VerificationCredential::VerificationCredential( CredentialSet& parent, const NymParameters& nymParameters) : ot_super(parent, nymParameters) { role_ = proto::CREDROLE_VERIFY; nym_id_ = parent.GetNymID(); master_id_ = parent.GetMasterCredID(); auto verificationSet = nymParameters.VerificationSet(); if (verificationSet) { data_.reset(new proto::VerificationSet(*verificationSet)); } }
bool Nym::load_credential_index( const eLock& lock, const serializedCredentialIndex& index) { if (!proto::Validate<proto::CredentialIndex>(index, VERBOSE)) { otErr << __FUNCTION__ << ": Unable to load invalid serialized" << " credential index." << std::endl; return false; } OT_ASSERT(verify_lock(lock)); const auto nymID = Identifier::Factory(index.nymid()); if (m_nymID != nymID) { return false; } version_ = index.version(); index_ = index.index(); revision_.store(index.revision()); mode_ = index.mode(); source_ = std::make_shared<NymIDSource>(api_.Factory(), index.source()); proto::KeyMode mode = (proto::CREDINDEX_PRIVATE == mode_) ? proto::KEYMODE_PRIVATE : proto::KEYMODE_PUBLIC; contact_data_.reset(); m_mapCredentialSets.clear(); for (auto& it : index.activecredentials()) { CredentialSet* newSet = new CredentialSet(api_, mode, it); if (nullptr != newSet) { m_mapCredentialSets.emplace( std::make_pair(newSet->GetMasterCredID(), newSet)); } } m_mapRevokedSets.clear(); for (auto& it : index.revokedcredentials()) { CredentialSet* newSet = new CredentialSet(api_, mode, it); if (nullptr != newSet) { m_mapRevokedSets.emplace( std::make_pair(newSet->GetMasterCredID(), newSet)); } } return true; }
// Used when importing/exporting Nym into and out-of the sphere of the // cached key in the wallet. bool Nym::ReEncryptPrivateCredentials( bool bImporting, // bImporting=true, or // false if exporting. const OTPasswordData* pPWData, const OTPassword* pImportPassword) const { eLock lock(shared_lock_); const OTPassword* pExportPassphrase = nullptr; std::unique_ptr<const OTPassword> thePasswordAngel; if (nullptr == pImportPassword) { // whether import/export, this display string is for the OUTSIDE OF // WALLET // portion of that process. // auto strDisplay = String::Factory( nullptr != pPWData ? pPWData->GetDisplayString() : (bImporting ? "Enter passphrase for the Nym being imported." : "Enter passphrase for exported Nym.")); // Circumvents the cached key. pExportPassphrase = crypto::key::LegacySymmetric::GetPassphraseFromUser( strDisplay, !bImporting); // bAskTwice is true when exporting // (since the export passphrase is being // created at that time.) thePasswordAngel.reset(pExportPassphrase); if (nullptr == pExportPassphrase) { otErr << __FUNCTION__ << ": Failed in GetPassphraseFromUser.\n"; return false; } } else { pExportPassphrase = pImportPassword; } for (auto& it : m_mapCredentialSets) { CredentialSet* pCredential = it.second; OT_ASSERT(nullptr != pCredential); if (false == pCredential->ReEncryptPrivateCredentials( *pExportPassphrase, bImporting)) return false; } return true; }
VerificationCredential::VerificationCredential( const api::Core& api, CredentialSet& parent, const NymParameters& nymParameters) : ot_super(api, parent, VERIFICATION_CREDENTIAL_VERSION, nymParameters) { mode_ = proto::KEYMODE_NULL; role_ = proto::CREDROLE_VERIFY; nym_id_ = parent.GetNymID(); master_id_ = parent.GetMasterCredID(); auto verificationSet = nymParameters.VerificationSet(); if (verificationSet) { data_.reset(new proto::VerificationSet(*verificationSet)); } }
void Nym::SaveCredentialsToTag( Tag& parent, String::Map* pmapPubInfo, String::Map* pmapPriInfo) const { // IDs for revoked child credentials are saved here. for (auto& it : m_listRevokedIDs) { std::string str_revoked_id = it; TagPtr pTag(new Tag("revokedCredential")); pTag->add_attribute("ID", str_revoked_id); parent.add_tag(pTag); } // Serialize master and sub-credentials here. for (auto& it : m_mapCredentialSets) { CredentialSet* pCredential = it.second; OT_ASSERT(nullptr != pCredential); pCredential->SerializeIDs( parent, m_listRevokedIDs, pmapPubInfo, pmapPriInfo, true); // bShowRevoked=false by default (true here), bValid=true } // Serialize Revoked master credentials here, including their child key // credentials. for (auto& it : m_mapRevokedSets) { CredentialSet* pCredential = it.second; OT_ASSERT(nullptr != pCredential); pCredential->SerializeIDs( parent, m_listRevokedIDs, pmapPubInfo, pmapPriInfo, true, false); // bShowRevoked=false by default. (Here it's true.) // bValid=true by default. Here is for revoked, so false. } }
bool CheckProto_1( const CredentialSet& serializedCredSet, const std::string& nymID, const KeyMode& key, bool& haveHD, const CredentialSetMode& mode) { if (!serializedCredSet.has_nymid()) { std::cerr << "Verify serialized credential set failed: missing nym " << "identifier." << std::endl; return false; } if (nymID != serializedCredSet.nymid()) { std::cerr << "Verify serialized credential set failed: wrong nym " << "identifier." << std::endl; return false; } if (MIN_PLAUSIBLE_IDENTIFIER > serializedCredSet.nymid().size()) { std::cerr << "Verify serialized credential set failed: invalid nym " << "identifier (" << serializedCredSet.nymid() << ")." << std::endl; return false; } if (!serializedCredSet.has_masterid()) { std::cerr << "Verify serialized credential set failed: missing master " << "credential identifier." << std::endl; return false; } if (MIN_PLAUSIBLE_IDENTIFIER > serializedCredSet.masterid().size()) { std::cerr << "Verify serialized credential set failed: invalid master " << "credential identifier (" << serializedCredSet.masterid() << ")." << std::endl; return false; } if (!serializedCredSet.has_mode()) { std::cerr << "Verify serialized credential set failed: missing mode." << std::endl; return false; } const bool checkMode = (CREDSETMODE_ERROR != mode); if (checkMode) { if (serializedCredSet.mode() != mode) { std::cerr << "Verify serialized credential set failed: incorrect " << "mode (" << serializedCredSet.mode() << ")" << std::endl; return false; } } switch (serializedCredSet.mode()) { case CREDSETMODE_INDEX : if (KEYMODE_PRIVATE == key) { if (1 > serializedCredSet.index()) { std::cerr << "Verify serialized credential set failed: " << "missing index." << std::endl; return false; } } else { if (0 < serializedCredSet.index()) { std::cerr << "Verify serialized credential set failed: " << "index present in public mode." << std::endl; return false; } } if (serializedCredSet.has_mastercredential()) { std::cerr << "Verify serialized credential set failed: full " << "master credential included in index mode." << std::endl; return false; } if (0 < serializedCredSet.activechildren_size()) { std::cerr << "Verify serialized credential set failed: full " << "active credentials included in index mode (" << serializedCredSet.activechildren_size() << ")." << std::endl; return false; } if (0 < serializedCredSet.revokedchildren_size()) { std::cerr << "Verify serialized credential set failed: full " << "revoked credentials included in index mode (" << serializedCredSet.revokedchildren_size() << ")." << std::endl; return false; } for (auto& it: serializedCredSet.activechildids()) { if (MIN_PLAUSIBLE_IDENTIFIER > it.size()) { std::cerr << "Verify serialized credential set failed: " << "invalid active child credential identifier (" << it.size() << ")." << std::endl; return false; } } for (auto& it: serializedCredSet.revokedchildids()) { if (MIN_PLAUSIBLE_IDENTIFIER > it.size()) { std::cerr << "Verify serialized credential set failed: " << "invalid revoked child credential identifier (" << it.size() << ")." << std::endl; return false; } } break; case CREDSETMODE_FULL : if (!serializedCredSet.has_mastercredential()) { std::cerr << "Verify serialized credential set failed: missing " << "master credential." << std::endl; return false; } if (!Check( serializedCredSet.mastercredential(), CredentialSetAllowedCredentials.at( serializedCredSet.version()).first, CredentialSetAllowedCredentials.at( serializedCredSet.version()).second, key, CREDROLE_MASTERKEY, true)) { std::cerr << "Verify serialized credential set failed: " << "invalid master credential." << std::endl; return false; } if (CREDTYPE_HD == serializedCredSet.mastercredential().type()) { haveHD = true; } if (serializedCredSet.mastercredential().id() != serializedCredSet.masterid()) { std::cerr << "Verify serialized credential set failed: " << "wrong master credential (" << serializedCredSet.mastercredential().id() << ")." << std::endl; return false; } if (0 < serializedCredSet.activechildids_size()) { std::cerr << "Verify serialized credential set failed: active " << " credential IDs included in full mode (" << serializedCredSet.activechildids_size() << ")." << std::endl; return false; } if (0 < serializedCredSet.revokedchildids_size()) { std::cerr << "Verify serialized credential set failed: revoked " << "credential IDs included in full mode (" << serializedCredSet.revokedchildids_size() << ")." << std::endl; return false; } for (auto& it: serializedCredSet.activechildren()) { if (!Check( it, CredentialSetAllowedCredentials.at( serializedCredSet.version()).first, CredentialSetAllowedCredentials.at( serializedCredSet.version()).second, key, CREDROLE_ERROR, true)) { std::cerr << "Verify serialized credential set failed: " << "invalid active child credential." << std::endl; return false; } if (CREDTYPE_HD == it.type()) { haveHD = true; } if (CREDROLE_MASTERKEY == it.role()) { std::cerr << "Verify serialized credential set failed: " << "unexpected master credential." << std::endl; return false; } } for (auto& it: serializedCredSet.revokedchildren()) { if (!Check( it, CredentialSetAllowedCredentials.at( serializedCredSet.version()).first, CredentialSetAllowedCredentials.at( serializedCredSet.version()).second, key, CREDROLE_ERROR, true)) { std::cerr << "Verify serialized credential set failed: " << "invalid revoked child credential." << std::endl; return false; } if (CREDTYPE_HD == it.type()) { haveHD = true; } if (CREDROLE_MASTERKEY == it.role()) { std::cerr << "Verify serialized credential set failed: " << "unexpected master credential." << std::endl; return false; } } if (KEYMODE_PRIVATE == key) { std::cerr << "Verify serialized credential set failed: " << "private credentials serialized in public form." << std::endl; return false; } else { if (haveHD) { if (0 < serializedCredSet.index()) { std::cerr << "Verify serialized credential set failed: " << "index present in public mode." << std::endl; return false; } } } break; default : std::cerr << "Verify serialized credential set failed: unknown " << "mode (" << serializedCredSet.mode() << ")." << std::endl; return false; } return true; }