sign cis scheme

.github/workflows/pull-request-review.yml

@@ -0,0 +1,116 @@
+# Workflow that reviews changes in pull requests and writes the feedback in review comments.
+name: Pull request review
+
+on:
+  # We use pull_request_target such that we can grant permissions.
+  # This means that the job specification is being pulled from master, instead of from the feature branche.
+  pull_request_target:
+    branches: [ master ]
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+permissions:
+  pull-requests: write
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.draft == false
+    steps:
+      - name: Checkout pull request base
+        uses: actions/checkout@v3
+        with:
+          path: ./base
+          ref: ${{ github.event.pull_request.base.sha }}
+
+      - name: Checkout pull request head
+        uses: actions/checkout@v3
+        with:
+          path: ./head
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Initialize ~/.local/bin directory
+        run: |
+          mkdir -p "$HOME/.local/bin"
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+          
+      - name: Download irma CLI tool
+        run: wget -O "$HOME/.local/bin/irma" https://github.com/privacybydesign/irmago/releases/latest/download/irma-linux-amd64
+
+      - name: Set executable permissions
+        run: chmod +x "$HOME/.local/bin/irma"
+
+      - name: Verify scheme at base
+        run: irma scheme verify > ../output-base.txt
+        shell: bash
+        working-directory: ./base
+
+      - name: Verify scheme at head
+        id: verify-head
+        run: irma scheme verify
+        shell: bash
+        working-directory: ./head
+        continue-on-error: true
+
+      - name: Override signing keys
+        run: rm pk.pem && irma scheme keygen
+        shell: bash
+        working-directory: ./head
+
+      - name: Verify whether head can be signed
+        run: irma scheme sign > ../output-head.txt 2>&1
+        shell: bash
+        working-directory: ./head
+        continue-on-error: true
+
+      - name: Initialize message
+        run: echo "The following issues were found when running \`irma scheme verify\`:" > ./message.txt
+        shell: bash
+
+      - name: Generate diff
+        id: generate-diff
+        run: grep -xvF -f ./output-base.txt ./output-head.txt >> ./message.txt
+        shell: bash
+        continue-on-error: true
+
+      - name: Add message footer
+        run: echo -e "\nPlease try to resolve these issues." >> ./message.txt
+        shell: bash
+
+      - name: Write review comment if warnings were found
+        if: steps.generate-diff.outcome == 'success'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr comment ${{ github.event.pull_request.number }} -F ../message.txt
+        working-directory: ./base
+
+      - name: Write review comment if changes are not signed yet
+        if: steps.verify-head.outcome == 'failure' && steps.generate-diff.outcome == 'failure' && github.event.pull_request.maintainer_can_modify == true
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh pr comment ${{ github.event.pull_request.number }} -b "\
+          No issues were found when running \`irma scheme verify\`. The status checks fail because the changes are not signed yet. \
+          This will be resolved by the Yivi team when your changes have been approved. You don't have to deal with this yourself."
+        working-directory: ./base
+
+      - name: Write review comment if maintainers have no access to sign the changes
+        if: steps.verify-head.outcome == 'failure' && steps.generate-diff.outcome == 'failure' && github.event.pull_request.maintainer_can_modify == false
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh pr comment ${{ github.event.pull_request.number }} -b "\
+          No issues were found when running \`irma scheme verify\`. The status checks fail because the changes are not signed yet. \
+          The Yivi team has to do this for you. Please [allow edits from maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) \
+          on your pull request to make this possible."
+        working-directory: ./base
+
+      - name: Write review comment if no issues were found
+        if: steps.verify-head.outcome == 'success' && steps.generate-diff.outcome == 'failure'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr comment ${{ github.event.pull_request.number }} -b "No issues were found when running \`irma scheme verify\`."
+        working-directory: ./base

.github/workflows/status-checks.yml

@@ -0,0 +1,44 @@
+# Workflow to check whether the current state fulfills all requirements.
+name: Status checks
+
+on: [ pull_request ]
+
+jobs:  
+  verify:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        irmago-version:
+         - v0.4.1
+         - v0.5.0  # Introduces revocation
+         - v0.6.1  # Introduces requestor schemes
+         - v0.8.0  # Introduces issue wizards in requestor schemes
+         - v0.10.0 # Introduces support for defining the languages into which texts should be translated
+         - latest
+    steps:
+     - uses: actions/checkout@v3
+       with:
+         path: pbdf # Older irmago versions require the directory name to be equal to the scheme identifier
+
+     - name: Initialize ~/.local/bin directory
+       run: |
+         mkdir -p "$HOME/.local/bin"
+         echo "$HOME/.local/bin" >> $GITHUB_PATH
+         
+     - name: Download irma CLI tool (latest)
+       if: matrix.irmago-version == 'latest'
+       run: wget -O "$HOME/.local/bin/irma" https://github.com/privacybydesign/irmago/releases/latest/download/irma-linux-amd64
+
+     - name: Download irma CLI tool (specific version)
+       if: matrix.irmago-version != 'latest'
+       run: |
+         wget -O "$HOME/.local/bin/irma" https://github.com/privacybydesign/irmago/releases/download/${{ matrix.irmago-version }}/irma-linux-amd64 \
+         || wget -O "$HOME/.local/bin/irma" https://github.com/privacybydesign/irmago/releases/download/${{ matrix.irmago-version }}/irma-master-linux-amd64
+       shell: bash
+
+     - name: Set executable permissions
+       run: chmod +x "$HOME/.local/bin/irma"
+
+     - name: Verify scheme
+       run: irma scheme verify
+       working-directory: ./pbdf

PubHubs/Issues/account/description.xml

@@ -0,0 +1,51 @@
+<IssueSpecification version="4">
+  <Name>
+    <en>PubHubs Registration</en>
+    <nl>PubHubs Registratie</nl>
+  </Name>
+  <ShortName>
+    <en>PubHubs Registration</en>
+    <nl>PubHubs Registratie</nl>
+  </ShortName>
+  <SchemeManager>pbdf</SchemeManager>
+  <IssuerID>PubHubs</IssuerID>
+  <CredentialID>account</CredentialID>
+  <Description>
+    <en>Your PubHubs registration</en>
+    <nl>Je PubHubs registratie</nl>
+  </Description>
+  <ShouldBeSingleton>false</ShouldBeSingleton>
+
+  <Attributes>
+    <Attribute id="id">
+      <Name>
+        <en>Registration pseudonym</en>
+        <nl>Registratie pseudoniem</nl>
+      </Name>
+      <Description>
+        <en>Your unique PubHubs pseudonym</en>
+        <nl>Je unieke PubHubs pseudoniem</nl>
+      </Description>
+    </Attribute>
+    <Attribute id="registrationDate">
+      <Name>
+        <en>Date of registration</en>
+        <nl>Datum van registratie</nl>
+      </Name>
+      <Description>
+        <en>Your original registration date at PubHubs</en>
+        <nl>Je oorspronkelijke registratiedatum bij PubHubs</nl>
+      </Description>
+    </Attribute>
+    <Attribute id="registrationSource">
+      <Name>
+        <en>Method of registration</en>
+        <nl>Methode van registratie</nl>
+      </Name>
+      <Description>
+        <en>Your method of registration</en>
+        <nl>Je methode van registratie</nl>
+      </Description>
+    </Attribute>
+  </Attributes>
+</IssueSpecification>

chipsoft/PublicKeys/4.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<IssuerPublicKey xmlns="http://www.zurich.ibm.com/security/idemix">
+   <Counter>4</Counter>
+   <ExpiryDate>1729029600</ExpiryDate>
+   <Elements>
+      <n>22861531448171402049212026179078116014107366306711452010734169390167078955500025018770604109274930846285020119762038991879228859220526120607585354970186960749433032029470706801266741368548056834778098276682775881563048761963083580540308087846337155497791545762092774599725707731848136058312146505738873461156026127080071162494909441855704605237455669442324681448422065705976915405509636317797473801647188247232217209413648424110790040125437406871560708980381616406621255596049629732072725151185275453392580498275616773213629563346051629813608468487756103607740775382563411160691103641134687350066827216999303102942781</n>
+      <Z>13331827959325893216038307607660478870228997743083094294408906596434397149842814158356203583645189851691809841809130124651927745530143945493411113723110107189400885475271072738962353582553402654867181074917571710710458346053262522926830838400897568338315088820556729230075820833082194729993926489712283773427944299584612329663062961032269787316694492128596449967642446648273094591685980222840227870385496026750583010417765775830694683008646187981941111298854128941525107497679852658795759660455680833771056355256202675096291083897395467086397370525765841986777249530402170467967529869739308387942516514799503818853542</Z>
+      <S>11955812911973658219357232692317934120788638452113986031000711870426523755855629056080574141649717608557563078291311107773635138683147611930462692552822740519543870584792358980071145118722976602430659572338319339845920230561974685843115305699426104093957628757472710704927020345396304954987432303379052262400128078795340033544438931637344123644017554896430813718796643043373617195758599869971898156105777382234111817667234883936919506341789416219669713662069502262798773893605543871579489909253519841998507892905457403002596414243451496691897562530341801500957247074671527832242216965555523834451049833911877551796915</S>
+      <G>1201082036396922266954668816658160448888683726413563648286070417188940332100354412214147766402049442070128311400249163721148673697006781987857355490751180503598352114389136318185913236963552316340006234743877738525308315731892363748909344429165742807957326557532436650436851865594168580585648520617287251305348743442881181541652283077426186784659479366181767407943689618644437162896098854351813422866573727970871590778027576300019680822787853210817680630616630051967730879688886631711588682710641515922070165243534796933904947881802510697163182600076076464529014083773362032188037306113569720228270434177725418742265</G>
+      <H>19841333389154677200122981018569117355628401254775151102948990134058669304406830273790821645943247427164664785754734444690475149525462835976422588537181795651204298040140761335139779883883934566417020789587635627122957278980704111086865808074289415744934009047150015656955454106440677244829483586409034152874648749193022184239526411285151725571084037901803459774443308823857408071314132915460161177215878722178082012048859342060974393155919755579447836783015557262819207583539978671333789380801265295088595289112698406811282170159506995553257731318840538467740901458086160698685966761357209047706333063764557081708429</H>
+      <Bases num="12">
+         <Base_0>3330740126602112591746434767803239832692324118859046571850202273421101003694494627776980558601816887139841107574338066857502249479510188554158756078128758584416422893387959240927026489811613466267631446158561898991691459427827914621333428713073842997428750426145813540716113234573496144296826055982967182119202121529486342682759078137978189045577222294744283706562559328355457339359821281945383557754358160104302700978827888330659519548237588681978593089777268116982822368213574979307827369693230887020280464547923622676565968708440820693477965064916736116412035807908221463504482939325661114676240974851624281095958</Base_0>
+         <Base_1>10235439608269309111959212415754309872430752968479223310363913564574977303754151369656059747707530049950493438897083825259472030201660185860149810082051413255865100505053828559636106317612656209329675749591474591520786620794794964490759706756527635144631377005653454339932298271190708344174148914087017429684149962631554430684728455314250549620103251266710937640119520588990509102645437668471583199871915083070522857571505715103614182703820763702979248489917256438164105093409708076279039317004699227444257035386963591976253053685640889974412921330740064751208243599019379111210678477190466170402027538739067605404267</Base_1>
+         <Base_2>10735761289450054741139024066354479045455234132999252110512317672226713666829385283355089564680401727271362580640630429175717276289548145377858767923909385532396075361877111032341586769639095199560982139612548982566618949950902216552235808534374303324848089239033411313456211491898373308079503528752618173272142126600569021565437167642346657749693828364426709305893493887296327507516799020637880324832110319209710116649300225774792398957451646286849570036085904442323164542080521612587767085089816923971078650934210854718447517615050185854152504946097934902930803892923218998429266849755639996715854950108209718675428</Base_2>
+         <Base_3>10696811552890202850297042229788815203817566264769783281437529017327219092618355833112045308043904243593874449122254103268469447162413014373655461447617198128858869553944684198824436447478796112305102513200140685120415710061981429053044570235752657060892274479083214297590230210270213182056324436458147229674499304522903515195017022749041914291986007899463132152706930857988121533924136591566867312778775965474550082321261859066584352317540433868185730157580218690407772677553981146410302857867068000698318831854840714829352900540549822060227785182567257403784757660446040138712992483410077322578540969811640239214765</Base_3>
+         <Base_4>8021708432890686448607178044334568694268240523587824123022179906768423716248409492693061081181370673606228357611261476874616255086845503656363998634773882434038202922763039042102594689188393345508045609653096629564017361342543955875378056149585961761016064213136398014926906935630180376426649873753997305558532461047130805765641817944013597036921643399856343060229852733377166663819702288828904325047508383512796581891767758226272813112763384229116872840102224669663844532592404869488768432411321950724582929338059905944998626729866039563232773147957110299759574647881260271320222892823590092484640008789468017115883</Base_4>
+         <Base_5>1913109886519805573734280776812466167905789545304909501998539732681137615992087215384676766533374343830882269149973926100704087441865896988172407263729817954641157080474651474206131737177348924456818788193254243096080424039703158360927465007921992067894939929727528433263747255359269578950410758463302540825204940088184487180648135209325344102221472209918918833525488948684680441844452549578648807013459996922244547349805222667853528817386272109832075214425123727980025844997939150507504391413469354827962713648358017696390885930838040422951770153008604338673516547424159773763393409968636359028567648148028788138474</Base_5>
+         <Base_6>11626494842676265170954450259305265494981295005410022611221338256634260671701162045637069966948516318788052852578019254974893904451159814821157999733877221307791756205218472270501142408450008853644821261728891876420142354544228270347045532854532492390249802423897172186147893238568593029404662113046165918447694272231468876195679272043678958797763434196093127013735012217977182217682580860818817971594038819650208050669306946460693381241324023779005270063509261663619495466807435531426098678985539889505417056141315204803942166569596044204344211073424772000800191368393501189745381662718668658919803177867725047431349</Base_6>
+         <Base_7>9059739630600752187762325038194244604306000705066269374035951752948163572828093150866905017197953484593812213089653772861440481440634116266106292094809681908976178548072235568998737428837499829611656161821298741168480910877493470246604877785001585601352917099192108777104827040677472567934602619786333810717840398789924608388429389629361266235445008122502238218629150408044090848932525723526951130524941073316332552376686499021067728825401188616928952777076012746751996875492238746055301955880531657589318548680910737822220776196738157249325135625525297456748657136138514136264894348391586013234450738157841242273403</Base_7>
+         <Base_8>17848943584741340118718209658477792966782777246865806443570385639030921541233862305243437160573062377608634639382268493111879109583604732877907064999868712095511278218322253832318369380260014254796441114687826407163112824338214433914072546130794568573392278253722192227922711275173404017203907017395805436286893795531722887778378861501605835099670538170100936344874064681996964171391845580158518482118548272917614654536472004320525534054114483385201811752995530992037567887709278924375102828485724198561505505659679291986974843209079636212457692102089769388454986053189373594034249138331735111214224968972881623521408</Base_8>
+         <Base_9>15162815325318131737993366458501989324919684080612424856402062195009901651694605058328624893448804650396800784490934320835445240371619372773183240421981517244767224355756531939878235935181791363207028580797584335830346584486258047294953723890615872412108647335303878784928578629372646503053675986615671031837039494211697134681639301792011232589627364920232632351335654107401188958824327172385453534775918395108458402333244547218446570863865752779502712216721225220558394782661556429670768198151965686933506477070138104237859782536219110806401922472338023248509187877048134180121590710254781355004833175560777112770800</Base_9>
+         <Base_10>8058816086296268429152577326543703284882238652521895798542121088969062839083585498004824905791520050698792583599770705793400814498704496633075172302322308331846778185646553921505103277587620087301908081180533012849118465727957755136116977292409266402547633868515155740989023585160878527209614605775371291567686143439416828408417962756517857832845928660341559910470673313186935014769255097720808434341430038867412166867371544293920705331956792633118873947997928180674305771041207630194003260063630294264673404554155451326930368732925641644317146876023366164998559176090129083377452510358662836569987125284401349791887</Base_10>
+         <Base_11>3536483487196502155277670891631288181027738739114533514322115954792814046694918279553478531426346822140018786802551410446640870189104542172149444451063304198891264054832655166004588702839042394733065357467328821560753414226263231439485592183263495712834923460000447567240795929946520313806746881260356462808349142130214155470446057885947312372971839562553882689260328859063855075230224165668582286563318073443043403173722934964639768783118041903789899325066577898290708924533948313387843301739609953364754143080254346763061695902486023512502330053645110182841438938291715745882891277119149710529329987466937927355569</Base_11>
+      </Bases>
+   </Elements>
+   <Features>
+      <Epoch length="432000"></Epoch>
+   </Features>
+   <ECDSA>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwi9TYIu8O+oVY/UQNwi2qV2O8idX1lePtQQQ84ChSd0N3joMzvf8VJVgc8wMs2ge7j6W3HpiZhUlNogQ6hcf/g==</ECDSA>
+</IssuerPublicKey>

cis/Issues/digitalInsurancePassport/description.xml

@@ -20,7 +20,7 @@
 		<nl>https://digitaalpaspoortverzekeren.nl/</nl>
 	</IssueURL>
 
-	<IsInCredentialStore>true</IsInCredentialStore>
+	<IsInCredentialStore>false</IsInCredentialStore>
 	<Category>
 		<en>Finance</en>
 		<nl>Financieel</nl>