Commit f37717b6 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

feat: switch to SQL revocation database for revocation server, and to simple...

feat: switch to SQL revocation database for revocation server, and to simple in-memory database for requestors

Requestors only need to be aware of the last x revocation records and none of the other record types.

Addionally:
- pass revocation configuration into RevocationStorage
- refactor irma.NewConfiguration functions to use options struct
- split RevocationStorage helper functions into separate structs
- add credentialtype to revocation record wrapper in irmago
parent e83d71d3
package irma package irma
import ( import (
"database/sql/driver"
"fmt" "fmt"
"strings" "strings"
"github.com/go-errors/errors"
"github.com/jinzhu/gorm"
) )
type metaObjectIdentifier string type metaObjectIdentifier string
...@@ -276,3 +280,23 @@ func (set *IrmaIdentifierSet) String() string { ...@@ -276,3 +280,23 @@ func (set *IrmaIdentifierSet) String() string {
func (set *IrmaIdentifierSet) Empty() bool { func (set *IrmaIdentifierSet) Empty() bool {
return len(set.SchemeManagers) == 0 && len(set.Issuers) == 0 && len(set.CredentialTypes) == 0 && len(set.PublicKeys) == 0 && len(set.AttributeTypes) == 0 return len(set.SchemeManagers) == 0 && len(set.Issuers) == 0 && len(set.CredentialTypes) == 0 && len(set.PublicKeys) == 0 && len(set.AttributeTypes) == 0
} }
func (oi metaObjectIdentifier) Value() (driver.Value, error) {
return oi.String(), nil
}
func (oi *metaObjectIdentifier) Scan(src interface{}) error {
s, ok := src.(string)
if !ok {
return errors.New("cannot convert source: not a string")
}
*oi = metaObjectIdentifier(s)
return nil
}
func (metaObjectIdentifier) GormDataType(dialect gorm.Dialect) string {
if dialect.GetName() == "postgres" {
return "text"
}
return ""
}
...@@ -14,7 +14,6 @@ import ( ...@@ -14,7 +14,6 @@ import (
"github.com/go-errors/errors" "github.com/go-errors/errors"
"github.com/jasonlvhit/gocron" "github.com/jasonlvhit/gocron"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/irmago" "github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server" "github.com/privacybydesign/irmago/server"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
...@@ -50,8 +49,7 @@ func New(conf *server.Configuration) (*Server, error) { ...@@ -50,8 +49,7 @@ func New(conf *server.Configuration) (*Server, error) {
if !credtype.SupportsRevocation() { if !credtype.SupportsRevocation() {
continue continue
} }
if _, ours := conf.RevocationServers[credid]; ours { if s := conf.RevocationSettings[credid]; s != nil && s.Mode != irma.RevocationModeRequestor {
// TODO rethink this condition
continue continue
} }
if err := s.conf.IrmaConfiguration.RevocationStorage.UpdateDB(credid); err != nil { if err := s.conf.IrmaConfiguration.RevocationStorage.UpdateDB(credid); err != nil {
...@@ -145,7 +143,7 @@ func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error ...@@ -145,7 +143,7 @@ func (s *Server) Revoke(credid irma.CredentialTypeIdentifier, key string) error
} }
func ParsePath(path string) (token, noun string, arg []string, err error) { func ParsePath(path string) (token, noun string, arg []string, err error) {
rev := regexp.MustCompile("-/revocation/(records|issuancerecord)/?(.*)$") rev := regexp.MustCompile("-/revocation/(records|latestrecords|issuancerecord)/?(.*)$")
matches := rev.FindStringSubmatch(path) matches := rev.FindStringSubmatch(path)
if len(matches) == 3 { if len(matches) == 3 {
args := strings.Split(matches[2], "/") args := strings.Split(matches[2], "/")
...@@ -372,34 +370,37 @@ func (s *Server) handleClientMessage( ...@@ -372,34 +370,37 @@ func (s *Server) handleClientMessage(
func (s *Server) handleRevocationMessage( func (s *Server) handleRevocationMessage(
noun, method string, args []string, headers map[string][]string, message []byte, noun, method string, args []string, headers map[string][]string, message []byte,
) (int, []byte) { ) (int, []byte) {
if noun == "records" && method == http.MethodGet { if (noun == "records" || noun == "latestrecords") && method == http.MethodGet {
if len(args) != 2 { if len(args) != 2 {
return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "GET records expects 2 url arguments")) return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "GET "+noun+" expects 2 url arguments"))
} }
index, err := strconv.Atoi(args[1]) i, err := strconv.ParseUint(args[1], 10, 64)
if err != nil { if err != nil {
return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error())) return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error()))
} }
cred := irma.NewCredentialTypeIdentifier(args[0]) cred := irma.NewCredentialTypeIdentifier(args[0])
return server.JsonResponse(s.handleGetRevocationRecords(cred, index)) if noun == "records" {
return server.JsonResponse(s.handleGetRevocationRecords(cred, i))
} else {
return server.JsonResponse(s.handleGetLatestRevocationRecords(cred, i))
}
} }
if noun == "records" && method == http.MethodPost { if noun == "records" && method == http.MethodPost {
if len(args) != 1 { if len(args) != 0 {
return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "POST records expects 1 url arguments")) return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "POST records expects no url arguments"))
} }
cred := irma.NewCredentialTypeIdentifier(args[0]) var records []*irma.RevocationRecord
var records []*revocation.Record
if err := json.Unmarshal(message, &records); err != nil { if err := json.Unmarshal(message, &records); err != nil {
return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error())) return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error()))
} }
return server.JsonResponse(s.handlePostRevocationRecords(cred, records)) return server.JsonResponse(s.handlePostRevocationRecords(records))
} }
if noun == "issuancerecord" && method == http.MethodPost { if noun == "issuancerecord" && method == http.MethodPost {
if len(args) != 2 { if len(args) != 2 {
return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "POST issuancercord expects 2 url arguments")) return server.JsonResponse(nil, server.RemoteError(server.ErrorInvalidRequest, "POST issuancercord expects 2 url arguments"))
} }
cred := irma.NewCredentialTypeIdentifier(args[0]) cred := irma.NewCredentialTypeIdentifier(args[0])
counter, err := strconv.Atoi(args[1]) counter, err := strconv.ParseUint(args[1], 10, 64)
if err != nil { if err != nil {
return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error())) return server.JsonResponse(nil, server.RemoteError(server.ErrorMalformedInput, err.Error()))
} }
......
...@@ -4,7 +4,6 @@ import ( ...@@ -4,7 +4,6 @@ import (
"time" "time"
"github.com/privacybydesign/gabi" "github.com/privacybydesign/gabi"
"github.com/privacybydesign/gabi/revocation"
"github.com/privacybydesign/gabi/signed" "github.com/privacybydesign/gabi/signed"
"github.com/privacybydesign/irmago" "github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/server" "github.com/privacybydesign/irmago/server"
...@@ -37,7 +36,7 @@ func (session *session) handleGetRequest(min, max *irma.ProtocolVersion) (irma.S ...@@ -37,7 +36,7 @@ func (session *session) handleGetRequest(min, max *irma.ProtocolVersion) (irma.S
// we include the latest revocation records for the client here, as opposed to when the session // we include the latest revocation records for the client here, as opposed to when the session
// was started, so that the client always gets the very latest revocation records // was started, so that the client always gets the very latest revocation records
var err error var err error
if err = session.conf.IrmaConfiguration.RevocationStorage.SetRecords(session.request.Base()); err != nil { if err = session.conf.IrmaConfiguration.RevocationStorage.SetRevocationRecords(session.request.Base()); err != nil {
return nil, session.fail(server.ErrorUnknown, err.Error()) // TODO error type return nil, session.fail(server.ErrorUnknown, err.Error()) // TODO error type
} }
...@@ -215,30 +214,33 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM ...@@ -215,30 +214,33 @@ func (session *session) handlePostCommitments(commitments *irma.IssueCommitmentM
return sigs, nil return sigs, nil
} }
func (s *Server) handlePostRevocationRecords( func (s *Server) handlePostRevocationRecords(records []*irma.RevocationRecord) (interface{}, *irma.RemoteError) {
cred irma.CredentialTypeIdentifier, records []*revocation.Record, if err := s.conf.IrmaConfiguration.RevocationStorage.AddRevocationRecords(records); err != nil {
) (interface{}, *irma.RemoteError) {
db, err := s.conf.IrmaConfiguration.RevocationStorage.DB(cred)
if err != nil {
return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type
}
if err = db.AddRecords(records); err != nil {
return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type
} }
return nil, nil return nil, nil
} }
func (s *Server) handleGetRevocationRecords( func (s *Server) handleGetRevocationRecords(
cred irma.CredentialTypeIdentifier, index int, cred irma.CredentialTypeIdentifier, index uint64,
) ([]*revocation.Record, *irma.RemoteError) { ) ([]*irma.RevocationRecord, *irma.RemoteError) {
if _, ok := s.conf.RevocationServers[cred]; !ok { if _, ok := s.conf.RevocationSettings[cred]; !ok {
return nil, server.RemoteError(server.ErrorInvalidRequest, "not supported by this server") return nil, server.RemoteError(server.ErrorInvalidRequest, "not supported by this server")
} }
db, err := s.conf.IrmaConfiguration.RevocationStorage.DB(cred) records, err := s.conf.IrmaConfiguration.RevocationStorage.RevocationRecords(cred, index)
if err != nil { if err != nil {
return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type
} }
records, err := db.RevocationRecords(index) return records, nil
}
func (s *Server) handleGetLatestRevocationRecords(
cred irma.CredentialTypeIdentifier, count uint64,
) ([]*irma.RevocationRecord, *irma.RemoteError) {
if _, ok := s.conf.RevocationSettings[cred]; !ok {
return nil, server.RemoteError(server.ErrorInvalidRequest, "not supported by this server")
}
records, err := s.conf.IrmaConfiguration.RevocationStorage.LatestRevocationRecords(cred, count)
if err != nil { if err != nil {
return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type return nil, server.RemoteError(server.ErrorUnknown, err.Error()) // TODO error type
} }
...@@ -246,38 +248,28 @@ func (s *Server) handleGetRevocationRecords( ...@@ -246,38 +248,28 @@ func (s *Server) handleGetRevocationRecords(
} }
func (s *Server) handlePostIssuanceRecord( func (s *Server) handlePostIssuanceRecord(
cred irma.CredentialTypeIdentifier, counter int, message []byte, cred irma.CredentialTypeIdentifier, counter uint64, message []byte,
) (string, *irma.RemoteError) { ) (string, *irma.RemoteError) {
if _, ours := s.conf.RevocationServers[cred]; !ours { if settings := s.conf.RevocationSettings[cred]; settings == nil || settings.Mode != irma.RevocationModeServer {
return "", server.RemoteError(server.ErrorInvalidRequest, "not supported by this server") return "", server.RemoteError(server.ErrorInvalidRequest, "not supported by this server")
} }
// Grab the counter-th issuer public key, with which the message should be signed, // Grab the counter-th issuer public key, with which the message should be signed,
// and verify and unmarshal the issuance record // and verify and unmarshal the issuance record
pk, err := s.conf.IrmaConfiguration.PublicKey(cred.IssuerIdentifier(), counter) pk, err := s.conf.IrmaConfiguration.RevocationStorage.Keys.PublicKey(cred.IssuerIdentifier(), uint(counter))
if err != nil {
return "", server.RemoteError(server.ErrorUnknown, err.Error())
}
if pk == nil {
return "", server.RemoteError(server.ErrorUnknownPublicKey, "")
}
revpk, err := pk.RevocationKey()
if err != nil { if err != nil {
return "", server.RemoteError(server.ErrorUnknown, err.Error()) return "", server.RemoteError(server.ErrorUnknown, err.Error())
} }
var rec irma.IssuanceRecord var rec irma.IssuanceRecord
if err := signed.UnmarshalVerify(revpk.ECDSA, message, &rec); err != nil { if err := signed.UnmarshalVerify(pk.ECDSA, message, &rec); err != nil {
return "", server.RemoteError(server.ErrorUnauthorized, err.Error()) return "", server.RemoteError(server.ErrorUnauthorized, err.Error())
} }
if rec.CredType != cred {
// Insert the record into the database return "", server.RemoteError(server.ErrorInvalidRequest, "issuance record of wrong credential type")
db, err := s.conf.IrmaConfiguration.RevocationStorage.DB(cred)
if err != nil {
return "", server.RemoteError(server.ErrorUnknown, err.Error())
} }
if err = db.AddIssuanceRecord(&rec); err != nil {
if err = s.conf.IrmaConfiguration.RevocationStorage.AddIssuanceRecord(&rec); err != nil {
return "", server.RemoteError(server.ErrorUnknown, err.Error()) return "", server.RemoteError(server.ErrorUnknown, err.Error())
} }
return "OK", nil return "OK", nil
} }
...@@ -79,47 +79,52 @@ func (session *session) checkCache(message []byte, expectedStatus server.Status) ...@@ -79,47 +79,52 @@ func (session *session) checkCache(message []byte, expectedStatus server.Status)
func (session *session) issuanceHandleRevocation( func (session *session) issuanceHandleRevocation(
cred *irma.CredentialRequest, attributes *irma.AttributeList, sk *gabi.PrivateKey, cred *irma.CredentialRequest, attributes *irma.AttributeList, sk *gabi.PrivateKey,
) (witness *revocation.Witness, nonrevAttr *big.Int, err error) { ) (witness *revocation.Witness, nonrevAttr *big.Int, err error) {
if !session.conf.IrmaConfiguration.CredentialTypes[cred.CredentialTypeID].SupportsRevocation() { id := cred.CredentialTypeID
if !session.conf.IrmaConfiguration.CredentialTypes[id].SupportsRevocation() {
return return
} }
// ensure the client always gets an up to date nonrevocation witness // ensure the client always gets an up to date nonrevocation witness
if _, ours := session.conf.RevocationServers[cred.CredentialTypeID]; !ours { if _, ours := session.conf.RevocationSettings[id]; !ours {
if err = session.conf.IrmaConfiguration.RevocationStorage.UpdateDB(cred.CredentialTypeID); err != nil { if err = session.conf.IrmaConfiguration.RevocationStorage.UpdateDB(id); err != nil {
return return
} }
} }
db, err := session.conf.IrmaConfiguration.RevocationStorage.DB(cred.CredentialTypeID) rs := session.conf.IrmaConfiguration.RevocationStorage
if err != nil || !db.Enabled() {
return
}
records, err := db.LatestRecords(1) // Fetch latest revocation record, and then extract the current value of the accumulator
// from it to generate the witness from
records, err := rs.LatestRevocationRecords(id, 1)
if err != nil { if err != nil {
return return
} }
if witness, err = sk.RevocationGenerateWitness(&db.Current); err != nil { r := records[len(records)-1]
pk, err := rs.Keys.PublicKey(id.IssuerIdentifier(), r.PublicKeyIndex)
if err != nil {
return nil, nil, err
}
msg, err := r.UnmarshalVerify(pk)
if err != nil {
return nil, nil, err
}
if witness, err = sk.RevocationGenerateWitness(&msg.Accumulator); err != nil {
return return
} }
witness.Record = records[len(records)-1]
witness.Nu = nil // don't send to irmaclient, it will reconstruct it from witness.Record witness.Record = &r.Record // attach previously selected reocation record to the witness for the client
witness.Index = 0 // same witness.Nu = nil // don't send to irmaclient, it will reconstruct it from witness.Record
witness.Index = 0 // same
nonrevAttr = witness.E nonrevAttr = witness.E
issrecord := &irma.IssuanceRecord{ issrecord := &irma.IssuanceRecord{
CredType: id,
Key: cred.RevocationKey, Key: cred.RevocationKey,
Attr: nonrevAttr, Attr: nonrevAttr,
Issued: time.Now().UnixNano(), // or (floored) cred issuance time? Issued: time.Now().UnixNano(), // or (floored) cred issuance time?
ValidUntil: attributes.Expiry().UnixNano(), ValidUntil: attributes.Expiry().UnixNano(),
} }
err = session.conf.IrmaConfiguration.RevocationStorage.SendIssuanceRecord(cred.CredentialTypeID, issrecord) err = session.conf.IrmaConfiguration.RevocationStorage.SaveIssuanceRecord(id, issrecord)
if err != nil {
_ = server.LogWarning(errors.WrapPrefix(err, "Failed to send issuance record to revocation server", 0))
session.conf.Logger.Warn("Storing issuance record locally")
if err = db.AddIssuanceRecord(issrecord); err != nil {
return nil, nil, err
}
}
return return
} }
...@@ -147,22 +152,14 @@ func (s *Server) validateIssuanceRequest(request *irma.IssuanceRequest) error { ...@@ -147,22 +152,14 @@ func (s *Server) validateIssuanceRequest(request *irma.IssuanceRequest) error {
if err := cred.Validate(s.conf.IrmaConfiguration); err != nil { if err := cred.Validate(s.conf.IrmaConfiguration); err != nil {
return err return err
} }
if s.conf.IrmaConfiguration.CredentialTypes[cred.CredentialTypeID].SupportsRevocation() { if s.conf.IrmaConfiguration.CredentialTypes[cred.CredentialTypeID].SupportsRevocation() {
db, err := s.conf.IrmaConfiguration.RevocationStorage.DB(cred.CredentialTypeID) enabled, err := s.conf.IrmaConfiguration.RevocationStorage.RevocationEnabled(cred.CredentialTypeID)
if err != nil { if err != nil {
return err return err
} }
if !db.Enabled() { if !enabled {
s.conf.Logger.WithFields(logrus.Fields{"cred": cred.CredentialTypeID}).Warn("revocation supported in scheme but not enabled") s.conf.Logger.WithFields(logrus.Fields{"cred": cred.CredentialTypeID}).Warn("revocation supported in scheme but not enabled")
} else {
if len(cred.RevocationKey) == 0 {
return errors.New("revocationKey field unset on revocable credential")
}
if exists, err := db.IssuanceRecordExists([]byte(cred.RevocationKey)); err != nil {
return err
} else if exists {
return errors.New("revocationKey already used")
}
} }
} }
......
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/jinzhu/gorm"
irma "github.com/privacybydesign/irmago" irma "github.com/privacybydesign/irmago"
"github.com/privacybydesign/irmago/internal/test" "github.com/privacybydesign/irmago/internal/test"
"github.com/privacybydesign/irmago/server" "github.com/privacybydesign/irmago/server"
...@@ -56,29 +57,42 @@ func StopRequestorServer() { ...@@ -56,29 +57,42 @@ func StopRequestorServer() {
func StartRevocationServer(t *testing.T) { func StartRevocationServer(t *testing.T) {
var err error var err error
irma.Logger = logger
dbstr := "host=127.0.0.1 port=5432 user=testuser dbname=test password='testpassword' sslmode=disable"
irmaconf, err := irma.NewConfiguration(filepath.Join(testdata, "irma_configuration"), irma.ConfigurationOptions{
RevocationDB: dbstr,
})
require.NoError(t, err)
require.NoError(t, irmaconf.ParseFolder())
cred := irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root") cred := irma.NewCredentialTypeIdentifier("irma-demo.MijnOverheid.root")
conf := &server.Configuration{ conf := &server.Configuration{
Logger: logger, Logger: logger,
DisableSchemesUpdate: true, DisableSchemesUpdate: true,
SchemesPath: filepath.Join(testdata, "irma_configuration"), SchemesPath: filepath.Join(testdata, "irma_configuration"),
RevocationPath: filepath.Join(testdata, "tmp", "issuer"), // todo rename this path to revocation? RevocationSettings: map[irma.CredentialTypeIdentifier]*irma.RevocationSetting{
RevocationServers: map[irma.CredentialTypeIdentifier]server.RevocationServer{ cred: {Mode: irma.RevocationModeServer},
cred: {},
}, },
IrmaConfiguration: irmaconf,
RevocationDB: dbstr,
} }
revocationServer, err = irmaserver.New(conf)
require.NoError(t, err)
sk, err := conf.PrivateKey(cred.IssuerIdentifier()) // Connect to database and clear records from previous test runs
require.NoError(t, err) g, err := gorm.Open("postgres", conf.RevocationDB)
require.NotNil(t, sk)
revsk, err := sk.RevocationKey()
require.NoError(t, err)
db, err := conf.IrmaConfiguration.RevocationStorage.DB(cred)
require.NoError(t, err)
err = db.EnableRevocation(revsk)
require.NoError(t, err) require.NoError(t, err)
require.NoError(t, g.DropTableIfExists((*irma.RevocationRecord)(nil)).Error)
require.NoError(t, g.DropTableIfExists((*irma.IssuanceRecord)(nil)).Error)
require.NoError(t, g.AutoMigrate((*irma.RevocationRecord)(nil)).Error)
require.NoError(t, g.AutoMigrate((*irma.IssuanceRecord)(nil)).Error)
require.NoError(t, g.Close())
// Enable revocation for our credential type
require.NoError(t, irmaconf.RevocationStorage.EnableRevocation(cred))
// Start revocation server
revocationServer, err = irmaserver.New(conf)
require.NoError(t, err)
mux := http.NewServeMux() mux := http.NewServeMux()
mux.HandleFunc("/", revocationServer.HandlerFunc()) mux.HandleFunc("/", revocationServer.HandlerFunc())
revHttpServer = &http.Server{Addr: ":48683", Handler: mux} revHttpServer = &http.Server{Addr: ":48683", Handler: mux}
...@@ -105,7 +119,6 @@ func StartIrmaServer(t *testing.T, updatedIrmaConf bool) { ...@@ -105,7 +119,6 @@ func StartIrmaServer(t *testing.T, updatedIrmaConf bool) {
Logger: logger, Logger: logger,
DisableSchemesUpdate: true, DisableSchemesUpdate: true,
SchemesPath: filepath.Join(testdata, irmaconf), SchemesPath: filepath.Join(testdata, irmaconf),
RevocationPath: filepath.Join(testdata, "tmp", "revocation"),
}) })
require.NoError(t, err) require.NoError(t, err)
...@@ -129,7 +142,6 @@ var IrmaServerConfiguration = &requestorserver.Configuration{ ...@@ -129,7 +142,6 @@ var IrmaServerConfiguration = &requestorserver.Configuration{
Logger: logger, Logger: logger,
SchemesPath: filepath.Join(testdata, "irma_configuration"), SchemesPath: filepath.Join(testdata, "irma_configuration"),
IssuerPrivateKeysPath: filepath.Join(testdata, "privatekeys"), IssuerPrivateKeysPath: filepath.Join(testdata, "privatekeys"),
RevocationPath: filepath.Join(testdata, "tmp", "revocation"),
}, },
DisableRequestorAuthentication: true, DisableRequestorAuthentication: true,
Port: 48682, Port: 48682,
...@@ -141,7 +153,6 @@ var JwtServerConfiguration = &requestorserver.Configuration{ ...@@ -141,7 +153,6 @@ var JwtServerConfiguration = &requestorserver.Configuration{
Logger: logger, Logger: logger,
SchemesPath: filepath.Join(testdata, "irma_configuration"), SchemesPath: filepath.Join(testdata, "irma_configuration"),
IssuerPrivateKeysPath: filepath.Join(testdata, "privatekeys"), IssuerPrivateKeysPath: filepath.Join(testdata, "privatekeys"),
RevocationPath: filepath.Join(testdata, "tmp", "revocation"),
}, },
Port: 48682, Port: 48682,
DisableRequestorAuthentication: false, DisableRequestorAuthentication: false,
......
...@@ -77,7 +77,10 @@ func downloadSchemeManager(dest string, urls []string) error { ...@@ -77,7 +77,10 @@ func downloadSchemeManager(dest string, urls []string) error {
} }
} }
conf, err := irma.NewConfiguration(dest) conf, err := irma.NewConfiguration(dest, irma.ConfigurationOptions{})
if err != nil {
return err
}
if len(urls) == 0 { if len(urls) == 0 {
if err := conf.DownloadDefaultSchemes(); err != nil { if err := conf.DownloadDefaultSchemes(); err != nil {
......
...@@ -49,7 +49,7 @@ func printMetadataAttr(metaint *big.Int, confpath string) error { ...@@ -49,7 +49,7 @@ func printMetadataAttr(metaint *big.Int, confpath string) error {
if err := fs.AssertPathExists(confpath); err != nil { if err := fs.AssertPathExists(confpath); err != nil {
return errors.WrapPrefix(err, "Cannot read irma_configuration", 0) return errors.WrapPrefix(err, "Cannot read irma_configuration", 0)
} }
conf, err := irma.NewConfigurationReadOnly(confpath) conf, err := irma.NewConfiguration(confpath, irma.ConfigurationOptions{ReadOnly: true})
if err != nil { if err != nil {
return errors.WrapPrefix(err, "Failed to parse irma_configuration", 0) return errors.WrapPrefix(err, "Failed to parse irma_configuration", 0)
} }
......
...@@ -80,7 +80,7 @@ func configureRequest(cmd *cobra.Command) (irma.RequestorRequest, *irma.Configur ...@@ -80,7 +80,7 @@ func configureRequest(cmd *cobra.Command) (irma.RequestorRequest, *irma.Configur
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
irmaconfig, err := irma.NewConfiguration(irmaconfigPath) irmaconfig, err := irma.NewConfiguration(irmaconfigPath, irma.ConfigurationOptions{})