@Override
  public boolean verifyToken(PresentationToken t) throws TokenVerificationException {

    ObjectFactory of = new ObjectFactory();
    // System.out.println("Bridging verify token: "+t);
    try {
      //            String xml = XmlUtils.toXml(of.createPresentationToken(t), false);
      //            System.out.println(xml+"\n\n");

      String[] pseudonymEngines = this.getPseudonymEngines(t);

      boolean tokenContainsUProve = false;
      PresentationTokenWithCommitments idemixToken = of.createPresentationTokenWithCommitments();
      PresentationToken uproveToken = of.createPresentationToken();
      if (t.getVersion() == null) {
        uproveToken.setVersion("1.0");
        idemixToken.setVersion("1.0");
      } else {
        idemixToken.setVersion(t.getVersion());
        uproveToken.setVersion(t.getVersion());
      }
      PresentationTokenDescription desc = t.getPresentationTokenDescription();
      PresentationTokenDescription iDesc = of.createPresentationTokenDescription();
      PresentationTokenDescription uDesc = of.createPresentationTokenDescription();
      iDesc.setMessage(desc.getMessage());
      uDesc.setMessage(desc.getMessage());
      iDesc.setPolicyUID(desc.getPolicyUID());
      uDesc.setPolicyUID(desc.getPolicyUID());
      iDesc.setTokenUID(desc.getTokenUID());
      uDesc.setTokenUID(desc.getTokenUID());

      for (int i = 0; i < pseudonymEngines.length; i++) {
        PseudonymInToken pit = t.getPresentationTokenDescription().getPseudonym().get(i);
        if ("UPROVE".equals(pseudonymEngines[i])) {
          uDesc.getPseudonym().add(pit);
        } else {
          iDesc.getPseudonym().add(pit);
        }
      }

      this.verifierRevocation.clearCredentialInToken();

      Set<URI> idemixCredentialAliases = new HashSet<URI>();
      Set<URI> uproveCredentialAliases = new HashSet<URI>();
      for (CredentialInToken cit : desc.getCredential()) {

        this.verifierRevocation.addCredentialInToken(cit);

        /*
        try{
        	System.out.println("original: "+XmlUtils.toXml(of.createCredentialInToken(cit)));
        }catch(Exception e){System.out.println("failed to print original cit");};
         */
        if ((this.keyManager.getIssuerParameters(cit.getIssuerParametersUID()))
            .getAlgorithmID()
            .equals(CryptoUriUtil.getIdemixMechanism())) {
          idemixCredentialAliases.add(cit.getAlias());
          iDesc.getCredential().add(cit);
        } else {
          uproveCredentialAliases.add(cit.getAlias());
          uDesc.getCredential().add(cit);
          tokenContainsUProve = true;

          // Add issuer parameters to Idemix Structure store
          try {
            this.storeUProveIssuerParameters(cit.getIssuerParametersUID());
          } catch (Exception e) {
            System.out.println(
                "Failed to store UProve issuer parameters in Idemix structure store");
            throw new RuntimeException(e);
          }
        }
      }

      for (AttributePredicate ap : desc.getAttributePredicate()) {
        for (Object o : ap.getAttributeOrConstantValue()) {
          if (o instanceof AttributePredicate.Attribute) {
            iDesc.getAttributePredicate().add(ap);
            break;
          }
        }
      }

      // TODO This might require some changes to work with revocation
      for (VerifierDrivenRevocationInToken vdr : desc.getVerifierDrivenRevocation()) {
        for (AttributeInRevocation air : vdr.getAttribute()) {
          if (idemixCredentialAliases.contains(air.getCredentialAlias())) {
            iDesc.getVerifierDrivenRevocation().add(vdr);
            break;
          } else {
            uDesc.getVerifierDrivenRevocation().add(vdr);
          }
        }
      }

      // TODO Look at the uprove crypto evidence, if there are committed indices,
      // check with cred spec if they are for revocation handles
      // if so, do some stuff that allows poltransl and the other idemix parts to work

      idemixToken.setPresentationTokenDescriptionWithCommitments(this.addCommitments(iDesc));
      uproveToken.setPresentationTokenDescription(uDesc);

      boolean verifies = false;
      CryptoParams tcp = t.getCryptoEvidence();
      CryptoParams icp = of.createCryptoParams();
      boolean cryptoEvidenceContainsIdemix = false;
      for (Object o : tcp.getAny()) {
        try {
          if (o instanceof JAXBElement) {
            JAXBElement<?> jaxb = (JAXBElement<?>) o;
            Object wrapped = jaxb.getValue();
            if (wrapped instanceof CredentialInTokenWithCommitments) {
              cryptoEvidenceContainsIdemix = true;
              CredentialInTokenWithCommitments citwc = (CredentialInTokenWithCommitments) wrapped;
              idemixToken
                  .getPresentationTokenDescriptionWithCommitments()
                  .getCredential()
                  .add(
                      citwc); // (CredentialInTokenWithCommitments)XmlUtils.getObjectFromXML(credIn,
                              // false));
            } else {
              System.err.println(
                  "Element is JaxB : "
                      + jaxb.getValue()
                      + " : "
                      + jaxb.getDeclaredType()
                      + " : "
                      + jaxb.getScope()
                      + " : "
                      + jaxb.getName());
            }
            continue;
          }
          Element e = (Element) o;
          String elementName = e.getLocalName() != null ? e.getLocalName() : e.getNodeName();
          if ("UProveCredentialAndPseudonym".equals(elementName)) {
            String credAlias =
                ((Element) e.getElementsByTagName("Proof").item(0))
                    .getElementsByTagName("CredentialAlias")
                    .item(0)
                    .getTextContent();
            CredentialSpecification credSpec = null;
            CredentialInToken c = null;

            for (CredentialInToken cit : t.getPresentationTokenDescription().getCredential()) {
              if (cit.getAlias().toString().equals(credAlias)) {
                credSpec = this.keyManager.getCredentialSpecification(cit.getCredentialSpecUID());
                c = cit;
                break;
              }
            }

            if (credSpec == null) {
              throw new RuntimeException("Could not find credential specification.");
            }

            List<Integer> inspectableAttributes = new ArrayList<Integer>();
            Map<Integer, URI> indexToInspectorKey = new HashMap<Integer, URI>();
            Map<Integer, URI> indexToAttributeType = new HashMap<Integer, URI>();
            // TODO here we have to also look at any inspectable attributes.
            // If there are any, we need to create an inspectable information element etc.
            int revocationindex = -1;
            for (int i = 0;
                i < credSpec.getAttributeDescriptions().getAttributeDescription().size();
                i++) {
              AttributeDescription ad =
                  credSpec.getAttributeDescriptions().getAttributeDescription().get(i);

              if (ad.getType()
                  .toString()
                  .equals("http://abc4trust.eu/wp2/abcschemav1.0/revocationhandle")) {
                revocationindex = i;
              }
              for (AttributeInToken da : c.getDisclosedAttribute()) {
                if (da.getAttributeType().equals(ad.getType())
                    && (da.getInspectorPublicKeyUID() != null)) {
                  inspectableAttributes.add(i);
                  indexToInspectorKey.put(i, da.getInspectorPublicKeyUID());
                  indexToAttributeType.put(i, da.getAttributeType());
                }
              }
            }
            Set<Integer> committedValues = new HashSet<Integer>();
            committedValues.addAll(inspectableAttributes);
            if (!committedValues.contains(revocationindex) && (revocationindex != -1)) {
              committedValues.add(revocationindex);
            }
            Map<Integer, Integer> indexToIndexInProof = this.mapIndices(committedValues);

            if (e.getElementsByTagName("CommittedAttributesIndices").getLength() > 0) {
              Element cai = (Element) e.getElementsByTagName("CommittedAttributesIndices").item(0);
              NodeList nl = cai.getChildNodes();
              for (int j = 0; j < nl.getLength(); j++) {
                Element ind = null;
                try {
                  ind = (Element) nl.item(j);
                } catch (ClassCastException ex) {
                  // If we end up here, it is most likely because we got a TextElement which is
                  // empty due
                  // to malformed xml (such as \r or \n)
                  continue;
                }
                int committedIndex = Integer.parseInt(ind.getTextContent()) - 1;
                Element root = null;
                // make addToRoot method, to allow for inspectable revocationinformation
                if (committedIndex == revocationindex) {
                  root = ind.getOwnerDocument().createElement("RevocationInformation");
                } else if (inspectableAttributes.contains(committedIndex)) {
                  root = ind.getOwnerDocument().createElement("InspectableInformation");
                  root.setAttribute(
                      "InspectorPublicKey", indexToInspectorKey.get(committedIndex).toString());
                  root.setAttribute(
                      "AttributeType", indexToAttributeType.get(committedIndex).toString());
                } else {
                  // TODO: @Michael - explain this code a little :)
                  continue;
                }
                root.setAttribute("CredentialAlias", c.getAlias().toString());
                root.setAttribute("CredentialSpecUID", credSpec.getSpecificationUID().toString());
                root.setAttribute("IssuerParamsUID", c.getIssuerParametersUID().toString());

                Element tilde = root.getOwnerDocument().createElement("TildeO");
                root.appendChild(tilde);
                NodeList tildes = e.getElementsByTagName("TildeO").item(0).getChildNodes();
                //
                // System.out.println("got the tildeO nodes: "+tildes.getLength());

                tilde.appendChild(
                    tildes.item(indexToIndexInProof.get(committedIndex)).cloneNode(true));
                tilde = root.getOwnerDocument().createElement("TildeValues");
                root.appendChild(tilde);
                tildes = e.getElementsByTagName("TildeValues").item(0).getChildNodes();
                tilde.appendChild(
                    tildes.item((indexToIndexInProof.get(committedIndex) * 3)).cloneNode(true));
                icp.getAny().add(root);
              }
            }
          }

          if ("IdmxProof".equals(elementName)) {
            cryptoEvidenceContainsIdemix = true;
            icp.getAny().add(o);
          }
          if ("CredentialInTokenWithCommitments".equals(elementName)
              || "abc:CredentialInTokenWithCommitments".equals(elementName)) {
            cryptoEvidenceContainsIdemix = true;
            // magic code adding the CrednetialInToken
            TransformerFactory transfac = TransformerFactory.newInstance();
            Transformer trans = transfac.newTransformer();
            trans.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
            trans.setOutputProperty(OutputKeys.INDENT, "yes");

            // create string from xml tree
            StringWriter sw = new StringWriter();
            StreamResult result = new StreamResult(sw);
            DOMSource source = new DOMSource(e.getOwnerDocument());
            trans.transform(source, result);
            String xmlString = sw.toString();

            InputStream credIn = new ByteArrayInputStream(xmlString.getBytes());
            idemixToken
                .getPresentationTokenDescriptionWithCommitments()
                .getCredential()
                .add((CredentialInTokenWithCommitments) XmlUtils.getObjectFromXML(credIn, false));
          }
          if ("VerifiableEncryption".equals(elementName)) {
            icp.getAny().add(o);
          }
        } catch (Exception e) {
          e.printStackTrace();
          // TODO @jdn, I think your revocation code causes some some serialization problems
          // /Michael
          // throw new RuntimeException(e);
        }
      }

      if (cryptoEvidenceContainsIdemix) {
        idemixToken.setCryptoEvidence(icp);

        //    System.out.println("\n\nNow verifying idmtoken!!");
        //	System.out.println(XmlUtils.toXml(of.createPresentationTokenWithCommitments(idemixToken),
        // false)+"\n\n");

        // System.out.println("about to call idmix engine for verification");
        // System.out.println("we have "+idemixToken.getCryptoEvidence().getAny().size()+" crypto
        // evidence");
        if (idemixToken.getCryptoEvidence().getAny().size() == 0) {
          verifies = true;
        } else {
          verifies = this.idemixEngine.verifyTokenWithCommitments(idemixToken);
        }
        System.out.println("idemix verifies: " + verifies);
      }

      if (tokenContainsUProve) {
        //                CryptoParams tcp = t.getCryptoEvidence();
        tcp = t.getCryptoEvidence();
        CryptoParams ucp = of.createCryptoParams();
        for (Object o : tcp.getAny()) {
          try {
            Element e = (Element) o;
            if (e.getNodeName().startsWith("UProve")) {
              ucp.getAny().add(o);
            }
          } catch (Exception e) {
          }
        }
        uproveToken.setCryptoEvidence(ucp);
        // System.out.println("Now verifying uprove");

        // xml = XmlUtils.toXml(of.createPresentationToken(uproveToken), false);
        // System.out.println(xml+"\n\n");

        boolean ver = this.uproveEngine.verifyToken(uproveToken);
        // System.out.println("uprove verifies: "+ver);
        if (cryptoEvidenceContainsIdemix) {
          verifies = verifies && ver;
        } else {
          verifies = ver;
        }
      }

      // System.out.println("DELEGATION VERIFIER.verifies:::: "+verifies);
      return verifies;
    } catch (Exception e) {
      e.printStackTrace();
    }
    return false;
  }
예제 #2
0
  @Test
  public void testPersistentStoreAndGetToken() throws Exception {

    // Init the persistent storage and the TokenManager
    File temp1 = File.createTempFile(TOKENS_FILE, EXTENSION);
    temp1.deleteOnExit();

    File temp2 = File.createTempFile(PSEUDONYMS_FILE, EXTENSION);
    temp2.deleteOnExit();

    PersistentFileTokenStorage persistentStorage = new PersistentFileTokenStorage(temp1, temp2);
    TokenManagerVerifier tokenManager = new TokenManagerImpl(persistentStorage);

    // Create a PresentationToken for test
    PresentationTokenDescription pTokenDesc = new PresentationTokenDescription();
    final byte[] originalPseudonymValue = new byte[] {4, 2, 5};
    PseudonymInToken originalPseudonym = new PseudonymInToken();
    originalPseudonym.setPseudonymValue(originalPseudonymValue);
    pTokenDesc.getPseudonym().add(originalPseudonym);
    URI tokenUid1 = new URI("token-uid1");
    pTokenDesc.setTokenUID(tokenUid1);
    PresentationToken pToken = new PresentationToken();
    pToken.setPresentationTokenDescription(pTokenDesc);
    pToken.setVersion("1.0");

    // Create another PresentationToken for test
    PresentationTokenDescription pTokenDesc2 = new PresentationTokenDescription();
    final byte[] originalPseudonymValue2 = new byte[] {3, 2, 5};
    PseudonymInToken originalPseudonym2 = new PseudonymInToken();
    originalPseudonym2.setPseudonymValue(originalPseudonymValue2);
    pTokenDesc2.getPseudonym().add(originalPseudonym2);
    URI tokenUid2 = new URI("token-uid2");
    pTokenDesc2.setTokenUID(tokenUid2);
    PresentationToken pToken2 = new PresentationToken();
    pToken2.setPresentationTokenDescription(pTokenDesc2);
    pToken2.setVersion("2.0");

    // Store the first token
    URI uid = tokenManager.storeToken(pToken);

    // Retrieve the saved PresentationToken
    PresentationToken savedPresentationToken = tokenManager.getToken(uid);

    // Get pseudonym from the saved PresentationToken
    PseudonymInToken savedPseudonym =
        savedPresentationToken.getPresentationTokenDescription().getPseudonym().get(0);

    // Test if the original PseudonymValue bytewise equals the one that has been saved.
    assertArrayEquals(originalPseudonymValue, savedPseudonym.getPseudonymValue());

    // Test version
    assertEquals("1.0", savedPresentationToken.getVersion());

    // Test isEstablishedPseudonym with the first original pseudonym
    assertTrue(tokenManager.isEstablishedPseudonym(originalPseudonym));

    // Test isEstablishedPseudonym with a false / nonexistant pseudonym
    byte[] falsePseudonymValue = new byte[] {41, 23, 51};
    PseudonymInToken falsePseudonym = new PseudonymInToken();
    falsePseudonym.setPseudonymValue(falsePseudonymValue);
    assertFalse(tokenManager.isEstablishedPseudonym(falsePseudonym));

    // Store the second token
    URI uid2 = tokenManager.storeToken(pToken2);

    // Retrieve the saved PresentationToken
    PresentationToken savedPresentationToken2 = tokenManager.getToken(uid2);

    // Get pseudonym from the second saved PresentationToken
    PseudonymInToken savedPseudonym2 =
        savedPresentationToken2.getPresentationTokenDescription().getPseudonym().get(0);

    // Test if the original second PseudonymValue bytewise equals the one that has been saved.
    assertArrayEquals(originalPseudonymValue2, savedPseudonym2.getPseudonymValue());

    // Test version
    assertEquals("2.0", savedPresentationToken2.getVersion());

    // Test isEstablishedPseudonym with second pseudonym
    assertTrue(tokenManager.isEstablishedPseudonym(originalPseudonym2));

    // Test isEstablishedPseudonym with a false / nonexistant pseudonym
    byte[] falsePseudonymValue2 = new byte[] {52, 37, 55};
    PseudonymInToken falsePseudonym2 = new PseudonymInToken();
    falsePseudonym2.setPseudonymValue(falsePseudonymValue2);
    assertFalse(tokenManager.isEstablishedPseudonym(falsePseudonym2));

    // Retrieve the first saved PresentationToken again to make sure it has not been overwritten
    savedPresentationToken = tokenManager.getToken(uid);

    // Get pseudonym from the saved PresentationToken again to make sure it has not been overwritten
    savedPseudonym = savedPresentationToken.getPresentationTokenDescription().getPseudonym().get(0);

    // Test if the originalPseudonymValue bytewise equals the one that has been saved first again to
    // make sure it has not been overwritten.
    assertArrayEquals(originalPseudonymValue, savedPseudonym.getPseudonymValue());

    // Test version again to make sure it has not been overwritten
    assertEquals("1.0", savedPresentationToken.getVersion());

    // Test isEstablishedPseudonym with the first original pseudonym again to make sure it has not
    // been overwritten
    assertTrue(tokenManager.isEstablishedPseudonym(originalPseudonym));

    // Test delete token
    assertTrue(tokenManager.deleteToken(uid));

    // Test isEstablishedPseudonym with the first original pseudonym to make sure it has been
    // removed
    assertFalse(tokenManager.isEstablishedPseudonym(originalPseudonym));

    // Retrieve the first saved PresentationToken again to make sure it has been removed
    savedPresentationToken = tokenManager.getToken(uid);
    assertEquals(null, savedPresentationToken);
  }