Allow server private keys to be read from a folder

f1bf9c6f · Sietse Ringers · 3b6a16b4 · f1bf9c6f · f1bf9c6f · f1bf9c6f
Commit f1bf9c6f authored Aug 25, 2018 by Sietse Ringers
6 changed files
--- a/internal/sessiontest/server_test.go
+++ b/internal/sessiontest/server_test.go
@@ -7,7 +7,6 @@ import (
 	"testing"

 	"github.com/Sirupsen/logrus"
-	"github.com/mhe/gabi"
 	"github.com/privacybydesign/irmago"
 	"github.com/privacybydesign/irmago/internal/test"
 	"github.com/privacybydesign/irmago/irmaserver"
@@ -19,20 +18,6 @@ var irmaServer *http.Server

 func StartIrmaServer(t *testing.T) {
 	testdata := test.FindTestdataFolder(t)
-	skpath := filepath.Join(testdata, "irma_configuration", "irma-demo", "RU", "PrivateKeys", "2.xml")
-	iss := irma.NewIssuerIdentifier("irma-demo.RU")
-	sk, err := gabi.NewPrivateKeyFromFile(skpath)
-	require.NoError(t, err)
-
-	skpath = filepath.Join(testdata, "irma_configuration", "irma-demo", "MijnOverheid", "PrivateKeys", "1.xml")
-	iss2 := irma.NewIssuerIdentifier("irma-demo.MijnOverheid")
-	sk2, err := gabi.NewPrivateKeyFromFile(skpath)
-	require.NoError(t, err)
-
-	skpath = filepath.Join(testdata, "irma_configuration", "test", "test", "PrivateKeys", "3.xml")
-	iss3 := irma.NewIssuerIdentifier("test.test")
-	sk3, err := gabi.NewPrivateKeyFromFile(skpath)
-	require.NoError(t, err)

 	logger := logrus.New()
 	logger.Level = logrus.WarnLevel
@@ -40,11 +25,7 @@ func StartIrmaServer(t *testing.T) {
 	require.NoError(t, irmarequestor.Initialize(&irmaserver.Configuration{
 		Logger:                logger,
 		IrmaConfigurationPath: filepath.Join(testdata, "irma_configuration"),
-		PrivateKeys: map[irma.IssuerIdentifier]*gabi.PrivateKey{
-			iss:  sk,
-			iss2: sk2,
-			iss3: sk3,
-		},
+		PrivateKeysPath:       filepath.Join(testdata, "privatekeys"),
 	}))

 	mux := http.NewServeMux()

--- a/irmaserver/api.go
+++ b/irmaserver/api.go
@@ -8,10 +8,12 @@ import (

 type Configuration struct {
 	IrmaConfigurationPath string
+	PrivateKeysPath       string
+
+	Logger *logrus.Logger

 	PrivateKeys       map[irma.IssuerIdentifier]*gabi.PrivateKey
 	IrmaConfiguration *irma.Configuration
-	Logger            *logrus.Logger
 }

 type SessionResult struct {

--- a/irmaserver/backend/api.go
+++ b/irmaserver/backend/api.go
@@ -2,12 +2,16 @@ package backend

 import (
 	"encoding/json"
+	"io/ioutil"
 	"net/http"
+	"path/filepath"
 	"regexp"
+	"strings"

 	"github.com/Sirupsen/logrus"
 	"github.com/go-errors/errors"
 	"github.com/mhe/gabi"
+	"github.com/mhe/gabi/big"
 	"github.com/privacybydesign/irmago"
 	"github.com/privacybydesign/irmago/irmaserver"
 )
@@ -32,6 +36,40 @@ func Initialize(configuration *irmaserver.Configuration) error {
 		}
 	}

+	if conf.PrivateKeys == nil {
+		conf.PrivateKeys = make(map[irma.IssuerIdentifier]*gabi.PrivateKey)
+	}
+	if conf.PrivateKeysPath != "" {
+		files, err := ioutil.ReadDir(conf.PrivateKeysPath)
+		if err != nil {
+			return err
+		}
+		for _, file := range files {
+			filename := file.Name()
+			issid := irma.NewIssuerIdentifier(strings.TrimSuffix(filename, filepath.Ext(filename))) // strip .xml
+			if _, ok := conf.IrmaConfiguration.Issuers[issid]; !ok {
+				return errors.Errorf("Private key %s belongs to an unknown issuer", filename)
+			}
+			sk, err := gabi.NewPrivateKeyFromFile(filepath.Join(conf.PrivateKeysPath, filename))
+			if err != nil {
+				return err
+			}
+			conf.PrivateKeys[issid] = sk
+		}
+	}
+	for issid, sk := range conf.PrivateKeys {
+		pk, err := conf.IrmaConfiguration.PublicKey(issid, int(sk.Counter))
+		if err != nil {
+			return err
+		}
+		if pk == nil {
+			return errors.Errorf("Missing public key belonging to private key %s-%d", issid.String(), sk.Counter)
+		}
+		if new(big.Int).Mul(sk.P, sk.Q).Cmp(pk.N) != 0 {
+			return errors.Errorf("Private key %s-%d does not belong to corresponding public key", issid.String(), sk.Counter)
+		}
+	}
+
 	return nil
 }


--- a/testdata/privatekeys/irma-demo.MijnOverheid.xml
+++ b/testdata/privatekeys/irma-demo.MijnOverheid.xml
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
+  <Counter>1</Counter>
+  <ExpiryDate>1893456000</ExpiryDate>
+  <References>
+    <IssuerPublicKey>http://www.irmacard.org/credentials/phase1/MijnOverheid/ipk.xml</IssuerPublicKey>
+  </References>
+  <Elements>
+    <n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
+    <p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
+    <pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
+    <q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
+    <qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
+  </Elements>
+</IssuerPrivateKey>
--- a/testdata/privatekeys/irma-demo.RU.xml
+++ b/testdata/privatekeys/irma-demo.RU.xml
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.zurich.ibm.com/security/idemix IssuerPrivateKey.xsd">
+  <Counter>2</Counter>
+  <ExpiryDate>1893456000</ExpiryDate>
+  <References>
+    <IssuerPublicKey>http://www.irmacard.org/credentials/phase1/RU/ipk.xml</IssuerPublicKey>
+  </References>
+  <Elements>
+    <n>96063359353814070257464989369098573470645843347358957127875426328487326540633303185702306359400766259130239226832166456957259123554826741975265634464478609571816663003684533868318795865194004795637221226902067194633407757767792795252414073029114153019362701793292862118990912516058858923030408920700061749321</n>
+    <p>10436034022637868273483137633548989700482895839559909621411910579140541345632481969613724849214412062500244238926015929148144084368427474551770487566048119</p>
+    <pPrime>5218017011318934136741568816774494850241447919779954810705955289570270672816240984806862424607206031250122119463007964574072042184213737275885243783024059</pPrime>
+    <q>9204968012315139729618449685392284928468933831570080795536662422367142181432679739143882888540883909887054345986640656981843559062844656131133512640733759</q>
+    <qPrime>4602484006157569864809224842696142464234466915785040397768331211183571090716339869571941444270441954943527172993320328490921779531422328065566756320366879</qPrime>
+  </Elements>
+</IssuerPrivateKey>
--- a/testdata/privatekeys/test.test.xml
+++ b/testdata/privatekeys/test.test.xml
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<IssuerPrivateKey xmlns="http://www.zurich.ibm.com/security/idemix">
+   <Counter>3</Counter>
+   <ExpiryDate>1541423265</ExpiryDate>
+   <Elements>
+      <p>147882317108362961092358686681091117936552132511772431915114531294604719166027241486648384335366329639528405524875840918719545613460930725462211277975294930287950184164010226584865100878900905742220919477940690349851872441550475716312277716199344922783584783719002164510058269408928807971356927464129173683919</p>
+      <q>157710783700452860004883757022542650602788992241984821716373458277997152152425512424422920245238294361139819651993857286799751712351597434077427924577706245018253951020863671270398285089445524318757855068299706150688288078591463349923367484848318208309240302773312803561594870795643078895291687553669994492443</q>
+      <pPrime>73941158554181480546179343340545558968276066255886215957557265647302359583013620743324192167683164819764202762437920459359772806730465362731105638987647465143975092082005113292432550439450452871110459738970345174925936220775237858156138858099672461391792391859501082255029134704464403985678463732064586841959</pPrime>
+      <qPrime>78855391850226430002441878511271325301394496120992410858186729138998576076212756212211460122619147180569909825996928643399875856175798717038713962288853122509126975510431835635199142544722762159378927534149853075344144039295731674961683742424159104154620151386656401780797435397821539447645843776834997246221</qPrime>
+   </Elements>
+</IssuerPrivateKey>
\ No newline at end of file