VerificationCredential::VerificationCredential(
CredentialSet& parent,
const NymParameters& nymParameters)
: ot_super(parent, nymParameters)
{
role_ = proto::CREDROLE_VERIFY;
nym_id_ = parent.GetNymID();
master_id_ = parent.GetMasterCredID();
auto verificationSet = nymParameters.VerificationSet();
if (verificationSet) {
data_.reset(new proto::VerificationSet(*verificationSet));
}
}
bool Nym::load_credential_index(
const eLock& lock,
const serializedCredentialIndex& index)
{
if (!proto::Validate<proto::CredentialIndex>(index, VERBOSE)) {
otErr << __FUNCTION__ << ": Unable to load invalid serialized"
<< " credential index." << std::endl;
return false;
}
OT_ASSERT(verify_lock(lock));
const auto nymID = Identifier::Factory(index.nymid());
if (m_nymID != nymID) { return false; }
version_ = index.version();
index_ = index.index();
revision_.store(index.revision());
mode_ = index.mode();
source_ = std::make_shared<NymIDSource>(api_.Factory(), index.source());
proto::KeyMode mode = (proto::CREDINDEX_PRIVATE == mode_)
? proto::KEYMODE_PRIVATE
: proto::KEYMODE_PUBLIC;
contact_data_.reset();
m_mapCredentialSets.clear();
for (auto& it : index.activecredentials()) {
CredentialSet* newSet = new CredentialSet(api_, mode, it);
if (nullptr != newSet) {
m_mapCredentialSets.emplace(
std::make_pair(newSet->GetMasterCredID(), newSet));
}
}
m_mapRevokedSets.clear();
for (auto& it : index.revokedcredentials()) {
CredentialSet* newSet = new CredentialSet(api_, mode, it);
if (nullptr != newSet) {
m_mapRevokedSets.emplace(
std::make_pair(newSet->GetMasterCredID(), newSet));
}
}
return true;
}
// Used when importing/exporting Nym into and out-of the sphere of the
// cached key in the wallet.
bool Nym::ReEncryptPrivateCredentials(
bool bImporting, // bImporting=true, or
// false if exporting.
const OTPasswordData* pPWData,
const OTPassword* pImportPassword) const
{
eLock lock(shared_lock_);
const OTPassword* pExportPassphrase = nullptr;
std::unique_ptr<const OTPassword> thePasswordAngel;
if (nullptr == pImportPassword) {
// whether import/export, this display string is for the OUTSIDE OF
// WALLET
// portion of that process.
//
auto strDisplay = String::Factory(
nullptr != pPWData
? pPWData->GetDisplayString()
: (bImporting ? "Enter passphrase for the Nym being imported."
: "Enter passphrase for exported Nym."));
// Circumvents the cached key.
pExportPassphrase = crypto::key::LegacySymmetric::GetPassphraseFromUser(
strDisplay, !bImporting); // bAskTwice is true when exporting
// (since the export passphrase is being
// created at that time.)
thePasswordAngel.reset(pExportPassphrase);
if (nullptr == pExportPassphrase) {
otErr << __FUNCTION__ << ": Failed in GetPassphraseFromUser.\n";
return false;
}
} else {
pExportPassphrase = pImportPassword;
}
for (auto& it : m_mapCredentialSets) {
CredentialSet* pCredential = it.second;
OT_ASSERT(nullptr != pCredential);
if (false == pCredential->ReEncryptPrivateCredentials(
*pExportPassphrase, bImporting))
return false;
}
return true;
}
VerificationCredential::VerificationCredential(
const api::Core& api,
CredentialSet& parent,
const NymParameters& nymParameters)
: ot_super(api, parent, VERIFICATION_CREDENTIAL_VERSION, nymParameters)
{
mode_ = proto::KEYMODE_NULL;
role_ = proto::CREDROLE_VERIFY;
nym_id_ = parent.GetNymID();
master_id_ = parent.GetMasterCredID();
auto verificationSet = nymParameters.VerificationSet();
if (verificationSet) {
data_.reset(new proto::VerificationSet(*verificationSet));
}
}
void Nym::SaveCredentialsToTag(
Tag& parent,
String::Map* pmapPubInfo,
String::Map* pmapPriInfo) const
{
// IDs for revoked child credentials are saved here.
for (auto& it : m_listRevokedIDs) {
std::string str_revoked_id = it;
TagPtr pTag(new Tag("revokedCredential"));
pTag->add_attribute("ID", str_revoked_id);
parent.add_tag(pTag);
}
// Serialize master and sub-credentials here.
for (auto& it : m_mapCredentialSets) {
CredentialSet* pCredential = it.second;
OT_ASSERT(nullptr != pCredential);
pCredential->SerializeIDs(
parent,
m_listRevokedIDs,
pmapPubInfo,
pmapPriInfo,
true); // bShowRevoked=false by default (true here), bValid=true
}
// Serialize Revoked master credentials here, including their child key
// credentials.
for (auto& it : m_mapRevokedSets) {
CredentialSet* pCredential = it.second;
OT_ASSERT(nullptr != pCredential);
pCredential->SerializeIDs(
parent,
m_listRevokedIDs,
pmapPubInfo,
pmapPriInfo,
true,
false); // bShowRevoked=false by default. (Here it's true.)
// bValid=true by default. Here is for revoked, so false.
}
}
bool CheckProto_1(
const CredentialSet& serializedCredSet,
const std::string& nymID,
const KeyMode& key,
bool& haveHD,
const CredentialSetMode& mode)
{
if (!serializedCredSet.has_nymid()) {
std::cerr << "Verify serialized credential set failed: missing nym "
<< "identifier." << std::endl;
return false;
}
if (nymID != serializedCredSet.nymid()) {
std::cerr << "Verify serialized credential set failed: wrong nym "
<< "identifier." << std::endl;
return false;
}
if (MIN_PLAUSIBLE_IDENTIFIER > serializedCredSet.nymid().size()) {
std::cerr << "Verify serialized credential set failed: invalid nym "
<< "identifier (" << serializedCredSet.nymid() << ")."
<< std::endl;
return false;
}
if (!serializedCredSet.has_masterid()) {
std::cerr << "Verify serialized credential set failed: missing master "
<< "credential identifier." << std::endl;
return false;
}
if (MIN_PLAUSIBLE_IDENTIFIER > serializedCredSet.masterid().size()) {
std::cerr << "Verify serialized credential set failed: invalid master "
<< "credential identifier (" << serializedCredSet.masterid()
<< ")." << std::endl;
return false;
}
if (!serializedCredSet.has_mode()) {
std::cerr << "Verify serialized credential set failed: missing mode."
<< std::endl;
return false;
}
const bool checkMode = (CREDSETMODE_ERROR != mode);
if (checkMode) {
if (serializedCredSet.mode() != mode) {
std::cerr << "Verify serialized credential set failed: incorrect "
<< "mode (" << serializedCredSet.mode() << ")" << std::endl;
return false;
}
}
switch (serializedCredSet.mode()) {
case CREDSETMODE_INDEX :
if (KEYMODE_PRIVATE == key) {
if (1 > serializedCredSet.index()) {
std::cerr << "Verify serialized credential set failed: "
<< "missing index." << std::endl;
return false;
}
} else {
if (0 < serializedCredSet.index()) {
std::cerr << "Verify serialized credential set failed: "
<< "index present in public mode." << std::endl;
return false;
}
}
if (serializedCredSet.has_mastercredential()) {
std::cerr << "Verify serialized credential set failed: full "
<< "master credential included in index mode."
<< std::endl;
return false;
}
if (0 < serializedCredSet.activechildren_size()) {
std::cerr << "Verify serialized credential set failed: full "
<< "active credentials included in index mode ("
<< serializedCredSet.activechildren_size() << ")."
<< std::endl;
return false;
}
if (0 < serializedCredSet.revokedchildren_size()) {
std::cerr << "Verify serialized credential set failed: full "
<< "revoked credentials included in index mode ("
<< serializedCredSet.revokedchildren_size() << ")."
<< std::endl;
return false;
}
for (auto& it: serializedCredSet.activechildids()) {
if (MIN_PLAUSIBLE_IDENTIFIER > it.size()) {
std::cerr << "Verify serialized credential set failed: "
<< "invalid active child credential identifier ("
<< it.size() << ")." << std::endl;
return false;
}
}
for (auto& it: serializedCredSet.revokedchildids()) {
if (MIN_PLAUSIBLE_IDENTIFIER > it.size()) {
std::cerr << "Verify serialized credential set failed: "
<< "invalid revoked child credential identifier ("
<< it.size() << ")." << std::endl;
return false;
}
}
break;
case CREDSETMODE_FULL :
if (!serializedCredSet.has_mastercredential()) {
std::cerr << "Verify serialized credential set failed: missing "
<< "master credential." << std::endl;
return false;
}
if (!Check(
serializedCredSet.mastercredential(),
CredentialSetAllowedCredentials.at(
serializedCredSet.version()).first,
CredentialSetAllowedCredentials.at(
serializedCredSet.version()).second,
key,
CREDROLE_MASTERKEY,
true)) {
std::cerr << "Verify serialized credential set failed: "
<< "invalid master credential." << std::endl;
return false;
}
if (CREDTYPE_HD == serializedCredSet.mastercredential().type()) {
haveHD = true;
}
if (serializedCredSet.mastercredential().id() !=
serializedCredSet.masterid()) {
std::cerr << "Verify serialized credential set failed: "
<< "wrong master credential ("
<< serializedCredSet.mastercredential().id()
<< ")." << std::endl;
return false;
}
if (0 < serializedCredSet.activechildids_size()) {
std::cerr << "Verify serialized credential set failed: active "
<< " credential IDs included in full mode ("
<< serializedCredSet.activechildids_size() << ")."
<< std::endl;
return false;
}
if (0 < serializedCredSet.revokedchildids_size()) {
std::cerr << "Verify serialized credential set failed: revoked "
<< "credential IDs included in full mode ("
<< serializedCredSet.revokedchildids_size() << ")."
<< std::endl;
return false;
}
for (auto& it: serializedCredSet.activechildren()) {
if (!Check(
it,
CredentialSetAllowedCredentials.at(
serializedCredSet.version()).first,
CredentialSetAllowedCredentials.at(
serializedCredSet.version()).second,
key,
CREDROLE_ERROR,
true)) {
std::cerr << "Verify serialized credential set failed: "
<< "invalid active child credential."
<< std::endl;
return false;
}
if (CREDTYPE_HD == it.type()) {
haveHD = true;
}
if (CREDROLE_MASTERKEY == it.role()) {
std::cerr << "Verify serialized credential set failed: "
<< "unexpected master credential." << std::endl;
return false;
}
}
for (auto& it: serializedCredSet.revokedchildren()) {
if (!Check(
it,
CredentialSetAllowedCredentials.at(
serializedCredSet.version()).first,
CredentialSetAllowedCredentials.at(
serializedCredSet.version()).second,
key,
CREDROLE_ERROR,
true)) {
std::cerr << "Verify serialized credential set failed: "
<< "invalid revoked child credential."
<< std::endl;
return false;
}
if (CREDTYPE_HD == it.type()) {
haveHD = true;
}
if (CREDROLE_MASTERKEY == it.role()) {
std::cerr << "Verify serialized credential set failed: "
<< "unexpected master credential." << std::endl;
return false;
}
}
if (KEYMODE_PRIVATE == key) {
std::cerr << "Verify serialized credential set failed: "
<< "private credentials serialized in public form."
<< std::endl;
return false;
} else {
if (haveHD) {
if (0 < serializedCredSet.index()) {
std::cerr << "Verify serialized credential set failed: "
<< "index present in public mode." << std::endl;
return false;
}
}
}
break;
default :
std::cerr << "Verify serialized credential set failed: unknown "
<< "mode (" << serializedCredSet.mode() << ")."
<< std::endl;
return false;
}
return true;
}
