribute{new(big.Int), nil}
+	val := MetadataAttribute{new(big.Int), nil, nil}
 	val.setField(versionField, metadataVersion)
 	val.setSigningDate()
 	val.setKeyCounter(0)
@@ -295,9 +296,9 @@ func (disjunction *AttributeDisjunction) Satisfied() bool {
 
 // MatchesStore returns true if all attributes contained in the disjunction are
 // present in the MetaStore.
-func (disjunction *AttributeDisjunction) MatchesStore() bool {
+func (disjunction *AttributeDisjunction) MatchesStore(store *ConfigurationStore) bool {
 	for ai := range disjunction.Values {
-		creddescription, exists := MetaStore.Credentials[ai.CredentialTypeIdentifier()]
+		creddescription, exists := store.Credentials[ai.CredentialTypeIdentifier()]
 		if !exists {
 			return false
 		}

irmago_test.go

@@ -31,22 +31,23 @@ type IgnoringKeyshareHandler struct{}
 func (i *IgnoringKeyshareHandler) StartRegistration(m *SchemeManager, callback func(e, p string)) {
 }
 
-func parseStorage(t *testing.T) {
+func parseStorage(t *testing.T) *CredentialManager {
 	exists, err := PathExists("testdata/storage/test")
 	require.NoError(t, err, "pathexists() failed")
 	if !exists {
 		require.NoError(t, os.Mkdir("testdata/storage/test", 0755), "Could not create test storage")
 	}
-	require.NoError(t, Manager.Init(
+	manager, err := NewCredentialManager(
 		"testdata/storage/test",
 		"testdata/irma_configuration",
 		&IgnoringKeyshareHandler{},
-	), "Manager.Init() failed")
+	)
+	require.NoError(t, err)
+	return manager
 }
 
 func teardown(t *testing.T) {
 	MetaStore = newConfigurationStore()
-	Manager = newCredentialManager()
 	assert.NoError(t, os.RemoveAll("testdata/storage/test"))
 	// TODO first RemoveAll?!
 }
@@ -58,22 +59,22 @@ func s2big(s string) (r *big.Int) {
 	return
 }
 
-func parseAndroidStorage(t *testing.T) {
-	assert.NoError(t, Manager.ParseAndroidStorage(), "ParseAndroidStorage() failed")
+func parseAndroidStorage(t *testing.T, manager *CredentialManager) {
+	assert.NoError(t, manager.ParseAndroidStorage(), "ParseAndroidStorage() failed")
 }
 
-func verifyManagerIsUnmarshaled(t *testing.T) {
-	cred, err := Manager.credential(NewCredentialTypeIdentifier("irma-demo.RU.studentCard"), 0)
+func verifyManagerIsUnmarshaled(t *testing.T, manager *CredentialManager) {
+	cred, err := manager.credential(NewCredentialTypeIdentifier("irma-demo.RU.studentCard"), 0)
 	assert.NoError(t, err, "could not fetch credential")
 	assert.NotNil(t, cred, "Credential should exist")
 	assert.NotNil(t, cred.Attributes[0], "Metadata attribute of irma-demo.RU.studentCard should not be nil")
 
-	cred, err = Manager.credential(NewCredentialTypeIdentifier("test.test.mijnirma"), 0)
+	cred, err = manager.credential(NewCredentialTypeIdentifier("test.test.mijnirma"), 0)
 	assert.NoError(t, err, "could not fetch credential")
 	assert.NotNil(t, cred, "Credential should exist")
 	assert.NotNil(t, cred.Signature.KeyshareP)
 
-	assert.NotEmpty(t, Manager.CredentialInfoList())
+	assert.NotEmpty(t, manager.CredentialInfoList())
 
 	assert.True(t,
 		cred.Signature.Verify(cred.PublicKey(), cred.Attributes),
@@ -81,14 +82,14 @@ func verifyManagerIsUnmarshaled(t *testing.T) {
 	)
 }
 
-func verifyCredentials(t *testing.T) {
-	for credtype, credsmap := range Manager.credentials {
+func verifyCredentials(t *testing.T, manager *CredentialManager) {
+	for credtype, credsmap := range manager.credentials {
 		for index, cred := range credsmap {
 			require.True(t,
 				cred.Credential.Signature.Verify(cred.PublicKey(), cred.Attributes),
 				"Credential %s-%d was invalid", credtype.String(), index,
 			)
-			require.Equal(t, cred.Attributes[0], Manager.secretkey,
+			require.Equal(t, cred.Attributes[0], manager.secretkey,
 				"Secret key of credential %s-%d unequal to main secret key")
 		}
 	}
@@ -111,16 +112,16 @@ func verifyPaillierKey(t *testing.T, PrivateKey *paillierPrivateKey) {
 	require.Equal(t, plaintext, string(decrypted))
 }
 
-func verifyKeyshareIsUnmarshaled(t *testing.T) {
-	require.NotNil(t, Manager.paillierKeyCache)
-	require.NotNil(t, Manager.keyshareServers)
+func verifyKeyshareIsUnmarshaled(t *testing.T, manager *CredentialManager) {
+	require.NotNil(t, manager.paillierKeyCache)
+	require.NotNil(t, manager.keyshareServers)
 	test := NewSchemeManagerIdentifier("test")
-	require.Contains(t, Manager.keyshareServers, test)
-	kss := Manager.keyshareServers[test]
+	require.Contains(t, manager.keyshareServers, test)
+	kss := manager.keyshareServers[test]
 	require.NotEmpty(t, kss.Nonce)
 
 	verifyPaillierKey(t, kss.PrivateKey)
-	verifyPaillierKey(t, Manager.paillierKeyCache)
+	verifyPaillierKey(t, manager.paillierKeyCache)
 }
 
 func verifyStoreIsLoaded(t *testing.T) {
@@ -152,28 +153,27 @@ func verifyStoreIsLoaded(t *testing.T) {
 }
 
 func TestAndroidParse(t *testing.T) {
-	parseStorage(t)
+	manager := parseStorage(t)
 	verifyStoreIsLoaded(t)
 
-	parseAndroidStorage(t)
-	verifyManagerIsUnmarshaled(t)
-	verifyCredentials(t)
-	verifyKeyshareIsUnmarshaled(t)
+	parseAndroidStorage(t, manager)
+	verifyManagerIsUnmarshaled(t, manager)
+	verifyCredentials(t, manager)
+	verifyKeyshareIsUnmarshaled(t, manager)
 
 	teardown(t)
 }
 
 func TestUnmarshaling(t *testing.T) {
-	parseStorage(t)
-	parseAndroidStorage(t)
+	manager := parseStorage(t)
+	parseAndroidStorage(t, manager)
 
-	Manager = newCredentialManager()
-	err := Manager.Init("testdata/storage/test", "testdata/irma_configuration", nil)
+	newmanager, err := NewCredentialManager("testdata/storage/test", "testdata/irma_configuration", nil)
 	require.NoError(t, err)
 
-	verifyManagerIsUnmarshaled(t)
-	verifyCredentials(t)
-	verifyKeyshareIsUnmarshaled(t)
+	verifyManagerIsUnmarshaled(t, newmanager)
+	verifyCredentials(t, newmanager)
+	verifyKeyshareIsUnmarshaled(t, newmanager)
 
 	teardown(t)
 }
@@ -195,10 +195,11 @@ func TestMetadataAttribute(t *testing.T) {
 }
 
 func TestMetadataCompatibility(t *testing.T) {
-	require.NoError(t, MetaStore.ParseFolder("testdata/irma_configuration"))
+	store := newConfigurationStore()
+	require.NoError(t, store.ParseFolder("testdata/irma_configuration"))
 
 	// An actual metadata attribute of an IRMA credential extracted from the IRMA app
-	attr := MetadataFromInt(s2big("49043481832371145193140299771658227036446546573739245068"))
+	attr := MetadataFromInt(s2big("49043481832371145193140299771658227036446546573739245068"), store)
 	assert.NotNil(t, attr.CredentialType(), "attr.CredentialType() should not be nil")
 
 	assert.Equal(t,
@@ -215,6 +216,8 @@ func TestMetadataCompatibility(t *testing.T) {
 }
 
 func TestAttributeDisjunctionMarshaling(t *testing.T) {
+	store := newConfigurationStore()
+	store.ParseFolder("testdata/irma_configuration")
 	disjunction := AttributeDisjunction{}
 
 	var _ json.Unmarshaler = &disjunction
@@ -249,7 +252,7 @@ func TestAttributeDisjunctionMarshaling(t *testing.T) {
 	require.False(t, disjunction.HasValues())
 	require.Contains(t, disjunction.Attributes, id)
 
-	require.True(t, disjunction.MatchesStore())
+	require.True(t, disjunction.MatchesStore(store))
 
 	require.False(t, disjunction.Satisfied())
 	disjunction.selected = &disjunction.Attributes[0]
@@ -257,14 +260,14 @@ func TestAttributeDisjunctionMarshaling(t *testing.T) {
 }
 
 func TestCandidates(t *testing.T) {
-	parseStorage(t)
-	parseAndroidStorage(t)
+	manager := parseStorage(t)
+	parseAndroidStorage(t, manager)
 
 	attrtype := NewAttributeTypeIdentifier("irma-demo.RU.studentCard.studentID")
 	disjunction := &AttributeDisjunction{
 		Attributes: []AttributeTypeIdentifier{attrtype},
 	}
-	attrs := Manager.Candidates(disjunction)
+	attrs := manager.Candidates(disjunction)
 	require.NotNil(t, attrs)
 	require.Len(t, attrs, 1)
 
@@ -276,7 +279,7 @@ func TestCandidates(t *testing.T) {
 		Attributes: []AttributeTypeIdentifier{attrtype},
 		Values:     map[AttributeTypeIdentifier]string{attrtype: "456"},
 	}
-	attrs = Manager.Candidates(disjunction)
+	attrs = manager.Candidates(disjunction)
 	require.NotNil(t, attrs)
 	require.Len(t, attrs, 1)
 
@@ -284,7 +287,7 @@ func TestCandidates(t *testing.T) {
 		Attributes: []AttributeTypeIdentifier{attrtype},
 		Values:     map[AttributeTypeIdentifier]string{attrtype: "foobarbaz"},
 	}
-	attrs = Manager.Candidates(disjunction)
+	attrs = manager.Candidates(disjunction)
 	require.NotNil(t, attrs)
 	require.Empty(t, attrs)
 
@@ -347,14 +350,14 @@ func TestTransport(t *testing.T) {
 }
 
 func TestPaillier(t *testing.T) {
-	parseStorage(t)
-	parseAndroidStorage(t)
+	manager := parseStorage(t)
+	parseAndroidStorage(t, manager)
 
 	challenge, _ := gabi.RandomBigInt(256)
 	comm, _ := gabi.RandomBigInt(1000)
 	resp, _ := gabi.RandomBigInt(1000)
 
-	sk := Manager.paillierKey(true)
+	sk := manager.paillierKey(true)
 	bytes, err := sk.Encrypt(challenge.Bytes())
 	require.NoError(t, err)
 	cipher := new(big.Int).SetBytes(bytes)

keyshare.go

@@ -30,6 +30,7 @@ type keyshareSession struct {
 	sessionHandler keyshareSessionHandler
 	pinRequestor   KeysharePinRequestor
 	keyshareServer *keyshareServer
+	credManager    *CredentialManager
 }
 
 type keyshareServer struct {
@@ -130,6 +131,7 @@ func (ks *keyshareServer) HashedPin(pin string) string {
 // user cancels; or one of the keyshare servers blocks us.
 // Error, blocked or success of the keyshare session is reported back to the keyshareSessionHandler.
 func startKeyshareSession(
+	credManager *CredentialManager,
 	session IrmaSession,
 	builders gabi.ProofBuilderList,
 	sessionHandler keyshareSessionHandler,
@@ -137,9 +139,9 @@ func startKeyshareSession(
 ) {
 	ksscount := 0
 	for _, managerID := range session.SchemeManagers() {
-		if MetaStore.SchemeManagers[managerID].Distributed() {
+		if credManager.store.SchemeManagers[managerID].Distributed() {
 			ksscount++
-			if _, registered := Manager.keyshareServers[managerID]; !registered {
+			if _, registered := credManager.keyshareServers[managerID]; !registered {
 				err := errors.New("Not registered to keyshare server of scheme manager " + managerID.String())
 				sessionHandler.KeyshareError(err)
 				return
@@ -158,16 +160,17 @@ func startKeyshareSession(
 		sessionHandler: sessionHandler,
 		transports:     map[SchemeManagerIdentifier]*HTTPTransport{},
 		pinRequestor:   pin,
+		credManager:    credManager,
 	}
 
 	askPin := false
 
 	for _, managerID := range session.SchemeManagers() {
-		if !MetaStore.SchemeManagers[managerID].Distributed() {
+		if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
 			continue
 		}
 
-		ks.keyshareServer = Manager.keyshareServers[managerID]
+		ks.keyshareServer = ks.credManager.keyshareServers[managerID]
 		transport := NewHTTPTransport(ks.keyshareServer.URL)
 		transport.SetHeader(kssUsernameHeader, ks.keyshareServer.Username)
 		transport.SetHeader(kssAuthHeader, ks.keyshareServer.token)
@@ -231,11 +234,11 @@ func (ks *keyshareSession) VerifyPin(attempts int) {
 // If all is ok, success will be true.
 func (ks *keyshareSession) verifyPinAttempt(pin string) (success bool, tries int, blocked int, err error) {
 	for _, managerID := range ks.session.SchemeManagers() {
-		if !MetaStore.SchemeManagers[managerID].Distributed() {
+		if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
 			continue
 		}
 
-		kss := Manager.keyshareServers[managerID]
+		kss := ks.credManager.keyshareServers[managerID]
 		transport := ks.transports[managerID]
 		pinmsg := keysharePinMessage{Username: kss.Username, Pin: kss.HashedPin(pin)}
 		pinresult := &keysharePinStatus{}
@@ -282,7 +285,7 @@ func (ks *keyshareSession) GetCommitments() {
 	for _, builder := range ks.builders {
 		pk := builder.PublicKey()
 		managerID := NewIssuerIdentifier(pk.Issuer).SchemeManagerIdentifier()
-		if !MetaStore.SchemeManagers[managerID].Distributed() {
+		if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
 			continue
 		}
 		if _, contains := pkids[managerID]; !contains {
@@ -294,7 +297,7 @@ func (ks *keyshareSession) GetCommitments() {
 	// Now inform each keyshare server of with respect to which public keys
 	// we want them to send us commitments
 	for _, managerID := range ks.session.SchemeManagers() {
-		if !MetaStore.SchemeManagers[managerID].Distributed() {
+		if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
 			continue
 		}
 
@@ -398,7 +401,7 @@ func (ks *keyshareSession) finishDisclosureOrSigning(challenge *big.Int, respons
 	for i, builder := range ks.builders {
 		// Parse each received JWT
 		managerID := NewIssuerIdentifier(builder.PublicKey().Issuer).SchemeManagerIdentifier()
-		if !MetaStore.SchemeManagers[managerID].Distributed() {
+		if !ks.credManager.store.SchemeManagers[managerID].Distributed() {
 			continue
 		}
 		msg := struct {

manager.go

@@ -12,25 +12,16 @@ import (
 	"github.com/mhe/gabi"
 )
 
-// Manager is the global instance of CredentialManager.
-var Manager = newCredentialManager()
-
 // CredentialManager manages credentials.
 type CredentialManager struct {
-	secretkey       *big.Int
-	storagePath     string
-	attributes      map[CredentialTypeIdentifier][]*AttributeList
-	credentials     map[CredentialTypeIdentifier]map[int]*credential
-	keyshareServers map[SchemeManagerIdentifier]*keyshareServer
-
+	secretkey        *big.Int
+	storagePath      string
+	attributes       map[CredentialTypeIdentifier][]*AttributeList
+	credentials      map[CredentialTypeIdentifier]map[int]*credential
+	keyshareServers  map[SchemeManagerIdentifier]*keyshareServer
 	paillierKeyCache *paillierPrivateKey
-}
 
-func newCredentialManager() *CredentialManager {
-	return &CredentialManager{
-		credentials:     make(map[CredentialTypeIdentifier]map[int]*credential),
-		keyshareServers: make(map[SchemeManagerIdentifier]*keyshareServer),
-	}
+	store *ConfigurationStore
 }
 
 // CredentialInfoList returns a list of information of all contained credentials.
@@ -87,7 +78,7 @@ func (cm *CredentialManager) credentialByID(id CredentialIdentifier) (cred *cred
 // credential returns the requested credential, or nil if we do not have it.
 func (cm *CredentialManager) credential(id CredentialTypeIdentifier, counter int) (cred *credential, err error) {
 	// If the requested credential is not in credential map, we check if its attributes were
-	// deserialized during Init(). If so, there should be a corresponding signature file,
+	// deserialized during NewCredentialManager(). If so, there should be a corresponding signature file,
 	// so we read that, construct the credential, and add it to the credential map
 	if _, exists := cm.creds(id)[counter]; !exists {
 		attrs := cm.Attributes(id, counter)
@@ -151,7 +142,7 @@ func (cm *CredentialManager) Candidates(disjunction *AttributeDisjunction) []*At
 
 	for _, attribute := range disjunction.Attributes {
 		credID := attribute.CredentialTypeIdentifier()
-		if !MetaStore.Contains(credID) {
+		if !cm.store.Contains(credID) {
 			continue
 		}
 		creds := cm.credentials[credID]
@@ -212,7 +203,7 @@ func (cm *CredentialManager) groupCredentials(choice *DisclosureChoice) (map[Cre
 		if identifier.IsCredential() {
 			continue // In this case we only disclose the metadata attribute, which is already handled
 		}
-		index, err := MetaStore.Credentials[identifier.CredentialTypeIdentifier()].IndexOf(identifier)
+		index, err := cm.store.Credentials[identifier.CredentialTypeIdentifier()].IndexOf(identifier)
 		if err != nil {
 			return nil, err
 		}
@@ -276,7 +267,7 @@ func (cm *CredentialManager) IssuanceProofBuilders(request *IssuanceRequest) (ga
 
 	proofBuilders := gabi.ProofBuilderList([]gabi.ProofBuilder{})
 	for _, futurecred := range request.Credentials {
-		pk := MetaStore.PublicKey(futurecred.Credential.IssuerIdentifier(), futurecred.KeyCounter)
+		pk := cm.store.PublicKey(futurecred.Credential.IssuerIdentifier(), futurecred.KeyCounter)
 		credBuilder := gabi.NewCredentialBuilder(pk, request.GetContext(), cm.secretkey, state.nonce2)
 		request.state.builders = append(request.state.builders, credBuilder)
 		proofBuilders = append(proofBuilders, credBuilder)
@@ -351,7 +342,7 @@ func (cm *CredentialManager) paillierKey(wait bool) *paillierPrivateKey {