-
Notifications
You must be signed in to change notification settings - Fork 0
/
cred.go
115 lines (98 loc) · 3.43 KB
/
cred.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package handlers
import (
"github.com/hyperledger/fabric/bccsp"
"github.com/pkg/errors"
)
// CredentialRequestSigner produces credential requests
type CredentialRequestSigner struct {
// CredRequest implements the underlying cryptographic algorithms
CredRequest CredRequest
}
func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error) {
userSecretKey, ok := k.(*userSecretKey)
if !ok {
return nil, errors.New("invalid key, expected *userSecretKey")
}
credentialRequestSignerOpts, ok := opts.(*bccsp.IdemixCredentialRequestSignerOpts)
if !ok {
return nil, errors.New("invalid options, expected *IdemixCredentialRequestSignerOpts")
}
if credentialRequestSignerOpts.IssuerPK == nil {
return nil, errors.New("invalid options, missing issuer public key")
}
issuerPK, ok := credentialRequestSignerOpts.IssuerPK.(*issuerPublicKey)
if !ok {
return nil, errors.New("invalid options, expected IssuerPK as *issuerPublicKey")
}
return c.CredRequest.Sign(userSecretKey.sk, issuerPK.pk, credentialRequestSignerOpts.IssuerNonce)
}
// CredentialRequestVerifier verifies credential requests
type CredentialRequestVerifier struct {
// CredRequest implements the underlying cryptographic algorithms
CredRequest CredRequest
}
func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error) {
issuerPublicKey, ok := k.(*issuerPublicKey)
if !ok {
return false, errors.New("invalid key, expected *issuerPublicKey")
}
credentialRequestSignerOpts, ok := opts.(*bccsp.IdemixCredentialRequestSignerOpts)
if !ok {
return false, errors.New("invalid options, expected *IdemixCredentialRequestSignerOpts")
}
err := c.CredRequest.Verify(signature, issuerPublicKey.pk, credentialRequestSignerOpts.IssuerNonce)
if err != nil {
return false, err
}
return true, nil
}
type CredentialSigner struct {
Credential Credential
}
func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) {
issuerSecretKey, ok := k.(*issuerSecretKey)
if !ok {
return nil, errors.New("invalid key, expected *issuerSecretKey")
}
credOpts, ok := opts.(*bccsp.IdemixCredentialSignerOpts)
if !ok {
return nil, errors.New("invalid options, expected *IdemixCredentialSignerOpts")
}
signature, err = s.Credential.Sign(issuerSecretKey.sk, digest, credOpts.Attributes)
if err != nil {
return nil, err
}
return
}
type CredentialVerifier struct {
Credential Credential
}
func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) {
userSecretKey, ok := k.(*userSecretKey)
if !ok {
return false, errors.New("invalid key, expected *userSecretKey")
}
credOpts, ok := opts.(*bccsp.IdemixCredentialSignerOpts)
if !ok {
return false, errors.New("invalid options, expected *IdemixCredentialSignerOpts")
}
if credOpts.IssuerPK == nil {
return false, errors.New("invalid options, missing issuer public key")
}
ipk, ok := credOpts.IssuerPK.(*issuerPublicKey)
if !ok {
return false, errors.New("invalid issuer public key, expected *issuerPublicKey")
}
if len(signature) == 0 {
return false, errors.New("invalid signature, it must not be empty")
}
err = v.Credential.Verify(userSecretKey.sk, ipk.pk, signature, credOpts.Attributes)
if err != nil {
return false, err
}
return true, nil
}