Commit fc2f5bde authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Rename/refactor some stuff in verification

parent 903aa88c
...@@ -172,11 +172,11 @@ func disabledTestLogging(t *testing.T) { ...@@ -172,11 +172,11 @@ func disabledTestLogging(t *testing.T) {
sig, err := entry.GetSignedMessage() sig, err := entry.GetSignedMessage()
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, sig) require.NotNil(t, sig)
result := sig.Verify(client.Configuration, nil) attrs, status := sig.Verify(client.Configuration, nil)
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.ProofStatusValid, status)
require.NotEmpty(t, result.Attributes) require.NotEmpty(t, attrs)
require.Equal(t, result.Attributes[0].Identifier, attrid) require.Equal(t, attrs[0].Identifier, attrid)
require.Equal(t, "s1234567", result.Attributes[0].Value["en"]) require.Equal(t, "s1234567", attrs[0].Value["en"])
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
......
...@@ -22,7 +22,7 @@ func createManualSessionHandler(t *testing.T, client *Client) *ManualTestHandler ...@@ -22,7 +22,7 @@ func createManualSessionHandler(t *testing.T, client *Client) *ManualTestHandler
} }
} }
func manualSessionHelper(t *testing.T, client *Client, h *ManualTestHandler, request string, verifyAs string, corrupt bool) *irma.VerificationResult { func manualSessionHelper(t *testing.T, client *Client, h *ManualTestHandler, request string, verifyAs string, corrupt bool) ([]*irma.DisclosedAttribute, irma.ProofStatus) {
init := client == nil init := client == nil
if init { if init {
client = parseStorage(t) client = parseStorage(t)
...@@ -56,7 +56,7 @@ func manualSessionHelper(t *testing.T, client *Client, h *ManualTestHandler, req ...@@ -56,7 +56,7 @@ func manualSessionHelper(t *testing.T, client *Client, h *ManualTestHandler, req
} }
return result.SignatureResult.Verify(client.Configuration, verifyasRequest) return result.SignatureResult.Verify(client.Configuration, verifyasRequest)
default: default:
return nil return nil, ""
} }
} }
...@@ -64,13 +64,12 @@ func TestManualSession(t *testing.T) { ...@@ -64,13 +64,12 @@ func TestManualSession(t *testing.T) {
request := "{\"nonce\": 42, \"context\": 1337, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" request := "{\"nonce\": 42, \"context\": 1337, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, request, false) attrs, status := manualSessionHelper(t, nil, ms, request, request, false)
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.ProofStatusValid, status)
require.Equal(t, irma.AttributeProofStatusPresent, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusPresent, attrs[0].Status)
attrs, status = manualSessionHelper(t, nil, ms, request, "", false)
result = manualSessionHelper(t, nil, ms, request, "", false) require.Equal(t, irma.ProofStatusValid, status)
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.AttributeProofStatusExtra, attrs[0].Status)
require.Equal(t, irma.AttributeProofStatusExtra, result.Attributes[0].Status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -80,9 +79,9 @@ func TestManualSessionInvalidNonce(t *testing.T) { ...@@ -80,9 +79,9 @@ func TestManualSessionInvalidNonce(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
invalidRequest := "{\"nonce\": 1, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" invalidRequest := "{\"nonce\": 1, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, invalidRequest, false) _, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
require.Equal(t, irma.ProofStatusUnmatchedRequest, result.Status) require.Equal(t, irma.ProofStatusUnmatchedRequest, status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -92,13 +91,13 @@ func TestManualSessionInvalidRequest(t *testing.T) { ...@@ -92,13 +91,13 @@ func TestManualSessionInvalidRequest(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.university\"]}]}" invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.university\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, invalidRequest, false) attrs, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
require.Equal(t, irma.ProofStatusMissingAttributes, result.Status) require.Equal(t, irma.ProofStatusMissingAttributes, status)
// First attribute result is MISSING, because it is in the request but not disclosed // First attribute result is MISSING, because it is in the request but not disclosed
require.Equal(t, irma.AttributeProofStatusMissing, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusMissing, attrs[0].Status)
// Second attribute result is EXTRA, since it is disclosed, but not matching the sigrequest // Second attribute result is EXTRA, since it is disclosed, but not matching the sigrequest
require.Equal(t, irma.AttributeProofStatusExtra, result.Attributes[1].Status) require.Equal(t, irma.AttributeProofStatusExtra, attrs[1].Status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -108,10 +107,10 @@ func TestManualSessionInvalidAttributeValue(t *testing.T) { ...@@ -108,10 +107,10 @@ func TestManualSessionInvalidAttributeValue(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":{\"irma-demo.RU.studentCard.studentID\": \"456\"}}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":{\"irma-demo.RU.studentCard.studentID\": \"456\"}}]}"
invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":{\"irma-demo.RU.studentCard.studentID\": \"123\"}}]}" invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":{\"irma-demo.RU.studentCard.studentID\": \"123\"}}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, invalidRequest, false) attrs, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
require.Equal(t, irma.ProofStatusMissingAttributes, result.Status) require.Equal(t, irma.ProofStatusMissingAttributes, status)
require.Equal(t, irma.AttributeProofStatusInvalidValue, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusInvalidValue, attrs[0].Status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -120,11 +119,10 @@ func TestManualKeyShareSession(t *testing.T) { ...@@ -120,11 +119,10 @@ func TestManualKeyShareSession(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"test.test.mijnirma.email\"]}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"test.test.mijnirma.email\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, request, false) _, status := manualSessionHelper(t, nil, ms, request, request, false)
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.ProofStatusValid, status)
_, status = manualSessionHelper(t, nil, ms, request, "", false)
result = manualSessionHelper(t, nil, ms, request, "", false) require.Equal(t, irma.ProofStatusValid, status)
require.Equal(t, irma.ProofStatusValid, result.Status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -141,15 +139,14 @@ func TestManualSessionMultiProof(t *testing.T) { ...@@ -141,15 +139,14 @@ func TestManualSessionMultiProof(t *testing.T) {
ms := createManualSessionHandler(t, client) ms := createManualSessionHandler(t, client)
result := manualSessionHelper(t, client, ms, request, request, false) attrs, status := manualSessionHelper(t, client, ms, request, request, false)
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.ProofStatusValid, status)
require.Equal(t, irma.AttributeProofStatusPresent, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusPresent, attrs[0].Status)
require.Equal(t, irma.AttributeProofStatusPresent, result.Attributes[1].Status) require.Equal(t, irma.AttributeProofStatusPresent, attrs[1].Status)
attrs, status = manualSessionHelper(t, client, ms, request, "", false)
result = manualSessionHelper(t, client, ms, request, "", false) require.Equal(t, irma.ProofStatusValid, status)
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.AttributeProofStatusExtra, attrs[0].Status)
require.Equal(t, irma.AttributeProofStatusExtra, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusExtra, attrs[1].Status)
require.Equal(t, irma.AttributeProofStatusExtra, result.Attributes[1].Status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -157,9 +154,9 @@ func TestManualSessionMultiProof(t *testing.T) { ...@@ -157,9 +154,9 @@ func TestManualSessionMultiProof(t *testing.T) {
func TestManualSessionInvalidProof(t *testing.T) { func TestManualSessionInvalidProof(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"signing\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, request, true) _, status := manualSessionHelper(t, nil, ms, request, request, true)
require.Equal(t, irma.ProofStatusInvalidCrypto, result.Status) require.Equal(t, irma.ProofStatusInvalid, status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -167,11 +164,11 @@ func TestManualSessionInvalidProof(t *testing.T) { ...@@ -167,11 +164,11 @@ func TestManualSessionInvalidProof(t *testing.T) {
func TestManualDisclosureSession(t *testing.T) { func TestManualDisclosureSession(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"disclosing\", \"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"disclosing\", \"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, request, false) attrs, status := manualSessionHelper(t, nil, ms, request, request, false)
require.Equal(t, irma.AttributeProofStatusPresent, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusPresent, attrs[0].Status)
require.Equal(t, "456", result.Attributes[0].Value["en"]) require.Equal(t, "456", attrs[0].Value["en"])
require.Equal(t, irma.ProofStatusValid, result.Status) require.Equal(t, irma.ProofStatusValid, status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -181,13 +178,13 @@ func TestManualDisclosureSessionInvalidRequest(t *testing.T) { ...@@ -181,13 +178,13 @@ func TestManualDisclosureSessionInvalidRequest(t *testing.T) {
request := "{\"nonce\": 0, \"context\": 0, \"type\": \"disclosing\", \"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" request := "{\"nonce\": 0, \"context\": 0, \"type\": \"disclosing\", \"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"disclosing\", \"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.university\"]}]}" invalidRequest := "{\"nonce\": 0, \"context\": 0, \"type\": \"disclosing\", \"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.university\"]}]}"
ms := createManualSessionHandler(t, nil) ms := createManualSessionHandler(t, nil)
result := manualSessionHelper(t, nil, ms, request, invalidRequest, false) attrs, status := manualSessionHelper(t, nil, ms, request, invalidRequest, false)
require.Equal(t, irma.ProofStatusMissingAttributes, result.Status) require.Equal(t, irma.ProofStatusMissingAttributes, status)
// First attribute result is MISSING, because it is in the request but not disclosed // First attribute result is MISSING, because it is in the request but not disclosed
require.Equal(t, irma.AttributeProofStatusMissing, result.Attributes[0].Status) require.Equal(t, irma.AttributeProofStatusMissing, attrs[0].Status)
// Second attribute result is EXTRA, since it is disclosed, but not matching the sigrequest // Second attribute result is EXTRA, since it is disclosed, but not matching the sigrequest
require.Equal(t, irma.AttributeProofStatusExtra, result.Attributes[1].Status) require.Equal(t, irma.AttributeProofStatusExtra, attrs[1].Status)
test.ClearTestStorage(t) test.ClearTestStorage(t)
} }
...@@ -80,11 +80,6 @@ var supportedVersions = map[int][]int{ ...@@ -80,11 +80,6 @@ var supportedVersions = map[int][]int{
var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]} var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]}
var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]} var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]}
const (
minVersionHeader = "X-IRMA-MinProtocolVersion"
maxVersionHeader = "X-IRMA-MaxProtocolVersion"
)
// Session constructors // Session constructors
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request. // NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
...@@ -174,8 +169,8 @@ func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisse ...@@ -174,8 +169,8 @@ func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisse
return nil return nil
} }
session.transport.SetHeader(minVersionHeader, minVersion.String()) session.transport.SetHeader(irma.MinVersionHeader, minVersion.String())
session.transport.SetHeader(maxVersionHeader, maxVersion.String()) session.transport.SetHeader(irma.MaxVersionHeader, maxVersion.String())
if !strings.HasSuffix(session.ServerURL, "/") { if !strings.HasSuffix(session.ServerURL, "/") {
session.ServerURL += "/" session.ServerURL += "/"
} }
......
...@@ -290,11 +290,11 @@ func TestVerifyValidSig(t *testing.T) { ...@@ -290,11 +290,11 @@ func TestVerifyValidSig(t *testing.T) {
require.Equal(t, sigRequest.Context, big.NewInt(1337)) require.Equal(t, sigRequest.Context, big.NewInt(1337))
// Test if we can verify it with the original request // Test if we can verify it with the original request
verificationResult := irmaSignedMessage.Verify(conf, sigRequest) attrs, status := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, verificationResult.Status, ProofStatusValid) require.Equal(t, status, ProofStatusValid)
require.Len(t, verificationResult.Attributes, 1) require.Len(t, attrs, 1)
require.Equal(t, verificationResult.Attributes[0].Status, AttributeProofStatusPresent) require.Equal(t, attrs[0].Status, AttributeProofStatusPresent)
require.Equal(t, verificationResult.Attributes[0].Value["en"], "456") require.Equal(t, attrs[0].Value["en"], "456")
// Test if we can verify it with a request that contains strings instead of ints for nonce and context // Test if we can verify it with a request that contains strings instead of ints for nonce and context
stringRequest := "{\"nonce\": \"42\", \"context\": \"1337\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" stringRequest := "{\"nonce\": \"42\", \"context\": \"1337\", \"message\":\"I owe you everything\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
...@@ -306,25 +306,25 @@ func TestVerifyValidSig(t *testing.T) { ...@@ -306,25 +306,25 @@ func TestVerifyValidSig(t *testing.T) {
require.Equal(t, stringSigRequest.Context, big.NewInt(1337)) require.Equal(t, stringSigRequest.Context, big.NewInt(1337))
// Test if we can verify it with the original request // Test if we can verify it with the original request
verificationResult = irmaSignedMessage.Verify(conf, sigRequest) attrs, status = irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, verificationResult.Status, ProofStatusValid) require.Equal(t, status, ProofStatusValid)
require.Len(t, verificationResult.Attributes, 1) require.Len(t, attrs, 1)
require.Equal(t, verificationResult.Attributes[0].Status, AttributeProofStatusPresent) require.Equal(t, attrs[0].Status, AttributeProofStatusPresent)
require.Equal(t, verificationResult.Attributes[0].Value["en"], "456") require.Equal(t, attrs[0].Value["en"], "456")
// Test verify against unmatched request (i.e. different nonce, context or message) // Test verify against unmatched request (i.e. different nonce, context or message)
unmatched := "{\"nonce\": 42, \"context\": 1337, \"message\":\"I owe you NOTHING\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}" unmatched := "{\"nonce\": 42, \"context\": 1337, \"message\":\"I owe you NOTHING\",\"content\":[{\"label\":\"Student number (RU)\",\"attributes\":[\"irma-demo.RU.studentCard.studentID\"]}]}"
unmatchedSigRequestJSON := []byte(unmatched) unmatchedSigRequestJSON := []byte(unmatched)
unmatchedSigRequest := &SignatureRequest{} unmatchedSigRequest := &SignatureRequest{}
json.Unmarshal(unmatchedSigRequestJSON, unmatchedSigRequest) json.Unmarshal(unmatchedSigRequestJSON, unmatchedSigRequest)
unmatchedResult := irmaSignedMessage.Verify(conf, unmatchedSigRequest) _, status = irmaSignedMessage.Verify(conf, unmatchedSigRequest)
require.Equal(t, unmatchedResult.Status, ProofStatusUnmatchedRequest) require.Equal(t, status, ProofStatusUnmatchedRequest)
// Test if we can also verify it without using the original request // Test if we can also verify it without using the original request
verificationResult = irmaSignedMessage.Verify(conf, nil) attrs, status = irmaSignedMessage.Verify(conf, nil)
require.Equal(t, verificationResult.Status, ProofStatusValid) require.Equal(t, status, ProofStatusValid)
require.Len(t, verificationResult.Attributes, 1) require.Len(t, attrs, 1)
require.Equal(t, verificationResult.Attributes[0].Value["en"], "456") require.Equal(t, attrs[0].Value["en"], "456")
} }
func TestVerifyInValidSig(t *testing.T) { func TestVerifyInValidSig(t *testing.T) {
...@@ -340,11 +340,11 @@ func TestVerifyInValidSig(t *testing.T) { ...@@ -340,11 +340,11 @@ func TestVerifyInValidSig(t *testing.T) {
sigRequest := &SignatureRequest{} sigRequest := &SignatureRequest{}
json.Unmarshal(sigRequestJSON, sigRequest) json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest) _, status := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.Status, ProofStatusInvalidCrypto) require.Equal(t, status, ProofStatusInvalid)
verificationResult := irmaSignedMessage.Verify(conf, nil) _, status = irmaSignedMessage.Verify(conf, nil)
require.Equal(t, verificationResult.Status, ProofStatusInvalidCrypto) require.Equal(t, status, ProofStatusInvalid)
} }
func TestVerifyInValidNonce(t *testing.T) { func TestVerifyInValidNonce(t *testing.T) {
...@@ -361,11 +361,11 @@ func TestVerifyInValidNonce(t *testing.T) { ...@@ -361,11 +361,11 @@ func TestVerifyInValidNonce(t *testing.T) {
sigRequest := &SignatureRequest{} sigRequest := &SignatureRequest{}
json.Unmarshal(sigRequestJSON, sigRequest) json.Unmarshal(sigRequestJSON, sigRequest)
sigProofResult := irmaSignedMessage.Verify(conf, sigRequest) _, status := irmaSignedMessage.Verify(conf, sigRequest)
require.Equal(t, sigProofResult.Status, ProofStatusInvalidCrypto) require.Equal(t, status, ProofStatusInvalid)
verificationResult := irmaSignedMessage.Verify(conf, nil) _, status = irmaSignedMessage.Verify(conf, nil)
require.Equal(t, verificationResult.Status, ProofStatusInvalidCrypto) require.Equal(t, status, ProofStatusInvalid)
} }
// Test attribute decoding with both old and new metadata versions // Test attribute decoding with both old and new metadata versions
......
...@@ -19,6 +19,11 @@ type Status string ...@@ -19,6 +19,11 @@ type Status string
var ForceHttps bool = true var ForceHttps bool = true
const (
MinVersionHeader = "X-IRMA-MinProtocolVersion"
MaxVersionHeader = "X-IRMA-MaxProtocolVersion"
)
// ProtocolVersion encodes the IRMA protocol version of an IRMA session. // ProtocolVersion encodes the IRMA protocol version of an IRMA session.
type ProtocolVersion struct { type ProtocolVersion struct {
Major int Major int
...@@ -36,7 +41,7 @@ func (v *ProtocolVersion) String() string { ...@@ -36,7 +41,7 @@ func (v *ProtocolVersion) String() string {
func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error) { func (v *ProtocolVersion) UnmarshalJSON(b []byte) (err error) {
var str string var str string
if err := json.Unmarshal(b, &str); err != nil { if err := json.Unmarshal(b, &str); err != nil {
return err str = string(b) // If b is not enclosed by quotes, try it directly
} }
parts := strings.Split(str, ".") parts := strings.Split(str, ".")
if len(parts) != 2 { if len(parts) != 2 {
...@@ -61,6 +66,21 @@ func (v *ProtocolVersion) Below(major, minor int) bool { ...@@ -61,6 +66,21 @@ func (v *ProtocolVersion) Below(major, minor int) bool {
return v.Major == major && v.Minor < minor return v.Major == major && v.Minor < minor
} }
func (v *ProtocolVersion) BelowVersion(other *ProtocolVersion) bool {
return v.Below(other.Major, other.Minor)
}
func (v *ProtocolVersion) Above(major, minor int) bool {
if v.Major > major {
return true
}
return v.Major == major && v.Minor > minor
}
func (v *ProtocolVersion) AboveVersion(other *ProtocolVersion) bool {
return v.Above(other.Major, other.Minor)
}
// GetMetadataVersion maps a chosen protocol version to a metadata version that // GetMetadataVersion maps a chosen protocol version to a metadata version that
// the server will use. // the server will use.
func GetMetadataVersion(v *ProtocolVersion) byte { func GetMetadataVersion(v *ProtocolVersion) byte {
......
...@@ -5,6 +5,7 @@ import ( ...@@ -5,6 +5,7 @@ import (
"io/ioutil" "io/ioutil"
"math/big" "math/big"
"strconv" "strconv"
"strings"
"time" "time"
"encoding/json" "encoding/json"
...@@ -130,6 +131,7 @@ type IdentityProviderJwt struct { ...@@ -130,6 +131,7 @@ type IdentityProviderJwt struct {
// SessionRequest is an IRMA session. // SessionRequest is an IRMA session.
type SessionRequest interface { type SessionRequest interface {
Validator
GetNonce() *big.Int GetNonce() *big.Int
SetNonce(*big.Int) SetNonce(*big.Int)
GetContext() *big.Int GetContext() *big.Int
...@@ -154,20 +156,13 @@ func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte) (*C ...@@ -154,20 +156,13 @@ func (cr *CredentialRequest) Info(conf *Configuration, metadataVersion byte) (*C
return NewCredentialInfo(list.Ints, conf), nil return NewCredentialInfo(list.Ints, conf), nil
} }
// AttributeList returns the list of attributes from this credential request. // Validate checks that this credential request is consistent with the specified Configuration:
func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion byte) (*AttributeList, error) { // the credential type is known, all required attributes are present and no unknown attributes
meta := NewMetadataAttribute(metadataVersion) // are given.
meta.setKeyCounter(cr.KeyCounter) func (cr *CredentialRequest) Validate(conf *Configuration) error {
meta.setCredentialTypeIdentifier(cr.CredentialTypeID.String())
meta.setSigningDate()
err := meta.setExpiryDate(cr.Validity)
if err != nil {
return nil, err
}
credtype := conf.CredentialTypes[*cr.CredentialTypeID] credtype := conf.CredentialTypes[*cr.CredentialTypeID]
if credtype == nil { if credtype == nil {
return nil, errors.New("Unknown credential type") return errors.New("Credential request of unknown credential type")
} }
// Check that there are no attributes in the credential request that aren't // Check that there are no attributes in the credential request that aren't
...@@ -181,10 +176,36 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion ...@@ -181,10 +176,36 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion
} }
} }
if !found { if !found {
return nil, errors.New("Unknown CR attribute") return errors.New("Credential request contaiins unknown attribute")
} }
} }
for _, attrtype := range credtype.Attributes {
if _, present := cr.Attributes[attrtype.ID]; !present && attrtype.Optional != "true" {
return errors.New("Required attribute not present in credential request")
}
}
return nil
}
// AttributeList returns the list of attributes from this credential request.
func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion byte) (*AttributeList, error) {
if err := cr.Validate(conf); err != nil {
return nil, err
}
// Compute metadata attribute
meta := NewMetadataAttribute(metadataVersion)
meta.setKeyCounter(cr.KeyCounter)
meta.setCredentialTypeIdentifier(cr.CredentialTypeID.String())
meta.setSigningDate()
if err := meta.setExpiryDate(cr.Validity); err != nil {
return nil, err
}
// Compute other attributes
credtype := conf.CredentialTypes[*cr.CredentialTypeID]
attrs := make([]*big.Int, len(credtype.Attributes)+1) attrs := make([]*big.Int, len(credtype.Attributes)+1)
attrs[0] = meta.Int attrs[0] = meta.Int
for i, attrtype := range credtype.Attributes { for i, attrtype := range credtype.Attributes {
...@@ -196,10 +217,6 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion ...@@ -196,10 +217,6 @@ func (cr *CredentialRequest) AttributeList(conf *Configuration, metadataVersion
attrs[i+1].Lsh(attrs[i+1], 1) // attr <<= 1 attrs[i+1].Lsh(attrs[i+1], 1) // attr <<= 1
attrs[i+1].Add(attrs[i+1], big.NewInt(1)) // attr += 1 attrs[i+1].Add(attrs[i+1], big.NewInt(1)) // attr += 1
} }
} else {
if attrtype.Optional != "true" {
return nil, errors.New("Required attribute not provided")
}
} }
} }
...@@ -345,7 +362,7 @@ func (sr *SignatureRequest) GetNonce() *big.Int { ...@@ -345,7 +362,7 @@ func (sr *SignatureRequest) GetNonce() *big.Int {
// Convert fields in JSON string to BigInterger if they are string // Convert fields in JSON string to BigInterger if they are string
// Supply fieldnames as a slice as second argument // Supply fieldnames as a slice as second argument
func convertFieldsToBigInt(jsonString []byte, fieldNames []string) ([]byte, error) { func convertFieldsToBigInt(jsonString []byte, fieldNames []string) ([]byte, error) {
var rawRequest map[string]interface{} var rawRequest map[string]json.RawMessage
err := json.Unmarshal(jsonString, &rawRequest) err := json.Unmarshal(jsonString, &rawRequest)
if err != nil { if err != nil {
...@@ -353,10 +370,8 @@ func convertFieldsToBigInt(jsonString []byte, fieldNames []string) ([]byte, erro ...@@ -353,10 +370,8 @@ func convertFieldsToBigInt(jsonString []byte, fieldNames []string) ([]byte, erro
} }
for _, fieldName := range fieldNames { for _, fieldName := range fieldNames {
field := new(big.Int) fieldString := string(rawRequest[fieldName])
fieldString := fmt.Sprintf("%v", rawRequest[fieldName]) rawRequest[fieldName] = []byte(strings.Trim(fieldString, "\"