Example #1
0
func buildCertificateSetRequest(enrollID string, enrollmentPrivKey *ecdsa.PrivateKey, num, numattrs int) (*protos.TCertCreateSetReq, error) {
	now := time.Now()
	timestamp := timestamp.Timestamp{Seconds: int64(now.Second()), Nanos: int32(now.Nanosecond())}

	var attributes []*protos.TCertAttribute
	if numattrs >= 0 { // else negative means use nil from above
		attributes = make([]*protos.TCertAttribute, numattrs)
	}

	req := &protos.TCertCreateSetReq{
		Ts:         &timestamp,
		Id:         &protos.Identity{Id: enrollID},
		Num:        uint32(num),
		Attributes: attributes,
		Sig:        nil,
	}

	rawReq, err := proto.Marshal(req)
	if err != nil {
		return nil, fmt.Errorf("Failed marshaling request [%v].", err)
	}

	r, s, err := primitives.ECDSASignDirect(enrollmentPrivKey, rawReq)
	if err != nil {
		return nil, fmt.Errorf("Failed creating signature for [%v]: [%v].", rawReq, err)
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Sig = &protos.Signature{Type: protos.CryptoType_ECDSA, R: R, S: S}
	return req, nil
}
Example #2
0
func TestRequestAttributes_AttributesMismatch(t *testing.T) {

	cert, err := loadECert(identity)
	if err != nil {
		t.Fatalf("Error loading ECert: %v", err)
	}
	ecert := cert.Raw

	sock, acaP, err := GetACAClient()
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}
	defer sock.Close()

	var attributes = make([]*pb.TCertAttribute, 0)
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "account"})

	req := &pb.ACAAttrReq{
		Ts:         &timestamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		Id:         &pb.Identity{Id: identity},
		ECert:      &pb.Cert{Cert: ecert},
		Attributes: attributes,
		Signature:  nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)

	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.RequestAttributes(context.Background(), req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	if resp.Status == pb.ACAAttrResp_FAILURE {
		t.Fatalf("Error executing test: %v", err)
	}

	if resp.Status != pb.ACAAttrResp_NO_ATTRIBUTES_FOUND {
		t.Fatal("Test failed 'account' attribute shouldn't be found.")
	}

}
Example #3
0
func TestRequestAttributes_DuplicatedAttributes(t *testing.T) {

	cert, err := loadECert(identity)
	if err != nil {
		t.Fatalf("Error loading ECert: %v", err)
	}
	ecert := cert.Raw

	sock, acaP, err := GetACAClient()
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}
	defer sock.Close()

	var attributes = make([]*pb.TCertAttribute, 0)
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})

	req := &pb.ACAAttrReq{
		Ts:         &timestamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		Id:         &pb.Identity{Id: identity},
		ECert:      &pb.Cert{Cert: ecert},
		Attributes: attributes,
		Signature:  nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)

	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.RequestAttributes(context.Background(), req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	if resp.Status < pb.ACAAttrResp_FAILURE_MINVAL || resp.Status > pb.ACAAttrResp_FAILURE_MAXVAL {
		t.Fatalf("Requesting attributes with multiple values should fail")
	}
}
Example #4
0
func (tcap *TCAP) requestAttributes(id string, ecert []byte, attrs []*pb.TCertAttribute) ([]*pb.ACAAttribute, error) {
	//TODO we are creation a new client connection per each ecer request. We should be implement a connections pool.
	sock, acaP, err := GetACAClient()
	if err != nil {
		return nil, err
	}
	defer sock.Close()
	var attrNames []*pb.TCertAttribute

	for _, att := range attrs {
		attrName := pb.TCertAttribute{AttributeName: att.AttributeName}
		attrNames = append(attrNames, &attrName)
	}

	req := &pb.ACAAttrReq{
		Ts:         &google_protobuf.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		Id:         &pb.Identity{Id: id},
		ECert:      &pb.Cert{Cert: ecert},
		Attributes: attrNames,
		Signature:  nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		return nil, err
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(tcap.tca.priv, rawReq)

	if err != nil {
		return nil, err
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.RequestAttributes(context.Background(), req)
	if err != nil {
		return nil, err
	}

	if resp.Status >= pb.ACAAttrResp_FAILURE_MINVAL && resp.Status <= pb.ACAAttrResp_FAILURE_MAXVAL {
		return nil, errors.New(fmt.Sprint("Error fetching attributes = ", resp.Status))
	}

	return tcap.selectValidAttributes(resp.Cert.Cert)
}
Example #5
0
func (acap *ACAP) createRequestAttributeResponse(status pb.ACAAttrResp_StatusCode, cert *pb.Cert) *pb.ACAAttrResp {
	resp := &pb.ACAAttrResp{Status: status, Cert: cert, Signature: nil}
	rawReq, err := proto.Marshal(resp)
	if err != nil {
		return &pb.ACAAttrResp{Status: pb.ACAAttrResp_FAILURE, Cert: nil, Signature: nil}
	}

	r, s, err := primitives.ECDSASignDirect(acap.aca.priv, rawReq)
	if err != nil {
		return &pb.ACAAttrResp{Status: pb.ACAAttrResp_FAILURE, Cert: nil, Signature: nil}
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	resp.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	return resp
}
Example #6
0
func (ecap *ECAP) fetchAttributes(cert *pb.Cert) error {
	//TODO we are creating a new client connection per each ecert request. We should implement a connections pool.
	sock, acaP, err := GetACAClient()
	if err != nil {
		return err
	}
	defer sock.Close()

	req := &pb.ACAFetchAttrReq{
		Ts:        &google_protobuf.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		ECert:     cert,
		Signature: nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		return err
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(ecap.eca.priv, rawReq)

	if err != nil {
		return err
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.FetchAttributes(context.Background(), req)
	if err != nil {
		return err
	}

	if resp.Status != pb.ACAFetchAttrResp_FAILURE {
		return nil
	}
	return errors.New("Error fetching attributes.")
}
Example #7
0
func fetchAttributes() (*pb.ACAFetchAttrResp, error) {
	cert, err := loadECert(identity)

	if err != nil {
		return nil, err
	}
	sock, acaP, err := GetACAClient()
	if err != nil {
		return nil, err
	}
	defer sock.Close()

	req := &pb.ACAFetchAttrReq{
		Ts:        &timestamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		ECert:     &pb.Cert{Cert: cert.Raw},
		Signature: nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		return nil, err
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(eca.priv, rawReq)

	if err != nil {
		return nil, err
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.FetchAttributes(context.Background(), req)

	return resp, err
}
Example #8
0
func TestRequestAttributes_PartialAttributes(t *testing.T) {

	cert, err := loadECert(identity)
	if err != nil {
		t.Fatalf("Error loading ECert: %v", err)
	}
	ecert := cert.Raw

	sock, acaP, err := GetACAClient()
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}
	defer sock.Close()

	var attributes []*pb.TCertAttribute
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "credit_card"})

	req := &pb.ACAAttrReq{
		Ts:         &timestamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		Id:         &pb.Identity{Id: identity},
		ECert:      &pb.Cert{Cert: ecert},
		Attributes: attributes,
		Signature:  nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)

	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.RequestAttributes(context.Background(), req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	if resp.Status == pb.ACAAttrResp_FAILURE {
		t.Fatalf("Error executing test: %v", err)
	}

	aCert, err := primitives.DERToX509Certificate(resp.Cert.Cert)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	valueMap := make(map[string]string)
	for _, eachExtension := range aCert.Extensions {
		if IsAttributeOID(eachExtension.Id) {
			var attribute pb.ACAAttribute
			proto.Unmarshal(eachExtension.Value, &attribute)
			valueMap[attribute.AttributeName] = string(attribute.AttributeValue)
		}
	}

	if valueMap["company"] != "ACompany" {
		t.Fatalf("The attribute should have coincided.")
	}

	if valueMap["credit_card"] != "" {
		t.Fatalf("The Attribute should be blank.")
	}

	if resp.Status == pb.ACAAttrResp_NO_ATTRIBUTES_FOUND {
		t.Fatalf("At least one attribute must be conincided")
	}

	if resp.Status != pb.ACAAttrResp_PARTIAL_SUCCESSFUL {
		t.Fatalf("All attributes in the query should have coincided.")
	}
}
Example #9
0
func TestRequestAttributes(t *testing.T) {

	cert, err := loadECert(identity)
	if err != nil {
		t.Fatalf("Error loading ECert: %v", err)
	}
	ecert := cert.Raw

	sock, acaP, err := GetACAClient()
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}
	defer sock.Close()

	var attributes = make([]*pb.TCertAttribute, 0)
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "company"})
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "position"})
	attributes = append(attributes, &pb.TCertAttribute{AttributeName: "identity-number"})

	req := &pb.ACAAttrReq{
		Ts:         &timestamp.Timestamp{Seconds: time.Now().Unix(), Nanos: 0},
		Id:         &pb.Identity{Id: identity},
		ECert:      &pb.Cert{Cert: ecert},
		Attributes: attributes,
		Signature:  nil}

	var rawReq []byte
	rawReq, err = proto.Marshal(req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	var r, s *big.Int

	r, s, err = primitives.ECDSASignDirect(tca.priv, rawReq)

	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	R, _ := r.MarshalText()
	S, _ := s.MarshalText()

	req.Signature = &pb.Signature{Type: pb.CryptoType_ECDSA, R: R, S: S}

	resp, err := acaP.RequestAttributes(context.Background(), req)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	if resp.Status == pb.ACAAttrResp_FAILURE {
		t.Fatalf("Error executing test: %v", err)
	}

	aCert, err := primitives.DERToX509Certificate(resp.Cert.Cert)
	if err != nil {
		t.Fatalf("Error executing test: %v", err)
	}

	valueMap := make(map[string]string)
	for _, eachExtension := range aCert.Extensions {
		if IsAttributeOID(eachExtension.Id) {
			var attribute pb.ACAAttribute
			proto.Unmarshal(eachExtension.Value, &attribute)
			valueMap[attribute.AttributeName] = string(attribute.AttributeValue)
		}
	}

	if valueMap["company"] != "ACompany" {
		t.Fatal("Test failed 'company' attribute don't found.")
	}

	if valueMap["position"] != "Software Engineer" {
		t.Fatal("Test failed 'position' attribute don't found.")
	}
}
Example #10
0
func (node *nodeImpl) ecdsaSignWithEnrollmentKey(msg []byte) (*big.Int, *big.Int, error) {
	return primitives.ECDSASignDirect(node.enrollPrivKey, msg)
}