feat: validate that keyshareserver has the appropriate IRMA private key installed

server/keyshare/keyshareserver/conf.go

@@ -97,6 +97,10 @@ func processConfiguration(conf *Configuration) (*keysharecore.Core, error) {
 	if conf.IrmaConfiguration.AttributeTypes[conf.KeyshareAttribute] == nil {
 		return nil, server.LogError(errors.Errorf("Unknown keyshare attribute: %s", conf.KeyshareAttribute))
 	}
+	_, err = conf.IrmaConfiguration.PrivateKeys.Latest(conf.KeyshareAttribute.CredentialTypeIdentifier().IssuerIdentifier())
+	if err != nil {
+		return nil, server.LogError(errors.Errorf("Failed to load private key of keyshare attribute: %v", err))
+	}
 
 	// Setup database
 	if conf.DB == nil {

server/keyshare/keyshareserver/conf_test.go

@@ -14,8 +14,9 @@ func validConf(t *testing.T) *Configuration {
 	testdataPath := test.FindTestdataFolder(t)
 	return &Configuration{
 		Configuration: &server.Configuration{
-			SchemesPath: filepath.Join(testdataPath, "irma_configuration"),
-			Logger:      irma.Logger,
+			SchemesPath:           filepath.Join(testdataPath, "irma_configuration"),
+			IssuerPrivateKeysPath: filepath.Join(testdataPath, "privatekeys"),
+			Logger:                irma.Logger,
 		},
 		DBType:                DatabaseTypeMemory,
 		JwtKeyID:              0,
@@ -65,4 +66,9 @@ func TestConfInvalidAESKey(t *testing.T) {
 	conf.KeyshareAttribute = irma.NewAttributeTypeIdentifier("test.test.foo.bar")
 	_, err = New(conf)
 	assert.Error(t, err)
+
+	conf = validConf(t)
+	conf.IssuerPrivateKeysPath = testdataPath // no private keys here
+	_, err = New(conf)
+	assert.Error(t, err)
 }