Commit f1bf9c6f authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Allow server private keys to be read from a folder

parent 3b6a16b4
......@@ -7,7 +7,6 @@ import (
"testing"
"github.com/Sirupsen/logrus"
"github.com/mhe/gabi"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/test"
"github.com/privacybydesign/irmago/irmaserver"
......@@ -19,20 +18,6 @@ var irmaServer *http.Server
func StartIrmaServer(t *testing.T) {
testdata := test.FindTestdataFolder(t)
skpath := filepath.Join(testdata, "irma_configuration", "irma-demo", "RU", "PrivateKeys", "2.xml")
iss := irma.NewIssuerIdentifier("irma-demo.RU")
sk, err := gabi.NewPrivateKeyFromFile(skpath)
require.NoError(t, err)
skpath = filepath.Join(testdata, "irma_configuration", "irma-demo", "MijnOverheid", "PrivateKeys", "1.xml")
iss2 := irma.NewIssuerIdentifier("irma-demo.MijnOverheid")
sk2, err := gabi.NewPrivateKeyFromFile(skpath)
require.NoError(t, err)
skpath = filepath.Join(testdata, "irma_configuration", "test", "test", "PrivateKeys", "3.xml")
iss3 := irma.NewIssuerIdentifier("test.test")
sk3, err := gabi.NewPrivateKeyFromFile(skpath)
require.NoError(t, err)
logger := logrus.New()
logger.Level = logrus.WarnLevel
......@@ -40,11 +25,7 @@ func StartIrmaServer(t *testing.T) {
require.NoError(t, irmarequestor.Initialize(&irmaserver.Configuration{
Logger: logger,
IrmaConfigurationPath: filepath.Join(testdata, "irma_configuration"),
PrivateKeys: map[irma.IssuerIdentifier]*gabi.PrivateKey{
iss: sk,
iss2: sk2,
iss3: sk3,
},
PrivateKeysPath: filepath.Join(testdata, "privatekeys"),
}))
mux := http.NewServeMux()
......
......@@ -8,10 +8,12 @@ import (
type Configuration struct {
IrmaConfigurationPath string
PrivateKeysPath string
Logger *logrus.Logger
PrivateKeys map[irma.IssuerIdentifier]*gabi.PrivateKey
IrmaConfiguration *irma.Configuration
Logger *logrus.Logger
}
type SessionResult struct {
......
......@@ -2,12 +2,16 @@ package backend
import (
"encoding/json"
"io/ioutil"
"net/http"
"path/filepath"
"regexp"
"strings"
"github.com/Sirupsen/logrus"
"github.com/go-errors/errors"
"github.com/mhe/gabi"
"github.com/mhe/gabi/big"
"github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/irmaserver"
)
......@@ -32,6 +36,40 @@ func Initialize(configuration *irmaserver.Configuration) error {
}
}
if conf.PrivateKeys == nil {
conf.PrivateKeys = make(map[irma.IssuerIdentifier]*gabi.PrivateKey)
}
if conf.PrivateKeysPath != "" {
files, err := ioutil.ReadDir(conf.PrivateKeysPath)
if err != nil {
return err
}
for _, file := range files {
filename := file.Name()
issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
if _, ok := conf.IrmaConfiguration.Issuers[issid]; !ok {
return errors.Errorf("Private key %s belongs to an unknown issuer", filename)
}
sk, err := gabi.NewPrivateKeyFromFile(filepath.Join(conf.PrivateKeysPath, filename))
if err != nil {
return err
}
conf.PrivateKeys[issid] = sk
}
}
for issid, sk := range conf.PrivateKeys {
pk, err := conf.IrmaConfiguration.PublicKey(issid, int(sk.Counter))
if err != nil {
return err
}
if pk == nil {
return errors.Errorf("Missing public key belonging to private key %s-%d", issid.String(), sk.Counter)
}
if new(big.Int).Mul(sk.P, sk.Q).Cmp(pk.N) != 0 {
return errors.Errorf("Private key %s-%d does not belong to corresponding public key", issid.String(), sk.Counter)
}
}
return nil
}
......
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
<Counter>1</Counter>
<ExpiryDate>1893456000</ExpiryDate>
<References>
<IssuerPublicKey>http://www.irmacard.org/credentials/phase1/MijnOverheid/ipk.xml</IssuerPublicKey>
</References>
<Elements>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
<pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
<q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
<qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
</Elements>
</IssuerPrivateKey>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
<Counter>2</Counter>
<ExpiryDate>1893456000</ExpiryDate>
<References>
<IssuerPublicKey>http://www.irmacard.org/credentials/phase1/RU/ipk.xml</IssuerPublicKey>
</References>
<Elements>
<n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
<p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
<pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
<q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
<qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
</Elements>
</IssuerPrivateKey>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix">
<Counter>3</Counter>
<ExpiryDate>1541423265</ExpiryDate>
<Elements>
<p>147882317108362961092358686681091117936552132511772431915114531294604719166027241486648384335366329639528405524875840918719545613460930725462211277975294930287950184164010226584865100878900905742220919477940690349851872441550475716312277716199344922783584783719002164510058269408928807971356927464129173683919</p>
<q>157710783700452860004883757022542650602788992241984821716373458277997152152425512424422920245238294361139819651993857286799751712351597434077427924577706245018253951020863671270398285089445524318757855068299706150688288078591463349923367484848318208309240302773312803561594870795643078895291687553669994492443</q>
<pPrime>73941158554181480546179343340545558968276066255886215957557265647302359583013620743324192167683164819764202762437920459359772806730465362731105638987647465143975092082005113292432550439450452871110459738970345174925936220775237858156138858099672461391792391859501082255029134704464403985678463732064586841959</pPrime>
<qPrime>78855391850226430002441878511271325301394496120992410858186729138998576076212756212211460122619147180569909825996928643399875856175798717038713962288853122509126975510431835635199142544722762159378927534149853075344144039295731674961683742424159104154620151386656401780797435397821539447645843776834997246221</qPrime>
</Elements>
</IssuerPrivateKey>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment