Remove attribute values for signing (#32)

* Removed attribute values for signing * Fixed tests and mapping from con to priv or pub policy * Fixed formatting --------- Co-authored-by: Daniel <[email protected]>
encryption4all · Dec 7, 2023 · 36b0c17 · 36b0c17
1 parent 8adefb6
commit 36b0c17
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 19 deletions.
diff --git a/pg-pkg/README.md b/pg-pkg/README.md
@@ -100,9 +100,9 @@ Retrieves signing key(s). The request must include a HTTP Authorization header
 ```JSON
 {
   "pubSignId": [
-    { "t": "irma-demo.gemeente.personalData.fullname", "v": "Alice" }
+    { "t": "irma-demo.gemeente.personalData.fullname" }
   ],
-  "privSignId": [{ "t": "irma-demo.gemeente.personalData.bsn", "v": "1234" }]
+  "privSignId": [{ "t": "irma-demo.gemeente.personalData.bsn" }]
 }
 ```
 

diff --git a/pg-pkg/src/handlers/signing_key.rs b/pg-pkg/src/handlers/signing_key.rs
@@ -5,7 +5,7 @@ use irma::SessionStatus;
 use pg_core::api::{SigningKeyRequest, SigningKeyResponse};
 use pg_core::artifacts::{SigningKey, SigningKeyExt};
 use pg_core::ibs::gg::{keygen, SecretKey};
-use pg_core::identity::Policy;
+use pg_core::identity::{Attribute, Policy};
 
 use crate::middleware::irma::IrmaAuthResult;
 use crate::util::current_time_u64;
@@ -47,13 +47,21 @@ pub async fn signing_key(
         }
     }
 
-    if !body.pub_sign_id.iter().all(|attr| con.contains(attr)) {
-        return Err(crate::Error::Unexpected);
-    }
+    let pub_con = con
+        .clone()
+        .into_iter()
+        .filter(|attr| {
+            body.pub_sign_id
+                .iter()
+                .map(|a| a.atype.clone())
+                .collect::<Vec<String>>()
+                .contains(&attr.atype)
+        })
+        .collect();
 
     let policy = Policy {
         timestamp: iat,
-        con: body.pub_sign_id.clone(),
+        con: pub_con,
     };
     let id = policy.derive_ibs().map_err(|_e| crate::Error::Unexpected)?;
     let key = keygen(sk, &id, &mut rng);
@@ -63,13 +71,15 @@ pub async fn signing_key(
         policy,
     };
 
-    let priv_sign_key = body.priv_sign_id.map(|priv_sign_id| {
-        if !priv_sign_id.iter().all(|attr| con.contains(attr)) {
-            return Err(crate::Error::Unexpected);
-        }
+    let priv_sign_key = body.priv_sign_id.as_ref().map(|priv_sign_id| {
+        let priv_con = con
+            .clone()
+            .into_iter()
+            .filter(|a| priv_sign_id.contains(&Attribute::new(&a.atype, None)))
+            .collect();
         let policy = Policy {
             timestamp: iat,
-            con: priv_sign_id,
+            con: priv_con,
         };
 
         let id = policy.derive_ibs().map_err(|_e| crate::Error::Unexpected)?;

diff --git a/pg-pkg/src/server.rs b/pg-pkg/src/server.rs
@@ -333,11 +333,8 @@ pub(crate) mod tests {
         let (app, _, _, _, _) = default_setup().await;
 
         let skr = SigningKeyRequest {
-            pub_sign_id: vec![Attribute::new("testattribute", Some("testvalue"))],
-            priv_sign_id: Some(vec![Attribute::new(
-                "private test attribute",
-                Some("some private information"),
-            )]),
+            pub_sign_id: vec![Attribute::new("testattribute", None)],
+            priv_sign_id: Some(vec![Attribute::new("private test attribute", None)]),
         };
 
         let req = test::TestRequest::post()
@@ -364,7 +361,7 @@ pub(crate) mod tests {
         let (app, _, _, pks, _) = default_setup().await;
 
         let skr = SigningKeyRequest {
-            pub_sign_id: vec![Attribute::new("testattribute", Some("testvalue"))],
+            pub_sign_id: vec![Attribute::new("testattribute", None)],
             priv_sign_id: None,
         };
 

diff --git a/pg-wasm/src/lib.rs b/pg-wasm/src/lib.rs
@@ -43,7 +43,7 @@ interface IPolicy {
   ts: number;
 }
 
-export type AttributeCon = { t: string; v: string }[];
+export type AttributeCon = { t: string; v?: string }[];
 "#;
 
 #[wasm_bindgen]